Privacy Policy

Your data stays with you.

Effective 10 April 2026

The short version

HoneyBooks is a personal time-tracking and invoicing app for one user — you. It runs entirely on your device. There is no backend server, no account to sign up for, and no telemetry. We do not collect, transmit, sell, or share any of your data with anyone. When you connect HoneyBooks to Google, your data is stored in your own Google account, in an app-scoped folder that only HoneyBooks can access.

Who runs HoneyBooks

HoneyBooks is an independent project published under the Honeycode umbrella by Rupert Thomas. There is no company, no shareholders, and no third-party operators involved.

What data HoneyBooks stores on your device

All of your HoneyBooks data is stored locally on the device where you installed the app, using your browser's or operating system's built-in IndexedDB storage. This data never leaves your device unless you explicitly enable Google Drive backup or sync (see below).

Locally-stored data includes:

  • Your company profile (name, address, banking details, logo, sign-off message, email signature)
  • Your clients (names, addresses, contact details, hourly rates, chargeable items)
  • Time entries and mileage logs you record
  • Invoices you generate, along with their status and payment history
  • App settings (mileage rate, financial year start date, theme preferences)
  • If you sign in with Google: OAuth tokens for the account you connected, stored locally so the app can access Google services on your behalf

What data HoneyBooks does not collect

HoneyBooks does not collect, transmit, or have any access to:

  • Analytics or usage telemetry of any kind
  • Crash reports or error logs
  • Your IP address, device identifiers, advertising IDs, or location
  • Marketing or profiling data

There is no backend server operated by HoneyBooks. The app has nowhere to send your data because there is no "us" to send it to.

Optional Google integration

HoneyBooks offers optional integration with Google services. These features are entirely opt-in — the app works without them. If you choose to connect your Google account, HoneyBooks requests the following OAuth scopes:

drive.appdata

Grants access only to a private, app-scoped folder in your Google Drive. HoneyBooks uses this folder to store backup snapshots and an optional sync file so you can restore your data or share it between your own devices. HoneyBooks cannot see any other files in your Drive, and you can revoke this access at any time in your Google account permissions.

gmail.send

Allows HoneyBooks to send invoice emails on your behalf, from your own Gmail address. HoneyBooks cannot read any of your Gmail messages — this scope is send-only. Every email is composed by you and shown for review before it is sent.

userinfo.email & userinfo.profile

Used only to display which Google account you have connected (your email address and display name) inside the HoneyBooks Settings screen. This information is not transmitted anywhere else.

When you use these features, data flows directly between your device and Google. HoneyBooks has no servers in the middle. Data stored in your Google Drive is subject to Google's privacy policy. You can disconnect at any time from the Settings screen in the app, which removes the stored OAuth tokens from your device.

Third parties

HoneyBooks does not share your data with any third party. The only external service HoneyBooks communicates with is Google — and only when you have explicitly authorised it, and only with your own Google account. There are no advertising networks, analytics providers, crash reporters, or marketing partners involved in any way.

Your rights and your data

Because all your data lives on your own device, you have complete control:

  • Export: HoneyBooks can export your clients, time entries, and mileage as CSV files at any time from the Data & Import screen.
  • Backup: You can create manual Drive backups and restore from them, or disable Drive sync entirely.
  • Delete: Uninstalling the app removes all locally-stored data. If you connected Google, you can also delete the app-scoped Drive folder and revoke OAuth access from your Google account permissions page.
  • Portability: Exported CSVs are plain text and use standard formats suitable for import into accounting software, spreadsheets, or other tools.

Security

HoneyBooks relies on the security of the operating system and browser (or WebView) on which it runs to protect your data at rest. Data in transit to Google is protected by TLS. OAuth tokens are stored locally and are only ever sent to Google's own servers when refreshing access.

Because your data lives on your device, keeping your device secure — screen lock, disk encryption, up-to-date OS — is the single most important thing you can do to protect your HoneyBooks data.

Children

HoneyBooks is a business tool intended for adult freelancers and sole traders. It is not directed at children under 13, and we do not knowingly collect any information from children (or from anyone, as noted throughout this policy).

Changes to this policy

If this policy changes, the updated version will be published at this URL with a new effective date at the top. Material changes will also be noted in the app's release notes.

Contact

Questions, concerns, or data requests can be sent to honeycode@pebmarsh.com.