Security & privacy

With over 30 years of developing and implementing smart workforce management solutions, we at Spica International, the company behind My Hours, are continuously working on earning and maintaining the trust of our valued customers.

Trust Is Not Given It Is Earned

Headquartered in Ljubljana (EU), we employ 100+ people across the entire CEE region. Thanks to our diverse staff and strong belief in constant innovation, We’ve been able to accrue more than 10,000 satisfied customers worldwide and over 1,000,000 daily users of our various solutions.

For the past three decades, We've been at the forefront of workforce management technology. We aim to continue improving upon our solutions and keep pushing the boundaries of workforce management software for many years to come.

Our Certifications and Compliances

ISO Certifications

We are proud holders of both the ISO 27001 Certification and ISO 9001 Certification, which represent the highest international standards for managing information security and the quality of management systems. For further details regarding all our certificates, feel free to contact us via email at or through the chat-box on our webpage.

GDPR Compliance

We are in full compliance with The General Data Protection Regulation (GDPR) that enacts rules and regulations pertaining to the rights of individuals concerning their personal data inside the territory of the European Union.

CCPA Compliance

We are fully compliant with The California Consumer Privacy Act (CCPA), which gives the residents of California increased privacy rights regarding their sensitive personal information and how businesses are allowed to treat such data.

DCAA Compliance

We follow ALL guidelines concerning timekeeping and accounting rules as set by the Defense Contract Audit Agency (DCAA), operating as an extended arm of the United States Department of Defence (DOD) and under the direct control of the Under Secretary of Defense.

Microsoft Gold-Certified Partner

Thanks to our dedicated team, which has repeatedly shown high levels of expertise and competence in Microsoft technologies, we’ve been able to meet the rigorous requirements set by Microsoft and become a Gold-Certified Partner.

For further details regarding all our certificates, feel free to contact us via email at, or, through the chat-box on our webpage.

SOC II Compliance

Our server's host, the Microsoft Azure platform, is in full compliance with the SOC II cybersecurity operations framework set by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA). They regularly undergo third-party audits to ensure AICPA's Trust Services Criteria (TSC) standards are being met and adhered to.

By utilizing the Azure platform, We can ensure that our customer’s data is being handled in accordance with all of the latest privacy and security standards.

Our Servers

Our servers are hosted on Microsoft's cloud computing platform Azure, with the main database center located in Amsterdam, Netherlands, EU.

The average server uptime was 99.6% in the past 365 days.

Our Security

Newest TLS Standards

All of the data on our systems is encrypted via the newest TLS security protocol (an upgraded version and a successor of the SSL protocol). The TLS security protocol uses sophisticated algorithms to encrypt your data during transit, preventing unauthorized third parties from gaining any access to it.

With the TLS protocol, only the sender and intended receiver can access the data via a decryption key, uniquely generated for every transit point.

Regular Security Penetration Tests

We are proactively testing all of our organization's networks, applications, and systems for potential vulnerabilities, exploits, and weaknesses.

We perform regular security penetration tests (RSPT) to stay ahead of the evolving cybersecurity threat landscape and ensure your data and our systems remain secure.

Constant Monitoring & Incident Reporting Protocols

We constantly monitor our systems to ensure the security and safety of our customer’s data. With a framework that follows all the latest incident reporting protocols, We can manage security incidents and minimize the impact of data breaches.

Best Security Practices When Developing Apps

We prioritize security throughout the entirety of our Software Development Life Cycle by following the Secure Development Life-cycle practices (SDL). We start development with defined security parameters and constantly work on updating them to adhere to all the latest industry standards.

Our Customer’s Data

Single Sign-On Available Soon

We are working on implementing the single sign-on method, which allows administrators to verify user accounts across multiple applications and websites with a single set of credentials.

Regular Backups

The MS Azure platform that hosts our servers offers the latest in Data Protection Management (DPM) services. All of our customers' data is backed up multiple times per hour, not allowing for a loss of more than a few minutes of data in emergency situations.  

For Troubleshooting Only

Spica and My Hours employees can access customers’ data solely for troubleshooting purposes. This access is restricted, logged, and monitored via secure VPN connections. There are audit trails for all time logs and for every time customers’ data has been accessed.

Nothing Is Hidden From Our Customers

In accordance with our Data Processing Agreement, we collect the following types of personal data:

  • Name and surname
  • Email
  • Contact details
  • Client details
  • Hourly rates
  • Tracked time

The data is fully exportable through XLS or via API. We keep our customers’ data up to 90 days after account closure or less (upon request).


We handle our customers' data alongside a group of sub-processors. To get a complete list, contact us at


What is a ISO 27001 Certification?
What is a ISO 9001 Certification?
Where does My Hours store customer data?
Does anyone outside the EU have access to my data?
How long does My Hours keep my data?
Does My Hours keep payment processing data?
Can I report a security problem?
What does it mean to have a Microsoft Gold Certificate?