A single red padlock on a stone ledge against a blurred urban background.

Photo by Henk Mohabier on Pexels

privacyfree-softwarered-flags

The Hidden Privacy Cost of “Free” Productivity Software

“Free” productivity trackers always recoup the cost somewhere. Four common ways — some worse than others — and how to tell which one you're signing up for.

Mike6 min read

The Hidden Privacy Cost of "Free" Productivity Software

There's an iron rule of productivity software: if the app is free and the company is still in business, something other than the price tag is paying for it. The question is what, and with productivity apps specifically, the "what" tends to be more personal than in other categories.

Not all free productivity tools are bad. Some are genuinely free as in open-source, some are free tiers of paid products with honest upgrade paths, some are loss leaders from companies that sell something else. But each of those has a different economics — and you want to know which one you're in before you hand over a continuous record of your working life.

This post is the four common ways "free" productivity software pays for itself, in roughly descending order of how bad the trade is for you.

1. Selling data (the worst case)

Some free trackers, especially browser extensions, harvest your usage data and sell it to third parties. This is rarely called out explicitly. It hides in the privacy policy under language like:

  • "We may share aggregated, anonymized usage data with partners."
  • "Data may be used for product improvement and advertising."
  • "We reserve the right to share data with service providers."

"Anonymized" is doing a lot of work in those sentences. Browsing history is famously hard to anonymize: any reasonable dataset with timestamps and visited domains can be re-identified with surprising accuracy, because patterns of sites visited are more unique than SSNs.

Red flags:

  • The privacy policy is long, full of hedges, and mentions "partners" or "third parties."
  • The extension or app is from a developer you've never heard of, with no clear revenue story.
  • Reviews mention the developer being acquired by an analytics or adtech company.
  • The app has broad permissions ("read your browsing history," "read all data on websites you visit") without clear product justification.

If it's a browser extension with zero revenue model and sweeping permissions, assume the data is the product.

2. Ads and upsells inside the product (middle ground)

Next most common: the free tier is a funnel for the paid tier. You see the core feature but ads or "upgrade" CTAs litter the UI. Your data is usually not resold, but it is fed into recommendation engines that push you toward premium features.

This is less ethically fraught than #1 but has its own drawbacks: the free tier is deliberately limited enough to frustrate you into upgrading, so the "free" experience is shaped by marketing considerations, not by what's best for the user. You're unpaid attention for their sales funnel.

Red flags:

  • The free tier has arbitrary limits ("track up to 3 apps") that don't line up with technical constraints.
  • The UI has a persistent "upgrade" element in the main view.
  • Key analysis features (trends, exports, weekly reports) are locked behind the paywall.

Legitimate business model, but know you're in a sales funnel, not a product.

3. Telemetry for "product improvement" (quietly intrusive)

Some free apps don't sell your data and don't push ads, but send a steady stream of usage telemetry back to the vendor. The pitch: "help us improve the product." The reality: a continuous feed of what features you used, what screens you visited, how long you stayed in each section, and often what specific app names and window titles you're tracking.

Productivity telemetry is worse than, say, browser telemetry because the data stream reveals your work itself, not your interactions with the tool. "User opened Reports → Websites and hovered over clientname.com" is a lot of signal about you.

Red flags:

  • "Anonymous usage data" sent automatically with no opt-out, or with a buried opt-out.
  • Crash reports that include your in-app data, not just stack traces.
  • Outbound network connections while the app sits idle — easy to spot with Little Snitch or Lulu.

The network-disabled test applies here: if you disable Wi-Fi and the app keeps working, but the moment you reconnect it starts making outbound calls, something is leaving your machine. Check what.

4. Subscription "free trials" that never really started free

The last and least harmful pattern: the app markets itself as free but is actually a 14-day trial that silently auto-converts. You give your card up front, the trial runs, and you get billed unless you cancel.

This isn't a privacy issue per se — they're not harvesting your data unusually. It's a pricing-transparency issue. The trade is your attention and risk of being charged, not your data.

Red flags:

  • "Free trial" requires a credit card.
  • Auto-renewal is enabled by default.
  • Pricing isn't visible without signing up.

What genuinely-free alternatives look like

Two categories exist and both are legitimate:

Open-source, community-funded. ActivityWatch is the canonical example for time tracking. Free, local, all data is yours, source code is public. Trade-off: less polish, less Mac-native feel, more setup. A legitimate choice for developers and privacy-conscious users who don't mind rougher edges.

Free tier as a loss leader for a different product. Toggl's free tier exists because Toggl sells team plans; the individual usage is a funnel. This is fine if the data policies are clean and the free tier is actually useful on its own. Read the privacy policy.

The honest alternative: pay once

There's a reason paid, on-device trackers charge one-time fees. They have no server to run, no ad market to service, no telemetry to fund. The business model is "you give us $19, we give you software, done." Nobody's data is changing hands, nobody's attention is the asset.

Focus Meter is one of these: $19 once, on-device, no account, no network requests for analytics. The whole app weighs about 30MB. It doesn't need to be more complicated than that.

The "hidden cost" story works the other way here: the visible cost is $19, and there's no hidden one.

How to audit any tracker in 10 minutes

Whether you're evaluating a new app or deciding whether to keep one you're using:

  1. Read the privacy policy. Specifically, search for "share," "third parties," "partners," and "analytics." If those sections are vague, that's your answer.
  2. Check what permissions the app requests. For a time tracker, Accessibility and Automation are reasonable. Full Disk Access is not. Camera, microphone, contacts are definite no.
  3. Run Little Snitch or Lulu for a day. See what outbound connections the app makes at rest, not just when you're using it.
  4. Search the app name plus "breach" and "leak." Industry memory is short; a breach from 2022 might still be relevant.
  5. Ask yourself: what's this company's revenue story? If you can't answer in one sentence, the answer is probably "your data."

The tracker that can pass all five checks is rare. It's worth paying for when you find one.