Privacy

Your data principals' rights are real,
automated, and on the clock.

Access, rectification, erasure, portability, objection, restriction - responded to within the regulator's deadline, every time.

30 days

DPDP Act erasure SLA

1 month

GDPR subject access SLA

0 backlog

Every DSR SLA met since launch

The eight data subject rights

Right to Access

Request all data tied to you across services. Verified via email, MFA, or government ID. Portable export (JSON/CSV) within 30 days (15 days for DPDP Act).

Right to Rectification

Correct any data. Lineage records before-and-after state for audit.

Right to Erasure

Cascade across all storage: primary, derived caches, search indexes, backup catalogs. Backups: cryptographic erasure (key destruction). Audit logs pseudonymized but retained.

Right to Portability

Structured export (JSON, CSV) of your conversation history, project artifacts, and member metadata.

Right to Object

Stops processing under contested purposes. Principal-specific processing-suspension flag honored across all services.

Right to Restrict

Data may be stored but not actively used. Queries respect the restriction marker.

Right to Automated decisions

WorkSwarm's AI is advisory - high-blast-radius actions require human approval. This right is satisfied by design.

Right to Non-discrimination

You cannot be denied service or charged differently for exercising any right. Contractually prohibited.

Consent management

Every collection of sensitive data carries a consent token that records:

Who consented (data principal identifier)
When (timestamp, signed)
What for (purpose code from controlled list)
Until when (expiry - defaults to purpose completion)
By what method (clickwrap, signed form, voice, parental)
Withdrawal record (if revoked)

Withdrawal triggers cessation of processing, deletion or de-identification, and downstream sub-processor notification.

Retention & deletion

Data class	Default TTL	Override
Conversation message	7 years (audit)	Per-project shorter
Voice recording	90 days	Customer hold
AI prompt log	30 days redacted, 7 years pseudonymized	Customer policy
Audit log	7 years (SOC 2, SOX, IRDAI)	Longer for legal hold
User profile	Until deletion request + 30-day grace	Immediate on hard-delete
Billing record	8 years (Companies Act)	Cannot shorten

PII redaction at every boundary

Every outbound boundary - LLM provider, connector, audit destination, SIEM - passes through a configurable redaction layer.

AadhaarAlways redacted unless within Aadhaar Vault scope

PANRedacted to last-4

Credit cardRejected - WorkSwarm does not process card data

PhonePseudonymized to deterministic hash for analytics

EmailPseudonymized for analytics, real for outbound delivery

Free-text PIIDetected via regex + NER; redacted in logs, surfaced to user

Privacy contacts

Data Protection Officer

dpo@workswarm.ai

Grievance Officer (India, IT Rules 2021)

grievance@workswarm.ai

EU Representative (GDPR Art. 27)

eu-rep@workswarm.ai

UK Representative (UK GDPR)

uk-rep@workswarm.ai

← Back to Trust Center

Your data principals' rights are real, automated, and on the clock.