Data in Rest and Retention
User and Activity Data
Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Password
Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Encryption:
Passwords are securely stored using one-way hashing techniques, ensuring they cannot be reversed to retrieve the original password. Strong hashing algorithms, combined with salting, are implemented to protect against brute force and rainbow table attacks.
Fullname
Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Phone Number
(optional)Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
IP Address
Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Geolocation
(optional)Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Birthday Date
(optional)Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Communication Data
(optional)Messages in WebWork Chat, WebWork AI
Retention Policy:
Data is retained until the user or workspace is automatically deleted due to inactivity or upon a deletion request, in accordance with our privacy policy.
Encryption:
WebWork Chat uses cryptographic encryption for all messages which are retained in our databases.
Other Data which is collected temporary
for analytics and security monitoring purposes
- Number of pages visited
- Entry/exit points
- Time on site
- Button pressed to register
- Source of visit
- Visit date/time
Sensitive Data Disclaimer
Our service does not actively collect or process sensitive data categories such as biometric data, religious or philosophical beliefs, sexual orientation, genetic data, political opinions, or health data. However, users may upload or generate content (e.g., screenshots) that could contain such information, depending on their usage of the system.
- User Responsibility: Users are responsible for ensuring compliance with applicable privacy regulations when uploading or sharing sensitive data within the platform.
- Our Role: We act as a data processor for such content and do not analyze or use it unless explicitly required for troubleshooting or legal purposes.
- Security Measures: All data is stored securely in accordance with industry standards to protect user privacy.
Media Files
Screenshots
Retention Policy:
- Until the user deletes them manually
- Until the workspace requested to delete its data
- Otherwise, automatically deleted after 3, 6, or 12 months, depending on the package
Access:
- Restricted to authorized workspace users, as the URL containing the token is accessible only within the workspace.
Encryption:
-
Multi-Step Encryption:
- Unique Encryption and Decryption Tokens: Each file is assigned a unique token during the encryption process, ensuring personalized protection and preventing the possibility of decrypting all files in the same way.
- Token-Based Transformation: Files undergo a custom transformation using an algorithm developed by our security team, adding a unique layer of security to each file.
- AES Encryption: After transformation, the data is encrypted using the industry-standard AES-256-CBC, ensuring robust cryptographic security.
-
Amazon Encryption:
- Server-side encryption (SSE) with Amazon S3-managed keys (SSE-S3) adds an additional layer of security for all files stored in our infrastructure.
Personal Info > Documents and Other Files
Retention Policy:
- Until the user deletes them manually
- Until the user or workspace is deleted
Access:
- Restricted to authorized workspace users
Finances → Expense Tracking → Receipts
Retention Policy:
- Until user deletes it or workspace is deleted
Access:
- Restricted to authorized workspace users
Tasks & Subtasks & comments → Attachments
Retention Policy:
- Until the user deletes it, or deletes the task, or subtask, or project, or workspace.
Access:
- Restricted to authorized workspace users
Chat → Files
Retention Policy:
- Until the user deletes it, the message, channel, or workspace will not be deleted.
Access:
- Restricted to authorized workspace users
Settings → Avatars
Retention Policy:
- Until user deletes it or workspace is deleted
Access:
- Publicly available if you have the URL of the single file
Settings → White Label → Logo and Favicon
Retention Policy:
- Until user deletes it or workspace is deleted
Access:
- Publicly available if you have the URL of the single file
Tracker Logs
Logs which go to server when you send error log.
Retention Policy:
- Until user or workspace is deleted
- Otherwise, automatically deleted after 3 months
Access:
- Restricted, only accessed by support and technical support teams
Support → Ticket → Attachments
Retention Policy:
- Until workspace is deleted
Access:
- Restricted, only accessed by support and technical support teams