Trust Center / Data Processing Addendum
Data Processing Addendum
Our Data Processing Addendum (DPA) describes how Workplace.io processes customer data, security measures, and contractual privacy commitments. This page summarizes what our DPA covers. The full DPA is provided during procurement.
Last updated: December 16, 2025
How to request the DPA
If your organization requires a DPA, contact us and we will provide it for review and signature.
Contact Trust & Security →
Typical roles
In most customer deployments, the customer is the controller of workplace collaboration data and Workplace.io acts as a processor, processing data only under customer instructions and configuration. Some limited data (such as website account information) may be processed where Workplace.io acts as a controller for its own business purposes.
Plain-language summary
Customers control what sources are connected and how the product is used. We process the data needed to provide the service and apply controls to protect it.
What our DPA covers
  • Scope of processing: categories of data, categories of data subjects, and the nature/purpose of processing.
  • Security measures: encryption, access control, monitoring, incident response, and operational safeguards.
  • Subprocessors: vendor list, controls for onboarding subprocessors, and change notification approach.
  • Assistance: support for data subject requests and customer compliance needs.
  • Incident notification: breach/incident notification commitments aligned to applicable requirements.
  • Deletion/return: how data is deleted or returned at end of service or upon request.
  • International transfers: transfer mechanisms where required (e.g., SCCs).
Subprocessors →   |   Data Handling & Retention →
Security measures referenced in the DPA
The DPA references security measures appropriate for a SaaS platform that processes workplace communications. Details are described in the Trust Center.
  • Encryption: encryption in transit (TLS) and encryption at rest in hosting environments.
  • Access controls: role-based access for customers; least privilege for internal access.
  • Logging/monitoring: operational monitoring and security-relevant logging with minimized sensitive content.
  • Short-lived content: message content processed briefly; derived metadata retained for reporting.
Encryption →   |   Access Controls →
Procurement request
Contact us for the DPA and any supporting privacy or security materials your team requires.
Contact Trust & Security Back to Trust Center
Warning
This is a warning message
Cancel
Continue