Privacy by Design: Why we don't know who you are (and how that affects Auto-Sync)
At Togglewear, Privacy isn't just a feature; it is the architecture of our entire app.
We exist to help you track time, not to track you. In an era where apps vacuum up as much user data as possible to build profiles and sell ads, we took the opposite approach. We built a system where we treat your data as strictly "pass-through," not something to be stored or analyzed.
The "Blind Bridge" Architecture
When you connect Togglewear to your Toggl Track account, we don't import your data into a database. Instead, your watch sets up a direct, secure, one-to-one, end-to-end encrypted "bridge" between your wrist and Toggl Track.
Think of our server as a dedicated, anonymized mail service. When Toggl sends a time entry update, the bridge processes it without ever viewing the content.
What the bridge does NOT know:
- Your name or email address.
- How many devices you have.
- Which device is currently being used.
- Exactly what or when you are tracking.
The Mail Delivery Metaphor:
- The Package: Toggl hands the bridge an envelope (your time entry update).
- The Address: The bridge looks at the encrypted "To" address: a unique, secure token
that points to your specific watch. It looks like a random string of characters:
1O2j93Xu102jero[j*ad!fha$shf%%12349190523o… - The Delivery: It immediately forwards the envelope to that address and forgets it.
Even if a malicious party were to intercept the transmission, the time entry data is encrypted. The
internal data (such as a Toggl User number: 12312312 or a Workspace number:
128812838) consists of numeric values that are meaningless outside the private Toggl
environment. They cannot be used to track, identify, or contact you.
Because of this architecture:
- We cannot access your personal info.
- We cannot store your time entry history.
- Everything remains private between you and Toggl. We are simply the secure pipe.
The Trade-off: The "One Watch" Limit
Our strict privacy commitment results in a limitation for power users who use multiple watches simultaneously.
The Multi-Watch Conflict
If you use Watch A and Watch B together, the following conflict occurs:
| Step | Scenario | The Conflict | The Result ("Ghost Timer") |
|---|---|---|---|
| 1 | You hit "Re-sync" on Watch B. | Watch B becomes the "active receiver." | Watch A automatically loses the connection to the single bridge. |
| 2 | You stop a timer on your phone. | The signal is sent only to the active receiver (Watch B). | Watch A never gets the "Stop" memo. The timer there keeps running indefinitely until manually stopped. |
The "Housekeeping Battle"
This conflict is worsened by the devices themselves. Wear OS watches perform background "housekeeping" (updates and sync checks) a maximum of once a day, usually only when charging, online, and idling.
During this check, if a watch (Watch A) notices the single active connection has been lost, it will automatically attempt to re-establish it. By doing so, it accidentally "steals" the connection back from Watch B. This results in multiple watches repeatedly fighting over the single active sync role.
Why We Can't "Broadcast" to All Watches
A common request is: "Why not have one bridge send the update to all my watches simultaneously?"
To replace our secure, one-to-one architecture with a one-to-many broadcast, we would have to build a middleman server that:
- Creates a unique user profile for every person.
- Logs and remembers all your devices.
- Tracks which devices are currently active.
- Intercepts and opens your data to route it to multiple destinations.
We will not build that surveillance infrastructure. We refuse to track or record user information. Everyone is 100% anonymous to us. Keeping the connection direct from Toggl to your watch guarantees we cannot build a profile on you.
The API Barrier
Additionally, Toggl Track limits the number of open connections (called webhooks) a user can have. Free accounts are limited to just one webhook. We are obligated to design a system that works reliably for every user, regardless of their Toggl subscription level.
The Solution: Manual Mode is Now LIVE
The latest update includes a toggle to turn off Auto-Sync completely.
This allows you to rely on manual syncs, ensuring your watches don't override each other or get stuck with ghost timers. For power users who use multiple watches simultaneously, we strongly recommend disabling the Auto-Sync feature in the settings.
Transparency: The ONLY Data We Save
We believe in radical transparency. While we do not track your activity or identity, there is one single piece of data we verify to manage the business:
| Data Point | Example | Purpose |
|---|---|---|
| Toggl User Number | 123456789 |
Used solely to manage Free Trials and prevent abuse of the system. |
This Toggl User Number is a long, unique numeric string generated by Toggl. It is not your email, and it cannot be used to contact you or identify you personally. It is simply a way to ensure the free trial is used fairly.
We believe this is the right way to build software: secure, private, and respectful of the user.
Experience Privacy-First Time Tracking
