GDPR, Privacy & Security
This guide contains all things TimeKeeper GDPR, Privacy and Security, to help navigate any queries that may come your way.
How is the biometric data (pictures of the employees) and personal data (if any) processed?
Photos used for facial recognition checks are stored in a private encrypted at rest Amazon Web Services S3 Bucket. The photos are not accessible by the public. They are only made temporarily accessible (e.g. a time limited expiration signature is generated) when the relevant administrators/managers/employees who have access.
TimeKeeper does process personal data for the purposes of providing a specific feature. All of this data is in an opt-in nature, it is not required if you do not plan to use that feature. For a list of types of data processed, please see our privacy policy at https://www.timekeeper.co.uk/privacy/
Where is the data stored?
TimeKeeper utilises Amazon Web Services as it’s infrastructure provider, with our compute and storage being run out of the eu-west-1 (Dublin) data centre. For disaster recovery, we also have a replicated failover storage synced to eu-central-1 (Frankfurt) data centre.
Amazon Web Services is an ISO27001 secure facility ( https://aws.amazon.com/compliance/iso-27001-faqs/) and powers many of the leading websites in the world.
Who has access to this data apart from us, the customer?
Our ICO Data Protection Officer (Sean, who is also the Founder) is the only person who has access to this data.
How secure is TimeKeeper?
TimeKeeper utilises a number a protection mechanisms to protect the data stored on it’s servers, including:
All data communication happens over modern TLS protocol.
TimeKeeper compute runs in a private network with SSH access to this network limited to our ICO Data Protection Officer.
TimeKeeper compute runs in a serverless infrastructure with automated security updates provided by AWS.
SSH access is limited to our internal VPN, password protected and require an additional form of verification (TOTP).
TimeKeeper takes nightly backups (retaining for 3 months) as well as can recover to a point in time within 24 hours.
Additionally TimeKeeper gets audited annually by an external professional security company for penetration testing to identify, test and resolve any possible security issues.
Where can I read more?
You can find links to additional resources below:
Our Privacy Policy
Terms and Conditions
Subprocessors
If you have any further questions, please reach out via live chat or email: support@timekeeper.co.uk.
How is the biometric data (pictures of the employees) and personal data (if any) processed?
Photos used for facial recognition checks are stored in a private encrypted at rest Amazon Web Services S3 Bucket. The photos are not accessible by the public. They are only made temporarily accessible (e.g. a time limited expiration signature is generated) when the relevant administrators/managers/employees who have access.
TimeKeeper does process personal data for the purposes of providing a specific feature. All of this data is in an opt-in nature, it is not required if you do not plan to use that feature. For a list of types of data processed, please see our privacy policy at https://www.timekeeper.co.uk/privacy/
Where is the data stored?
TimeKeeper utilises Amazon Web Services as it’s infrastructure provider, with our compute and storage being run out of the eu-west-1 (Dublin) data centre. For disaster recovery, we also have a replicated failover storage synced to eu-central-1 (Frankfurt) data centre.
Amazon Web Services is an ISO27001 secure facility ( https://aws.amazon.com/compliance/iso-27001-faqs/) and powers many of the leading websites in the world.
Who has access to this data apart from us, the customer?
Our ICO Data Protection Officer (Sean, who is also the Founder) is the only person who has access to this data.
How secure is TimeKeeper?
TimeKeeper utilises a number a protection mechanisms to protect the data stored on it’s servers, including:
All data communication happens over modern TLS protocol.
TimeKeeper compute runs in a private network with SSH access to this network limited to our ICO Data Protection Officer.
TimeKeeper compute runs in a serverless infrastructure with automated security updates provided by AWS.
SSH access is limited to our internal VPN, password protected and require an additional form of verification (TOTP).
TimeKeeper takes nightly backups (retaining for 3 months) as well as can recover to a point in time within 24 hours.
Additionally TimeKeeper gets audited annually by an external professional security company for penetration testing to identify, test and resolve any possible security issues.
Where can I read more?
You can find links to additional resources below:
Our Privacy Policy
Terms and Conditions
Subprocessors
If you have any further questions, please reach out via live chat or email: support@timekeeper.co.uk.
Updated on: 20/02/2025
Thank you!