WorkflowHero

Data Privacy

Your data is protected with enterprise-grade security on AWS infrastructure.

Our Privacy Commitment

WorkflowHero is built on a foundation of trust and transparency. We are committed to protecting your privacy and giving you control over your data.

You Own Your Data

Your workflows, documents, and data belong to you. We never sell your data to third parties and only process it to provide our services.

Data Encryption

All your data is encrypted both in transit and at rest:

  • In Transit (TLS 1.3): All data transmitted between your browser and our servers uses TLS 1.3 encryption, the latest and most secure protocol.
  • At Rest (AES-256): All data stored in our databases and file storage systems is encrypted using AES-256 encryption.
  • Document Storage: Files uploaded to AWS S3 are encrypted with AWS-managed keys and versioned for data integrity.

AWS Infrastructure Security

Hosted on AWS

WorkflowHero runs on Amazon Web Services (AWS), one of the world's most secure and reliable cloud platforms.

  • SOC 2 Type II certified infrastructure
  • ISO 27001 certified data centers
  • Physical security with 24/7 monitoring
  • Regular security audits and penetration testing
  • Automatic backups and disaster recovery

Database Security

MongoDB with Security Best Practices

Our MongoDB databases are configured with enterprise security features.

  • Authentication required for all connections
  • Role-based access control (RBAC)
  • Network isolation in private subnets
  • Automated daily backups
  • Audit logging enabled

Data Access Controls

We implement strict access controls to ensure only authorized users can access data:

  • AWS Cognito Authentication: Secure user authentication with JWT tokens
  • Role-Based Permissions: Granular permissions based on organization roles
  • Organization Isolation: Complete data separation between organizations
  • Session Management: Automatic session expiration and secure token handling
  • API Rate Limiting: Protection against brute force and abuse

Data Retention & Deletion

You have full control over your data:

  • Delete workflows, documents, and comments at any time
  • Export your data in standard formats
  • Request complete account deletion
  • Deleted data is permanently removed from our systems within 30 days
  • Backups containing deleted data are cycled out automatically

Third-Party Services

WorkflowHero integrates with trusted third-party services:

  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • AWS SES: Transactional email delivery
  • AWS S3: Secure document storage
  • AWS Bedrock: AI-powered features (data not used for training)

We carefully vet all third-party services and only share the minimum data necessary to provide our services.

Privacy Principles

Data Minimization

We only collect data necessary to provide our services. No unnecessary tracking or profiling.

Transparency

Clear documentation about what data we collect, how we use it, and who can access it.

User Control

You decide who can access your workflows and can export or delete your data at any time.

Questions About Privacy?

If you have questions about how we handle your data, please contact our security team at craftycrackle@craftycrackle.onmicrosoft.com

Back to DocsSecurity Overview