workwrk
Privacy

Privacy Policy.

Last updated: May 18, 2026

Plain English where possible. Legal precision where required. We'll tell you exactly what we collect, why we collect it, and what you can do about it.

TL;DR (the human version)

We collect the data you give us to run your workspace and the technical data needed to keep it secure. We do not sell your data. We do not train AI models on your data. We honor every regional regulation we operate under (GDPR, DPDP, CCPA, LGPD).

If you want a deep read, the full policy is below. If you have a question, email privacy@workwrk.com — a human responds within 5 business days.

1. Information we collect

Account data. Name, email, role, organization. Voluntarily provided when you sign up or are invited.

Workspace data. Everything you put into workwrk — people, KPIs, OKRs, SOPs, tasks, kudos. Stored encrypted at rest, scoped to your workspace.

Usage telemetry. Pages visited, features used, errors hit. Aggregated and used to improve the product. No content from your records.

Technical data. IP, user agent, device type, session timestamps. Used for security, auth, and incident response.

2. How we use it

We use your data only to (a) run your workspace, (b) keep it secure, (c) bill you, and (d) improve the product through aggregate analytics. We do not use your workspace content for advertising or generic-purpose AI training.

3. AI features & your data

workwrk uses AI for search, triage, and summarization. We use third-party model providers (currently Anthropic Claude) under strict zero-retention agreements. Your data is sent only when you trigger an AI action, never used to train foundation models, and is not retained by the provider.

Per-workspace embeddings are stored encrypted, scoped to your workspace, and deleted when you leave.

4. Who we share with (sub-processors)

We use a small set of trusted sub-processors: AWS (infrastructure), Stripe (billing), Anthropic (AI), Datadog (monitoring), Sentry (errors), Postmark (transactional email). Full list and DPAs at /security#subprocessors.

We provide 30 days' notice before adding new sub-processors to enterprise customers.

5. Your rights

Under GDPR, DPDP, CCPA, and LGPD you have the right to access, correct, delete, port, and object to processing of your personal data. You can exercise these rights directly in-product (Settings → Privacy) or by emailing privacy@workwrk.com.

Workspace admins can export and delete all workspace data without contacting us.

6. Retention

Account data is retained for the life of your subscription. After termination, we retain workspace data for 30 days (in case you reactivate), then permanently delete. Backups are purged 90 days after deletion.

Billing data is retained for 7 years per accounting requirements.

7. Where your data lives

You choose your data residency: US (us-east-1), EU (eu-west-1, Ireland), or India (ap-south-1, Mumbai). Pinned at workspace creation. Honored for storage, AI retrieval, and backups.

8. Contact + DPO

Privacy questions: privacy@workwrk.com

EU Data Protection Officer: dpo@workwrk.com

Mailing address: WorkwrK Technologies, WeWork ETV, Bellandur, Bengaluru 560103, India.

Stop juggling tools.
Start running the business.

Get started Talk to sales