WORKWAY

Privacy Policy

Last updated: November 17, 2025

1. Introduction

WORKWAY ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace platform.

By using WORKWAY, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email, password, display name, profile picture
  • Developer Information: Company name, bio, website URL, GitHub profile, LinkedIn profile
  • Payment Information: Processed through Stripe (we store transaction records, not card details)
  • OAuth Credentials: Access tokens for connected services (Gmail, Notion, Slack, etc.)
  • Integration Configuration: Settings and preferences for installed workflows

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: Browser type, OS, device identifiers, IP address
  • Workflow Execution Data: Run history, success/failure rates, execution logs
  • Performance Metrics: API response times, error rates, system health
  • Cookies: Session cookies, preference cookies, analytics cookies

2.3 Third-Party Data

When you connect third-party services (Gmail, Notion, etc.), we receive data from those services necessary for workflow automation:

  • Gmail: Email metadata, message content (as configured)
  • Notion: Page content, database records
  • Slack: Messages, channel information
  • Other integrations as authorized by you

3. How We Use Your Information

We use collected information to:

  • Provide Services: Execute workflows, process integrations, manage your account
  • Improve Platform: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect fraud, prevent abuse, protect user accounts
  • Communications: Send transactional emails, product updates, security alerts
  • Analytics: Generate developer revenue reports, platform statistics
  • Compliance: Meet legal obligations, enforce terms of service
  • Support: Respond to inquiries, troubleshoot issues

4. Data Storage and Security

4.1 Data Storage

We store data using Cloudflare's infrastructure:

  • D1 Database: User accounts, integration metadata, transaction records
  • KV Storage: Sessions, OAuth tokens (encrypted)
  • Durable Objects: Workflow state, OAuth flows
  • Encryption: Data encrypted at rest and in transit (TLS 1.3)

4.2 Security Measures

  • Password hashing with industry-standard algorithms
  • OAuth 2.0 with PKCE for third-party authentication
  • Rate limiting to prevent abuse
  • Regular security audits and monitoring
  • Cloudflare's DDoS protection and WAF

4.3 Data Retention

We retain data for:

  • Account Data: Until account deletion
  • Transaction Records: 7 years (legal requirement)
  • Workflow Logs: 90 days
  • Analytics Data: Aggregated indefinitely
  • OAuth Tokens: Until revoked or integration uninstalled

5. How We Share Your Information

We share your information only in these circumstances:

5.1 With Developers

Integration developers receive limited data necessary for their integrations:

  • Anonymous usage statistics
  • Revenue and sales data for their integrations
  • Aggregated performance metrics
  • NOT: Personal identifiable information without consent

5.2 Service Providers

  • Stripe: Payment processing
  • Resend: Transactional emails
  • Cloudflare: Infrastructure and hosting

5.3 Legal Requirements

We may disclose information if required by law or to:

  • Comply with legal obligations
  • Respond to lawful requests from authorities
  • Protect our rights and safety
  • Prevent fraud or illegal activity

5.4 Business Transfers

In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Your Privacy Rights

You have the right to:

  • Access: Request copies of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention)
  • Export: Receive your data in machine-readable format
  • Opt-out: Unsubscribe from marketing communications
  • Revoke OAuth: Disconnect third-party integrations anytime

To exercise these rights, contact us at privacy@workway.co

7. Children's Privacy

WORKWAY is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in compliance with applicable data protection laws.

9. Cookies and Tracking

We use cookies for:

  • Essential: Session management, authentication
  • Analytics: Usage patterns, feature adoption
  • Preferences: UI settings, language preferences

For more information, see our Cookie Policy.

10. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or requests:

WORKWAY Privacy Team

Email: privacy@workway.co

Address: [Your Business Address]

Terms of ServiceRefund PolicyDeveloper AgreementCookie Policy