Workiflow Logo
Linkedin
Workiflow Logo
Linkedin

Privacy Policy

Workiflow LLC Last updated: April 14th, 2026

This Privacy Policy explains how Workiflow LLC (“Workiflow,” “we,” “us”) collects, uses, and protects your information. It applies when you visit our website, engage us for services, or use our marketplace applications.

For questions about this policy or our data practices, contact us at security@workiflow.com.

When You Visit Our Website

What we collect. When you visit workiflow.com, we may collect:

  • Usage data. Pages visited, time on site, referring URLs, browser type, device type, and general location (city/country level). We use analytics tools to understand how visitors use our site and to improve the experience.
  • Form submissions. If you fill out a contact form, request a consultation, or sign up for communications, we collect the information you provide (name, email, company, message, etc.).
  • Cookies and similar technologies. We use cookies and similar technologies for analytics and site functionality. We ask for your consent before placing non-essential cookies (such as analytics cookies). You can manage or withdraw your cookie preferences at any time through our cookie consent tool or your browser settings.

How we use it. We use website data to understand traffic patterns, improve our site, and respond to inquiries. If you submit a form or sign up for communications, we may send you relevant updates about our services — you can opt out at any time. We don’t sell visitor data or use it for advertising.

Third-party analytics. We use third-party analytics services to help us understand website usage. These services may collect information about your visits to our site using cookies or similar technologies. These tools have their own privacy policies, and we select providers that maintain responsible data practices.

When You Engage Us for Services

This section applies to project-based and managed services engagements.

How we work. We primarily build, configure, and manage solutions within your existing infrastructure — your platforms, your tools, your systems. We don’t independently host or store your core business data. We do use our own tools (such as project management, communication, and documentation platforms) to manage the engagement, which may contain project-related information like task descriptions, status updates, and contact details.

In limited cases (such as data migrations), we may temporarily handle your data outside your systems, but only as needed to perform the work. Temporary copies are deleted promptly, and no later than five (5) business days after the task is complete.

What we collect. When you engage us for services, we collect:

  • Contact and billing information. Your name, email address, company name, and billing details. Payment transactions are processed by Stripe — we don’t store your payment card information.
  • Information within your systems. When you grant us access to your platforms, tools, or systems, we may access data within those systems solely to perform the services. This data stays in your infrastructure — we don’t extract or store it except in the limited temporary handling cases described above.
  • Engagement records. Communications with you (emails, messages, calls) and records related to the engagement (project status, support requests, invoices).

How we use it. We use this information to deliver the services described in your proposal or agreement, communicate with you about your engagement, process payments, and comply with legal obligations. We may also use engagement records (not your business data) to improve how we manage our services and operations.

Marketing communications. We may occasionally send you relevant updates, insights, or information about our services. You can opt out at any time by using the unsubscribe link in any email or by contacting us at security@workiflow.com. We’ll never share your email with third parties for marketing purposes.

AI and automation tools. We use AI and automation tools as part of our service delivery. When we use AI platforms (such as Anthropic or OpenAI), we use paid plans that do not train on client data. Your data is processed solely to perform the services and is not used to improve third-party AI models.

Meeting recordings. We may use automated tools to record and transcribe meetings for internal reference, follow-ups, and service delivery. Meeting content may include client discussions, strategy sessions, and sensitive business information. You’ll be informed when a recording tool is present in a meeting.

Time tracking and screenshots. Our team uses time tracking tools that may capture periodic screenshots during active work sessions. These screenshots could incidentally contain client data visible on screen. Screenshots are used solely for internal work verification and are retained in accordance with our data retention policies.

Internal tools. We build and operate our own internal tools for activities like document generation, proposals, and operational management. These tools may process client data and are hosted on the same cloud infrastructure (Vercel, Supabase) as our other services, held to the same security standards, and subject to the same data protection obligations described in this policy and our DPA.

Data processing. For details on how we process data on your behalf as a service provider — including our obligations, sub-processors, breach notification, and deletion practices — see our Data Processing Agreement at workiflow.com/dpa.

When You Use Our Apps

This section applies to Workiflow’s marketplace applications (such as apps available on the monday.com marketplace).

What we collect and store. Our apps may access and store data from your platform account on our infrastructure in order to provide the app’s functionality. This typically includes board data such as items, column values, and associated metadata. We may also collect your account information (name, email, account ID) for authentication and app functionality.

Where your data is stored. Unlike our services engagements (where we work within your systems), our marketplace apps store data on cloud infrastructure managed by Workiflow. We use providers including Google Cloud Platform (GCP), Amazon Web Services (AWS), and Supabase, with data hosted in the United States. We apply the same security standards to this data as we do across all of our operations.

How we use it. We use your app data solely to provide and maintain the app’s functionality. We don’t sell your data, use it for advertising, or share it with third parties except as needed to operate the app (for example, cloud hosting providers).

How we protect it. Data stored by our apps is protected by security practices aligned with SOC 2 Type II and ISO 27001 controls, including encryption in transit and at rest, role-based access controls, and regular security monitoring.

Data retention. We retain your app data for as long as you actively use the app. If you uninstall the app or request deletion, we’ll remove your data from our systems within 30 days.

AI and automation. If any of our apps use AI features, we use paid AI plans that do not train on your data. Your data is processed solely to deliver the app’s functionality.

How We Share Your Information

These practices apply across all contexts — website, services, and apps.

We don’t sell your information. Period.

We may share your information only in the following situations:

Sub-processors and service providers. We use a limited number of tools and services to operate our business, deliver services, and run our apps. For details on our sub-processors, see our Data Processing Agreement at workiflow.com/dpa. A current list is also maintained at workiflow.com/sub-processors.

Legal requirements. We may disclose information if required by law, regulation, legal process, or government request.

Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We’d notify you before your information becomes subject to a different privacy policy.

With your consent. We may share information when you explicitly ask us to or give us permission.

How We Protect Your Information

We take security seriously across everything we do. Our practices are aligned with SOC 2 Type II and ISO 27001 controls. All team members complete security awareness training and are bound by confidentiality agreements. For a detailed description of our security measures, see the Data Processing Agreement at workiflow.com/dpa.

Data Retention

How long we keep your information depends on the context:

  • Website data. Analytics data is retained according to our analytics provider’s standard retention periods. Form submissions and communications are retained for as long as needed to respond and follow up.
  • Service engagement records. Invoices, contracts, proposals, and communications may be retained for up to seven years for legal and accounting purposes. We don’t store your core business data — it lives in your systems.
  • App data. Retained for as long as you actively use the app. Deleted within 30 days of uninstall or deletion request.

Your Rights

Depending on where you’re located, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Restrict or object to certain processing
  • Request portability of your data
  • Withdraw consent where processing is based on consent

For California residents. Under the California Consumer Privacy Act (CCPA), you also have the right to know what categories of personal information we collect and how we use them, and the right to opt out of the sale of personal information. We don’t sell personal information, so there’s nothing to opt out of. We won’t discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at security@workiflow.com. We’ll respond within 30 days.

Children’s Privacy

Our website, services, and apps are designed for businesses and are not directed at children under 16. We don’t knowingly collect personal information from children. If you believe we’ve inadvertently collected information from a child, contact us at security@workiflow.com and we’ll delete it promptly.

Third-Party Services

Our website, services, and apps may involve third-party platforms and tools. These services have their own privacy policies, and we encourage you to review them. We select partners that maintain strong data protection practices, but we’re not responsible for their privacy practices.

Changes to This Policy

We may update this policy from time to time. For material changes, we’ll notify active service clients at least 30 days in advance via email. For website visitors and app users, we’ll post the updated policy on our website with a revised “last updated” date. The “last updated” date at the top of this policy reflects the most recent revision.

Contact

For any privacy-related questions, concerns, or requests:

Workiflow LLC Beaverton, OR, United States Email: security@workiflow.com

Scroll to Top