Privacy Policy

Last updated: December 21, 2025

1. Introduction

Danwel ("we", "our", or "us") operates the Danwel service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

All data we collect is essential for providing the Service to you. We do not collect data for advertising or other purposes unrelated to the functionality of the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name and email address
  • Password (stored securely using one-way hashing)
  • Timezone and work schedule preferences (work days, work hours)
  • Two-factor authentication data if enabled (encrypted)

2.2 Organization Information

When you create or join an organization, we store:

  • Organization name
  • Billing email address
  • Default hourly rate and timezone settings

2.3 Time Planning Data

When you use our time planning features, we store:

  • Time blocks (title, description, start/end times, billable status)
  • Client information (name, email address, hourly rates)
  • Project information (name, color, hourly rates)

2.4 Third-Party Integration Data

When you connect third-party services such as Google Calendar or Moneybird, we store:

  • OAuth access and refresh tokens (encrypted)
  • Connected account email address
  • Calendar names, identifiers, and event data for synchronization
  • External IDs for synced clients, projects, and time entries

2.5 Invoice Data (Optional)

If you choose to activate invoice synchronization with Moneybird, we store the following invoice data to display payment status and totals per client:

  • Invoice number and status (draft, sent, paid)
  • Invoice amounts
  • Invoice date, due date, and payment date

This data is only collected after you explicitly activate invoice synchronization in your settings. You can disable this feature at any time.

2.6 Automatically Collected Information

We automatically collect the following information for security and audit purposes:

  • IP address
  • Browser type and user agent
  • Session data
  • Audit logs of actions performed (for security monitoring)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Sync your time blocks with connected calendars
  • Sync client and project data with invoicing services
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Protect against fraudulent or illegal activity

4. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information. This includes:

  • Encryption of sensitive data at rest and in transit
  • Secure password hashing using modern algorithms
  • Regular security audits and updates
  • Access controls and audit logging

Your data is stored on secure servers within the European Union.

5. Data Sharing and Disclosure

We do not sell, trade, rent, or share your personal information with third parties. Your data remains within our Service.

  • When you connect third-party services (Google Calendar, Moneybird), you authorize data exchange directly between our Service and that third party. We do not share your data with these services on our own initiative - this only happens when you explicitly connect an integration.
  • We may disclose information to comply with legal obligations
  • We may disclose information to protect our rights and prevent fraud

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request a copy of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your data
  • Right to data portability: You can request your data in a portable format
  • Right to withdraw consent: You can disconnect third-party integrations at any time
  • Right to object: You can object to certain processing of your data

To exercise any of these rights, please contact us using the information below.

7. Cookies

We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the Service to function and cannot be disabled. We do not use tracking or advertising cookies.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. You can delete your account at any time, which will result in the deletion of your personal data, except where we are required to retain it for legal purposes.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Danwel
Waldorpstraat 5
2521CA Den Haag
Netherlands

Email: info@danwel.nl