/// PRIVACY_PROTOCOL_V1.0

Privacy
Policy

Last updated: December 20, 2025

/// 01

Introduction

Workflows Accelerator ("We", "Us") is committed to protecting your privacy. This policy outlines how we handle data. Our business model is fundamentally designed to minimize our access to your data by building infrastructure that you own.

We distinguish between "Account Data" (information about you as a customer) and "Operational Data" (the data processed by the automations we build for you).

/// 02

Data Collection

We collect the following types of information:

  • Account Data: Name, email address, billing address, and payment information (processed via Stripe). This is required to manage your subscription.
  • Technical Data: IP addresses, browser type, and device information when you visit our website or use our Client Portal.
  • Operational Data Access: To build your automations, we require temporary access to your APIs, databases, and third-party accounts (e.g., CRM, Email). We access this data strictly for development and debugging purposes.

/// 03

Storage & Data Sovereignty

This is the core of our privacy architecture:

Operational Data stays with you. Unlike SaaS platforms that store your customer data on their servers, we deploy automation infrastructure (n8n, Supabase, etc.) on servers that you control (e.g., your Hetzner VPS or AWS account).

Once a workflow is deployed, the data flows directly from Source A to Destination B within your infrastructure. Workflows Accelerator does not retain copies of the data processed by your live automations.

/// 04

Third-Party Processors

We use trusted third-party providers to run our business. We do not sell your data.

  • Stripe: For payment processing.
  • Supabase: For managing our Client Portal database.
  • Gemini / Anthropic: If your workflows utilize AI, data is sent to these providers via API. We ensure that Data Processing Agreements (DPAs) are in place where possible to prevent your data from being used to train public models.
  • Hetzner / AWS: Cloud infrastructure providers (where your servers are hosted).

/// 05

Security Measures

We employ enterprise-grade security practices to protect the credentials you share with us:

  • Secrets Management: We use self-hosted Vaultwarden or 1Password for sharing and storing API keys. We never store secrets in plain text in emails or chat.
  • Least Privilege: Our engineers are granted access only to the specific resources needed for the active Sprint. Access is revoked upon project completion or termination.
  • Encryption: All data in transit is encrypted via TLS/SSL.

/// 06

Your Rights

Under applicable data protection laws (GDPR, CCPA), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request that we delete your Account Data (subject to legal retention requirements for tax/billing).
  • Revocation: Since you own the infrastructure, you can revoke our access to your servers and data at any time by changing your SSH keys or API credentials.

/// 07

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:

security@workflows.ac