SOC 2 Type II Certification In Progress — Learn more about our security commitment
Security & Trust

Built for Trust from Day One

WorkGraph is designed to understand workflows, not judge people. Privacy is not a feature we added — it is the foundation we built on.

Download Security Whitepaper

What We Capture vs. What We Never Capture

Transparency is core to our approach. Here is exactly what the WorkGraph agent observes and what it is explicitly designed to never collect.

What We Capture

  • Active application names
  • Window titles (redacted)
  • Document names (filtered)
  • Time-stamped transitions
  • Project/task context from integrations

What We Never Capture

  • Screen recordings
  • Keystroke logging
  • Email/chat content
  • Personal browsing
  • Productivity scores

Six-Stage Redaction Pipeline

Every piece of data passes through six distinct privacy filters before it is stored or analyzed.

1

App Filter

Exclude non-work applications

2

URL Filter

Strip sensitive URL parameters

3

Field Detector

Identify PII/PHI fields

4

Content Filter

Remove sensitive content

5

Screenshot Redactor

Redact visual captures

6

Privacy Override

User-level privacy rules

Encryption & Isolation

Enterprise-grade encryption at every layer, with strict tenant isolation to protect your data.

AES-256 on Device

All data encrypted at the endpoint before it ever leaves the machine.

TLS 1.3 in Transit

Industry-leading transport encryption for all data movement.

AES-256 at Rest

Server-side encryption with customer-managed key options.

Multi-Tenant Isolation

Strict data partitioning ensures no cross-tenant data access.

User Controls

Every employee has full transparency and control over the data collected about their work.

Pause & Resume

One-click pause/resume collection at any time.

App Exclusions

Exclude specific applications from all data collection.

Mark as Private

Flag any time block as private to redact it permanently.

Review & Correct

Review captured data and correct misattributions.

Export & Delete

Export your data or request full deletion at any time.

Compliance & Certifications

We hold ourselves to the highest standards of compliance and third-party verification.

SOC 2 Type II

In Progress

GDPR

Compliant

HIPAA-Capable

Supported

AI Governance

Documented

Data Subject Rights

WorkGraph fully supports GDPR data subject rights. Every individual whose data is processed has the following rights:

Right of access to personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right not to be subject to automated decision-making

Ready to Review Our Security Posture?

Download our comprehensive security whitepaper or schedule a security review with our team.

Download Security WhitepaperRequest Security Review