Trust Center / Architecture & Data Flow
Architecture & Data Flow
This page explains how Workplace.io moves data through the system—from user sign-in and integration setup to analysis and reporting—at a level suitable for security and procurement review.
Last updated: December 16, 2025
System components
Workplace.io is organized around a workspace model. Each workspace contains connected integrations (such as Slack and Microsoft Teams), channels/teams, and message streams that power analytics and culture scoring.
  • User accounts: individual logins (SSO or email/password) that belong to one or more workspaces.
  • Workspaces: the primary boundary for tenant isolation; membership and roles control access.
  • Integrations: connections to data sources (currently Slack and Microsoft Teams).
  • Channels/teams: organizational groupings used to scope analysis and reporting.
  • Short-lived message processing: message content is processed briefly to generate insights and then removed.
  • Derived metadata: structured results used for dashboards and trends.
Tenant separation
Data access is scoped by workspace membership. Archived workspaces are removed from normal selection and cannot be activated for use.
Hosting architecture
Workplace.io is hosted on DigitalOcean droplets behind a DigitalOcean load balancer and uses DigitalOcean Managed Databases. Classification and culture inference workloads run on AWS using Amazon SageMaker, separated from the application serving layer.
High-level data flow
At a high level, Workplace.io follows the flow below. Each step is designed to keep access scoped to the correct workspace and to minimize exposure of sensitive content.
  1. Sign in: a user signs in via SSO (Slack/Microsoft/Google) or email/password.
  2. Select workspace: the user is placed into an active workspace associated with their membership.
  3. Connect integrations: an admin connects Slack or Microsoft Teams to the workspace via OAuth.
  4. Ingest events: message events and metadata are synchronized from connected sources.
  5. Process & score: messages are analyzed asynchronously and converted into structured results.
  6. Report insights: dashboards summarize trends and metrics for authorized users.
Authentication and workspace selection
Authentication is separate from integrations: signing in identifies the person, while integrations determine the data sources used for culture analysis. After sign-in, Workplace.io selects an active workspace associated with the user’s membership. Workspace roles determine what settings and views a user can access.
  • SSO sign-in: supports modern identity providers and reduces password management risk.
  • Password sign-in: optional direct accounts for email/password access.
  • Session security: sessions use secure, HTTP-only cookies with CSRF protection on state-changing requests.
Integration connection flow (Slack and Microsoft Teams)
Integrations are configured by workspace administrators. OAuth authorization grants scoped access so Workplace.io can synchronize configured data. Integration credentials are protected and access-restricted.
  • Slack: a workspace admin authorizes access to a Slack workspace and required scopes.
  • Microsoft Teams: a workspace admin authorizes access to a Microsoft tenant; some tenants require admin consent.
  • Token handling: credentials are protected and rotated/refreshed where supported.
Access Controls →
Message ingestion and short-lived processing
Once an integration is connected, Workplace.io ingests message events and metadata required to perform analysis. Message content is processed for a short period during analysis. After processing completes, we retain primarily derived metadata and aggregated results used to power dashboards and trends, and we remove message content from storage.
  • Backfill and ongoing sync: initial coverage plus continued ingestion for new activity (as configured).
  • De-duplication: identifiers prevent duplicate processing and support reliable ingestion.
  • Webhook security: webhook requests are authenticated and replay-protected; payload logging is minimized.
Logging hygiene
Workplace.io avoids logging message bodies or OAuth credentials in application logs. Operational logs focus on status, counts, timing, and error diagnostics.
Processing and culture scoring
After ingestion, Workplace.io performs asynchronous processing to generate structured outputs used for reporting. Processing uses proprietary classification models and internal mapping logic to assign messages to standardized signal categories and compute aggregate metrics. We intentionally do not publish details of our model architecture, training data, or internal taxonomy.
  • Asynchronous pipeline: processing runs outside request/response flows for scale and reliability.
  • Structured outputs: results are stored as metadata to support reporting and auditing.
  • Aggregation: dashboards emphasize team and organization-level insights.
AI Use Policy →
Dashboards and access to insights
Dashboards present aggregate metrics and supporting drill-down views for authorized users. Workspace roles govern whether a user can manage integrations, view administrative pages, or access sensitive workspace-level settings.
  • Role-based access: administrative functions are restricted to authorized roles.
  • Workspace scoping: users only see data for workspaces they belong to.
  • Group controls: groups can be used to structure analysis and protect anonymity in reporting.
Data lifecycle
Workplace.io manages data across ingestion, processing, storage, and reporting. Retention and deletion practices are documented separately and may vary by data type (derived metadata, operational logs, and customer configuration).
Data Handling & Retention →
Need a deeper review?
We can support security questionnaires and provide additional technical detail during procurement reviews.
Contact Trust & Security Back to Trust Center
Warning
This is a warning message
Cancel
Continue