WorkComposer — Data Retention Policy
Last modified: July 8, 2026
This policy applies to the WorkComposer time-tracking and workforce-monitoring service (the “Services”) operated by WorkComposer Inc (the “Company”, “we”, “us”).
Defined terms
- Customer — the organization that subscribes to the Services and controls how its workforce is monitored. Under GDPR the Customer is the data controller.
- WorkComposer / we / us — WorkComposer Inc, which operates the Services on the Customer's behalf. Under GDPR we are the data processor.
- Monitored Users — the Customer's employees, contractors, or other authorized users whose devices run the WorkComposer desktop tracker. They are the data subjects.
- Monitoring Data — screenshots, activity levels, application-usage records, visited-URL records, and time-tracking (timeframe) records collected from Monitored Users' devices.
- Account Data — the Customer's account, user profile, organization, project/task, and billing records.
- Subprocessor — a third party we engage to help deliver the Services (see our Subprocessor list).
1. Our retention statement
WorkComposer retains data only for as long as it is needed to provide the Services to our Customers, to meet our legal and contractual obligations, and to resolve disputes. We enforce our retention limits automatically.
Monitoring Data — retained for 1 year. Screenshots, activity levels, application and URL records, and time-tracking records are automatically and permanently deleted once they are more than one (1) year old. This limit runs automatically every day; no manual step or Customer request is required for it to take effect.
Account and billing data is retained for the life of the Customer's subscription and for a limited period afterward as described below.
Account closure (voluntary). When an Owner-role user confirms deletion of the account, we run a full purge of that Customer's organization data — including Monitoring Data, users, settings, projects, and tasks — promptly, as described in Section 3. Deletion is irreversible and access is lost immediately.
Account closure (non-payment / abandonment). An account whose invoices remain unpaid for more than approximately two (2) months may be deleted. Before any such deletion we give at least fourteen (14) days' advance warning notice to the account's registered email address.
Legal holds. In narrow cases (for example, an active legal claim or a regulatory or law-enforcement request) we may retain specific data beyond these limits until the hold is lifted. See Section 4.
If you are a Monitored User and want to know what data your employer collects about you or how long it is kept, please contact your employer (the data controller). See “How Monitored Users exercise their rights” in our Privacy Policy and our Employee Privacy Notice.
2. Account and billing data retention
- Account Data (organization, users, settings, projects, tasks) is retained for the duration of the subscription. On account closure it is purged per Section 3.
- Billing records. Invoices and payment records are processed by our payment Subprocessor (Stripe) and are also retained by us to the extent required for tax, accounting, and audit purposes, for seven (7) years as required by applicable tax and accounting law.
- Support correspondence (emails to support@ / admin@) is retained for approximately two (2) years — the period needed to resolve and reference support matters.
- Analytics and lead data (website analytics and marketing-lead records) is retained for approximately fourteen (14) months.
- Incident records (personal-data breach records under GDPR Art. 33(5) and related incident logs) are retained for three (3) years.
- Operational logs (transactional email records, event logs, one-time tokens, API and audit logs) are retained for shorter periods — from three (3) months up to one (1) year depending on the log type — and then automatically deleted.
3. Deletion on account closure
Account deletion is self-service and genuine — it is not a soft flag. An Owner-role user initiates deletion (email-confirmed) and our account-purge routine permanently removes the Customer organization's data, including app-blacklists, tasks, sprints, projects, screenshots, settings, timeframes, tracking, users and their auth tokens, roles, scheduled-task instances and their on-disk reports, and finally the Organization record itself.
- Deletion is irreversible and access is lost immediately.
- We recommend Customers retrieve anything they need before deleting, because we cannot restore purged data.
- Purge is designed to run to completion; large organizations may be processed across multiple maintenance passes.
Backups and Subprocessor-side copies (for example, transient S3 versioning and log retention at AWS) are cleared on their own cycles and are not indefinitely retained.
4. Legal-hold exception
- comply with a legal obligation, court order, subpoena, or valid law-enforcement request;
- establish, exercise, or defend a legal claim; or
- meet a documented contractual retention requirement with a Customer.
A legal hold is scoped as narrowly as possible (specific accounts/records/date ranges), documented, owned by the privacy contact / account owner (privacy@workcomposer.com), and lifted as soon as the basis ends, after which normal retention resumes. Legal holds are the only sanctioned reason to retain data beyond the schedule above.
5. Review
This policy is reviewed at least annually and whenever our retention logic materially changes. Any change to a published retention number requires confirmation that our systems enforce it.
Contact: privacy@workcomposer.com · support@workcomposer.com