Get started Get started

Privacy Policy for Kimai Mobile

At Cloudrizon GmbH, one of our main priorities is the privacy of our users. This Privacy Policy outlines the types of information collected and recorded by the Kimai Mobile application and how we use it.

If you have additional questions or require more information about our Privacy Policy, please do not hesitate to contact us at dataprotection@kimaimobile.com.

This Privacy Policy applies exclusively to users of our mobile application with regard to the information they share and/or that is collected through Kimai Mobile. This policy does not apply to any information collected via channels other than the mobile application.

Information We Collect

The personal information you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point of collection.

If you contact us directly, we may receive additional information about you, such as your name, email address, phone number, the contents of your message and/or any attachments, and any other information you choose to provide.

When you register a Workspace in the Kimai Mobile application, we only require the data necessary to establish a valid connection to your Kimai server.

Your Data Stays on Your Device

Kimai Mobile is designed with a local-first approach. Your time tracking data (including timesheets, project names, customer names, and tags) is stored exclusively on your mobile device and communicated directly with your Kimai server. Cloudrizon GmbH does not collect, access, or store this data on its own servers.

Kimai Mobile includes two optional features that access location data, each handling it differently. For full details, see the Geofencing and Share Location Info sections below. In both cases, location data is never sent to Cloudrizon or any third party.

However, certain data is transmitted to our license verification server as described below.

License Verification Data

To validate your license, prevent fraud, and verify purchases, the Kimai Mobile app transmits the following data to the Cloudrizon license verification server:

  • Device information: A persistent unique device ID, device brand, and device model, combined into a device fingerprint used for fraud prevention and license binding.
  • App installation ID: A unique identifier derived from the device identifier, used to authenticate requests to the license server.
  • Platform and app version: Your operating system (iOS or Android) and the app version number.
  • Purchase receipt data: Purchase transaction identifiers provided by Apple (iOS) or Google Play (Android), used to verify your purchase with the respective app store.
  • Product identifier: The identifier of your purchased subscription (e.g., plan name), used to verify the purchase with the app store.
  • Workspace URL: The URL of your Kimai server, sent when checking workspace access rights. This may be considered identifiable if the URL contains company or personal information.
  • User email or username: The login credential entered for a workspace, sent when checking workspace-level license access.

The following data is never sent to the license verification server: time tracking data, timesheets, project names, customer names, tags, GPS/geofence data, or any Kimai server credentials (passwords or API tokens).

All communication with the license verification server is encrypted via HTTPS.

Location Data: Geofencing

Kimai Mobile includes an optional geofencing feature, available exclusively to enterprise users, that monitors employer-configured workplace boundaries to remind you to start or stop time tracking when arriving at or leaving a workplace. When active:

  • The app reads your GPS location (latitude, longitude, and accuracy) locally on your device.
  • Your GPS coordinates are never transmitted to any server. This includes the Cloudrizon license verification server, your Kimai server, and any third party.
  • Geofence boundary definitions (center coordinates and radius) are fetched from your own Kimai server, but no location data is sent in return.
  • Geofence configuration is cached in local device storage for offline use. Your live GPS position is never stored persistently.
  • The app may request background location permission (Always Allow Location) so that arrival and departure reminders can work even when the app is not actively open. This permission is used solely for local geofence monitoring and does not result in any location data being transmitted externally.

This feature is off by default, requires an enterprise license, and must be explicitly enabled by the workspace administrator on their organization’s Kimai server. It does not affect regular users.

Location Data: Share Location Info

Kimai Mobile includes an optional Share Location Info feature that captures GPS coordinates when you start and stop a timer, attaching them as metadata to the corresponding timesheet entry on your own Kimai server. This feature is available exclusively to enterprise users and must be explicitly enabled by the workspace administrator on their organization’s Kimai server. When active:

  • The app captures your GPS coordinates (latitude and longitude) at the moment you start and stop a timer.
  • These coordinates are transmitted to and stored on your own Kimai server as timesheet metadata.
  • If the device is offline at the time, coordinates are stored locally and synced to the server once connectivity is restored.
  • Location coordinates are never sent to Cloudrizon or any third-party service.

This feature is off by default, requires an enterprise license, and must be explicitly enabled by the workspace administrator on their organization’s Kimai server. It does not affect regular users.

Third-Party Privacy Policies

The Kimai Mobile Privacy Policy does not extend to third-party services or websites. As part of license verification, purchase receipt data is shared with the following third parties:

We encourage you to review the respective privacy policies of any third-party services you interact with for more detailed information, including their practices and instructions on how to opt out of certain data collection.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Kimai Mobile does not sell personal data.

Under the California Consumer Privacy Act (CCPA), California consumers have the right to:

  • Request disclosure: Request that a business disclose the categories and specific pieces of personal data it has collected about them.
  • Request deletion: Request that a business delete any personal data it has collected about them.
  • Opt out of sale: Request that a business that sells personal data stop selling their data.

If you wish to exercise any of these rights, including with regard to your license verification data, please contact us. We will respond to your request within one month.

GDPR Data Protection Rights

We want to ensure you are fully aware of your data protection rights. Under the General Data Protection Regulation (GDPR), every user is entitled to the following with respect to any personal data processed by Kimai Mobile, including license verification data:

  • Right to access: You have the right to request copies of your personal data. A small fee may apply for this service.
  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate, or complete any information you believe is incomplete.
  • Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

If you wish to exercise any of these rights, including with regard to your license verification data, please contact us. We will respond to your request within one month.

Children’s Information

Protecting the privacy of children is especially important to us. We encourage parents and guardians to actively monitor and guide their children’s online activity.

Kimai Mobile does not knowingly collect any personally identifiable information from children under the age of 13. If you believe that a child has provided such information through our application, please contact us immediately. We will make every reasonable effort to promptly remove that information from our records.

Consent

By using the Kimai Mobile application, you consent to this Privacy Policy and agree to its terms.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you can reach us at:

Email: dataprotection@kimaimobile.com

Copyright 2026Cloudrizon GmbH – All rights reserved

Hit enter to search or ESC to close

Get started