Last Updated: September 16, 2025
Thank you for using Workd. This Privacy Policy explains how we collect, use, disclose, and protect personal information in connection with our websites, products, and services (collectively, the "Service").
If you are a customer using the Service as an organization, this Privacy Policy should be read together with your agreement with us and our Data Processing Addendum ("DPA"). If there is a conflict, the DPA or your agreement controls with respect to Customer Data (defined below).
Workd, Inc. ("Workd", "we", "us") provides CRM/ERP software to business customers. This policy applies to personal information we process as a controller (e.g., our website visitors, prospects, and users of our Service accounts) and to the extent applicable describes our role as a processor/service provider when we process Customer Data on behalf of customers.
Contact: info@workd.com
We collect personal information in ways that are aligned with our privacy objectives and applicable law:
We collect the categories of personal information below, the purposes for which we use them, and our retention approach. We do not sell personal information. On our marketing websites (not inside the Service), we may share personal information for targeted advertising; see Do Not Sell or Share in Your privacy choices and rights below.
Retention: We retain personal information for as long as needed to provide the Service and fulfill the purposes described, which generally aligns with (a) the duration of an account or contract, (b) legal/financial recordkeeping and compliance periods, and (c) security and fraud-prevention needs. We apply deletion or de-identification when no longer needed. Customers may instruct us to delete Customer Data at any time in accordance with the DPA and the Service's capabilities.
| Category | Examples | Purpose(s) | Retention |
|---|---|---|---|
| Identifiers | Name, business email, phone, postal address, user ID, IP address, device IDs | Create/manage accounts; provide Service; communicate; security; support; compliance | Life of account/contract plus backup & audit periods |
| Commercial information | Subscription details; purchase/order history; payment status | Provide and improve Service; billing; accounting; compliance | Legal/accounting retention periods |
| Internet / electronic activity | Log and usage data, app events, pages viewed, referrers | Operate and secure Service; analytics and product improvement | Operational needs then aggregated/de-identified |
| Precise geolocation (SPI) | GPS-level location when user enables visit tracking | Provide requested features; security; support | Up to 24 months; subject to customer deletion requests |
| Professional information | Employer, job title/role, team | Provide/administer Service; role-based access; support | Life of account/contract |
| Account credentials (SPI) | Username and hashed password | Authentication; account security; preventing fraud/abuse | While account is active |
Payment information: Workd uses third-party, PCI-compliant payment processors for ACH/credit card transactions. We do not collect, store, or have access to full payment card numbers, bank account numbers with security codes/passwords, or other sensitive payment data. We receive only limited billing metadata (e.g., last-4, token, status) for recordkeeping.
Customer Data and AI/ML: We do not use Customer Data to train machine-learning or AI models unrelated to providing and improving the Service.
Advertising: We do not sell personal information. On our marketing websites (not inside the product), we may share personal information for targeted advertising; see Do Not Sell or Share in Your privacy choices and rights for opt-out methods.
We use cookies and similar technologies to operate and secure the Service and to understand usage. Where required by law (e.g., EU/UK), non-essential cookies are used only with consent. Users can manage preferences through browser settings and our cookie controls (where provided). We honor Global Privacy Control (GPC) and similar universal opt-out signals for relevant state-law purposes.
Sub-processors: We maintain a current list of sub-processors in our Data Processing Addendum and notify customers of material changes per our agreement.
Customer Data is primarily hosted in the United States. We may transfer personal information to countries other than where it was collected. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures as needed.
We implement technical and organizational measures designed to protect personal information, including encryption in transit and at rest, role-based access controls, network and application security, vulnerability management, and employee security training. Passwords are stored using industry-standard hashing and never in plaintext. No method of transmission or storage is 100% secure; we maintain incident response processes and will notify affected parties as required by law.
Your choices include:
U.S. state rights: Depending on where you live, you may have rights to access, correct, delete, obtain a portable copy, and opt out of certain processing (e.g., sale/sharing, targeted advertising, or profiling). Where required, you may also opt in (and later withdraw consent) for processing sensitive data. We honor Global Privacy Control (GPC) signals as opt-outs of sale/sharing and targeted advertising where applicable.
Do Not Sell or Share: We do not sell personal information. On our marketing websites (not inside the Service), we may share personal information for targeted advertising. To opt out: (i) use a browser that sends Global Privacy Control (GPC), which we honor, and/or (ii) email info@workd.com with "Do Not Sell/Share" in the subject. You may also mail a request to Workd Inc, 37000 Grand River Ave Ste 300, Farmington Hills, MI 48335.
How to exercise rights / appeals: Submit a request to info@workd.com with "Privacy Request" in the subject or by mail at the address above. We will verify your request and respond within the timeframe required by law. If we deny your request, you may appeal by replying with "Appeal" in the subject.
EEA/UK rights: If applicable, you also have the right to lodge a complaint with a supervisory authority. Contact info@workd.com for the appropriate authority details for your location.
The Service is not directed to children. We do not knowingly collect personal information from children under the age required by law. If you believe a child has provided personal information, contact info@workd.com and we will take appropriate action.
We retain personal information consistent with the purposes described in this policy and our agreements, taking into account the amount, nature, and sensitivity of the data; potential risk of harm; legal, tax, accounting, and regulatory requirements; and customer instructions. We apply deletion or de-identification when retention is no longer necessary. Visit-tracking geolocation logs are retained for up to 2 years by default unless a customer requests earlier deletion.
Secure disposal: We delete or de-identify personal information using controls appropriate to the data and storage medium (for example, cryptographic erasure for encrypted systems, logical deletion with suppression, and backup expiry/rotation). Deletions applied to active systems propagate to backups in the ordinary course of our backup lifecycle.
We may update this Privacy Policy from time to time. We will post the updated version with its effective date and, if changes are material, we will provide additional notice (e.g., in-app or by email).
For questions or requests concerning this Privacy Policy or our privacy practices, contact info@workd.com.