Privacy Policy

This Privacy Policy explains how Workhive (“we,” “our,” or “us”) collects, uses, discloses, and protects information when you use our software-as-a-service platform (the “Service”), including our website and CRM application.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

If you use the Workhive iOS app, please also review the iOS App Privacy Supplement at the bottom of this page.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use the Service, we may collect:

  • Name
  • Email address
  • Company name
  • Billing information (processed via third-party payment providers)
  • Account credentials
  • Customer, lead, and contact data you upload or enter into the CRM
  • Communications you send to us (support requests, feedback, etc.)

1.2 Information Collected Automatically

We may automatically collect certain information when you use the Service, including:

  • IP address
  • Device type and browser information
  • Usage data (pages viewed, actions taken, timestamps)
  • Log files and diagnostic data

This data is used to operate, secure, and improve the Service.

1.3 Customer Data

Our Service allows you to store and manage data about your own customers, leads, or contacts (“Customer Data”). You remain the data controller for Customer Data, and we act as a data processor on your behalf.

1.4 Messaging & Communication Data

When Users utilize messaging features within the Service, including SMS or MMS communications, we may process messaging-related data such as phone numbers, message content, message metadata (including timestamps and delivery status), and associated contact information (“Messaging Data”).

Messaging Data is processed solely to provide and operate the Service and is transmitted through third-party communication providers, including Twilio.

Users remain responsible for the lawful collection and use of Messaging Data, including obtaining all required consents from message recipients. Messaging Data is not sold or shared for advertising or marketing purposes by Workhive.

1.5 Mobile Application Data (iOS)

When you use the Workhive iOS mobile application, we may additionally collect:

  • Device Identifiers: Device tokens and identifiers to deliver push notifications for incoming calls and messages
  • VoIP Data: Call logs, call duration, and call metadata to provide voice calling functionality
  • Phone Numbers: Business phone numbers assigned to your account for making and receiving calls
  • Audio Data: Voice call audio is transmitted in real-time through our telephony provider (Twilio) but is not stored unless you enable call recording features
  • Call Events: Information about incoming and outgoing calls, including timestamps, duration, participants, and call outcomes
  • Push Notification Tokens: APNs (Apple Push Notification service) tokens and VoIP push tokens to enable real-time call delivery even when the app is closed

This data is collected solely to provide core app functionality including VoIP calling, push notifications, and business communication features.

1.6 Call Recording

If you enable call recording features within your account settings, audio recordings of your business calls will be stored securely in our system. You are responsible for:

  • Complying with applicable call recording laws in your jurisdiction
  • Informing call participants that the call is being recorded
  • Obtaining necessary consent from all parties before recording

Call recordings can be deleted at any time through your account dashboard or by contacting support.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage accounts
  • Process payments and subscriptions
  • Improve product functionality and user experience
  • Communicate with you about updates, security issues, or support requests
  • Monitor usage for security, compliance, and performance
  • Comply with legal obligations
  • Operate and deliver messaging and communication features requested by Users
  • Deliver real-time push notifications for incoming calls and messages
  • Provide VoIP calling functionality through our telephony infrastructure
  • Display caller information using CallKit on iOS devices
  • Route calls and messages to the appropriate business phone numbers
  • Generate call logs and analytics for your business communications
  • Enable contact synchronization across your devices (when permitted)

We do not sell your personal data.

Google API Disclosure

Workhive's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Requirements

Our app strictly adheres to the following:

  • No Advertising: We do not use Google Workspace data to serve, personalize, or target advertisements.
  • Human Review: We do not allow humans to read your Google Workspace data unless we have your affirmative agreement for specific messages, it is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App's internal operations and even then only when the data have been aggregated and anonymized.
  • No Data Transfer: We do not transfer or sell your Google user data to third parties, such as data brokers or ad networks.
  • AI Training: We do not use your Google Workspace data to train, develop, or improve generalized AI and/or machine learning models.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Performance of a contract
  • Legitimate business interests
  • Compliance with legal obligations
  • Your consent, where applicable

4. Data Sharing and Disclosure

We may share information only in the following circumstances:

4.1 Service Providers

We use trusted third-party providers to help operate the Service (e.g., hosting, authentication, payments, analytics). These providers are contractually obligated to protect your data and use it only as instructed.

This includes communication and messaging providers used to transmit SMS or other communications on behalf of Users.

Subprocessor Updates. We will provide at least 30 days' notice via email to account administrators before engaging a new subprocessor that processes your personal data. Our current subprocessors include: Twilio (communications), Supabase (database and authentication), Google APIs (calendar and email integration), Stripe (payment processing), OpenAI (call transcription summarization), Deepgram (call transcription), Vercel (hosting), and Sentry (error monitoring).

Third-party services we use include:

  • Twilio: VoIP calling infrastructure, SMS/MMS messaging, and phone number provisioning
  • Supabase: Authentication, database hosting, and real-time data synchronization
  • Google Sign-In: Optional authentication method (if you choose to sign in with Google)
  • Payment Processors: Stripe or similar services for billing and subscription management (we do not store credit card information directly)
  • OpenAI: When an account administrator enables AI summarization of call transcripts, we send transcript text (and limited context, such as a contact display name used only to label the output) to OpenAI's API to generate a short summary and suggested next steps. OpenAI processes this data as a subprocessor on our instructions.
  • Deepgram: When an account administrator enables transcription of call recordings, we send call audio to Deepgram to produce a text transcript. Deepgram processes this data as a subprocessor on our instructions.

For iOS App Users:

  • Apple Push Notification Service (APNs): Delivers notifications for messages and calls
  • Apple CallKit: Integrates VoIP calls with your iPhone's native calling interface

These providers may process your data in accordance with their own privacy policies. We recommend reviewing:

4.2 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal requests.

4.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction.

5. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service
  • Meet legal, accounting, or regulatory requirements

Customer Data is retained according to your account settings and deleted upon account termination, subject to applicable laws.

Messaging Data is retained in accordance with User account settings and applicable legal requirements.

Call and Communication Data:

  • Call logs and metadata are retained for the duration of your active subscription and up to 90 days after account termination for billing and support purposes.
  • Call recordings (if enabled) are retained until you delete them or close your account.
  • Messaging history is retained according to your account retention settings.
  • Push notification tokens are retained only while you have an active session and are automatically removed upon sign-out.

6. Data Security

We implement industry-standard technical and organizational measures to protect data, including:

  • Encrypted data storage and transmission
  • Access controls and authentication
  • Regular security monitoring

No system is 100% secure, but we take reasonable steps to protect your information.

Breach Notification. In the event of a confirmed security breach affecting your personal information, we will notify affected users via email within 72 hours of confirmation. The notification will include: (a) what happened, (b) what data was affected, (c) the steps we are taking to address the breach, and (d) recommended actions for users. Where required by law, we will also notify applicable regulatory authorities.

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Object to or restrict processing
  • Request data portability
  • Lodge a complaint with a supervisory authority (for EU/EEA residents, you may contact your local Data Protection Authority)

You can exercise these rights by contacting us at pf@dufety.com.

iOS App Users:

  • You can delete your local app data by uninstalling the application
  • To delete your account and all associated data, contact us at hello@dufety.com or use the account deletion option in Settings
  • Push notification tokens are automatically deleted when you sign out or uninstall the app

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, improve performance and usability, and analyze usage trends.

Cookie use:

Cookie Type Purpose Duration
Supabase session (sb-*) Essential Authentication and session management 1 hour (auto-refreshed)
Gmail OAuth nonce (gmail_oauth_nonce) Essential CSRF protection during Gmail OAuth flow 10 minutes
Session cookies Essential Maintain login state across pages Browser session

We do not use advertising, marketing, or third-party tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

Our iOS mobile application may use software development kits (SDKs) from third parties including Google Sign-In SDK and Twilio Voice SDK. These SDKs may collect usage data and device information to provide authentication and calling services. No data is used for cross-app tracking or advertising purposes.

9. International Data Transfers

Your information may be processed and stored in countries outside your jurisdiction. Where required, we use appropriate safeguards to protect international data transfers.

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page, and the “Last updated” date will be revised.

12. Meta (Facebook) Data Deletion Requests

If you connect your Meta (Facebook) account to Workhive to use integrations such as Meta Lead Ads, we may receive and store certain data from Meta, including connection details and lead data submitted through Meta Lead Ads (“Meta Platform Data”).

You may request deletion of Meta Platform Data as follows:

Disconnect within Workhive

You may disconnect the Meta Lead Ads integration at any time by logging into your account at https://app.workhive.co/, navigating to Settings → Integrations → Meta Lead Ads, and selecting Disconnect. Disconnecting will stop any new data from being received from Meta. In accordance with our data retention policies, we will delete or anonymize Meta Platform Data associated with that connection.

Request Full Deletion

If you wish to request deletion of any Meta Platform Data we may still retain (including data from previous connections), please contact us at pf@dufety.com with the subject line “Meta data deletion request.” Please include the email address associated with your Workhive account so we can identify and process your request. We will handle deletion requests in accordance with this Privacy Policy and applicable laws.

13. Permissions on Mobile Devices

iOS Application Permissions:

The Workhive iOS app may request the following permissions:

  • Microphone Access: Required to make and receive VoIP calls. Audio is transmitted in real-time but not stored unless you enable call recording.
  • Notifications: Required to receive alerts for incoming calls and messages, including VoIP push notifications that work even when the app is closed.
  • Contacts (Optional): If granted, allows you to sync device contacts with your Workhive business contacts for easier calling and messaging.

You can manage these permissions at any time through your device's Settings app under Workhive. We only request permissions that are necessary for core app functionality. You can deny optional permissions without affecting basic features.

14. No Cross-App Tracking (iOS)

The Workhive iOS application does not track users across apps and websites owned by other companies for advertising or data broker purposes. We do not share your data with advertising networks or data brokers. Device identifiers are used solely for delivering app functionality such as push notifications.

15. Artificial intelligence and automated processing

15.1 Overview

Workhive does not operate proprietary, self-trained foundation models. Certain optional features use third-party artificial intelligence and machine learning services that we integrate through secure APIs. Those providers process data only as described in this section and act as service providers (subprocessors) assisting us in delivering the Service.

15.2 Call recording transcription and summarization

When an authorized administrator for your organization enables “Transcribe and summarize call recordings” for a specific business phone number in Workhive, the following may occur after a call recording is completed:

  • Audio from the recording may be sent to Deepgram Inc. (“Deepgram”) to generate a text transcript of the call.
  • The transcript text, together with limited context such as a contact's display name (used only to help label or contextualize the summary), may be sent to OpenAI, LLC (“OpenAI”) via OpenAI's API to produce a short summary of the call and a list of suggested next steps.
  • The transcript, summary, and next steps are stored in your Workhive account so you can review them in the Service (for example in call history or related CRM records), subject to your retention settings and this Privacy Policy.

15.3 When this processing does not occur

If transcription and AI summarization are not enabled for the relevant phone number, or if call recording is not used or not available for a given call, we do not send call audio or transcripts to Deepgram or OpenAI for this purpose.

15.4 Legal bases (where applicable)

Where the GDPR or similar laws apply, we process personal data described in this section based on performance of our contract with you (providing the features you have enabled) and, where required, your organization's instructions as the party enabling the feature. Your organization is responsible for ensuring it has any necessary authority, notices, and consents from participants in recorded calls, consistent with our Terms of Service, applicable call-recording laws, and Section 1.6 (Call Recording) of this Privacy Policy.

15.5 Your controls

An organization administrator may turn off “Transcribe and summarize call recordings” at any time in Workhive (Settings, per business phone number). Turning this off stops new transcription and AI summarization from being requested for that number; data already generated may remain until deleted in accordance with our retention practices. Deleting call recordings, transcripts, or your account may remove or schedule deletion of associated AI outputs as described elsewhere in this Privacy Policy.

15.6 Provider Policies

Deepgram's and OpenAI's own privacy policies and terms describe how they handle data they process on our behalf. We encourage you to review:

16. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Workhive (Du Fety Consulting Inc.)
681 Zermatt Dr.
Ontario, Canada
Email: pf@dufety.com
Privacy Inquiries: privacy@dufety.com (if you want a dedicated privacy email)

iOS App Privacy Supplement

This section applies specifically to users of the Workhive iOS mobile application.

Overview

The Workhive iOS app provides professional VoIP calling, business messaging, and CRM functionality on your iPhone. This supplement describes the additional data collection, permissions, and privacy practices specific to the mobile application.

What Data the iOS App Collects

Essential for Core Functionality:

  • Device Push Tokens: Apple Push Notification Service (APNs) tokens and VoIP push tokens to deliver incoming calls and messages to your device in real-time, even when the app is closed
  • Device Identifiers: Used exclusively to associate push notifications with your specific device
  • Phone Numbers: Business phone numbers assigned to your account for making and receiving VoIP calls
  • Call Metadata: Call logs including timestamps, duration, caller/recipient information, and call outcomes
  • Voice Audio: Transmitted in real-time during calls through our telephony provider (Twilio); not stored unless you explicitly enable call recording
  • Messaging Content: SMS/MMS messages sent and received through the app, stored to provide conversation history
  • Contact Information: Names, phone numbers, and email addresses you add to your business contacts

Usage and Analytics Data:

  • App interaction data (features used, screens viewed)
  • Performance metrics (call quality, app stability)
  • Error logs and crash reports

How This Data Is Used

All data collected by the iOS app is used solely to:

  • Enable VoIP calling with crystal-clear audio quality
  • Deliver push notifications for incoming calls and messages
  • Provide native iOS CallKit integration (calls appear in your iPhone's Phone app)
  • Sync your business contacts and conversations across devices
  • Maintain call history and message threads
  • Improve app performance and reliability
  • Provide customer support when you contact us
  • When enabled by your organization, generate call transcripts and AI-assisted summaries from recorded calls using the third-party providers described in Section 15 of our main Privacy Policy

We do not:

  • Track you across other apps and websites for advertising
  • Sell your data to third parties
  • Share your data with advertising networks or data brokers
  • Use device identifiers for any purpose other than delivering app functionality

iOS Permissions Explained

The Workhive iOS app may request the following permissions:

🎤 Microphone (Required for Calling)

  • Why we need it: To transmit your voice during VoIP calls
  • What we do: Audio is transmitted in real-time to the call recipient through encrypted channels
  • What we don't do: We don't record calls unless you explicitly enable call recording in settings
  • Your control: You can revoke this permission in iOS Settings > Workhive > Microphone, but calling features will not function

🔔 Notifications (Required for Calls & Messages)

  • Why we need it: To alert you of incoming calls and messages
  • What we do: Display caller information, message previews, and call notifications
  • Special note: VoIP push notifications allow you to receive calls even when the app is completely closed—just like your regular phone
  • Your control: You can customize notification settings in iOS Settings > Notifications > Workhive

📇 Contacts (Optional)

  • Why we request it: To help you quickly find and call contacts from your device
  • What we do: Read contact names and phone numbers to suggest matches with your business contacts
  • What we don't do: We don't upload your entire address book without your consent
  • Your control: You can deny this permission and manually add contacts instead

Third-Party Services Used by the iOS App

The iOS app integrates with the following third-party services:

Apple Services:

  • Apple Push Notification Service (APNs): Delivers notifications to your device
  • CallKit: Integrates VoIP calls with iOS's native phone interface
  • Privacy: Apple's services are covered by Apple's Privacy Policy

Twilio (Telephony Provider):

  • Purpose: Powers VoIP calling infrastructure
  • What they process: Call routing, audio transmission, phone number provisioning
  • Privacy: Twilio Privacy Policy

Supabase (Backend Services):

  • Purpose: Authentication, database, real-time sync
  • What they process: User credentials, contact data, message history
  • Privacy: Supabase Privacy Policy

Google Sign-In (Optional):

  • Purpose: Allows you to sign in with your Google account
  • What they process: Basic profile info (name, email) if you choose this sign-in method
  • Privacy: Google Privacy Policy

AI-assisted call features (server-side):

The Workhive iOS app does not run third-party AI models on the device. If your organization enables transcription and AI summarization of call recordings in Workhive (configured in the web application under Settings for the relevant business phone number), completed call recordings may be processed on our servers using Deepgram (transcription) and OpenAI (summarization), as described in Section 15 (Artificial intelligence and automated processing) of our main Privacy Policy. Any transcripts or summaries your account is entitled to view may appear in the Service on iOS or other platforms you use with the same account.

Data Storage and Security

Where Your Data Is Stored:

  • Contact and messaging data: Encrypted cloud storage via Supabase (hosted in USA)
  • Call audio: Transmitted in real-time through Twilio; not stored unless recording is enabled
  • Recordings: Encrypted cloud storage, accessible only to your account
  • Local device: Minimal caching for offline access (call history, contact names)

Security Measures:

  • All data transmission uses TLS/SSL encryption
  • Authentication tokens stored securely in iOS Keychain
  • Call audio encrypted during transmission
  • Regular security audits and monitoring

Call Recording (If Enabled)

If you enable call recording through your account settings:

⚠️ Your Responsibilities:

  • Consent: You must inform all call participants that the call is being recorded
  • Legal compliance: You are responsible for complying with local, state, and federal recording laws
  • Disclosure: Many jurisdictions require “two-party consent” before recording

What We Store:

  • Audio recordings in encrypted cloud storage
  • Recording metadata (date, time, duration, participants)

Your Control:

  • Recordings can be played back, downloaded, or deleted at any time
  • Deleting your account permanently removes all recordings

Data Retention (iOS App)

  • Active Session Data: Push tokens and session info retained while you're signed in
  • Call Logs: Retained indefinitely while your account is active; included in data exports
  • Message History: Retained according to your account settings (default: indefinitely)
  • Recordings: Retained until you delete them or close your account
  • Cached Data: Cleared when you sign out or uninstall the app

When You Delete the App:

  • Local cached data is removed
  • Your account and cloud data remain accessible from other devices
  • Push tokens are automatically deregistered

When You Delete Your Account:

  • All data is permanently deleted within 30 days
  • Call recordings, messages, and contacts are irrecoverably removed
  • We may retain minimal billing records for legal/tax purposes

Your Privacy Rights (iOS Users)

You have the right to:

  • Access: Download a copy of all your data through the app (Settings > Privacy > Export Data)
  • Delete: Request account deletion (Settings > Account > Delete Account) or email pf@dufety.com
  • Correct: Update your information at any time in the app
  • Opt-out: Disable push notifications (though calling features require them)
  • Restrict: Control which permissions the app has through iOS Settings

To exercise these rights:

  • In-app: Navigate to Settings > Privacy
  • Email us: pf@dufety.com with your request
  • We'll respond within 30 days

Compliance with Apple's Privacy Requirements

Privacy Manifest (PrivacyInfo.xcprivacy):

Our iOS app includes Apple's required Privacy Manifest that declares:

  • All data types collected
  • Purposes for data use
  • Whether data is linked to your identity (it is)
  • Tracking status (we do not track)
  • Required Reason APIs accessed

App Tracking Transparency:

We do not perform cross-app tracking. The Workhive iOS app will not display Apple's App Tracking Transparency (ATT) prompt because we do not track users for advertising purposes.

Data Linked to Your Identity:

All data collected by the iOS app is linked to your Workhive account for the purpose of providing personalized business communication services. This is necessary for core functionality (knowing which calls/messages belong to you).

Children's Privacy (iOS)

The Workhive iOS app is not intended for children under 13 years of age. We do not knowingly collect personal information from children. The app is age-rated 4+ in the App Store, but requires users to be 18+ to create an account (per our Terms of Service).

Changes to This Supplement

We may update this iOS App Privacy Supplement as we add features or in response to user feedback and legal requirements. Material changes will be:

  • Posted on this page with an updated “Last updated” date
  • Announced via in-app notification or email
  • Effective 30 days after posting (unless immediate compliance is required by law)

Contact Us About iOS App Privacy

If you have specific questions about the iOS app's privacy practices:

  • Email: pf@dufety.com (Subject: “iOS App Privacy Question”)
  • Mail:
    Workhive - iOS App Privacy
    Du Fety Consulting Inc.
    681 Zermatt Dr.
    Ontario, Canada

By using the Workhive iOS app, you acknowledge that you have read and understood this iOS App Privacy Supplement in addition to our main Privacy Policy.

← Back to home