Privacy Policy

Last updated: 9 July 2026

1. Who we are

JFDI Time Sync (the “Application”) is provided by JFDI GURU LTD, a company incorporated in the Republic of Cyprus (“JFDI GURU”, “we”, “us”, “our”).

2. Scope

This policy explains how personal data is processed in connection with the Application, which automates the transfer of time-tracking data from Teamwork to QuickBooks Online (“QBO”). It does not govern Teamwork or Intuit, each of which processes data under its own terms and policies, nor the separate privacy notices that each user organisation issues to its own staff and clients.

This Policy should be read together with our Terms of Service and, where we process personal data on your behalf, the Data Processing Agreement (Schedule 1 to the Terms). Capitalised terms used but not defined in this Policy have the meaning given in the Terms of Service. This Policy is a notice; in the event of conflict with the Terms of Service or the Data Processing Agreement, those documents prevail.

3. Our role

In operating the Application, JFDI GURU processes personal data on behalf of, and on the documented instructions of, the user organisations, which act as controllers of their employees' and clients' personal data. In this respect JFDI GURU acts as a processor (or sub-processor) within the meaning of Regulation (EU) 2016/679 (“GDPR”). For the limited operational data generated by running the Application (such as logs, authentication tokens and security records), JFDI GURU acts as controller.

4. Personal data we process

On behalf of the controllers, the Application processes:

  1. employee/user name and identifier;

  2. date and quantity of time worked (hours/minutes);

  3. project and task identifiers and names, which may include client names or identifiers;

  4. optional free-text descriptions entered by employees, which may contain client information, including personal data.

As controller of operational data, we process authentication tokens used to connect to Teamwork and QBO, and operational logs.

We do not process special categories of personal data (Article 9 GDPR), payroll or identity documents.

Separately, as controller, we process personal data of your representatives and Authorised Users that we collect directly in providing the Application, including name and business contact details, account and login identifiers, authentication tokens, records of support and other communications, and technical, usage and security logs (which may include IP addresses). We process this data to provide, administer, secure and improve the Application, to communicate with you and to meet our legal obligations, relying on the performance of our contract with you and our legitimate interests.

5. Purposes and legal basis

The sole purpose of the Application is to automate the transfer of time-tracking data from Teamwork to QBO for the controllers' accounting, costing and billing. As processor, we act only on the controllers' documented instructions; the controllers are responsible for the legal basis of the processing. For the operational data for which we are controller, we rely on the performance of our contract with you and our legitimate interests in operating and securing the Application.

6. How we obtain the data

The Application obtains time-tracking data from Teamwork via the Teamwork API. The retrieved data is temporarily stored in local working files, including an import file used for validation and processing. After validation, the Application writes the relevant time records to QBO by authenticating via OAuth.

7. Storage and retention

The Application processes data in three stages:

Stage 1. Temporary storage

During each processing cycle, the Application temporarily stores working files on JFDI GURU's server. These files include source data retrieved from Teamwork, intermediate processing files, import files, reconciliation files and related technical processing outputs. Authentication credentials are stored separately from the run working files.

Stage 2. Audit package

Once the import has been verified, the Application creates a pseudonymised copy of the processed data, retaining only pseudonymised technical records: record identifiers, dates, durations, QBO entry IDs, and reconciliation results. All personal data is removed, including employee names, client names, project names, task names, and work descriptions.

Stage 3. Purge

After the audit copy has been created and verified, the Application deletes the temporary working files.

After completion

Only the pseudonymised audit records and technical processing logs are retained.

The source records remain in Teamwork and QBO and are subject to the user's own retention policies and applicable law.

8. Hosting and international transfers

The Application runs on JFDI GURU's own infrastructure (on-premise) within the European Union.

Personal data processed by the Application is not transferred outside the European Economic Area (EEA), except in the following cases:

  1. QBO

When the Application writes time-tracking data to QBO, that data is processed by Intuit Inc. (United States). Intuit is certified under the EU-U.S. Data Privacy Framework and additionally relies on the European Commission's Standard Contractual Clauses as a transfer mechanism under Chapter V GDPR.

  1. Cloudflare

The Application uses Cloudflare, Inc. (United States) to route the authentication connection to Intuit's API. Cloudflare does not process time-tracking data. It may process technical connection data (such as IP addresses) under its own terms. Cloudflare is certified under the EU-U.S. Data Privacy Framework; should that certification lapse, transfers rely on the Standard Contractual Clauses.

9. Security

We apply appropriate technical and organisational measures to protect personal data processed through the Application, including encryption of data in transit for all connections to Teamwork and QBO, secure handling of authentication credentials, and restriction of access to the Application and its data to authorised personnel only.

10. Third parties and sub-processors

The Application connects to Teamwork (Teamwork.com) as the data source, QBO (Intuit Inc.) as the target accounting system, and uses Cloudflare, Inc. as a network routing layer for the OAuth 2.0 callback endpoint (see section 8). We do not disclose personal data to any other third party, except as required by law.

11. Data subject rights

Data we process as processor (on behalf of a controller). For the time-tracking data processed on behalf of the user organisations, individuals exercise their GDPR rights (access, rectification, erasure, restriction, objection and portability) through the relevant controller, namely the organisation that employs or contracts with them. Where we receive such a request directly, we will forward it to the relevant controller without undue delay and assist in responding.

Data we process as controller. For the personal data for which we are the controller (the account, contact, operational and security data described in section 4), individuals may exercise their rights directly with us using the contact details in section 14, and we will respond in accordance with the GDPR.

In all cases, you have the right to lodge a complaint with a supervisory authority, in particular the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus www.dataprotection.gov.cy.

12. Personal data breaches

On becoming aware of a personal data breach affecting data processed through the Application, we will notify the affected controller(s) without undue delay so that they can comply with Articles 33-34 GDPR, including any notification to the Office of the Commissioner for Personal Data Protection of Cyprus.

13. Changes

We may update this Policy from time to time. The “Last updated” date shows the current version; where changes are material we will take reasonable steps to bring them to your attention. This Policy is updated as a notice and independently of the procedure for amending the Terms of Service.

14. Contact

Postal address: Grigoriou Xenopoulou, 30, DKHG Business Centre, 3106, Limassol, Cyprus

Email: dpo@jfdi.consulting

Attention: DPO at JFDI CONSULTING