Privacy Policy
Effective date: July 10, 2026
1. Who we are
Workestra ("we", "us") provides a platform for designing, orchestrating, and supervising AI teams that execute work across your company's tools. This policy explains what data we collect, why, and how we handle it when you use our website and services.
2. Information we collect
- Account information — name, email address, and password hash when you register.
- Workspace content — workflows, agents, execution logs, and configuration you create in the product.
- Connected services — OAuth tokens for tools you choose to connect (Slack, Jira, Google, etc.). Tokens are encrypted at rest and used only to perform the actions you configure.
- API keys you provide — LLM provider keys you add ("bring your own key") are stored encrypted and used only to run your workflows.
- Usage data — basic telemetry such as feature usage and error reports, used to operate and improve the service.
3. How we use your information
- To provide, operate, and secure the service.
- To execute the workflows and agent actions you configure.
- To communicate with you about your account and important service changes.
- To improve the product based on aggregate usage patterns.
We do not sell your personal data. We do not use your workspace content to train AI models.
4. Third-party processors
To run your workflows, data you route through Workestra may be processed by the LLM providers and tools you connect (for example Anthropic, OpenAI, Slack, or Atlassian), under their respective terms. Our infrastructure runs on cloud hosting providers; data is encrypted in transit and at rest.
5. Data retention
We retain account data while your account is active. Execution logs and workspace content can be deleted by you at any time from the product. When you close your account, we delete or anonymize your personal data within a reasonable period, except where retention is required by law.
6. Security
We follow security best practices, including encryption of credentials and secrets at rest (envelope encryption), tenant isolation, role-based access control, and audit logging. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you without undue delay.
7. Your rights
Depending on your jurisdiction (including under the GDPR), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at the address below.
8. Changes to this policy
We may update this policy as the product evolves. We will post the updated version on this page and, for material changes, notify you by email or in the product.
9. Contact
Questions or requests: schwarzboeckmartin@gmail.com