Compliance
Last updated
Was this helpful?
Last updated
Was this helpful?
We have contractual agreements with our AI subprocessors that prohibit the use of customer data to train their models.
Report is available .
WorkflowAI Cloud is SOC2 Type1 compliant, ensuring that our platform meets rigorous security and compliance standards. This certification verifies the design and implementation of our security controls at a specific point in time, covering the following principles:
Security: Protecting against unauthorized access (both physical and logical).
Availability: Ensuring that the system is available for operation and use as committed.
Processing Integrity: Guaranteeing that system processing is complete, valid, accurate, timely, and authorized.
Confidentiality: Maintaining the confidentiality of information as committed or agreed.
Privacy: Protecting personal information according to the commitments in the privacy notice.
Achieving SOC2 Type1 compliance demonstrates our commitment to maintaining the highest standards of security and operational excellence, providing our users with confidence in the integrity and reliability of our services.
All customer data processed through WorkflowAI Cloud workflows is hosted and processed within the United States.
Your data is hosted and processed in data centers located in the United States.
We have contractual agreements with our AI subprocessors that prohibit them from using your data to train their models. However, some subprocessors may temporarily retain data for operational purposes according to their own policies. Retention periods vary by subprocessor and specific operational needs. WorkflowAI does not control these subprocessor retention periods directly, and we cannot force deletion from their systems outside of our contractual 'no training' guarantees.
We utilize various leading AI model providers. Our contractual agreements with all subprocessors ensure your data is not used for training purposes. For specific details on subprocessors relevant to your usage, please refer to our DPA or contact support.
WorkflowAI does not have specific technical restrictions preventing the processing of various data types. However, we currently do not have a formal policy explicitly governing the processing of sensitive personal data (such as identity documents, health information, etc.). Customers are solely responsible for ensuring their use of WorkflowAI complies with all applicable regulations, including GDPR, especially concerning sensitive data categories which often require heightened safeguards and explicit consent. We advise exercising caution and recommend discussing specific use cases involving sensitive data with your legal counsel and contacting us if you have further questions.
We offer a Data Processing Agreement (DPA) to customers who require one for GDPR or other compliance purposes. Please contact to request a copy.
Yes, since data is processed in the US, it is transferred outside the European Union / European Economic Area. We provide a Data Processing Agreement (DPA) which outlines the contractual commitments between WorkflowAI and our customers. Customers are responsible for ensuring they have a lawful basis for transferring personal data to the US when using our services. Please contact for our DPA.
Yes, please contact to request our DPA.
For organizations with particularly strict compliance, data residency, or security requirements, we recommend considering the self-hosted version of WorkflowAI. Self-hosting provides maximum control over your data environment. You can find information on setting up self-hosting in our GitHub repository: . Please don't hesitate to contact our sales team via email for more information and support on self-hosting options.
If you have specific compliance questions and requirements (HIPPA, GDPR, data retention, etc) not covered here, please contact us at .