Privacy Policy

Last Updated: May 11, 2026

ProvidTime is a product of Providence Solutions, LLC ("Providence Solutions," "we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, store, retain, and protect information when you access or use our website at prvdtime.com, any affiliated subdomains, our SaaS platform, APIs, and all related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to information collected through the Services, including information collected when you:

• visit our website;
• create an account;
• subscribe to or purchase our Services;
• enter, upload, submit, or generate Content through the platform (including timesheets, time entries, charge codes, notes, and supporting documents);
• communicate with us for support, sales, security, or other operational purposes; or
• otherwise interact with ProvidTime or Providence Solutions in connection with the Services.

This Privacy Policy does not apply to third-party websites, services, or platforms that are not owned or controlled by Providence Solutions, even if they are linked to or accessible through the Services.

2. Definitions

For purposes of this Privacy Policy:

• "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual, household, or identifiable person, as defined by applicable law.
• "Organization" or "Tenant" means a company, entity, institution, or other business customer that registers for, purchases, or uses the Services.
• "User" means any individual who accesses or uses the Services, whether on their own behalf or on behalf of an Organization.
• "Content" means any data, text, files, records, timesheets, time entries, charge codes, project assignments, work descriptions, notes, certifications, approvals, supporting documents, communications, submissions, metadata, or other materials that are uploaded to, entered into, created within, generated through, transmitted through, or otherwise processed by the Services.
• "Platform" means the ProvidTime application, related websites, APIs, hosted environments, software components, infrastructure, and associated systems.
• "Applicable Law" means any law, regulation, rule, ordinance, directive, or legally binding requirement applicable to the collection, use, storage, disclosure, retention, transfer, or protection of information.

3. Information We Collect

We may collect information directly from you, automatically through your use of the Services, from your Organization, and from third parties or public sources where permitted by law.

3.1 Information You Provide Directly

We may collect information that you voluntarily provide, including:

Account and Registration Information. This may include your name, business email address, phone number, company name, job title, employee number, business address, account credentials, supervisor designations, hire date, and other information provided during account registration, onboarding, or account administration.

Organization and Business Profile Information. This may include business descriptions, organizational structure, contract metadata, CLINs and period of performance data, charge code definitions, holiday calendars, paid time off policies, training content, and other information your Organization elects to provide for use within the Services.

Payment and Billing Information. This may include billing name, billing address, subscription details, transaction metadata, payment status, and limited payment method information necessary for subscription management and billing administration. Payment card processing may be handled by third-party payment processors. We do not necessarily store full payment card numbers on our own systems.

Authentication and Security Information. This may include usernames, encrypted or hashed credentials, multi-factor authentication information, security challenge responses, account recovery information, single sign-on identifiers, and related authentication artifacts necessary to manage secure access to the Services.

Timesheet Content and User Submissions. We may collect timesheets, time entries (including work dates, start and end times, break durations, hours, and charge code selections), entry notes and work descriptions, certifications and attestations, approval and rejection decisions and the reasons given, correction requests, training acknowledgments, and any other materials submitted to or generated through the Services.

Communications. We may collect the content of your communications with us, including messages sent through forms, customer support inquiries, sales requests, product feedback, security notifications, and other communications.

3.2 Information Collected Automatically

When you access or use the Services, we may automatically collect certain technical and usage information, including:

Usage Information. This may include pages visited, features used, actions taken, time stamps, workflow activity, login and logout events, session information, clickstream data, feature interaction patterns, and general platform usage behavior.

Device and Technical Information. This may include internet protocol (IP) address, browser type, device type, operating system, referring URLs, approximate geolocation derived from IP address, language settings, identifiers associated with your device or browser, and similar technical information.

Log and Diagnostic Information. This may include server logs, API request metadata, error reports, crash data, performance diagnostics, authentication activity, security events, and related telemetry necessary to maintain, secure, and improve the Services. ProvidTime also maintains a permanent, append-only audit trail of every state-changing action (creation, edit, submission, approval, rejection, deletion) on Content as required to support U.S. Defense Contract Audit Agency ("DCAA") and similar compliance regimes.

Cookies and Similar Technologies. We may use cookies, session tokens, browser storage, and similar technologies to support authentication, security, performance, user preferences, and core platform functionality. Additional details are provided in the Cookies and Similar Technologies section below.

3.3 Information from Third Parties and Other Sources

We may receive information from third-party sources, public sources, your Organization, or service providers, including:

• information provided by your employer or Organization in connection with account setup or administration;
• information from payment processors regarding transaction status and subscription state;
• identity and authentication information from single sign-on providers or identity providers (such as Microsoft Entra ID or SAML-based providers);
• holiday calendars and publicly available reference data used to support platform features;
• security, fraud-prevention, or verification data from service providers; and
• other information lawfully provided to us by third parties in connection with operation of the Services.

4. How We Use Information

We may use the information we collect for legitimate business, operational, contractual, legal, compliance, security, and service-related purposes, including the following:

4.1 To Provide and Operate the Services

We may use information to:

• create, administer, and maintain user accounts;
• authenticate users and manage account access;
• provide platform functionality and core service features, including timesheet entry, charge code management, approval workflows, holiday calendars, and time off balance tracking;
• receive, process, store, organize, display, analyze, and generate Content;
• support DCAA-Compliant timekeeping practices, including contemporaneous entry capture, supervisor approvals, segregation of duties, certifications, and audit trail preservation;
• process subscriptions, manage service plans, and administer customer accounts; and
• provide customer support, onboarding, and technical assistance.

4.2 To Improve, Enhance, and Develop the Services

We may use certain information, including submitted information, usage information, operational data, feedback, and platform interaction data, for internal business purposes such as:

• improving product performance, quality, reliability, and usability;
• enhancing existing features and developing new features, products, tools, and services;
• improving workflow logic, user experience, accuracy, responsiveness, and service functionality;
• conducting internal testing, troubleshooting, debugging, and quality assurance;
• performing analytics, research, trend analysis, benchmarking, and operational review; and
• refining and improving the effectiveness, relevance, and usefulness of the Services.

Where appropriate and permitted by law, we may use information in aggregated, anonymized, de-identified, transformed, or otherwise non-identifiable form for product enhancement, internal research, service optimization, analytics, and business operations.

4.3 To Secure and Protect the Services

We may use information to:

• detect, prevent, investigate, and respond to unauthorized access, misuse, abuse, fraud, or other harmful activity;
• monitor compliance with our contractual terms, acceptable use standards, and internal controls;
• maintain system integrity, availability, and resilience;
• enforce account restrictions, user permissions, and security requirements;
• protect the rights, property, safety, and legal interests of Providence Solutions, our customers, our users, and others; and
• support incident response, auditing, logging, and forensic review.

4.4 To Communicate with You

We may use information to:

• send service-related notices, confirmations, updates, alerts, and administrative messages (including timesheet reminders, submission requests, approval notifications, rejection notices, and training requirements);
• respond to customer service, technical support, security, and billing inquiries;
• communicate with Organization administrators regarding account, subscription, usage, or security matters;
• notify users of material product or policy changes; and
• provide other communications necessary to operate the Services and manage customer relationships.

4.5 For Legal, Compliance, and Business Purposes

We may use information to:

• comply with legal obligations, regulatory requirements, lawful requests, and governmental inquiries;
• establish, exercise, or defend legal rights and claims;
• enforce our agreements, policies, and business terms;
• support audits, investigations, due diligence, internal governance, and risk management, including audits conducted by or on behalf of your Organization or government auditors;
• evaluate or facilitate actual or proposed mergers, acquisitions, investments, financing transactions, reorganizations, sales of assets, or similar business transactions; and
• carry out other lawful and legitimate business purposes consistent with this Privacy Policy.

5. How We Disclose Information

We do not sell Personal Information in the ordinary meaning of the term, and we do not disclose Personal Information to third parties for their own independent direct marketing purposes without appropriate legal basis or consent where required.

We may disclose information in the following circumstances:

5.1 Service Providers and Contractors

We may disclose information to service providers, contractors, subprocessors, consultants, and vendors that perform services on our behalf or support the operation of the Services, including entities that assist with:

• hosting and infrastructure;
• billing and payment processing;
• authentication and identity management;
• customer support and communications;
• analytics and diagnostics;
• storage, backup, and recovery;
• security monitoring and fraud prevention;
• email delivery, notification services, and platform functionality; and
• other operational or technical functions reasonably necessary to provide and improve the Services.

Such parties may receive information only as necessary to perform services for us or on our behalf, subject to contractual, legal, or operational restrictions as applicable.

5.2 Within Your Organization

If you use the Services through an Organization, authorized administrators, managers, supervisors, and designated representatives of that Organization may be able to access, manage, export, review, modify, or delete certain account information, user information, timesheets, time entries, approvals, audit records, and other Content associated with the Organization's workspace, subject to the Organization's internal policies and configuration choices. Supervisors and managers may review and approve, reject, or correct timesheets submitted by employees under their supervision.

Providence Solutions is not responsible for the privacy, employment, monitoring, or internal administrative practices of customer Organizations.

5.3 Legal, Regulatory, and Protective Disclosures

We may disclose information where we determine, in good faith, that disclosure is necessary or appropriate to:

• comply with applicable law, regulation, court order, subpoena, or lawful governmental request (including requests from DCAA or other government auditors with proper authority);
• enforce our agreements, terms, and policies;
• investigate, prevent, or respond to suspected fraud, abuse, security incidents, or unlawful conduct;
• protect the rights, property, safety, or legal interests of Providence Solutions, our users, our customers, or others; or
• support legal process, compliance review, auditing, or dispute resolution.

5.4 Business Transactions

We may disclose or transfer information in connection with any actual or proposed merger, acquisition, financing, due diligence review, restructuring, reorganization, dissolution, bankruptcy, asset sale, transfer of ownership, or similar corporate transaction. In such circumstances, information may be transferred as a business asset, subject to applicable confidentiality and legal obligations.

5.5 Aggregated or De-Identified Information

We may disclose aggregated, anonymized, de-identified, or otherwise non-identifiable information for lawful business purposes, including analytics, product development, benchmarking, market analysis, service improvement, research, reporting, and strategic planning, provided that such information cannot reasonably be used to identify an individual.

6. Data Retention

We retain information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law or by contract.

Retention periods may vary depending on the nature of the information, the context in which it was collected, the sensitivity of the information, contractual requirements, legal obligations, security needs, and legitimate business interests. Timesheet records, approvals, certifications, and related audit trails are typically retained for the period required by U.S. federal contracting and DCAA-Compliant timekeeping requirements, which generally calls for a minimum of three years following final payment under a contract, and longer in certain circumstances.

We may retain information for purposes such as:

• maintaining active customer accounts and service delivery;
• preserving business and transactional records;
• meeting tax, accounting, contract administration, and legal compliance requirements;
• preserving DCAA-Compliant audit trails on timekeeping records;
• maintaining backup, archival, and disaster recovery systems;
• protecting against fraud, misuse, or unauthorized access;
• investigating or resolving disputes, complaints, or claims;
• enforcing agreements and protecting legal rights; and
• supporting internal auditing, security review, and operational continuity.

When information is no longer reasonably necessary, we will take commercially reasonable steps to delete, anonymize, de-identify, archive, or otherwise render it unusable in accordance with our retention practices and applicable law. Please note that residual copies of information may remain in backup systems for a limited period of time as part of routine backup and recovery operations.

7. Data Security

We implement and maintain administrative, technical, organizational, and physical safeguards designed to protect information from unauthorized access, acquisition, disclosure, alteration, misuse, destruction, or loss.

These safeguards may include, as appropriate:

• access controls and permission restrictions, including role-based access controls;
• authentication controls and account security measures, including multi-factor authentication;
• encryption or equivalent protective measures for data in transit and, where appropriate, at rest;
• network segmentation, firewalls, logging, monitoring, and alerting;
• secure software development and change management practices;
• personnel access limitations and confidentiality expectations;
• vulnerability management and remediation measures;
• backup and recovery controls; and
• other reasonable security practices appropriate to the nature of the Services.

However, no security measure is infallible, and no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, while we strive to protect information using reasonable safeguards, we cannot guarantee absolute security.

8. Multi-Tenant Environment and Data Segregation

ProvidTime operates in a multi-tenant or shared infrastructure environment in which multiple customer Organizations use the Services on common underlying systems.

We maintain safeguards designed to logically separate customer environments, restrict cross-tenant access, and preserve customer confidentiality. These safeguards include row-level database isolation, tenant-aware access controls, application-layer permission enforcement, logical data partitioning, auditing, and other internal controls designed to limit unauthorized access between Organizations.

Notwithstanding these safeguards, customers remain responsible for managing their own internal access permissions, authorized users, supervisor and approver designations, and account administration within their Organization's environment.

9. Product Functionality, Automation, and Service Enhancement

The Services include automated, algorithmic, analytical, or other functionality that processes Content and user inputs in order to support timekeeping, generate reports, calculate balances, enforce policies, surface notifications, and produce other service features.

In providing and improving these features, we may use certain information, including submitted Content, account context, usage information, configuration data, and related inputs, for the purpose of:

• providing requested functionality and platform output;
• calculating time off accruals, balances, and rollover behavior;
• generating reports, summaries, audit views, and compliance evidence;
• improving service quality, relevance, structure, and performance;
• enhancing feature accuracy, usability, and workflow effectiveness;
• tuning, testing, validating, or refining internal service behavior, controls, and product capabilities, where permitted by law and contract;
• diagnosing errors, failures, edge cases, or misuse patterns; and
• supporting internal product development, service administration, and customer experience improvement.

Users remain responsible for reviewing and validating outputs generated through the Services before relying on or using them for business, contractual, legal, regulatory, or submission purposes.

10. Your Rights and Choices

Depending on your jurisdiction and the nature of your relationship with us, you may have certain rights regarding your Personal Information, subject to verification, applicable exceptions, and legal limitations.

These rights may include:

• the right to request access to certain Personal Information we hold about you;
• the right to request correction of inaccurate Personal Information;
• the right to request deletion of certain Personal Information;
• the right to request restriction of or object to certain processing activities;
• the right to withdraw consent where processing is based on consent;
• the right to data portability where required by law; and
• the right not to be discriminated against for exercising applicable privacy rights.

If you access the Services through an Organization, certain requests relating to Content or Organization-controlled data — including timesheets, time entries, approvals, and audit records — may need to be directed to your Organization administrator first, as the Organization may control the relevant workspace, account, or data environment. Additionally, certain timekeeping records may be subject to mandatory retention obligations under federal contracting rules and may not be eligible for deletion until those obligations have expired.

We may take reasonable steps to verify your identity before processing a privacy rights request. We may also deny or limit requests where permitted by law, including where the request cannot be verified, where an exception applies, where compliance would impair the rights of others, or where the data is subject to legal or contractual retention obligations.

To exercise applicable rights, you may contact us using the contact information listed below.

11. California Privacy Notice

If you are a California resident, you may have rights under applicable California privacy laws, including the right to know, access, correct, delete, and request information regarding certain categories of Personal Information collected, used, disclosed, or retained by us, subject to exceptions and verification requirements.

We may collect the following broad categories of Personal Information, depending on how you interact with the Services:

• identifiers and contact information;
• customer records and billing-related information;
• commercial or transaction information;
• internet, network, and device activity information;
• professional or employment-related information;
• account credentials and authentication-related information;
• timesheet entries, work descriptions, and related Content; and
• inferences derived from the foregoing in connection with operation and improvement of the Services.

We collect and use such information for business and commercial purposes described in this Privacy Policy, including service delivery, account administration, security, communications, legal compliance, internal analytics, and product enhancement.

We do not sell Personal Information in the ordinary meaning of that term. We also do not knowingly share Personal Information for cross-context behavioral advertising.

California residents may submit privacy requests using the contact information provided below.

12. International Users

If you access the Services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States or other jurisdictions where we or our service providers operate.

These jurisdictions may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we will take appropriate measures designed to provide lawful safeguards for cross-border transfers of Personal Information.

If applicable law grants you additional privacy rights, we will honor such rights to the extent required by law, subject to verification and lawful limitations.

13. Cookies and Similar Technologies

We may use cookies, session identifiers, local storage, and similar technologies to operate, secure, maintain, and improve the Services.

These technologies may be used for purposes such as:

• maintaining user sessions;
• remembering preferences and settings;
• authenticating users and preventing unauthorized access;
• measuring performance and diagnosing service issues;
• preserving platform functionality; and
• supporting security, integrity, and operational analytics.

Some cookies or similar technologies may be strictly necessary for the Services to function properly. If you disable certain cookies or browser storage through your browser or device settings, portions of the Services may not function as intended.

14. Third-Party Services and Links

The Services may reference, integrate with, or contain links to third-party services, websites, software, tools, or content not owned or controlled by Providence Solutions (including, where applicable, identity providers, email delivery services, payment processors, and infrastructure providers). We do not control and are not responsible for the privacy, security, content, availability, or practices of third parties.

Your interactions with third-party services are governed by the applicable terms and privacy policies of those third parties, and we encourage you to review them carefully.

15. Children's Privacy

The Services are intended for business and professional use and are not directed to children. We do not knowingly collect Personal Information directly from children under the age required by applicable law for independent consent.

If we learn that we have collected Personal Information from a child in a manner inconsistent with applicable law, we will take commercially reasonable steps to delete such information.

16. Data Breach and Security Incident Response

We maintain internal processes designed to detect, assess, contain, investigate, and respond to suspected security incidents affecting the Services.

If we determine that a security incident has resulted in unauthorized access to, or acquisition of, Personal Information and notification is required by applicable law, we will provide notice in accordance with applicable legal requirements and within the timeframes required by law.

17. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our Services, legal obligations, operational practices, security measures, or business needs.

When we make material changes, we may update the "Last Updated" date above and provide additional notice as appropriate under the circumstances, such as by posting a notice through the Services or sending an email notification where required or appropriate.

Your continued use of the Services after the effective date of an updated Privacy Policy constitutes acknowledgment of the revised Privacy Policy to the extent permitted by law.

18. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or would like to submit a privacy-related request, please reach out through our Contact Us page or email [email protected].