Timetastic Updates

The full Timetastic changelog is available here.

But here's a summary of items since April:

6th April

Partly driven by GDPR we now include more of the detailed information on each booking in the details modal:

alt

It was a big release, we also included more data in the downloadable excel reports, improved mobile dialogue boxes, and a handful of speed, security and accessibility improvements.

20th April

T&C's were updated to reflect the requirements of the new General Data Protection Regulation (GDPR).

27th April

A bug fix release, and improved some minor usability items on the mobile version.

3rd May

A big feature improvement here. All users can now easily see their outstanding requests and send a reminder to their boss for approval.

alt

We have a detailed support article on this feature here

3rd May

Bug fixes on the signup form.

9th May

Some minor usability tweaks on the USERS page - mainly some tool tips to guide users and a row however so it's easier to scrutinise the information contained in the table.

11th May

More updates driven by GDPR work - this time including Sendgrid in our list of 3rd Party Apps - our own sub-processors.

3rd Party apps used by Timetastic

16th May

We had a few problem with password resets, some of the lesser used email clients were making a mess of the reset tokens - fixed.

Fixed a bug where profile photos weren't showing on the Pending Leave page.

Some minor usability improvements including guidance tooltips for new admin users.

17th May

Updated T&C's in regard to GDPR - to cover any special category data that may be caught from user input.

You can also now signup to receive a notification if we change sub-processors here

6th June

Given the recent Facebook data sharing allegations we looked at Timetastic and thought we could perhaps do better in this regard. You can now see what data will be shared with any of the integrations (Slack).

alt

6th June

We made some security updates based on our latest internal vulnerability scan.

9th June

Fixed links in plan text emails and a few bugs fixed in relation to the Slack integration and changing approvers in the USERS screen.

A busy few months :)


GDPR - Actions to Date

Like many out there our first reaction to assessing GDPR was a huge sigh, pained expressions, and general discontent. All this red tape, more legals, what does it mean? Are we doing something wrong? What was wrong with the current legislation?

But as we draw closer to the final date for implementation - 25th May, as we move through the process and make the necessary changes - I admit, we've become fans, we like the changes. The focus on security and privacy builds confidence. Sure there are challenges to overcome, there's been plenty of head scratching, but the additional focus is driving a better Timetastic, for both us and our users.

So here's a run down of what's changed at Timetastic, driven by GDPR in the last few months:

Changes to date

Encryption

We have always used hashing to store passwords, but the introduction of GDPR forced us to look further and so we introduced full encryption at rest for the databases using Transparent Data Encryption https://docs.microsoft.com/en-gb/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql

Gravatar

We terminated our link to Gravatar. From the outset of Timetastic we linked to Gravatar to pull though user profile photos. We see no malice in their service and nothing to suggest ill intentions, but requesting an image related to a given email address does indeed share information with them. Our concern was that we never found any privacy policy or mention of GDPR in their terms, combine that with a) the actual function brought to Timetastic through this data sharing was fairly minimal and b) we already provide an alternative in that users can upload their own photo directly to Timetastic, we felt it cleaner to remove the integration.

Keep me logged in

We used to store a cookie automatically on users machines to keep them logged in. We switched that off and instead implemented a 'keep me logged in' option on the login form.

Cloudflare

To increase security of Timetastic we've started using a service called Cloudflare. Cloudflare helps speed up Timetastic while at the same time helps protect against denial-of-service attacks, customer data compromise and abusive bots https://www.cloudflare.com/security/

Confidentiality

We spotted that our existing employee contracts didn't contain a confidentiality clause covering client data. That's been rectified, all staff have since singed a dedicated Confidentiality Agreement.

Work in Progress

Audit and Access logs

The very nature of Timetastic means that users can login and see their data and activity, and the excel reports already contain most of the information most will ever need to satisfy themselves. But to ensure data controllers are able to fully meet their obligations in seeing all the processing activities Timetastic undertakes we are implementing a full audit log, available in excel format.

Zendesk

We had no deletion policy on our customer service requests (I suspect this may be the case for many organisations) these requests could indeed contain personal information, was well as email addresses and contact details people sometimes forward spreadsheet and images.

We are in the process of implementing an automate service to delete all customer service emails 12 months after they were created.

Terms and Conditions

We are in the process of updating these to include the specific requirements laid down in article 28.

Articles 28 - a customers right to audit

This is an interesting one and definitely a cause of heard scratching. The requirement is that Timetastic makes "available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller."

We don't disagree with the principle but as of the time of writing we have over 8,000 organisations registered to use Timetastic, if just 5% of those exercised their right to audit we'd be facing 400 audits!

We don't yet have a full solution to this dilemma, one proposal is to implement an audit fee. That's about the only way to ensure that if we did get inundated we'd be able to financially cover the situation, rather than sinking under the paperwork, which is not in our interest or that of any customer.

What we hope to implement is one annual GDPR audit and make those findings of that publicly available, in essence negating the need for any individual customer audits. Please appreciate though, at the time of writing GDPR is new, not even active yet, and hence post implementation audit services are not well defined. Finding an appropriate auditor or reputable self certification scheme is something we're going to have to pursue after 25th May.


Improved Work Schedule and 1/4 Hour Increments

Two Big Improvements for the Work Schedule on Timetastic Today

1) More Flexible Work Schedule

The work schedule is now split into 2 shifts; Morning and Afternoon. The gap between being the lunch break, obvious I guess. Seems basic but it's a vast improvement from the previous which had a fixed lunch time of 12pm.

It means you can now specify a more accurate weekly working schedule, and time off will be shown on the wall chart in the correct AM / PM slots.

2) 1/4 Hour Increments

You'll also notice on the work schedule the introduction of quarter past and quarter to the hour. So again, more accuracy in the work schedule.

You can now also book time off in those 1/4 hour increments, to align with your working hours.

Hopefully both improvements will mean your information on Timetastic will now be more closely aligned to your employment contracts.


Privacy Mode

Introducing Privacy Mode, an optional setting that makes your leave information more private.

Privacy is one area that divides opinion in our customer base. We regularly receive requests to hide departments, leave type info, even requests that employees can't see anything but their own calendar. (Although in many respects this latter case negates most of the planning benefits that come from the improved information available via Timetastic - and sharing it).

On the flip side we get just as many people checking that everyone can see everything - they want exactly the opposite of privacy, full open book. Everyone has their own policies and attitude towards privacy in the absence area.

Until today everything was open book, much like the old style wall planner, but we tend to agree that some things could, and maybe should be private. Maybe sickness, doctors appointments, early stage maternity leave for scans.

Maybe it's ok to know the person working next to you is off sick. But someone in a different department, is it right that you can see they are sick, maybe just knowing that they are off work is sufficient?

That's why we're introducing Privacy Mode, so you can choose to make your leave information more private.

With Privacy Mode On, the 'Leave Type' is only viewable by:

  • Your Approver
  • Department Boss
  • Your Timetastic Admin users

Users can see their co-workers are off, but not the reason why they are off. The coloured squares on the Wall Chart and Calendar are replaced by grey. Department Bosses can see the reasons his/her team are off, but not for another department.

Admins - of course, can see everything.

Privacy is a global setting, and can be found in SETTINGS > GENERAL, toggle it on or off as you see fit.

Here's some screen shots:

Without Privacy:

Timetastic Privacy Mode Off

And with Privacy On:

Timetastic Privacy Mode On


We're Hiring

.net Developer

Things are going well in the world of managing absence. More companies than ever signing up, more companies taking advantage of a really simple concept and feeling the benefits.

But we're not one to be complacent, we've got a backlog of tweaks, features, design improvements, usability and hosting enhancements. Tech doesn't stand still and we're not so arrogant as to think our app is perfection, not quite anyway ;)

'Onwards and upwards' as they say!

We're looking for a .net web developer with around 4 years+ experience building web apps in the real world. Ideally you'll have experience with:

  • ASP.NET MVC and Web API
  • C# (the more recent versions a big advantage)
  • Hosting web apps in azure
  • Mobile app development (Cordova, native, all good)
  • SQL Server
  • Javascript (the language, not the latest noun-js framework)
  • ReactJS, and other UI frameworks
  • GulpJS, WebPack, or similar
  • A passion for the web, and for building modern web apps

We're a small team so you'll also be on the front line. Customer service is provided through a help center with ticketing (Zendesk). We all work on this, it's a great way to get close to customers and understand how they use Timetastic and the problems they face. Being on the front line, understanding their pain, answering their questions, helps us all build a better product.

We're all homeworkers at Timetastic, and you will be too. Ideally though, as we like to meet up in Manchester on a regular basis, a reasonable proximity to Manchester is important.

If this sounds like your thing then send us an message and introduce yourself.