Privacy policy
Effective 2026-06-06 · Document v1
Summary
AllWork.ai is a workforce platform for security operations. The data we collect is what our customers' operators put into the system to schedule, dispatch, and bill — guard records, schedules, shift activity, tour scans, DARs, incidents, timesheets, payroll data, and the financial records associated with running a security company. We process it under contract with the customer; we do not sell it.
Roles
For most data on the platform, the customer is the controller and AllWork.ai is the processor. The customer determines what data flows in, who has access, and how long it stays. For our own operational records (billing, support, security telemetry), AllWork.ai is the controller.
Data we hold
- Customer-tenant data — guards, schedules, shifts, tours, DARs, incidents, timesheets, payroll, invoices, files.
- Identity data — names, work emails, phone numbers, role, IdP-issued user IDs.
- Operational telemetry — request logs, audit logs, error reports, performance metrics.
- Billing — Stripe-handled card / ACH metadata (we never see PAN).
How long we keep it
Customer-tenant data is retained for the life of the contract + 90 days after termination, unless the customer requests earlier deletion. Audit logs are retained 7 years per the contract framework (SOC 2 + standard B2B SaaS expectation). Operational telemetry is rolled up at 90 days.
How to reach us
Privacy questions, data subject requests, or DPA requests: privacy@allwork.ai.
Full document
The full, contract-grade privacy policy is in finalization with counsel ahead of GA. Request the current draft at privacy@allwork.ai if you need it for procurement review.