Workrail Privacy Policy

1. Information We Collect

We collect information you provide directly and information needed to operate the Service.

• Account information, such as name, email, avatar, timezone, and authentication provider identifiers.
• Product content you create, including projects, entries, summaries, feedback, and settings.
• Repository sync metadata, such as commit hashes, timestamps, messages, branch/ref labels, file path metadata, and aggregate change counts.
• Session and device signals, such as IP address, user agent, request identifiers, and security logs.
• Billing and subscription records from payment providers and related systems.
• Communications with us, including support and account-related requests.

2. What We Do Not Ingest by Default

Workrail's standard sync model is metadata-oriented. As part of normal sync workflows, Workrail does not ingest source code content.

• No full source file contents.
• No full file diffs or patches.
• No repository file snapshots as standard sync input.

3. How We Use Information

We use information to provide, maintain, secure, and improve Workrail.

• Authenticate users and manage sessions.
• Sync, organize, and display engineering activity and work records.
• Generate summaries and insights using third-party AI providers.
• Support billing, subscriptions, and account administration.
• Detect abuse, prevent fraud, enforce security, and investigate incidents.
• Operate customer support and service communications.

4. Legal Bases and Processing Grounds

Depending on context, we process data to perform our contract with you, for legitimate business interests (such as security and product reliability), with your consent where required, and to comply with legal obligations.

5. Sharing of Information

We may share information with trusted service providers that support hosting, security, infrastructure, authentication, payments, communications, and analytics/monitoring.

We may also disclose information when required by law, regulation, legal process, or to protect rights, safety, and security.

We do not sell your personal information.

6. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, product functionality, and service performance.

As the Service evolves, we may also use additional measurement or analytics technologies consistent with this Privacy Policy and applicable law.

7. Data Retention

We retain data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security records.

Retention periods may vary by data type and operational need.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal data.

Security controls include encryption-in-transit, restricted access patterns, and additional controls for sensitive operational data.

9. International Processing

Workrail and its service providers may process data in multiple jurisdictions. When data is transferred across borders, we apply reasonable safeguards appropriate to the transfer context.

10. Your Choices and Rights

You can request access, correction, export, deletion, and account closure, subject to applicable law and technical limitations.

Self-serve data and account controls may be introduced or expanded over time within product settings.

To submit a privacy request, contact [email protected].

11. Children's Privacy

Workrail is not intended for users under 18 years old, and we do not knowingly collect personal data from children under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

When we make changes, we will update the Effective date and Last updated date and may provide additional notice for material changes.

13. Contact

Privacy questions and requests: [email protected].