Workflow Auth
Book a demo

Legal

Privacy Policy

Last updated October 1, 2026

This Privacy Policy explains how Workflow Auth ("we", "our", "us") collects, uses, and protects information when you use our hosted product, our website, or any integrations we provide. We are committed to handling your data and your customers' data responsibly.

1. Information we collect

  • Account information. Business name, contact email, phone number, billing address, and the names and emails of users you invite to the dashboard.
  • Customer interactions. Call audio, transcripts, SMS / chat messages, and any structured data Mary extracts (name, phone, address, project description, estimated value).
  • Usage data. Anonymous logs of how you use the dashboard (pages visited, actions taken) to improve the product.
  • Integration data. When you connect a CRM, calendar, or payment provider we receive only the scopes you grant.

2. How we use it

  • To answer calls, qualify leads, draft quotes, and book jobs on your behalf.
  • To sync structured data into the CRMs and tools you connect.
  • To bill you accurately (per-minute call usage, monthly platform fee).
  • To detect abuse, debug issues, and improve the platform.

We do not sell your data. We do not use your customer interactions to train our underlying AI models.

3. Subprocessors

To deliver Workflow Auth, we share specific data with the following providers:

  • Anthropic (Claude) — transcript → structured lead extraction.
  • Vapi + Twilio — voice and SMS handling.
  • Stripe — payment processing for deposits and invoices.
  • AWS — hosting and storage (eu-west-3 / us-east-1, your choice).

All subprocessors are bound by data-processing agreements consistent with GDPR and CCPA.

4. Retention

Call audio is retained for 30 days by default and then deleted; transcripts are retained for 12 months. You can request earlier deletion at any time, and you can configure tighter retention in your dashboard settings.

5. Your rights

You and your customers have the right to access, correct, export, or delete personal data we hold. Contact privacy@workflowauth.com and we will respond within 30 days.

6. Security

  • TLS 1.3 in transit, AES-256 at rest.
  • Single-tenant Postgres available on managed deployments.
  • SOC 2 Type II audit and quarterly external penetration tests are on the roadmap as the hosted offering matures.

7. Cookies

We use a minimum of strictly-necessary cookies for authentication and a single first-party analytics cookie to count page visits in aggregate. We do not load third-party advertising trackers.

8. Changes to this policy

If we make material changes we will notify all account owners by email at least 30 days before the change takes effect.

9. Contact

Questions? Reach the data-protection team at privacy@workflowauth.com.