Privacy Policy
Last updated: February 16, 2026
Ourtaim ("we", "us", or "our") operates the Ourtaim platform at app.ourtaim.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
Account Information
When you create an account we collect your name, email address, and authentication credentials. Authentication is handled by our identity provider (Clerk). We do not store passwords directly.
Organization Data
When you create or join an organization, we store organizational details such as the organization name, member roles, and subscription information.
Usage Data
We collect data you enter into the platform, including time entries, projects, tasks, notes, and calendar events you choose to sync. We also collect standard server logs (IP address, browser type, pages visited, timestamps).
Calendar Data
Ourtaim offers optional calendar integrations to help you create time entries from your existing schedule. When you connect a calendar, we access your calendar events (subject, start time, end time, duration, and attendees) solely to suggest time entries within the platform.
- Google Calendar — We access your calendar events via the Google Calendar API using OAuth 2.0. We request read-only access to your calendar events. We do not modify, delete, or share your Google Calendar data. Your Google OAuth tokens are stored securely server-side and encrypted at rest. You can disconnect Google Calendar at any time from your account settings, which immediately revokes our access.
- Microsoft Outlook — We access your calendar events via the Microsoft Graph API using OAuth 2.0. We request read-only access to your calendar events. We do not modify, delete, or share your Outlook calendar data. Your Microsoft OAuth tokens are stored securely server-side and encrypted at rest. You can disconnect Outlook at any time from your account settings, which immediately revokes our access.
Calendar data retrieved from either integration is used exclusively to generate time entry suggestions within your Ourtaim organization. We do not store raw calendar data beyond what is needed to display suggestions. Calendar data is never sold, shared with third parties, or used for advertising purposes.
Payment Information
Payment processing is handled by our payment provider (Paystack). We do not store credit card numbers or bank account details on our servers. We retain subscription status, plan type, and billing history.
2. How We Use Your Information
- Provide, operate, and maintain the Ourtaim platform
- Process time tracking, project management, and reporting features
- Generate calendar-based time entry suggestions
- Send transactional emails (account verification, password resets, notifications)
- Process billing and manage subscriptions
- Improve and optimize our services
- Respond to support requests
- Comply with legal obligations
3. Data Sharing
We do not sell your personal data. We share information only with:
- Service providers that help us operate the platform (hosting, authentication, payment processing, email delivery)
- Within your organization — other members of your Ourtaim organization can see shared project data, time entries, and reports as permitted by their role
- Legal requirements — when required by law, regulation, or legal process
4. Third-Party Services
We use the following third-party services to operate the platform. Each service processes data only as necessary for its stated purpose:
- Clerk — Authentication and identity management
- Google Calendar API — Read-only calendar event access for time entry suggestions (only when you explicitly connect your Google account). Ourtaim's use of Google Calendar data adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- Microsoft Graph API — Read-only Outlook calendar event access for time entry suggestions (only when you explicitly connect your Microsoft account)
- Paystack — Payment processing and subscription billing
- Resend — Transactional email delivery
- Vercel — Application hosting and deployment
- Convex — Backend database and real-time data infrastructure
5. Data Retention
We retain your data for as long as your account is active or as needed to provide services. When an organization or account is deleted, we remove associated data within 30 days, except where retention is required by law.
6. Data Security
We use industry-standard security measures to protect your data, including encryption in transit (TLS), secure authentication, and tenant isolation ensuring each organization's data is separated. However, no method of transmission over the internet is 100% secure.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Withdraw consent for optional data processing
- Disconnect third-party integrations (e.g., Google Calendar, Outlook calendar) from your account settings at any time
To exercise these rights, contact us at privacy@ourtaim.com.
8. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies, if used, are anonymized and can be opted out of via your browser settings.
9. International Data Transfers
Our services are hosted on infrastructure that may process data in different regions. By using Ourtaim, you consent to data transfer to the jurisdictions where our hosting and service providers operate.
10. Children's Privacy
Ourtaim is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. The "Last updated" date at the top reflects the most recent revision.
12. Contact Us
If you have questions about this Privacy Policy, contact us at privacy@ourtaim.com.