Frequently Asked Questions

No. OvertimeLog is a desktop application. It talks to the Slack API directly from your machine and stores everything in a local SQLite file. There is no OvertimeLog cloud — we don't operate one. You can verify this by running the app offline with a network monitor: the only outbound traffic is to slack.com (and, if you enable it, to the AI endpoint you configured).

OvertimeLog uses a user token, not a bot. There is no "OvertimeLog" bot added to your workspace and no install entry in the workspace admin panel. From Slack's side, the API calls look like any other request made by your own account. That said — if your employer runs network monitoring or endpoint-management software on your device, they may see app-level network traffic there. Use OvertimeLog on personal hardware where possible.

Captured Slack messages, OAuth tokens, settings, and exports live in a single application-data folder: %APPDATA%\OvertimeLog\ on Windows, ~/Library/Application Support/OvertimeLog on macOS, ~/.local/share/OvertimeLog on Linux. Full breakdown in the Privacy Policy.

No. No Google Analytics on the website, no telemetry in the app, no usage metrics, no crash reporting. This is an architectural commitment, not just a marketing line — see the Privacy Policy.

Uninstalling the app does not delete the app-data folder. Your Slack history, licence key, and exports stay on disk so you can reinstall later without losing them. To wipe everything, delete the folder manually.

Yes. Settings → 🛡️ Privacy & GDPR → Download all data (JSON). The export covers every user-owned table in the local database. Sensitive fields (password hash, AI API key, Slack OAuth tokens) are redacted in the export for safety.

In the vast majority of jurisdictions, you are allowed to keep a record of your own working time and the messages sent to you — that's the whole premise of working-time law. That said, employment and data-protection rules vary: some workplaces restrict unofficial exports of internal communications, and some countries have specific rules about employee recording. When in doubt, check with your works council, union, or an employment lawyer. See the Disclaimer Employer notice template.

It depends on the forum. A labour inspectorate or works council is usually willing to consider timestamped records with permalinks and SHA-256 hashes, especially where the employer failed to maintain the "objective and reliable" system required by the CCOO ruling. Courts apply their own rules of evidence. The hashes prove local tamper-evidence, not authorship — see §3 of the Disclaimer.

The architecture is designed around GDPR principles: processing is local, the lawful basis is legitimate interest (Art. 6(1)(f)), and data-subject rights are exercised directly in the app. You remain the data controller for data on your device — and that data includes messages from coworkers, so treat it accordingly (don't share unredacted exports casually; use Privacy Mode when handing anything to a third party).

No. OvertimeLog authenticates with your own Slack user token via OAuth. You're authorising the app to read data you can already see in the Slack client — no admin elevation, no workspace install.

Read-only user scopes for channels, groups (private channels), IM (direct messages), and MPIM (multi-person DMs), plus users:read for display names. Exact list is shown in the OAuth consent screen during setup and is documented in the in-app Settings → About page.

Yes — Settings → Slack → Disconnect revokes the token and stops the app from making any further API calls. Your previously captured data stays local until you delete it.

AI summaries are off by default. If you turn them on, message content is sent to whatever AI endpoint you configure in Settings — a local Ollama/LM Studio instance (recommended for privacy), or an OpenAI-compatible cloud provider if you prefer. OvertimeLog does not host any AI service. When you point it at a cloud provider, that provider's policies apply to the content you send.

Slack interactions are detected automatically from after-hours messages in your workspace. They carry an SHA-256 evidence hash, a permalink back to Slack, and a timestamp captured at ingestion — so a recipient can verify the row matches a real Slack event.

Manual entries cover the work that didn't leave a Slack trace: a 90-minute incident debug via PagerDuty, a client call on Zoom, a pairing session in VS Code Live Share, a Saturday in the server room. You log them by hand from the dashboard. They flow into the same billing math and exports as Slack interactions, but the PDF and Excel mark them explicitly: [M] prefix on the channel, a yellow row tint, an evidence row reading [manually logged] with n/a (manual) in the SHA-256 column. That difference matters — the recipient should see at a glance which rows are cryptographically backed and which are user-attested.

The Free tier includes 5 manual entries per week within the same 14-day visibility window that applies to Slack data. Pro removes both limits.

If a manual entry overlaps with Slack messages (you logged 19:00–21:00 manually but also sent Slack DMs at 19:30), the dashboard surfaces a yellow callout so you can decide which side to keep before exporting. OvertimeLog never auto-resolves overlaps.

Each row on the dashboard has a Ticket column with a small + ticket button. Click to pick a provider (Jira, Linear, GitHub, or a custom one) and type the reference (ENG-1234, BUG-567, or the issue number for GitHub). Save with Enter or click the chip to open the ticket in your tracker.

OvertimeLog doesn't call the tracker's API at this stage — it just keeps the reference next to the row and renders the right URL using a template you configure once in Settings → Ticket integrations (e.g. https://acme.atlassian.net/browse/{ref}). Your data stays local; no third party sees it. API-driven title and status auto-fill is on the roadmap as a Pro feature.

Linked refs show up next to the channel in the PDF invoice (engineering | [T] ENG-1234) and as a dedicated Ticket column with a clickable hyperlink in the Excel export.

The Free tier lets you configure one provider at a time; Pro unlocks all four for per-link selection.

Pro users can connect a Jira Cloud instance and OvertimeLog will auto-fill each linked row's ticket title, status, and assignee on the dashboard and in the PDF / Excel exports — no more manually typing "Migrate auth service to OIDC" next to ENG-1234.

Set-up (one-time, ~30 seconds):

1. Generate an API token at id.atlassian.com/manage-profile/security/api-tokens. Copy it.
2. In OvertimeLog: Settings → Jira API integration. Paste your site URL (https://your-org.atlassian.net), Atlassian email, and the API token. Save.
3. Click Test connection. You should see "✓ Connected — <Your name> on <your-site>.atlassian.net".

After that, every time you link a Jira ref on the dashboard the title shows up next to the chip within a second or two. Hover the chip for full status / assignee / last-cached timestamp. The ⟳ button on each row forces a fresh fetch; the dashboard also refreshes any ticket older than a week in the background when you open it.

Privacy: credentials are stored encrypted on your machine (same Fernet key as the Slack OAuth tokens). Only the issue keys you link leave your machine, and only to the Atlassian host you typed. See Privacy §5.4 for the full call list and data-flow disclosure.

Disconnecting: Settings → Jira → Disconnect clears the encrypted credentials immediately. Existing links keep their cached title until you re-link or clear them.

Same shape as the Jira integration above, just talking to Linear: Pro users link ENG-1234-style refs on the dashboard and the title, workflow state, and assignee fill in automatically — on the dashboard and in PDF / Excel exports.

Set-up (one-time, ~20 seconds):

1. Generate a personal API key at linear.app/settings/api. Copy it (it starts with lin_api_).
2. In OvertimeLog: Settings → Linear API integration. Paste the key. Save.
3. Click Test connection. You should see "✓ Connected — <your name> on <your-workspace>".

After that, every Linear ref you link on the dashboard fetches its title within a second or two. The ⟳ button forces a refresh; the dashboard also refreshes any Linear ticket older than a week in the background when you open it — the same TTL behaviour as Jira.

Privacy: the API key is stored encrypted on your machine (same Fernet key as the Slack OAuth tokens). Only the issue identifiers you link leave your machine, and only to api.linear.app. See Privacy §5.5 for the full call list and data-flow disclosure.

Disconnecting: Settings → Linear → Disconnect clears the encrypted key immediately. Existing links keep their cached title until you re-link or clear them.

Same shape as the Jira and Linear integrations above, just talking to GitHub: Pro users link bare issue numbers (e.g. 42) on the dashboard and the title, open/closed state, and assignee fill in automatically — on the dashboard and in PDF / Excel exports. v1 wires up one repository per OvertimeLog instance; multi-repo lands in a follow-up slice.

Set-up (one-time, ~30 seconds):

1. Generate a Personal Access Token at github.com/settings/tokens. Only repo:read (classic) or "Read access to issues" (fine-grained) is needed. Copy it.
2. In OvertimeLog: Settings → GitHub API integration. Type the repository owner (your username or organisation), the repository name, and paste the token. Save.
3. Click Test connection. You should see "✓ Connected — <your name> on <owner>/<repo>".

After that, every GitHub ref you link on the dashboard fetches its title within a second or two. The ⟳ button forces a refresh; the dashboard also refreshes any GitHub ticket older than a week in the background when you open it — the same TTL behaviour as Jira and Linear.

Privacy: the token is stored encrypted on your machine (same Fernet key as the Slack OAuth tokens). Only the issue numbers you link leave your machine, and only to api.github.com. See Privacy §5.6 for the full call list and data-flow disclosure.

Disconnecting: Settings → GitHub → Disconnect clears the encrypted credentials immediately. Existing links keep their cached title until you re-link or clear them.

Same shape as Jira / Linear / GitHub: Pro users link Asana task GIDs (the long numeric IDs in a task's URL — e.g. 1234567890123456) on the dashboard and the task name, completion state, and assignee fill in automatically — on the dashboard and in PDF / Excel exports.

Set-up (one-time, ~20 seconds):

1. Generate a Personal Access Token at app.asana.com/0/my-apps. Copy it.
2. In OvertimeLog: Settings → Asana API integration. Paste the PAT. Save.
3. Click Test connection. You should see "✓ Connected — <your name> on <your-workspace>".

After that, every Asana GID you link fetches its task name within a second or two. The ⟳ button forces a refresh; the dashboard also refreshes any Asana task older than a week in the background when you open it — the same TTL behaviour as Jira / Linear / GitHub.

Privacy: the PAT is stored encrypted on your machine (same Fernet key as the Slack OAuth tokens). Only the task GIDs you link leave your machine, and only to app.asana.com. See Privacy §5.7 for the full call list and data-flow disclosure.

Disconnecting: Settings → Asana → Disconnect clears the encrypted PAT immediately. Existing links keep their cached title until you re-link or clear them.

Free keeps the most recent 14 days of data, lets you export to PDF, and has no historical-backfill feature. Pro removes the window (keeps everything as long as you do), unlocks Excel exports, historical backfill, AI summaries, and multiple-rate billing. The pricing table has the full breakdown.

Yes — one licence, all your personal devices. The licence is per-user, not per-install. Don't share it with coworkers; that's a terms-of-use violation and we can revoke keys that get passed around.

30-day money-back guarantee, no questions asked. Email support@overtimelog.com within 30 days of purchase and we'll refund you. Full policy: /refunds.

No. The one-time plan gives you a perpetual licence for the major version you bought. The annual plan is optional — it's what keeps you on the newest build. If you skip renewals, your current version keeps working forever; you just stop getting updates.

Windows 10+, macOS 11+ (Apple Silicon or Intel), or any modern Linux with glibc 2.31+. Roughly 100 MB of disk space for the app itself, plus your captured data (usually < 1 GB even after months of use). No GPU required. No admin rights needed for installation.

A source-available audit repository is planned — containing the network-facing parts of the codebase (Slack client, OAuth flow, interaction grouping, export pipeline) under a source-available licence. Goal: make the privacy claims on the landing page independently verifiable. Tracked in TODO.md.

overtime.db inside the app-data folder (see Privacy FAQ above). It's a plain SQLite file — back it up however you back up your other files. Restore by copying it back into the same folder before starting the app.

The desktop app boots a local Flask server on http://localhost:5000. There's a small HTTP API used by the UI — you can script against it if you want to, but we haven't formally committed to stability. A proper CLI is on the longer-term wishlist.