Hoply Hoply

Privacy Policy

Last updated: February 2026

1. Introduction

Hoply (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

2. Information We Collect

2.1 Account Information

When you create an account through Clerk (our authentication provider), we collect:

  • Email address
  • Name
  • Profile picture (if provided via OAuth)

2.2 Service Connection Data

When you connect third-party services, we receive OAuth tokens for:

  • Harvest: Access to time entries, projects, and tasks
  • Google Calendar: Access to calendar events
  • Jira: Access to issues, projects, and worklogs

We never store your passwords for these services. All connections use industry-standard OAuth 2.0.

2.3 Usage Data

We collect anonymized usage analytics through Plausible Analytics, a privacy-first analytics platform that:

  • Does not use cookies
  • Does not collect personal data
  • Is fully GDPR, CCPA, and PECR compliant
  • Stores no data in the user’s browser

2.4 Time Tracking Data

We store time entries, calendar views, and AI conversation data that you create within Hoply.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Sync data between your connected services (Harvest, Google Calendar, Jira)
  • Provide AI-powered insights and suggestions
  • Send service-related communications
  • Detect and prevent technical issues

4. Data Storage and Security

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth tokens are stored encrypted and are never exposed to client-side code
  • Our infrastructure is hosted on DigitalOcean with industry-standard security practices
  • We perform regular security audits

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data with:

  • Clerk: For authentication services
  • Connected services: Only the data you explicitly authorize through OAuth
  • Law enforcement: When required by law

6. Your Rights

Under GDPR (EU residents):

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Request restriction of processing
  • Objection: Object to processing of your personal data

Under CCPA (California residents):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination

7. Data Retention

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: Data is permanently deleted within 30 days of account deletion
  • OAuth tokens: Revoked immediately upon service disconnection

8. Cookies

Hoply uses minimal cookies:

  • Essential cookies: Authentication session cookies (via Clerk)
  • No tracking cookies: We use Plausible Analytics which is cookieless

For more information, see our Cookie Policy.

9. Children’s Privacy

Hoply is not intended for children under 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]