Trust Center / Legal

Privacy Policy

Last updated: April 2026Trust Center

1. Introduction

This Privacy Policy describes how Workiflow LLC ("Workiflow," "Company," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you:

  • Visit our website at workiflow.com (the "Site")
  • Engage us for professional services, including consulting, implementation, custom development, managed services, and AI/automation (the "Services")
  • Communicate with us through email, phone, messaging platforms, or other channels

Workiflow LLC is incorporated in the State of Delaware and operates from 9450 Southwest Gemini Drive, Beaverton, OR 97008, United States.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can reach us at security@workiflow.com.

2. Information We Collect

We collect personal information in several ways depending on how you interact with us.

2.1 Information You Provide to Us

When you contact us, request a consultation, enter into a service engagement, or otherwise communicate with us, you may provide:

  • Contact information such as your name, email address, phone number, job title, and company name
  • Account and billing information such as billing address and payment details (payment processing is handled by Stripe; we do not store full payment card numbers)
  • Communications such as the content of emails, messages, support requests, and feedback you send us
  • Engagement information such as project requirements, business processes, technical specifications, and other information you share in connection with our Services

2.2 Information We Collect Automatically

When you visit the Site, we automatically collect certain technical information, including:

  • Device and browser information such as IP address, browser type, operating system, and device identifiers
  • Usage data such as pages viewed, links clicked, time spent on pages, and referring URLs
  • Location data inferred from your IP address (we do not collect precise GPS location)

We collect this information using cookies and similar technologies. See Section 8 for details.

2.3 Client Data We Process on Behalf of Clients

In the course of providing professional services, we may access, process, or store data that belongs to our clients or their customers ("Client Data"). This may include personal information contained within client systems, databases, platforms, or files.

Important: When we process Client Data on behalf of a client, we act as a data processor (or "service provider" under applicable U.S. state laws). The client is the data controller and determines the purposes and means of processing. Our handling of Client Data is governed by our Terms of Service, any applicable Managed Services Agreement or Statement of Work, and where executed, a Data Processing Agreement (DPA).

We do not use Client Data for our own purposes, sell Client Data, or share Client Data with third parties except as necessary to perform the Services or as directed by the client.

3. How We Use Your Information

We use personal information for the following purposes:

  • To provide and deliver Services. We use your information to perform the services you've engaged us for, communicate about your engagement, deliver work, and manage the client relationship.
  • To operate and improve the Site. We use technical and usage data to maintain the Site, understand how it is used, and improve its functionality and content.
  • To communicate with you. We use your contact information to respond to inquiries, send service-related communications, and, with your consent where required, share updates about Workiflow's services and offerings.
  • To process payments. We use billing information to invoice for services and process payments through our payment processor (Stripe).
  • For security and compliance. We use information to protect against unauthorized access, maintain the security of our systems, detect fraud, and comply with legal obligations.
  • For legitimate business purposes. We may use aggregated or de-identified information for analytics, benchmarking, and improving our services. This information does not identify any individual.

4. How We Share Your Information

We do not sell personal information. We share personal information only in the following circumstances:

  • Service providers and sub-processors. We share information with trusted third-party providers who assist us in delivering our Services, operating the Site, or running our business. These providers are contractually required to protect your information and may only use it to perform services on our behalf.
  • Professional advisors. We may share information with our legal, accounting, or insurance advisors as necessary for professional advice and risk management.
  • Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, safety, or property of Workiflow, our clients, or the public.
  • Business transfers. In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected individuals of any change in ownership or control of their personal information.
  • With your consent. We may share information for any other purpose with your explicit consent.

A current list of sub-processors used in delivering our Services is maintained at workiflow.com/sub-processors.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Website data (such as analytics and technical logs) is retained for up to 24 months.
  • Client engagement data (such as contact information, project records, and communications) is retained for the duration of the client relationship and for up to 3 years thereafter, unless longer retention is required for legal, tax, or compliance purposes.
  • Client Data processed on behalf of clients is retained in accordance with the applicable Service Agreement. Upon termination of an engagement, Client Data is returned or deleted in accordance with our Terms of Service and any applicable DPA.

When personal information is no longer needed, we securely delete or anonymize it.

6. Data Security

We take the protection of personal information seriously. Workiflow maintains administrative, technical, and organizational security measures designed to protect personal information against unauthorized access, loss, destruction, alteration, or disclosure.

Our security practices include:

  • SOC 2 Type II and ISO 27001 audits in progress, with controls aligned to both frameworks today (details at workiflow.com/security)
  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls with least-privilege enforcement
  • Continuous vulnerability monitoring
  • Regular employee security awareness training
  • Documented incident response procedures
  • Comprehensive cyber liability and professional indemnity insurance coverage

No method of transmission over the internet or electronic storage is completely secure. While we work to protect your personal information, we cannot guarantee absolute security.

7. International Data Transfers

Workiflow is based in the United States. If you are located outside the United States, your personal information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

Where we transfer personal information from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

If you have questions about international data transfers, please contact us at security@workiflow.com.

8. Cookies and Tracking Technologies

We use cookies and similar technologies on the Site to collect usage data, remember preferences, and improve performance.

  • Essential cookies are required for the Site to function and cannot be disabled.
  • Analytics cookies help us understand how visitors interact with the Site (such as pages viewed and traffic sources). We use these to improve the Site's content and functionality.
  • Marketing cookies may be used to deliver relevant content and measure the effectiveness of our communications. These are only placed with your consent where required by law.

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of the Site.

We do not currently respond to Do-Not-Track browser signals, as there is no universally accepted standard for how to handle them. If a standard is adopted, we will update this policy accordingly.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information under applicable privacy laws.

9.1 Rights Available to All Users

Regardless of your location, you may:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate or incomplete personal information
  • Request deletion of your personal information, subject to legal retention requirements
  • Opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us
  • Withdraw consent where processing is based on your consent, without affecting the lawfulness of prior processing

To exercise any of these rights, email us at security@workiflow.com. We will respond within 30 days (or the timeframe required by applicable law).

9.2 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right to restriction of processing in certain circumstances
  • Right to data portability: to receive your personal information in a structured, commonly used, machine-readable format
  • Right to object to processing based on legitimate interests

Legal bases for processing: We process personal information on the following legal bases: (a) performance of a contract (to provide Services); (b) legitimate interests (to operate and improve our business, provided these interests do not override your rights); (c) consent (where you have given it); and (d) legal obligations.

If you believe we are processing your personal information unlawfully, you have the right to lodge a complaint with your local data protection authority.

9.3 United States: State-Specific Rights

California (CCPA/CPRA). If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell or share personal information); and not be discriminated against for exercising your rights.

In the preceding twelve months, we have collected the following categories of personal information: identifiers (name, email, IP address) and internet activity (Site usage data). We have not sold or shared personal information for business or commercial purposes and will not do so in the future.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states. If you are a resident of a U.S. state with applicable privacy legislation, you may have similar rights to access, correct, delete, and opt out of certain processing. To exercise these rights, contact us at security@workiflow.com. If we decline your request, you may appeal by emailing the same address.

10. Children's Privacy

We do not knowingly collect personal information from individuals under the age of 18. If you believe we have collected information from a minor, please contact us at security@workiflow.com and we will take prompt steps to delete it.

11. Third-Party Links and Services

The Site and our Services may contain links to third-party websites, platforms, and services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party service before providing personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. The updated version will be indicated by a revised "Last Updated" date at the top of this page.

If we make material changes, we will notify you through the Site or by direct communication. Your continued use of the Site or Services after any changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information:

Workiflow LLC

9450 Southwest Gemini Drive
Beaverton, OR 97008
United States

Privacy and security inquiries: security@workiflow.com

Website: workiflow.com

For requests related to Client Data processed on your behalf, please contact us through the channels specified in your Service Agreement.