workthin (“we”, “us”, “our”) is committed to protecting the privacy of every user. This policy explains what data we collect, how we use it, and your rights.
We collect only the data necessary to operate the service. This includes account information (email, name, organization), usage telemetry (anonymized feature usage, error rates), and knowledge records you create. We do not collect browsing history, location data, or device identifiers beyond what is necessary for authentication.
We process your personal data to provide the workthin service under our contract with you. For analytics, we rely on our legitimate interest in improving the service. We follow GDPR-compliant data handling practices.
All knowledge records pass through our secret masking pipeline before storage. API keys, tokens, passwords, and other credentials are automatically detected and redacted. Masked values are never stored or logged.
To structure, tag, and classify your knowledge, we send portions of your text to the OpenAI API. Secret masking is applied before any data is sent. Under OpenAI's API data usage policy, data submitted via the API is not used to train their models. We do not use your data to train any AI models.
We use the following sub-processors to operate the service:
We do not sell your data to any third party.
We retain your data for as long as your account is active. Upon account deletion, all personal data including knowledge records, profile information, and usage metrics are permanently deleted within 30 days. Backups containing deleted data are purged within 90 days.
If you are located in the European Economic Area, you have the right to access, correct, delete, or export your personal data at any time. You may also object to processing or request restriction. To exercise any of these rights, contact hello@workthin.app. We will respond within 30 days.
workthin is not intended for use by children under 13 years of age. We do not knowingly collect personal data from children under 13.