Privacy Policy

Who We Are

WorksBuddy is a workplace productivity and task management platform headquartered at: 

WorksBuddy, Inc. [Company Address] [City, State, ZIP] [Country]

For purposes of applicable data protection laws (including the EU General Data Protection Regulation ("GDPR")), WorksBuddy is the data controller for personal data collected through the Service, unless otherwise stated in a Data Processing Agreement ("DPA") with your organization.

Scope of This Policy

This Privacy Policy applies to: 

• Visitors to our website(s) and marketing pages 
• Registered users and account holders 
• Members of teams or organizations using WorksBuddy 
• Prospective customers and trial users 
• Anyone who contacts us for support or information 

This policy does not apply to third-party services or websites linked from WorksBuddy. We encourage you to review the privacy policies of any third-party services you use in connection with WorksBuddy. 

Information We Collect

We collect information in three primary ways: information you provide to us, information collected automatically, and information received from third parties. 

Information You Provide to Us

• Account & Registration Data  When you create an account, we collect your name, email address, password (hashed), job title, company name, and profile photo (if uploaded).
• Billing & Payment Information For paid plans, we collect billing address and payment card details. Payment card data is processed by our third-party payment processor (e.g., Stripe) and is not stored on our servers.
• Content You Create Any tasks, projects, notes, comments, files, attachments, messages, or other content ("User Content") you create or upload within the Service.
• Communications When you contact us via email, chat, or our support system, we collect the content of those communications and any information you choose to provide. 
• Survey & Feedback Data Responses to surveys, NPS forms, feature requests, or usability studies.
• Profile & Preferences Settings, notification preferences, language selections, and customization choices.

Information Collected Automatically

• Usage Data  Log files, pages visited, features used, actions taken within the app (e.g., tasks created, integrations activated), session duration, and clicks. 
• Device & Technical Data IP address, browser type and version, operating system, device type, screen resolution, referring URLs, and time zone. 
• Performance Data  Application errors, crash reports, load times, and diagnostic information used to improve the Service. 
• Location Data We may infer your approximate geographic location (country/region) from your IP address. We do not collect precise GPS location unless you explicitly grant permission.

Information from Third Parties

• Single Sign-On (SSO) Providers If you sign in using Google, Microsoft, or another identity provider, we receive your name, email address, and profile photo from that provider, subject to your settings with them.
• Calendar & Productivity Integrations If you connect WorksBuddy to tools like Google Calendar, Microsoft 365, Slack, Zoom, GitHub, or others, we may receive metadata (e.g., event titles, task references) necessary to provide the integration feature. We access only the minimum data required. 
• Marketing & Analytics Partners We may receive information about you from advertising networks or analytics providers, such as form submissions on third-party platforms or campaign engagement data, to understand how you found WorksBuddy. 
• Publicly Available Sources We may supplement your data with information from publicly available databases to personalize your experience or improve our understanding of customer needs. 

How We Use Your Information

We use your information for the following purposes:

We do not sell your personal data to third parties for their own marketing purposes.

How We Use Your Information

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR to process your personal data: 

• Contractual Necessity (Art. 6(1)(b)) Processing necessary to provide the Service you have signed up for, including account creation, delivering features, and billing. 
• Legitimate Interests (Art. 6(1)(f)) Processing necessary for our legitimate business interests, including fraud prevention, product analytics, security monitoring, and direct marketing to existing customers — where these interests are not overridden by your rights. 
• Consent (Art. 6(1)(a))   Where we rely on your consent — for example, sending marketing emails or placing non-essential cookies — you may withdraw consent at any time without affecting the lawfulness of prior processing. 
• Legal Obligation (Art. 6(1)(c)) Processing required to comply with applicable law, regulation, or legal process. 

How We Share Your Information 

We do not sell, rent, or trade your personal data. We may share your information in the following limited circumstances: 

Within Your Organization

If you use WorksBuddy under a team or enterprise account, your workspace administrator(s) may have access to your profile, activity, and content within that workspace. Administrators can manage member access, view usage reports, and export data for their organization. 

Service Providers (Sub-processors)

We engage trusted third-party vendors to help us operate the Service. These sub-processors may access your data only to perform services on our behalf and are bound by confidentiality and data protection obligations. Our sub-processors include categories such as:

• Cloud infrastructure & hosting (e.g., Amazon Web Services, Google Cloud) 
• Payment processing (e.g., Stripe) 
• Customer support software (e.g., Intercom, Zendesk) 
• Email delivery (e.g., SendGrid, Postmark) 
• Analytics (e.g., Mixpanel, Google Analytics) 
• Error monitoring (e.g., Sentry) 
• Security & fraud prevention (e.g., Cloudflare) GG

A complete and up-to-date list of our sub-processors is available at: www.workbuddy.ai/sub-processors

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website if such a transfer occurs

Legal Requirements & Safety

• We may disclose your information when we believe in good faith that disclosure is:Required by applicable law, regulation, or legal process (e.g., a valid court order or subpoena); 
• Necessary to protect the rights, property, or safety of WorksBuddy, our users, or the public; or 
• Necessary to detect, prevent, or address fraud, security, or technical issues. 

With Your Consent 

We may share your information with additional third parties when you explicitly direct us to do so or provide your consent. 

Cookies and Tracking Technologies 

We retain your personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. 

What We Use

WorksBuddy uses cookies, web beacons, pixels, and similar technologies to operate and improve the Service. Cookies are small text files stored on your device. 

Your Cookie Choices 

• In-app: You can manage non-essential cookies via our Cookie Preferences banner or settings panel. 
• Browser settings: Most browsers allow you to block or delete cookies. Note that disabling essential cookies may impair functionality. 
• Opt-out tools: For advertising cookies, you may opt out via the NAI opt-out tool  Your Ad Choices.

We honor Global Privacy Control (GPC) signals where required by law. 

Data Retention 

We retain your personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. 

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. 

Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

• Encryption in transit  All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. 
• Access controls Role-based access controls (RBAC) limit internal access to personal data on a need-to-know basis. 
• Security monitoring  Continuous monitoring, intrusion detection, and vulnerability scanning.
• Employee training All WorksBuddy staff with data access receive regular privacy and security training.
• Penetration testing  We conduct regular third-party penetration tests and security audits.
• SOC 2 Type II WorksBuddy is [SOC 2 Type II certified / working toward certification — update as applicable].

No system is completely secure. If you become aware of a security vulnerability or incident, please contact us immediately at security@workbuddy.ai.

In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities within the timeframes required by applicable law (e.g., 72 hours under GDPR). 

International Data Transfers 

WorksBuddy is based in [Country] and your data may be stored and processed in [Country] or any other country where we or our sub-processors operate. 

For users in the EEA, UK, or Switzerland, where we transfer personal data outside these regions, we rely on appropriate safeguards, including: 

• Standard Contractual Clauses (SCCs) approved by the European Commission; 
• UK International Data Transfer Agreements (IDTAs) ; and/or  Transfers to countries recognized as providing an adequate level of protection. 

You may request a copy of our transfer safeguards by contacting  privacy@workbuddy.ai.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data: 

California Privacy Rights (CCPA/CPRA) 

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Information You Provide to Us

In the preceding 12 months, we have collected the following categories of personal information: 

• Identifiers (name, email, IP address) 
• Commercial information (subscription and billing data) 
• Internet or network activity (usage logs, feature interactions) 
• Professional or employment-related information (job title, company) 
• Inferences drawn to create a profile (feature preferences, product usage patterns) 

Your California Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you. 
• Right to Delete: Request deletion of your personal information, subject to certain exceptions. 
• Right to Correct:Request correction of inaccurate personal information. 
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising. 
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA. 
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. 

How to Submit a California Request

Submit requests via:

• Email: privacy@workbuddy.ai (subject: "California Privacy Request")
• In-app: Account → Privacy & Data → Submit a Request
• Toll-Free: [1-800-XXX-XXXX]

We will respond within 45 days. We may extend this period by an additional 45 days when reasonably necessary, with notice. 

Authorized Agents: California residents may designate an authorized agent to submit requests on their behalf. We will require written proof of authorization. 

Children's Privacy 

The Service is not directed to individuals under the age of 16 (or 13 in jurisdictions where that is the applicable minimum age). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us at privacy@workbuddy.ai and we will promptly delete such information. 

Third-Party Links and Integrations 

The Service may contain links to third-party websites or allow you to connect with third-party applications (e.g., Slack, Google Workspace, Zoom, GitHub). This Privacy Policy does not cover the privacy practices of those third parties. We encourage you to review their policies before sharing your data with them. 

When you enable a third-party integration, you authorize WorksBuddy to exchange necessary data with that service. You can disconnect integrations at any time from your account settings under Integrations. 

Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will: 

• Post the updated policy on this page with a new "Last Updated" date; 
• Send an email notification to registered users; and/or 
• Display a notice within the Service. 

Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes. If you disagree with the changes, you may close your account before the effective date. 

Contact Us & Data Protection Officer

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us: 

WorksBuddy Privacy Team  privacy@workbuddy.ai  WorksBuddy, Inc., [Company Address], [City, State, ZIP, Country] www.workbuddy.ai/privacy 

Data Protection Officer (DPO)  For users in the EEA or UK, our designated Data Protection Officer can be reached at:dpo@workbuddy.ai 

Response Time: We aim to respond to all privacy inquiries within 10 business days. 

his Privacy Policy was last reviewed and approved by the WorksBuddy Legal & Privacy Team on March 18, 2026.