workthin
workthin
PricingBlogChangelogOverviewQuick StartConcepts

Security OverviewSecret ProtectionAccess Control

Docs for LLMs

llms.txtllms-full.txt
Security

Architecture

workthin implements defense-in-depth:

  1. Secret Protection — 3-stage pipeline masks secrets before storage
  2. Access Control — Row Level Security (RLS) per user and project
  3. Encryption — AES-256 at rest, TLS 1.3 in transit
  4. API Authentication — Bearer token + Supabase cookie auth

Sub-processors

ServicePurposeData Location
SupabaseDatabase, Auth, StorageUS
VercelHosting, CDNUS
OpenAIStructuring, Tagging, EmbeddingUS
StripePaymentsUS
PostHogAnalyticsUS
UpstashRate LimitingUS

Data Policy

  • We do not use your data to train AI models
  • You own your data — export or delete anytime
  • GDPR-ready data deletion on request

AI Data Handling

workthin uses the OpenAI API for structuring, tagging, embedding, and classification. API data is not used for model training:

"OpenAI does not train on data sent via the API by default."

— Your data | OpenAI Platform

See also: Enterprise privacy at OpenAI, How your data is used

Token Optimization

Reduce AI token costs using workthin's detail levels.

Secret Protection

How the 3-stage detection pipeline works, what it catches, and what passes safely.

On this page

ArchitectureSub-processorsData PolicyAI Data Handling