Data privacy measures

Pausing

Complete control over when tracking happens. Pause at any time to ensure sensitive work or personal time is never captured.

• One-click pause: Stop tracking instantly from the menu bar or the tray
• Scheduled pausing: Set work hours to automatically pause outside work time
• Visual indicator: Always know when tracking is active or paused

App Exclusions

Granular control over which applications are tracked. Excluded tools are "greyed out" in the screenshot before sending for processing.

Common exclusions:

• Password managers and authentication tools
• Personal communication apps
• Financial tools, spreadsheets with sensitive data
• Meeting apps and video conferencing tools

Bring Your Own LLMs

Want complete control over raw data processing? You can bring your own LLM for the initial sensitive parts of the processing pipeline.

When you enable BYO AI, your raw activity data goes directly to your chosen provider, not through our AI partners. We support:

• Gemini via your own API key (locally encrypted)
• Any OpenAI compatible API (local or cloud-based, with locally encrypted key)

Open Source

Inspect the source code to verify all promises made here. Use Claude to audit the code if you are not technical yourself.

If you want to inspect how the BYO LLM flow works end to end, start with the public desktop repository.

Prompting

We instruct our AI models to strictly ignore any sensitive or private content that might appear in your screenshots or activity logs.

We regularly audit results and update the prompts to keep high accuracy while protecting privacy.

European Processing

We offer fully European processing where all data (storage, compute, and LLMs) is processed in the EU, hosted on Google Cloud and Google Vertex AI.

This is the case by default. See our subprocessors for more details.

Data Redactions

We already minimize data everywhere in our pipeline. You can go one step further by redacting all intermediary data after processing.

This comes at the risk of not being able to understand what tasks were based on or not making use of future features we might develop.

Editing

Full control over your summaries. Review, edit, or delete any entry at any time, before or after finalization.

• Review before sharing: Use "Finish Day" to review summaries
• Edit anytime: Modify titles - we use AI to make sure they stay close to the underlying data
• Hide tasks: Hide tasks from summaries in case of sensitive work you do not want to share
• Delete entries: Remove individual items or corresponding activity data
• Manual additions: Add missing work such as offline meetings or activity while DoneThat was paused. These will be marked as manually added

Visibility

Control who can see your work summaries. DoneThat gives you complete flexibility over sharing your productivity data.

• Private by default: Your data is only visible to you and people you accept as followers. Everybody starts here.
• Share with team: Share with members of your immediate team
• Allow org access: Allow your organization to see your summaries
• Build in public: Build fully in public for visibility and accountability

German Mode

The "German Mode" is specifically designed for maximal privacy within an organization. It comes with some trade-offs for visibility and collaboration but ensures maximal protection of employee data.

• Employee-only visibility: Data is visible only to the employee, with no access for managers or teams
• No voluntary sharing: Even voluntary sharing to teams or followers is disabled
• Default for German organisations: We enable this by default for any organization based in Germany
• Optional for everybody else: Any other organization can enable this mode in their settings