Trust Center / GDPR & Data Rights
GDPR & Data Rights
How we support GDPR-aligned rights requests, customer responsibilities, and privacy-by-design practices. This page is a practical overview for customers and procurement teams.
Last updated: December 16, 2025
Roles: customer and Workplace.io
In typical enterprise use, the customer controls what collaboration data is connected and how Workplace.io is used. In that context, the customer is generally the controller of workplace collaboration data and Workplace.io acts as a processor. For certain account-level data (e.g., website accounts), Workplace.io may act as a controller for its own business purposes.
Data Processing Addendum →
Rights requests (DSARs)
We support GDPR-aligned requests such as access, deletion, and correction. Because workplace collaboration data is typically controlled by the customer, requests may require coordination with the customer administrator to confirm scope and authorization.
  • Access: provide information about personal data processed, where appropriate and authorized.
  • Correction: correct account-level information; collaboration platform data is generally corrected at the source provider.
  • Deletion: support deletion requests where applicable; customer admins can also disconnect integrations and archive workspaces.
  • Restriction/objection: coordinate appropriate handling based on the customer’s controller obligations.
Short-lived message content
Message content is processed for a short period during analysis and then removed; derived metadata and aggregated results are retained to power dashboards and trends.
Contact Trust & Security →
Privacy by design
Workplace.io is designed to minimize exposure of sensitive content and to support organizational insights. We apply controls that support data minimization, access restriction, and auditability.
  • Minimization: process message content briefly; retain derived metadata needed for reporting.
  • Access controls: workspace roles restrict administrative actions and sensitive settings.
  • Security safeguards: encryption in transit and at rest; monitoring and incident response processes.
  • Vendor transparency: documented subprocessors and processing environments.
Access Controls →   |   Encryption →
International transfers
If personal data is transferred across borders, we support appropriate transfer mechanisms where required, including Standard Contractual Clauses (SCCs) when applicable.
International Transfers (SCCs) →
Need GDPR materials?
Contact us for a DPA, subprocessor details, or support with privacy and rights requests.
Contact Trust & Security Back to Trust Center
Warning
This is a warning message
Cancel
Continue