← Back to Workfloor

Data handling.

This page explains, in plain English, what data Workfloor handles when we run an AI system for an HVAC contractor — how we collect it, where it lives, who can see it, and how to delete it. Our Privacy Policy covers the basics; this page goes deeper for technical and compliance buyers.

1. What data we handle

To operate the system on your behalf, we process:

We do not handle: payment card numbers, social security numbers, or any data outside what's required to run the operation.

2. Where data lives

All data is stored in encrypted databases hosted on enterprise cloud infrastructure (US-region). Backups are encrypted and retained for 30 days. Telephony data (call audio, transcripts) is routed through SOC 2-compliant vendors. We can share specific vendor names and security documentation on request under NDA.

3. Who can access it

Access is limited to:

We don't train shared AI models on your data. Models tuned for your shop stay tied to your account.

4. Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Access credentials are rotated regularly. Two-factor authentication is enforced for all Workfloor staff.

5. Retention

While you're an active client, we retain operational data as long as needed to run the system and provide historical reporting. When you cancel, we keep the data for 30 days for support continuity, then purge it from active systems. Encrypted backups containing your data roll off within an additional 30 days.

6. Deletion requests

You can request deletion of your data at any time, whether you're an active client or not. Send an email to support@getworkfloor.com with your request. We will purge your data from our databases within 30 days and send written confirmation when it's done.

7. Subprocessors

We use a small number of vendors to deliver the service. A current list of subprocessors is available on request under NDA. We notify clients in advance when we add or change a subprocessor that touches their data.

8. Compliance

Workfloor is built to support standards relevant to small-business contractors handling US consumer data — including TCPA compliance for calls and texts, and reasonable data-protection practices aligned with state privacy laws. We are happy to complete vendor security questionnaires for prospective clients.

9. Incidents

If we ever experience a security incident affecting your data, we'll notify you within 72 hours of confirming the issue, share what we know, and tell you what we're doing about it.

10. Questions

For anything not covered here, email support@getworkfloor.com. For general inquiries, email contact@getworkfloor.com.