While our database is multi-tenant (meaning you share a database with other users), there are systems in place to prevent data from leaking into other accounts, and this is closely monitored.
We will never access customer data without explicit prior consent by an administrator. Our local development environments do not use production data.
Upon signing up for Punchtime, we fetch your Trello boards, and will keep doing so in the background. We only fetch board data, and not card data. When you log on cards and we need card information, that data is fetched ad-hoc from your client and never touches our servers. The only thing we save for logs referencing cards is the shortId of the card that is being referenced.