We protect customer data through encryption, access controls, monitoring, infrastructure discipline, and ongoing operational hardening — while continuing to mature our compliance posture over time.
We protect customer data with encryption in transit and encryption at rest across the core platform and supporting infrastructure where applicable.
We apply role-based permissions, account protections, and controlled administrative access to reduce unnecessary exposure to customer data.
We support stronger account protection through secure authentication flows and evolving account security controls, including MFA-oriented protection paths.
We maintain platform monitoring, alerting, and operational visibility to help detect issues, investigate incidents, and improve platform resilience.
We plan for continuity through backup, recovery, and infrastructure resilience practices designed to reduce operational risk and support service restoration.
We rely on established service providers for key infrastructure and enabled integrations, and we maintain visibility into how they support the platform.
For Workroomly, security covers the full system: data storage, communication flows, account access, infrastructure, integrations, internal administration, and the handling of customer-facing workflows.
These are the main areas we actively think about as we strengthen the Workroomly platform.
Controlled access, workspace permissions, administrative safeguards, and least-privilege thinking across internal and customer-facing surfaces.
We continue to improve how code, infrastructure, and configuration changes are reviewed, shipped, and tracked over time.
We build on managed infrastructure and operational practices designed to improve service continuity, reliability, and controlled scaling.
We consider retention, deletion, export, access, visibility, and the operational flow of customer data across the platform.
Logs, alerts, and monitoring support platform operations, issue investigation, and better incident response readiness.
We are building toward stronger internal response discipline, escalation procedures, and clearer security operations maturity.
Workroomly may connect with third-party services for login, inboxes, calendars, advertising workflows, and communication channels. These integrations are part of the trust surface too.
Customers can authorize integrations such as Google, Microsoft, and Meta-connected workflows. We treat the handling of connected-account data as a privacy and security responsibility, not just a product feature.
Where customers enable messaging or telephony-related workflows, the platform may handle communication data and metadata in support of customer operations use cases.
Workroomly may receive customer data through widgets, forms, embedded lead capture, and API endpoints. This means security and transparency must cover inbound data collection flows too.
We design the platform with privacy, access control, customer data responsibility, and future contractual processor obligations in mind.
Customers remain responsible for using Workroomly lawfully, especially when enabling outreach, messaging, telephony, ad-connected workflows, lead capture, or other customer data collection and communication features.
Our compliance approach is to first build real security and privacy discipline, then improve procurement readiness, and then pursue more formal audit and certification milestones as the company matures.
The providers below support core Workroomly infrastructure and enabled integrations. Some are only used when customers turn on specific features.
| Provider | Purpose | Typical Data Involved | When Used |
|---|---|---|---|
| Amazon Web Services (AWS) | Core cloud hosting, storage, infrastructure, and platform operations | Application data, files, metadata, logs, backups, and operational platform data | Core platform infrastructure |
| Google login and Google-connected integrations such as Gmail, Calendar, and related workflows where enabled | Identity data, authorized integration data, mailbox/calendar connection metadata | Only when enabled by customer or user | |
| Microsoft | Microsoft login and Microsoft-connected integrations such as Outlook and calendar-related workflows where enabled | Identity data, authorized integration data, mailbox/calendar connection metadata | Only when enabled by customer or user |
| Meta / Facebook | Meta login and Meta-connected advertising workflows where enabled | Authorized account connection data and relevant ad integration metadata | Only when enabled by customer or user |
| Twilio | Messaging, WhatsApp, SMS, voice, or related communication workflows where enabled | Phone numbers, message metadata, communication data, related workflow metadata | Only when relevant communication features are enabled |
We may update this list over time as our infrastructure and integrations evolve.
Where Workroomly processes personal data on behalf of customers, a Data Processing Addendum may be needed to define controller and processor responsibilities, security expectations, subprocessor handling, and data lifecycle terms.
Workroomly’s DPA is available as a separate document and should be reviewed alongside this page, our Privacy Policy, and our Terms of Service.
We keep our public trust materials separate so each document does one job clearly.
Explains how personal data is collected, used, stored, shared, and handled across the platform.
View Privacy PolicyExplains the legal terms for using Workroomly, including integrations, AI features, messaging, and customer responsibilities.
View Terms of ServiceDefines controller-processor terms where Workroomly processes customer personal data on behalf of customers.
View DPAIf you have procurement, privacy, legal, or security questions about Workroomly, reach out and we will point you to the right documentation or respond directly.