WorkSlate icon
WorkSlate

Privacy Policy

How WorkSlate collects, uses, shares, retains, and protects personal information — including your rights under GDPR, UK GDPR, and CCPA/CPRA.

Version
2026-05-23-6
Effective date
May 1st, 2026

WorkSlate, Inc. ("WorkSlate," "we," "us," or "our") is committed to protecting the privacy of customers, end users, and website visitors. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our platform, customer portal, and related services ("Services"). This Policy applies globally, including to users in the United States, European Economic Area (EEA), United Kingdom, Canada, and Australia.

1. Information We Collect

1.1 Information You Provide Directly

  • Account registration: name, business name, email address, phone number, billing address
  • Payment information: credit/debit card details processed by our payment processor; WorkSlate does not store full card numbers
  • Customer portal activity: quotes accepted, invoices paid, service history viewed, documents signed
  • Communications: messages sent through the platform, support tickets, survey responses
  • SMS and email opt-in: consent records, opt-in timestamps, and communication preferences

1.2 Information Collected Automatically

  • Log data: IP address, browser type, device identifiers, pages visited, timestamps
  • Usage data: features accessed, session duration, click patterns, error logs
  • Cookies and similar tracking technologies (see our Cookie and Web Application Policy)
  • AI interaction data: inputs provided to and outputs received from AI-assisted features (see AI Addendum)

1.3 Information from Third Parties

  • Payment processors (e.g., Stripe): transaction confirmation, card type, last four digits
  • SMS providers (e.g., Twilio): delivery status, opt-out signals
  • Analytics providers: aggregated behavioral and usage data

2. How We Use Your Information

  • Provide, operate, and improve the Services
  • Process payments and send billing communications
  • Enable customer portal features (quote viewing, invoice payment, job tracking)
  • Send transactional messages: confirmations, status updates, payment receipts
  • Send marketing messages only where you have provided explicit consent
  • Power AI-assisted features as described in the AI Addendum
  • Respond to support requests and resolve disputes
  • Comply with legal obligations and enforce our Terms of Service
  • Conduct de-identified analytics and product research
  • Detect, prevent, and respond to fraud and security incidents

3. Legal Basis for Processing (EEA, UK, and Applicable Jurisdictions)

  • Contractual necessity: processing required to deliver the Services
  • Legitimate interests: fraud prevention, security, analytics, and product improvement
  • Legal obligation: compliance with applicable laws
  • Consent: marketing communications, non-essential cookies, and AI training (withdrawable at any time)

4. How We Share Your Information

WorkSlate does not sell personal information.

4.1 Service Providers. We share data with trusted vendors including payment processors, SMS providers, cloud hosting providers, support platforms, analytics services, and AI model providers. These vendors are contractually required to process data only as directed by WorkSlate.

4.2 AI Providers. Where AI features are powered by third-party AI providers, data shared with those providers is governed by the AI Addendum and applicable sub-processor agreements.

4.3 Business Transfers. In a merger, acquisition, or asset sale, your information may transfer to the successor entity subject to equivalent privacy protections.

4.4 Legal Requirements. We may disclose information when required by law, court order, or government authority, or to protect rights, property, or safety.

4.5 With Your Consent. We may share information for other purposes with your explicit prior consent.

5. Data Retention

  • Account and billing data: retained for the duration of your subscription plus seven (7) years for legal and financial recordkeeping
  • Customer portal and transaction data: seven (7) years or as required by law
  • Usage logs and analytics: up to twenty-four (24) months
  • SMS consent records: five (5) years minimum, as required by TCPA and carrier requirements
  • AI interaction logs: ninety (90) days unless retained for audit, legal, or safety purposes
  • Support communications: three (3) years

You may request deletion of your personal data at any time subject to the process described in the Permanent Account Deletion Terms and Section 8 of this Policy.

6. International Data Transfers

WorkSlate is headquartered in the United States. For transfers from the EEA or UK, WorkSlate relies on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA). For Canadian users, we comply with PIPEDA. By using the Services, you consent to transfer and processing of your information in the United States and other jurisdictions as described herein.

7. Cookies and Tracking Technologies

For detailed information about cookies, web storage, tracking technologies, consent management, and your opt-out rights, please see our Cookie and Web Application Policy, available at getworkslate.com/legal/cookie-policy and incorporated herein by reference.

8. Your Rights and Choices

  • Access: request a copy of your personal data
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data (see Permanent Account Deletion Terms for full account deletion)
  • Portability: receive your data in a portable, machine-readable format
  • Restriction: request limited processing in certain circumstances
  • Objection: object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: withdraw previously given consent at any time, including SMS opt-in and AI feature consent
  • Non-Discrimination: exercise your rights without discriminatory treatment

To exercise rights: privacy@getworkslate.com. We respond within thirty (30) days or as required by applicable law. EEA and UK users may lodge complaints with their local data protection authority. California residents have additional rights under CCPA/CPRA. WorkSlate does not sell or share personal information for cross-context behavioral advertising.

9. Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication
  • Regular vulnerability assessments and penetration testing
  • Incident response and breach notification procedures

In the event of a breach affecting your rights, we will notify affected users and applicable regulators as required by law.

10. AI and Automated Decision-Making

Where WorkSlate uses AI features that may involve automated decision-making with legal or similarly significant effects, you have the right to request human review of such decisions. Details of AI data processing are set forth in the AI Addendum. EEA and UK users have specific rights regarding automated decision-making under GDPR Article 22.

11. Children's Privacy

The Services are not directed to individuals under 16. WorkSlate does not knowingly collect data from children. Contact privacy@getworkslate.com if you believe we have collected such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least thirty (30) days before the effective date.

13. Contact

  • Email: privacy@getworkslate.com
  • Mail: WorkSlate, Inc., Privacy Office, 501 Union St Ste 545 PMB 876495, Nashville, TN 37219-1876
  • EEA/UK Representative: Not applicable — WorkSlate does not currently offer Services to EEA/UK residents. This section will be updated prior to any EEA/UK market entry.