Privacy Policy

Last updated: March 2026

1. Data Collection

SafeWorkspace collects the following data when you use our service:

• Identification data: name, email address, password (hashed), and optional profile picture.
• Billing data: payment information processed by our payment provider Stripe. We never store your card numbers.
• Uploaded documents: the files you upload to your workspace. These documents are encrypted at rest (AES-256).
• Usage data: login logs, queries performed, timestamps, IP address, and browser type.

2. Use of Data

Your data is used exclusively to:

• Provide and improve the SafeWorkspace service.
• Process your artificial intelligence queries on your documents.
• Manage your account and subscription.
• Send you service-related communications (confirmations, security alerts).
• Ensure security and prevent abuse.

Your documents are never used to train artificial intelligence models.

3. Storage and Security

All data is stored on secure servers that comply with SOC 2 Type II standards and are hosted within the European Union. Documents are encrypted at rest with AES-256 and in transit with TLS 1.3. Backups are performed daily and retained for 30 days.

4. Third-Party Sharing

SafeWorkspace never sells, rents, or shares your personal data for commercial purposes. The following third parties may access certain data in connection with providing the service:

• Stripe: payment processing (billing data).
• Supabase / AWS: database and storage hosting (encrypted data).
• LLM providers (if you choose a non-local model): OpenAI, Anthropic, or Google may receive the content of your queries. We use the maximum privacy options offered by these providers (zero data retention when available).
• Vercel: application hosting.

5. Cookies

SafeWorkspace uses only strictly necessary cookies for the operation of the service (authentication, session preferences). We do not use advertising or tracking cookies. Session cookies expire after 7 days of inactivity.

6. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: obtain a copy of your personal data.
• Right to rectification: correct inaccurate data.
• Right to erasure: request the deletion of your data and documents.
• Right to data portability: receive your data in a structured and readable format.
• Right to object: object to the processing of your data for certain purposes.
• Right to restriction: request the restriction of processing of your data.

To exercise these rights, contact us at privacy@safeworkspace.ai. We will respond within 30 days.

7. Data Retention

Your personal data is retained as long as your account is active. If your account is deleted, your data will be erased within 30 days, unless a longer retention period is required by law. Security logs are retained for 12 months.

8. Contact

For any questions regarding this privacy policy, you may contact us:

• Email: privacy@safeworkspace.ai
• Data Protection Officer (DPO): dpo@safeworkspace.ai