Security

HourTrace uses secure sign-in and server-side session checks before account data is served. Keep your sign-in provider protected, and contact support if you believe your account has been accessed without permission.

HourTrace is designed so each account can access only its own user-owned records through the application. Data access rules are enforced on the server and database layers, not left to the browser interface alone.

Administrative access is limited to operating, supporting, securing, and legally protecting the service. Access to production systems is kept narrow and reviewed as the product matures.

HourTrace uses encrypted HTTPS connections between your browser and the service. The app also relies on managed infrastructure providers with their own security controls for hosting and data storage.

If you believe you have found a security issue, send the report to support@hourtrace.com with enough detail to reproduce the concern. Do not test against accounts or data that are not yours, and do not modify, download, or share another person's data while investigating.

If HourTrace learns of a security incident that may affect user data, the issue will be investigated, contained, fixed, and verified. HourTrace will notify affected users when required by law or when the issue creates a meaningful risk to their account content.