Trust & Transparency

Privacy Policy

Last updated: May 30, 2026. This policy outlines exactly how WorkWitness collects, processes, and protects your team's activity logs. We believe in respect-driven transparency—not spyware.

2. Data Capture Boundaries

Our recording technology is architected around absolute boundaries. We strictly segregate signals necessary for cohesive workflow analysis from invasive telemetry.

Authorized Captures

App and active window titles
Time elapsed per application
Browser domains (isolated URL matching)
Local system timezone configurations
Screenshots (strictly owner opt-in)

Strictly Excluded

Keystroke tracking (rhythm or keys)
Webcam or microphone feeds
Raw file bodies or system directories
Biometric identity collection
Personal financial details or passwords

3. Local Masking Pipeline

To ensure client parameters, sensitive strings, and transaction ids never leave local hard drives, WorkWitness processes active window text through an inline local masking engine. This scrubbing happens on the teammate's machineprior to any network transfer.

1
Raw Active Title CapturedExcel · Mehta_Q3_Project_deal.xlsx
2
Local Scrubbing EngineRegex & text filters replace Mehta_Q3_Project with [client_file]
3
AI Model Pattern AnalysisThe safety-first LLM reviews the masked context: "focus stretch on [client_file]"

Because our processing pipeline removes granular content locally, the AI model (hosted securely by Anthropic) exclusively evaluates behavior and categories—never confidential transaction details.

4. Isolation & Security

All captured data is encrypted in transit using TLS 1.3 and at rest utilizing AES-256 industry standards. We enforce logical tenant isolation at the database layer. This ensures your workspace records sit strictly in your dedicated compartment and are structurally isolated from any other customer.

Our operational engineers do not access, browse, or read tenant data. System administrators may only audit or access a tenant database upon a direct, written support ticket submitted by the workspace owner, logged and time-bound.

5. DPDP Act Alignment

Designed strictly alongside the provisions of India's Digital Personal Data Protection (DPDP) Act, 2023, WorkWitness supports all compliance frameworks necessary for Indian companies:

• Contractual Scoping: A clear Data Processing Agreement (DPA) is signed by every workspace, stating the precise terms and retention boundaries.
• Teammate Data Rights: Under DPDP guidelines, monitored employees retain the right to query the workspace admin regarding what data is stored, and request correction or purging of wrong entries.
• Selective Retention: The default workspace retention cycle is set to 30 days, after which raw event data is systematically purged. Workspace owners can customize this timeline to be shorter.

6. Admin & Workspace Controls

Workspace owners hold full administrative authority over the deployment configuration:

• Visibility Modes: Configure whether the desktop agent runs visibly (showing an icon and active status to the teammate) or silently, per individual.
• Screenshot Configuration: Screenshots are turned off globally by default. If enabled for specific high-accountability roles, they are captured only during active, billable hours and are fully encrypted before leaving the device.

Privacy & security questions?

If you require an audit log request, seek clarifications regarding our local masking engine, or want to sign a custom DPA, please email our security officer directly:

Get started

Start free, or book a 20-minute call.

Your first daily brief lands tomorrow at 7am IST. Set it up yourself in five minutes, or walk through it live with us first — whichever you prefer.

Start free Book a 20-minute call

Free during early access  ·  No card required  ·  5-minute Windows install