Privacy Policy

Effective date: April 11, 2026

wrk!ng ("we", "us", "our") operates the wrk!ng platform. This Privacy Policy describes how we collect, use, store, and protect information when you use our website and services.

We believe privacy is a fundamental right. We collect only what we need to operate the service, we never sell your data, and we are transparent about every category of information we handle.

1. Information we collect

Account information

When you create a wrk!ng account we collect your name, email address, organization name, and a password. Passwords are hashed with bcrypt before storage and are never stored or logged in plaintext.

Organization data

Content you and your team create inside wrk!ng - employees, workflows, forms, scorecards, documents, and any data entered through capability packs - is stored in your organization's isolated tenant. This data belongs to you.

Usage and analytics

We collect anonymized, aggregate usage metrics (page views, feature adoption, error rates) to improve the product. We do not track individual behavior across third-party sites and we do not use third-party advertising trackers.

Technical data

Our servers automatically log IP addresses, browser type, operating system, and timestamps for security, rate-limiting, and debugging purposes. These logs are retained for no more than 90 days and are not correlated with your identity for marketing purposes.

2. How we use your information

We use the information we collect to:

  • Provision and operate your workspace
  • Authenticate users and enforce access control
  • Process payments and manage billing
  • Send transactional communications (account confirmations, security alerts, billing receipts)
  • Monitor and improve platform reliability, performance, and security
  • Respond to support requests

We do not use your organization data, form submissions, workflow content, or any user-generated content to train machine-learning models, build advertising profiles, or market third-party products.

3. AI processing

wrk!ng provides AI features powered by large language models (LLMs). When you configure AI prompt hooks, the data you choose to send to an LLM is transmitted to the model provider you select.

  • You control which data is sent by authoring the prompt and selecting the model.
  • We do not send your data to any AI provider without an explicit, user-configured prompt at a specific interaction point.
  • We do not use your data to fine-tune or train any model, ours or third-party.
  • You may disable AI processing entirely at any time without affecting core platform functionality.

4. Data sharing and disclosure

We do not sell, rent, or trade your personal information or organization data. We share data only in these limited circumstances:

  • Service providers: Trusted vendors who help us operate the platform (hosting, payment processing, email delivery). These providers are bound by contract to use your data only to perform services on our behalf.
  • AI model providers: Only when you explicitly configure an AI interaction point, and only the data you choose to include in the prompt.
  • Legal requirements: When required by law, subpoena, or court order, or to protect the rights, safety, or property of wrk!ng, our users, or the public.
  • Business transfer: In connection with a merger, acquisition, or sale of assets, your data would transfer with the business under the same privacy protections.

5. Data retention and deletion

We retain your account and organization data for as long as your account is active. When you delete your account or organization, we permanently remove all associated data within 30 days, except where retention is required by law (e.g. billing records).

You may export your organization data at any time through the platform's data export features.

6. Security

We protect your data with industry-standard security practices including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Isolated, single-tenant database schemas per organization
  • Bcrypt password hashing with per-user salts
  • Rate limiting and brute-force protection
  • Role-based access control with principle of least privilege
  • Regular security audits and dependency monitoring

7. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is consent-based

We honor these rights regardless of where you are located. To exercise any of them, contact us at privacy@wrk.ing.

9. International data transfers

wrk!ng may process data in countries other than your own. When we transfer data internationally, we use appropriate safeguards - including standard contractual clauses and equivalent mechanisms - to ensure your data receives the same level of protection required by applicable law.

10. Children's privacy

wrk!ng is not directed at individuals under the age of 16 and we do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of the service after a change constitutes acceptance of the revised policy.

12. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@wrk.ing.