Privacy policy
Effective July 2, 2026
Tockly is operated by Iluvatar LLC (“we”, “us”), the data controller for the data described here. Questions and requests: hello@tockly.app.
Tockly is a work-tracking product: a native capture agent records how work happens on your machine and a web dashboard shows it back. This page says exactly what is collected, what is never collected, and who can see it. It is written to be read, not skimmed past.
What we collect
- Account data. Your email address and authentication identifiers (password hash or Google sign-in identity), handled by our auth provider (Supabase).
- Per-minute activity. For each tracked minute: the frontmost app, its window title, input counts (keystrokes, clicks, scrolls, mouse movement, modifier keys, all as numbers), seconds idle, seconds the microphone or camera was in use, the work classification (hands-on / agent / steering / idle), and the project folder the work maps to.
- Screenshots. A periodic still of the screen (roughly one per ten-minute block while tracking), stored with the app and window title active at capture. Capture is skipped whenever the screen is locked.
- AI-agent activity. When you connect an agent integration (e.g. the Claude Code hook): the agent and model names, event type, tool names it invoked, token counts, and the project folder. This is what powers the human/agent split.
- Device and session metadata. A device identifier, platform, app version, and session start/end times.
- Website and dashboard analytics. We use Mixpanel (product analytics, including session replay of our own web dashboard) and Sentry (error and performance reporting) to operate and improve the product.
What we never collect
- No keystroke content. The input monitor is listen-only and counts events. Which keys, what you typed, form contents, passwords: never captured, by design. A count is a metric; content would be a keylogger, and Tockly is not one.
- No audio or video. Microphone and camera figures are seconds-in-use only. No recording, no listening, no frames.
- No message or email content. Tockly sees app names and window titles, not what is inside your apps. (Note that window titles themselves can contain text like a document name or email subject. That is the extent of it.)
- No sale of data, no advertising use. Your data exists so you (and your organization, if you join one) can see the record of work. That is its only use.
Where your data lives
Data is stored in Supabase (Postgres and private object storage) and served by Vercel. Every row is scoped to your user account with database-enforced row-level security; isolation is a property of the database, not just application code. Screenshots live in a private storage bucket and are only served through short-lived signed URLs to accounts allowed to see them.
If you are part of an organization
Tockly is also a team-visibility product, and we are direct about what that means: if you join an organization workspace (or your employer or client provisions your account), that organization's administrators can see your tracked data: activity, classifications, screenshots, and agent analytics. If you track purely for yourself and join no organization, your data is visible to you alone.
Service providers
We share data only with the processors that run the product: Supabase (database, storage, authentication), Vercel (hosting), Resend (transactional email), Google (only if you sign in with Google), Mixpanel (analytics), and Sentry (error reporting).
Retention and deletion
We keep your data while your account is active. To export your data or delete your account and everything under it, email hello@tockly.app and we will complete the request within 30 days. Deleting the macOS app stops all capture immediately; nothing is collected while the agent isn't running or tracking is paused.
Changes
If this policy changes, we update this page and its effective date. Material changes to what we collect will be announced to account holders by email before they take effect.
Iluvatar LLC · hello@tockly.app