Privacy Policy

Introduction

At Workfreak, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Workfreak, you consent to the data practices described in this policy.

This Privacy Policy applies to users located in the United States and the European Economic Area (EEA). We comply with applicable privacy laws in both jurisdictions, including the General Data Protection Regulation (GDPR) for European users and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents.

Company Information

Workfreak is operated by:

Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Service:

• Account Information: Email address, password (stored securely using encryption), and account preferences
• User Content: Time blocks, food entries, training logs, journal entries, goals, physical state entries, and any other data you enter into the application
• Usage Data: Information about how you interact with our Service, including pages visited, features used, and time spent on the Service
• Device Information: Device type, operating system, browser type, and other technical information. We do not store IP addresses in our database. However, third-party analytics services (such as Google Analytics) may collect IP addresses, but they anonymize this information. Infrastructure logs (hosting providers) may temporarily log IP addresses for security and operational purposes, but this is not user data we actively store or use.
• Payment Information: Payment details are processed securely through Stripe. We do not store your full credit card information on our servers

How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Service
• To process your subscription and manage your account
• To send you notifications, updates, and important information about your account
• To provide personalized AI-powered insights and recommendations through our AI Mentor feature
• To analyze usage patterns and improve user experience
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service

Data Sharing and Third-Party Services

We do not sell your personal information. We may share your information with trusted third-party service providers who assist us in operating our Service:

• Supabase: We use Supabase for database hosting and user authentication. Your data is stored securely on Supabase's infrastructure
• Stripe: We use Stripe for payment processing. Stripe handles all payment transactions securely and in compliance with PCI DSS standards
• OpenAI: We use OpenAI's API to power our AI Mentor feature and provide personalized insights. We do not send any personally identifiable information to OpenAI. All data sent to OpenAI is anonymized and cannot be directly traced back to individual users. Specifically, we do not send your email address, user ID, name, or any other account identifiers. Only anonymized content data (such as time blocks, food entries, training logs, journal entries, and goals) is sent for AI processing. OpenAI does not use your data to train their models, and the data cannot be linked back to your identity.
• Resend: We use Resend for sending transactional emails. Your email address is shared with Resend solely for the purpose of sending you emails

All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify. We may also disclose your information if required by law or to protect our rights and the safety of our users.

AI Data Processing and Anonymization

When we use AI services (such as OpenAI) to provide personalized insights and recommendations, we take privacy seriously:

• No Personal Identifiers: We never send personally identifiable information to AI services. This means we do not send your email address, user ID, name, account credentials, or any other information that could directly identify you.
• Anonymized Data Only: Only anonymized content data is sent to AI services, such as anonymized summaries of your time blocks, food entries, training logs, journal entries, and goals. This data cannot be traced back to your identity.
• No Model Training: AI service providers (like OpenAI) do not use your data to train their models. Your data is used solely for generating responses to your requests and is not retained for training purposes.
• No Data Linking: The anonymized data sent to AI services cannot be linked back to your account or identity, ensuring your privacy is protected.

Please note that if you include personal information (such as names or specific personal details) in your journal entries, food descriptions, or other content you create, that information will be included in the anonymized data sent to AI services. We recommend being mindful of the information you include in your entries if you have privacy concerns.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to authenticate users, maintain your session, and remember your preferences. Essential cookies are necessary for the website to function properly and cannot be disabled.

For more detailed information about our use of cookies, please see our Cookie Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using SSL/TLS
• Encryption of sensitive data at rest
• Secure password storage using industry-standard hashing algorithms
• Regular security audits and updates
• Access controls and authentication mechanisms
• Row-level security policies in our database

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide you with our Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

You can request deletion of your account and all associated data at any time by contacting us at support@workfreak.me or through your account settings.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where our company is located. These countries may have data protection laws that differ from those in your country.

For users located in the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your information in accordance with GDPR requirements, including standard contractual clauses and other approved transfer mechanisms.

By using our Service, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

Your Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: You have the right to request copies of your personal data
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information
• Right to Erasure: You have the right to request that we delete your personal data under certain circumstances
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data
• Right to Data Portability: You have the right to request that we transfer your data to another service provider
• Right to Object: You have the right to object to our processing of your personal data

To exercise any of these rights, please contact us at support@workfreak.me. We will respond to your request within 30 days.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete personal information we have collected from you
• The right to opt-out of the sale of personal information (we do not sell your personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us at support@workfreak.me.

Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

We will respond to your inquiries within 30 days as required by applicable privacy laws.