Privacy and Data Handling

Understand what Workrail processes, what it does not ingest, and how privacy boundaries work.

What Workrail captures

Workrail uses a metadata-only sync model.

• Commit metadata: hash, timestamp, author, message, changed file paths
• Branch names and repository structure
• Aggregate diff statistics (files changed, lines added/removed)

Workrail processes commit metadata used for grouping and summaries, such as:

• Commit id and timestamp
• Commit message text
• Branch/ref text
• File path lists
• Aggregate numeric change counts

What Workrail does NOT capture

• Source code content
• File diffs or patches
• File contents at any revision
• Comments, reviews, or discussions
• Repository configuration beyond basic structure

Your code stays on your machine. The CLI reads git metadata only.

How processing works

1. CLI collects commit metadata locally
2. Metadata is sent to Workrail servers
3. AI generates summaries and hints from metadata + your existing entry context
4. Output is constrained by schema and privacy guardrails

AI generation is constrained by schema and privacy guardrails. The model output is based on allowed metadata and your existing entry context, not source code ingestion.

Data ownership and deletion

• You own your data
• You can delete entries and projects at any time
• You can export your data
• You can cancel and close your account

Security basics

• Encrypted in transit (TLS)
• Encrypted at rest
• No third-party analytics or tracking
• No sharing with employers or third parties

For questions: [email protected]