Confidential Intellectual Property
WakaTime never has access to your source code.
WakaTime plugins only send limited metadata about your IDE usage to populate your personal metrics dashboard.
Your data is stored securely in a combination of DigitalOcean Droplets and Amazon AWS Simple Storage Service.
WakaTime provides a way for account ownders to delete one’s own account and all associated data.
Within 24 hours of account deletion, WakaTime hard deletes all information from running production systems.
WakaTime service backups are destroyed within 7 days, excluding security and access logs. *
WakaTime’s Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure.
User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.
We place strict controls over our employees’ access to the data you and your users make available via the WakaTime services.
The operation of the WakaTime services requires that some employees have access to the systems which store and process customer data.
For example, in order to diagnose a problem you are having with the WakaTime services, we may need to access your customer data.
These employees are prohibited from using these permissions to view customer data unless it is necessary to do so.
We have technical controls and audit policies in place to ensure that any access to customer data is logged.
New features, functionality, and design changes go through a security review process facilitated by the security team.
In addition, our code is tested and manually peer-reviewed prior to being deployed to production.
The security team works closely with development teams to resolve any additional security concerns that may arise during development.
WakaTime also operates a public security bug bounty program.
Security researchers around the world continuously test the security of the WakaTime services, and report issues via the program.
More details of this program are available at the bounty site.
*WakaTime backups are destroyed within 7 days, except that during an on-going investigation of an incident such period may be temporarily extended.