Get Started

Trust Center

Last Updated: March 2026

About WorkDone

WorkDone is a software company focused on capturing and structuring institutional knowledge within enterprise environments. The platform enables organizations to understand how work is performed, identify operational patterns, and improve execution through structured insights and automation.

Trust and Security

WorkDone provides a system designed to capture, structure, and activate institutional knowledge while maintaining strict data controls, governance, and compliance with global privacy standards.

The platform is built for enterprise environments where security, privacy, and operational control are required.

Security Overview

WorkDone implements security practices designed to protect customer data and maintain system integrity.

Key controls include:

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest using AES-256 or equivalent
  • Logical tenant isolation across customer environments
  • Role-based access control
  • Audit logging and system monitoring
  • Principle of least privilege enforcement
  • Continuous monitoring and alerting

 

Security Overview (PDF):
/trust/security-overview.pdf

AI Governance and Model Boundaries

WorkDone operates as a controlled AI system with defined data boundaries and model governance.

Model and data handling principles:

  • Customer data is processed within isolated environments
  • Customer data is not used to train shared models across customers
  • Inference is performed using controlled model access with defined data flow boundaries
  • WorkDone may utilize proprietary, open-source, or third-party models with controls preventing persistence or reuse of customer data

 

Data flow controls:

  • Observation and knowledge capture operate separately from generative inference components
  • Data shared with models is limited to the minimum necessary context
  • Outputs remain scoped to the originating customer environment

 

Risk controls:

  • Output validation is required prior to operational use
  • Monitoring detects anomalous or unintended outputs
  • System design prevents cross-customer data leakage

Data Privacy

WorkDone processes personal data in alignment with applicable privacy laws, including GDPR and CPRA.

Commitments include:

  • Processing data in accordance with customer instructions
  • Supporting data subject rights such as access, deletion, and correction
  • Not selling personal data

 

Privacy Policy:
https://workdone.ai/privacy-policy/

Data Processing Addendum:
/trust/dpa.pdf

Legal

WorkDone maintains clear contractual frameworks for enterprise use.

Infrastructure and Subprocessors

WorkDone uses established cloud infrastructure providers to deliver the Services.

Infrastructure includes secure hosting and controlled data processing environments.

Subprocessors:
/trust/subprocessors

All subprocessors are subject to contractual data protection obligations.

Compliance Program

WorkDone maintains a formal security and compliance program designed to align with industry standards.

  • Security controls are actively managed and continuously monitored
  • WorkDone is progressing toward SOC 2 Type I certification
  • WorkDone utilizes TrustCloud to support control monitoring, evidence management, and audit readiness

 

This approach ensures that security controls are consistently implemented and verifiable.

Responsible Deployment and Employee Transparency

WorkDone enables capture and structuring of operational and knowledge-based activity within an organization.

Customers are responsible for deploying the Services in compliance with applicable employment and privacy laws.

Recommended practices:

  • Provide clear notice to employees regarding system usage
  • Define acceptable use and monitoring policies
  • Limit collection to business-relevant activities
  • Ensure alignment with local regulations including GDPR Article 88 and applicable US laws

 

WorkDone does not independently monitor employees. The Services operate based on configurations and data sources defined by the Customer.

Corporate Memory Responsibility

The Services may capture and structure institutional knowledge across systems.

Customers are responsible for:

  • Defining and enforcing access controls
  • Managing internal governance policies
  • Determining appropriate use of insights and outputs

Frequently Asked Questions

Where can I review your security controls?
See the Security Overview and downloadable documentation.

Is customer data used to train AI models?
No. Customer data is not used to train shared models across customers without prior consent.

Does customer data leave the WorkDone environment during AI processing?
Data is processed within controlled environments with strict boundaries and is limited to necessary context for inference.

Does WorkDone monitor employees?
No. WorkDone processes data based on customer-configured sources. Customers are responsible for appropriate notice and governance.

Do you support enterprise authentication and access controls?
Yes. WorkDone supports SSO, MFA, and role-based access controls.

Contact

For security, privacy, or compliance inquiries:

[email protected]

Download Mergers & Acquisitions Brochure

This field is for validation purposes and should be left unchanged.
Consent(Required)

Download Order to Cash Brochure

This field is for validation purposes and should be left unchanged.
Consent(Required)

Download Corporate Memory Brochure

This field is for validation purposes and should be left unchanged.
Consent(Required)

Download Ops Automation Guide

This field is for validation purposes and should be left unchanged.
Consent(Required)

;