Compliance

No training on your data, ever.

We have contractual agreements with our AI subprocessors that prohibit the use of customer data to train their models.

SOC2 (Type1) Compliance

Report is available here.

WorkflowAI Cloud is SOC2 Type1 compliant, ensuring that our platform meets rigorous security and compliance standards. This certification verifies the design and implementation of our security controls at a specific point in time, covering the following principles:

  • Security: Protecting against unauthorized access (both physical and logical).

  • Availability: Ensuring that the system is available for operation and use as committed.

  • Processing Integrity: Guaranteeing that system processing is complete, valid, accurate, timely, and authorized.

  • Confidentiality: Maintaining the confidentiality of information as committed or agreed.

  • Privacy: Protecting personal information according to the commitments in the privacy notice.

Achieving SOC2 Type1 compliance demonstrates our commitment to maintaining the highest standards of security and operational excellence, providing our users with confidence in the integrity and reliability of our services.

Data Hosting and Processing

All customer data processed through WorkflowAI Cloud workflows is hosted and processed within the United States.

Data Processing Agreement (DPA)

We offer a Data Processing Agreement (DPA) to customers who require one for GDPR or other compliance purposes. Please contact [email protected] to request a copy.

GDPR & Frequently Asked Questions

Where is my data hosted and processed?

Your data is hosted and processed in data centers located in the United States.

Is data transferred outside the EU/EEA? What safeguards are in place?

Yes, since data is processed in the US, it is transferred outside the European Union / European Economic Area. We provide a Data Processing Agreement (DPA) which outlines the contractual commitments between WorkflowAI and our customers. Customers are responsible for ensuring they have a lawful basis for transferring personal data to the US when using our services. Please contact [email protected] for our DPA.

Do you offer a Data Processing Agreement (DPA)?

Yes, please contact [email protected] to request our DPA.

Is the data sent to AI models retained? For how long? Can it be deleted?

We have contractual agreements with our AI subprocessors that prohibit them from using your data to train their models. However, some subprocessors may temporarily retain data for operational purposes according to their own policies. Retention periods vary by subprocessor and specific operational needs. WorkflowAI does not control these subprocessor retention periods directly, and we cannot force deletion from their systems outside of our contractual 'no training' guarantees.

Which AI subprocessors do you use?

We utilize various leading AI model providers. Our contractual agreements with all subprocessors ensure your data is not used for training purposes. For specific details on subprocessors relevant to your usage, please refer to our DPA or contact support.

Can I process sensitive personal data (e.g., identity documents) on WorkflowAI?

WorkflowAI does not have specific technical restrictions preventing the processing of various data types. However, we currently do not have a formal policy explicitly governing the processing of sensitive personal data (such as identity documents, health information, etc.). Customers are solely responsible for ensuring their use of WorkflowAI complies with all applicable regulations, including GDPR, especially concerning sensitive data categories which often require heightened safeguards and explicit consent. We advise exercising caution and recommend discussing specific use cases involving sensitive data with your legal counsel and contacting us if you have further questions.

Self-Hosting for Maximum Control

For organizations with particularly strict compliance, data residency, or security requirements, we recommend considering the self-hosted version of WorkflowAI. Self-hosting provides maximum control over your data environment. You can find information on setting up self-hosting in our GitHub repository: https://github.com/workflowai/workflowai. Please don't hesitate to contact our sales team via email for more information and support on self-hosting options.

If you have specific compliance questions and requirements (HIPPA, GDPR, data retention, etc) not covered here, please contact us at [email protected].

PreviousReliabilityNextGet started

Last updated

Was this helpful?