Does Hubstaff automatically block screenshots of sensitive apps?

No. Hubstaff does not automatically detect or block screenshots based on the application or content shown. Organizations can turn off screenshots or enable blurring, but content-based blocking is not available.

Does Hubstaff perform keystroke logging?

No. Hubstaff does not log keystrokes, record typed content, or capture text input.

Can monitoring and tracking policies vary by role or user?

Yes. Tracking and visibility settings can be configured per user or role, allowing different policies to be applied across teams or departments.

Can monitoring be disabled for specific teams or users?

Yes. Features such as screenshots and app/URL tracking are optional and can be disabled entirely or limited to specific users, depending on organizational settings and plan.

Can access to activity data be restricted?

Yes. Hubstaff utilizes role-based access controls to restrict access to activity levels, screenshots, app/URL data, and reports. Organizations can apply least-privilege access models.

Can Hubstaff automatically detect PHI or sensitive data?

No. Hubstaff does not analyze screen contents, application data, or text to identify PHI or other sensitive information. Preventing PHI exposure depends on customer configuration and internal policies.

Can data retention periods be customized?

No. Hubstaff applies system-defined retention periods for specific data types (such as screenshots). Retention windows cannot be shortened below platform-defined limits, though customers can manually delete data where supported.

Is Hubstaff HIPAA compliant?

Yes, with customer configuration and a Business Associate Agreement (BAA). Hubstaff can be used in HIPAA-regulated environments when configured appropriately and when a BAA is in place. Hubstaff does not automatically enforce HIPAA compliance (https://hubstaff.com/hipaa) ; customers are responsible for configuring "no-PHI" setups and operational safeguards in line with HIPAA requirements.

Hubstaff Compliance & Data Governance

Organizations in regulated environments need more than time tracking—they need secure and compliant systems to protect sensitive data. This resource outlines Hubstaff’s compliance framework, data governance practices, and configuration options to help teams stay compliant and audit-ready.

Try Hubstaff for free Talk to sales

No credit card required.

Available for: Apple logo

HIPAA, GDPR, SOC 2 Type II

At Hubstaff, we take security and privacy seriously. Our platform is designed with enterprise-grade teams in mind with industry-leading compliance frameworks to protect sensitive data, like:

Screenshot and data capture controls

At Hubstaff, our priority is productivity. We’re not interested in collecting personal data, as our goal is to provide customizable permissions for enabling, disabling, blurring, or adjusting the frequency of Apps, URLs, screenshots, and more. Hubstaff does not:

Log keystrokes
Capture or store typed content
Analyze or interpret the contents of screenshots
Record audio from microphones
Record video from webcams
Collect biometric data

Free download

Master compliance and data governance with Hubstaff

Download PDF

How tracking works: Permissions, roles, and more

Hubstaff's permissions system is based on granular, role-based permissions. Organizations can:

Assign predefined roles (such as owner, manager, or member) with different access levels
Apply a least-privilege approach, ensuring users only see data required for their role
Control visibility of activity levels, screenshots, application and URL data, time entries, and reports

For more details, check out our full guide covering how tracking works.

Audit logs, retention, deletion & export

Hubstaff adheres to enterprise-grade compliance requirements by following data regulation, deletion, and export best practices, and acts as the data controller for employee data collected through the platform.

Screenshots and activity. Hubstaff utilizes default retention periods and automatically deletes data once it exceeds the applicable window.
Deletions. Hubstaff users can manually delete various data types (subject to permissions), like time entries, screenshots, and app and URL tracking data.
Data exports. Export data via self-serve UI exports, API access, or custom exports.

Security: Encryption, storage & transfer

Security and reliability are maintained through encryption of time tracking data (including screenshots) during transmission and while stored. Hubstaff implements additional security measures, including access controls, audit/system logs, and backups, as part of its security and reliability practices.

Encryption in transit
Data is transmitted over secure connections using TLS 1.2+.
Encryption at rest
Screenshots captured by Hubstaff timer apps are encrypted at rest using AES-256.
SOC 2 Type II
Hubstaff maintains SOC 2 Type II compliance, a third-party attestation that demonstrates its operational controls are sufficiently designed and consistently operated over time.
EU cross-border transfer basis
Hubstaff utilizes the EU Standard Contractual Clauses (SCCs) as an alternative transfer basis in certain instances, and its Data Processing Addendum (DPA) incorporates these SCCs.
Storage environment for screenshots
Hubstaff states screenshots are stored on Amazon S3 (AWS). See Hubstaff Support for more details.
Firewall/allowlisting context
Hubstaff guides customers requiring AWS region/IP information (relevant for networks that require allowlisting).

Offline time tracking (desktop app)

Hubstaff's Help Center notes that the desktop timer app is designed to track time and capture activity while offline, and then upload/sync that locally stored data once a stable connection is available.

Key factual points from the troubleshooting doc:

The app can display "Offline" / "Last Update Failed" when it is unable to sync.
Time/activity may appear missing during connectivity issues, and then appear after the connection is restored and the app reconnects.
VPN/proxy environments may require domain allowlisting for reliable connectivity.

Hubstaff’s Guiding Principles

Hubstaff is designed to provide visibility into time and activity data for both managers and employees. Users gain insight into what’s tracked, the ability to delete sensitive information, and assurance that data will never be sold.

Frequently Asked Questions

Compliance FAQs

Protect sensitive data, maintain compliance, and take your business to new heights with Hubstaff.

Try it free for 14 days

Hubstaff Compliance & Data Governance

HIPAA, GDPR, SOC 2 Type II

Screenshot and data capture controls

How tracking works: Permissions, roles, and more

Audit logs, retention, deletion & export

Security: Encryption, storage & transfer

Encryption standards

Encryption in transit

Encryption at rest

SOC 2 Type II

Encryption standards

EU cross-border transfer basis

Storage environment for screenshots

Firewall/allowlisting context