Legal · Data handling
Data handling.
This page explains, in plain English, what data Workfloor handles when we run an AI system for an HVAC contractor — how we collect it, where it lives, who can see it, and how to delete it. Our Privacy Policy covers the basics; this page goes deeper for technical and compliance buyers.
The short version. We process your business's operational data (calls, schedules, customer contacts) to run the system. We never sell it. We delete it on request within 30 days. We use vendors with industry-standard security.
1. What data we handle
To operate the system on your behalf, we process:
- Call data — inbound caller phone numbers, transcripts, timestamps, outcomes.
- Customer data — names, phone numbers, email, service address. We receive these from your CRM (ServiceTitan, Jobber, HouseCall Pro, etc.).
- Schedule data — appointment slots, technician availability, dispatch outcomes.
- Job data — quotes, work orders, payment status (read-only from your CRM).
- System logs — every action the AI takes, with a timestamp and outcome, for audit.
We do not handle: payment card numbers, social security numbers, or any data outside what's required to run the operation.
2. Where data lives
All data is stored in encrypted databases hosted on enterprise cloud infrastructure (US-region). Backups are encrypted and retained for 30 days. Telephony data (call audio, transcripts) is routed through SOC 2-compliant vendors. We can share specific vendor names and security documentation on request under NDA.
3. Who can access it
Access is limited to:
- You and your team — full access to your own data via the morning report, dashboard, and approval interface.
- Workfloor engineers — only the engineers actively assigned to your account. Access is logged and reviewed.
- Vendors — only as needed to operate the underlying systems (e.g. our telephony provider needs to handle call audio to route calls). All vendors are bound by data-processing agreements.
We don't train shared AI models on your data. Models tuned for your shop stay tied to your account.
4. Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher). Access credentials are rotated regularly. Two-factor authentication is enforced for all Workfloor staff.
5. Retention
While you're an active client, we retain operational data as long as needed to run the system and provide historical reporting. When you cancel, we keep the data for 30 days for support continuity, then purge it from active systems. Encrypted backups containing your data roll off within an additional 30 days.
6. Deletion requests
You can request deletion of your data at any time, whether you're an active client or not. Send an email to support@getworkfloor.com with your request. We will purge your data from our databases within 30 days and send written confirmation when it's done.
7. Subprocessors
We use a small number of vendors to deliver the service. A current list of subprocessors is available on request under NDA. We notify clients in advance when we add or change a subprocessor that touches their data.
8. Compliance
Workfloor is built to support standards relevant to small-business contractors handling US consumer data — including TCPA compliance for calls and texts, and reasonable data-protection practices aligned with state privacy laws. We are happy to complete vendor security questionnaires for prospective clients.
9. Incidents
If we ever experience a security incident affecting your data, we'll notify you within 72 hours of confirming the issue, share what we know, and tell you what we're doing about it.
10. Questions
For anything not covered here, email support@getworkfloor.com. For general inquiries, email contact@getworkfloor.com.