What's New at Timetastic - 10th June to 20th August

As usual the releases keep coming and Timetastic keeps on moving forward...

27th June

Lots of changes to the billing system to make it more friendly for customers. We introduced a grace period if your card fails, so now you have up to 7 days to input a new one, in the meantime we also retry the payment and send email notifications.

We also updated the T&Cs to align with the fact Timetastic is a business as apposed to a consumer facing service and with that aligned our EU VAT compliance.

Heres the full blog on that one: EU VAT Accounting

5th July

We added an 'about us' page to the website :) https://timetastic.co.uk/about/

6th August

In response to customer feedback:

We increased the size of the Wall Chart dropdown - so you can see more of the options available to you.

Added more colour choices into the Leave Type selectors.

Aligned the Pro Rata calculation on adding new staff so it aligns more closely with the Gov.uk calculator.

13th August

The mobile apps received some much needed love. We fixed some issues with date picker, links, and some iPhone specific speed issues. We intend to have a greater focus on the mobile apps in the future, so hopefully more updates to come!

Bug Fixes

There was a whole host of minor bug fixes released throughout July and August. Sometimes you need to focus on fixing the minor annoying glitches that appear from time to time - we did a lot of that.

EU VAT Accounting

Today we made a change to the way in which we bill our EU customers. From now on we don't charge VAT to any EU based customer (outside of the UK), regardless of if they supply us with a VAT number.

VAT will only be applied to UK based customers.

This is to align with recent changes to Timetastic, both in the app and on the Terms and Conditions. The changes mean we no longer have to fall back to the consumer rules for supplying services to EU countries.

The changes that have given rise to this are:

  1. We have now included in the Terms and Conditions that Timetastic is a business only service - which it very much is, that includes charities and public bodies obviously.

  2. We have moved the field to set your country and VAT number to the billing page, as part of the payment process.

  3. Prior to implementation we undertook a review of our customer base to look at the likelihood of consumer based use - and found no real evidence. So these changes align VAT treatment with that evidence.

Hope that all makes sense, if you have any questions then please contact support.

Timetastic Updates

The full Timetastic changelog is available here.

But here's a summary of items since April:

6th April

Partly driven by GDPR we now include more of the detailed information on each booking in the details modal:


It was a big release, we also included more data in the downloadable excel reports, improved mobile dialogue boxes, and a handful of speed, security and accessibility improvements.

20th April

T&C's were updated to reflect the requirements of the new General Data Protection Regulation (GDPR).

27th April

A bug fix release, and improved some minor usability items on the mobile version.

3rd May

A big feature improvement here. All users can now easily see their outstanding requests and send a reminder to their boss for approval.


We have a detailed support article on this feature here

3rd May

Bug fixes on the signup form.

9th May

Some minor usability tweaks on the USERS page - mainly some tool tips to guide users and a row however so it's easier to scrutinise the information contained in the table.

11th May

More updates driven by GDPR work - this time including Sendgrid in our list of 3rd Party Apps - our own sub-processors.

3rd Party apps used by Timetastic

16th May

We had a few problem with password resets, some of the lesser used email clients were making a mess of the reset tokens - fixed.

Fixed a bug where profile photos weren't showing on the Pending Leave page.

Some minor usability improvements including guidance tooltips for new admin users.

17th May

Updated T&C's in regard to GDPR - to cover any special category data that may be caught from user input.

You can also now signup to receive a notification if we change sub-processors here

6th June

Given the recent Facebook data sharing allegations we looked at Timetastic and thought we could perhaps do better in this regard. You can now see what data will be shared with any of the integrations (Slack).


6th June

We made some security updates based on our latest internal vulnerability scan.

6th June

Fixed links in plan text emails and a few bugs fixed in relation to the Slack integration and changing approvers in the USERS screen.

A busy few months :)

GDPR - Actions to Date

Like many out there our first reaction to assessing GDPR was a huge sigh, pained expressions, and general discontent. All this red tape, more legals, what does it mean? Are we doing something wrong? What was wrong with the current legislation?

But as we draw closer to the final date for implementation - 25th May, as we move through the process and make the necessary changes - I admit, we've become fans, we like the changes. The focus on security and privacy builds confidence. Sure there are challenges to overcome, there's been plenty of head scratching, but the additional focus is driving a better Timetastic, for both us and our users.

So here's a run down of what's changed at Timetastic, driven by GDPR in the last few months:

Changes to date


We have always used hashing to store passwords, but the introduction of GDPR forced us to look further and so we introduced full encryption at rest for the databases using Transparent Data Encryption https://docs.microsoft.com/en-gb/sql/relational-databases/security/encryption/transparent-data-encryption-azure-sql


We terminated our link to Gravatar. From the outset of Timetastic we linked to Gravatar to pull though user profile photos. We see no malice in their service and nothing to suggest ill intentions, but requesting an image related to a given email address does indeed share information with them. Our concern was that we never found any privacy policy or mention of GDPR in their terms, combine that with a) the actual function brought to Timetastic through this data sharing was fairly minimal and b) we already provide an alternative in that users can upload their own photo directly to Timetastic, we felt it cleaner to remove the integration.

Keep me logged in

We used to store a cookie automatically on users machines to keep them logged in. We switched that off and instead implemented a 'keep me logged in' option on the login form.


To increase security of Timetastic we've started using a service called Cloudflare. Cloudflare helps speed up Timetastic while at the same time helps protect against denial-of-service attacks, customer data compromise and abusive bots https://www.cloudflare.com/security/


We spotted that our existing employee contracts didn't contain a confidentiality clause covering client data. That's been rectified, all staff have since singed a dedicated Confidentiality Agreement.

Work in Progress

Audit and Access logs

The very nature of Timetastic means that users can login and see their data and activity, and the excel reports already contain most of the information most will ever need to satisfy themselves. But to ensure data controllers are able to fully meet their obligations in seeing all the processing activities Timetastic undertakes we are implementing a full audit log, available in excel format.


We had no deletion policy on our customer service requests (I suspect this may be the case for many organisations) these requests could indeed contain personal information, was well as email addresses and contact details people sometimes forward spreadsheet and images.

We are in the process of implementing an automate service to delete all customer service emails 12 months after they were created.

Terms and Conditions

We are in the process of updating these to include the specific requirements laid down in article 28.

Articles 28 - a customers right to audit

This is an interesting one and definitely a cause of heard scratching. The requirement is that Timetastic makes "available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller."

We don't disagree with the principle but as of the time of writing we have over 8,000 organisations registered to use Timetastic, if just 5% of those exercised their right to audit we'd be facing 400 audits!

We don't yet have a full solution to this dilemma, one proposal is to implement an audit fee. That's about the only way to ensure that if we did get inundated we'd be able to financially cover the situation, rather than sinking under the paperwork, which is not in our interest or that of any customer.

What we hope to implement is one annual GDPR audit and make those findings of that publicly available, in essence negating the need for any individual customer audits. Please appreciate though, at the time of writing GDPR is new, not even active yet, and hence post implementation audit services are not well defined. Finding an appropriate auditor or reputable self certification scheme is something we're going to have to pursue after 25th May.

Improved Work Schedule and 1/4 Hour Increments

Two Big Improvements for the Work Schedule on Timetastic Today

1) More Flexible Work Schedule

The work schedule is now split into 2 shifts; Morning and Afternoon. The gap between being the lunch break, obvious I guess. Seems basic but it's a vast improvement from the previous which had a fixed lunch time of 12pm.

It means you can now specify a more accurate weekly working schedule, and time off will be shown on the wall chart in the correct AM / PM slots.

2) 1/4 Hour Increments

You'll also notice on the work schedule the introduction of quarter past and quarter to the hour. So again, more accuracy in the work schedule.

You can now also book time off in those 1/4 hour increments, to align with your working hours.

Hopefully both improvements will mean your information on Timetastic will now be more closely aligned to your employment contracts.