Privacy Policy

Last updated: January 1, 2025

At Workunit, privacy isn't an afterthought—it's our foundation. We built this tool for builders, not for data collection. Your work stays yours.

Our Privacy Principles

Your Data Stays Yours

We don't sell, rent, or monetize your data. Ever. Your workunits, assets, and decisions belong to you.

No Surveillance Features

No keystroke logging, no activity monitoring, no productivity surveillance. We build tools that respect human agency.

Transparent Processing

We're clear about what data we collect, why we collect it, and how we use it. No hidden tracking.

Security First

Industry-standard encryption and regular security audits.

What Data We Collect

Account Information

Email address, name, organization name. Used for authentication and communication.

Workunit Data

Problem statements, assets, tasks, comments. The actual work you do in Workunit. This is your data, not ours.

Usage Analytics

Anonymous usage patterns to improve product features. No personal data, no tracking across sites.

Technical & Security Data

IP addresses and browser information collected during signup, login, and authentication for fraud prevention, abuse detection, and rate limiting. Security logs retained for 90 days, then automatically deleted. Also collect browser type and device info for debugging and performance optimization.

How We Use Your Data

Provide the Service

Display your workunits, enable collaboration, power AI features that help you work.

Improve Product

Analyze aggregated usage patterns to build better features. Never individual behavior tracking.

Security & Compliance

Detect fraud, prevent abuse, maintain service security and reliability.

Communication

Send service updates, security alerts, and support responses. You control marketing emails.

AI Features & Privacy

Workunit's AI features are designed with privacy in mind:

  • Context stays private: AI processes your workunit data to provide suggestions, but never trains on it or shares it.
  • No cross-organization learning: Your data never influences AI suggestions for other organizations.
  • Opt-out available: You can disable AI features while keeping core PM functionality.
  • Transparent processing: AI decisions are explainable—you can see why suggestions were made.

Data Sharing & Third Parties

We Don't Sell Your Data

Never have, never will. Your data is not a revenue stream for us.

Service Providers

Hosting (Coolify), email (Resend), analytics (self-hosted). All under strict data processing agreements.

Legal Requirements

We may disclose data if legally required, but we'll notify you unless prohibited by law.

Team Members

Data shared within your organization is visible to team members based on your permission settings.

Your Privacy Rights

Access

Request a copy of all your personal data.

Rectification

Correct any inaccurate or incomplete data.

Deletion

Delete your account and associated data anytime.

Portability

Export your workunit data in standard formats.

Objection

Opt out of non-essential data processing.

Complaint

File complaints with your data protection authority.

Data Retention & Deletion

Active Accounts

We retain your data as long as your account is active and for legitimate business purposes.

Account Deletion

Delete your account anytime from settings. Data is permanently deleted within 30 days.

Backup Copies

Backup copies are automatically deleted within 90 days of account deletion.

Legal Obligations

Some data may be retained longer if required by law (e.g., financial records).

Security Measures

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256). No exceptions.

Access Controls

Role-based permissions, multi-factor authentication, and regular access audits.

Security Monitoring

24/7 monitoring, intrusion detection, and regular security assessments.

Security Logging

IP addresses and browser information temporarily collected during signup, login, and authentication to prevent abuse, detect fraud, and enforce rate limits. Logs automatically deleted after 90 days. Legal basis: Legitimate interest for network security (GDPR Article 6(1)(f), Recital 49).

Cookies & Tracking

We use minimal cookies for essential functionality:

  • Session cookies: Keep you logged in. Required for the service to work.
  • Security cookies: Prevent CSRF attacks and secure your session.
  • Preference cookies: Remember your UI settings and preferences.

No third-party tracking cookies. No advertising networks. No social media pixels.

International Data Transfers

Data Location

Primary data stored in EU-based self-hosted server (Coolify).

Transfer Safeguards

Standard contractual clauses (SCCs) and adequate data protection measures for international transfers.

GDPR Compliance

Full compliance with EU General Data Protection Regulation for European users.

Children's Privacy

Workunit is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

Policy Updates

We may update this privacy policy to reflect changes in our practices or legal requirements. We'll notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

Questions About Privacy?

Contact our privacy team: [email protected]

Contact Privacy TeamView Terms & Policies