Are Time Trackers Spyware? A Buyer's Privacy Checklist

If you have spent any time looking at time-tracking software, you have probably noticed they range wildly. On one end, a small app sits in your menu bar and records what window you have open. On the other, a corporate-monitoring suite takes screenshots every ten minutes, captures your keystrokes, and uploads your webcam to your employer.

Both are called "time trackers." Both show up in the same App Store search results. Most reviews do not distinguish between them.

This post is a practical buyer's checklist for evaluating what a time tracker actually collects, where it goes, and which ones cross from "useful tool" into "surveillance product." If you are evaluating any time tracker — for yourself or for a team — these are the questions to ask before you install.

The four categories of time tracker by privacy intent

Not every time tracker is the same product class. Here is the honest spectrum:

| Category | What it does | Who buys it | |---|---|---| | Self-tracking, local | Records your own activity, data stays on your device | Solo freelancers, productivity-conscious users | | Self-tracking, cloud | Records your own activity, uploads to vendor cloud | Same audience, less privacy-conscious | | Team coordination | Logs project time, shares with manager dashboard | Small teams, agencies billing clients | | Employee monitoring | Screenshots, keystrokes, webcam, mouse heatmaps | Employers monitoring remote workers |

The first two categories are time-tracking products. The last is a surveillance product that calls itself time-tracking. The third sits somewhere in the middle depending on the specific tool.

When you search for "time tracker," all four categories show up undifferentiated. You have to read carefully to tell which is which.

Red flags — what to look for in the product description

A few specific phrases that should change your reading of a product:

Soft surveillance language:

• "Proof of work" — this almost always means screenshots
• "Productivity monitoring" — usually means activity-level surveillance
• "Idle time detection" — fine on its own, suspicious paired with screenshots
• "Webcam check-ins" — exactly what it sounds like, opt for no
• "Workforce analytics" — enterprise monitoring rebranded
• "Mouse and keyboard activity" — keystroke logging in business-speak

Clear surveillance language:

• "Screenshots every X minutes" — this is screenshot monitoring
• "Keystroke logging" — this is a keylogger
• "Application heatmaps" — granular per-app surveillance
• "URL and search history capture" — beyond what is needed for time tracking

A tool that uses any of the "clear" phrases is a surveillance product. A tool that uses the "soft" phrases is sometimes a surveillance product hiding behind productivity language; read carefully.

Permissions to check on each platform

The OS gives you a real signal. Before installing, check what permissions the tracker requests:

macOS

System Settings → Privacy & Security:

| Permission | Reasonable for a time tracker? | |---|---| | Accessibility | ✓ Yes — needed for window-title and tab-URL capture | | Screen Recording | ⚠ Only if you specifically want screenshots; otherwise no | | Input Monitoring | ✗ No — this is keystroke access | | Camera | ✗ No | | Microphone | ✗ No | | Location | ✗ No | | Full Disk Access | ⚠ Suspicious — ask why | | Files and Folders | ⚠ Usually unnecessary | | Automation (com.apple.systemevents) | ⚠ Only if it drives other apps via AppleScript |

For deeper analysis of why macOS Screen Recording specifically is asymmetric, see Time Tracking on macOS Without Screenshots.

Windows

Settings → Privacy & Security → App permissions:

| Permission | Reasonable for a time tracker? | |---|---| | Background apps | ✓ Yes — needed to track in background | | Camera | ✗ No | | Microphone | ✗ No | | Location | ✗ No | | Account info | ✗ No | | Other devices | ✗ No |

Windows is less granular than macOS for permission gates, which is why the vendor's data practices matter more on Windows.

Questions to ask the vendor (or check on their site)

Before installing any time tracker, get answers to these. If the answers are vague, treat that as a red flag.

1. Where is my data stored? A specific answer ("local SQLite at ~/Library/Application Support/DayReplay/dayreplay.db") is good. A vague answer ("securely") is not.
2. Does it leave my device? If yes, where to (which servers, which jurisdiction)? If no, can you verify with a network monitor?
3. What is collected? A complete list: app names, window titles, URLs, screenshots, keystrokes, mouse activity, idle times, etc.
4. What is NOT collected? Explicit "we do not capture X, Y, Z" language is much stronger than no statement at all.
5. Can I export my data? If yes, in what format? If no, you have vendor lock-in. Run.
6. Can I delete my data? If the tool is cloud-uploaded, what happens to deleted data — is it actually purged, or just hidden from your UI?
7. What is the privacy policy? Read it. Look for: third-party sharing, analytics data sold to advertisers, retention periods, government data requests.
8. Is the company structured to incentivize privacy? A subscription business that sells to the user has different incentives than an ad-supported free tier or an employer-monitoring sales motion.

If the answers to #1-#4 are not on the product website without you having to email support, that is a signal about the product's priorities.

The buyer's privacy checklist

Print this, run it before installing any tracker:

Pre-install (5 minutes)

• [ ] Product description mentions no screenshots, no keylogging, no webcam
• [ ] Permission requirements listed on App Store / Microsoft Store / vendor site
• [ ] Permissions asked match what the product needs (no surplus)
• [ ] Privacy policy is readable, specific, and findable
• [ ] Data storage location is stated explicitly (local or cloud, which one)
• [ ] Export option exists for the data you put in
• [ ] Vendor's primary customer is the user (not advertisers, not employers)

Post-install (10 minutes)

• [ ] Permissions granted match what was listed pre-install (no surprise requests)
• [ ] On Mac: check System Settings → Privacy → all categories. Tracker should only appear in expected ones
• [ ] On Mac: check menu bar for the purple Screen Recording dot. If on and you did not grant Screen Recording, something is wrong
• [ ] Run a network monitor (Little Snitch on Mac, GlassWire on Windows). Confirm outbound connections match what the vendor says
• [ ] On Mac: lsof -i -nP | grep <app> shows network sockets; verify no surprise destinations
• [ ] Verify the data file exists at the location the vendor states, with the permissions they state

Ongoing (monthly)

• [ ] Re-check permissions — apps occasionally request more after updates
• [ ] Re-check network — vendors occasionally add new endpoints in updates
• [ ] Read the changelog for new features that might collect more
• [ ] If the vendor was acquired or changed ownership, re-evaluate

If a tracker passes all three checklists, you can use it with confidence. If it fails any of them, do not install or migrate off.

"But it's only for me, on my computer"

A common rationalization: "I'm self-employed, so a tracker that uploads my data to the cloud is not really surveillance — it's just my own data."

Two reasons to be more careful than that:

1. Your data is your competitive edge. Your client list, your project names, your productive hours, your billing rate — all encoded in tracker data. A vendor breach exposes your business. A vendor acquisition by a competitor exposes your business. A vendor's law-enforcement response exposes your business. Local-only avoids all three.
2. The asymmetry compounds. A self-tracking cloud service has years of your activity, indexed and searchable, that you cannot fully delete. A local-only tool has the same data but only on a device you control.

If you are tracking for yourself and the data has no good reason to leave the device, do not let it leave the device.

Employer-imposed trackers: a separate problem

If your employer requires you to use a specific tracker (Hubstaff, Time Doctor, ActivTrak, Insightful), the buyer's checklist does not apply because you are not the buyer.

In that case:

• Read the privacy policy of the tool your employer chose. You will learn things.
• Understand what is being collected on your machine. This may include screenshots, keystroke patterns, and app activity.
• Use a separate work machine if at all possible. Do not run employer trackers on personal devices.
• Know your jurisdiction's monitoring disclosure laws. Some require employer disclosure of monitoring; others do not.

This post is aimed at people choosing a tracker for themselves. If your employer chose for you, that is a different conversation about the employment relationship, not the tracker.

DayReplay's specific stance

For full disclosure: I built DayReplay because the time-tracker category had two products — privacy-respecting tools that were technical (ActivityWatch) and polished tools that were privacy-hostile (most of the rest). DayReplay aims to be both polished and privacy-respecting.

Concrete specifics that map to the checklist above:

• No screenshots, no keystroke logging, no webcam access
• Activity database is local SQLite at ~/Library/Application Support/DayReplay/dayreplay.db on Mac and %LOCALAPPDATA%\DayReplay\dayreplay.db on Windows
• Only outbound network request is the update-manifest GET (sending platform/channel/version, nothing else)
• License keys stored in macOS Keychain / Windows Credential Manager, not in a config file or cloud account
• macOS permissions requested: Accessibility only. Optional: Automation if you want browser tab capture from Safari/Chrome/Edge/Firefox

The security page covers the engineering specifics. The privacy page covers the policy.

If DayReplay is not the right fit, that is fine — the buyer's checklist applies to whatever you choose. The category has good products and bad ones; the difference is whether they survive the checklist or not.