WRKSHP ("we," "us") operates the Services at https://wrkshp.dev and related offerings, including the customer-facing CRM at https://content.wrkshp.dev. This Privacy Policy describes how we collect, use, and share information when you use the Services or authorize integrations such as Google OAuth.
By using the Services, you consent to the practices described here. If you do not agree, do not use the Services.
Information from your identity provider (for example Clerk), such as email and user identifiers, used to authenticate you and associate you with workspaces.
Data you store in the product (clients, prospects, posts, settings, drafted emails, sequence content, etc.).
When you choose "Connect Google" within the product, we receive OAuth tokens under the scopes you approve (Gmail, Calendar, Google Business Profile, Search Console read-only, Google Analytics read-only, Google Ads, as configured per-feature). Tokens are encrypted at rest and used only to provide the specific features you request.
Standard logs, diagnostics, IP addresses, and session telemetry needed to operate, debug, and secure the Services.
We use the information above to:
We do not sell personal information, and we do not use Google user data to train generalized AI/ML models.
WRKSHP's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
gmail.modify) is used solely to display the connected user's own inbox inside the WRKSHP CRM and to send replies on behalf of the connected user. Gmail data is never read by other workspace members and is never used for advertising.
calendar.events.readonly) is used to detect when a sales call has been booked with a CRM prospect and to attribute the booking back to the responsible rep.
| Vendor | Purpose |
|---|---|
| Convex | Application database, server-side functions, and file storage. |
| Clerk | User authentication and session management. |
| Vercel | Frontend hosting and edge delivery. |
| Resend | Outbound transactional and outreach email delivery. |
| Stripe | Subscription billing and contractor (1099) payouts. |
| Anthropic | AI inference for in-product features (drafting, summarization). Customer prompts are not used to train third-party models. |
All subprocessors are bound by data-processing agreements that require equivalent confidentiality, security, and use-restriction obligations.
We retain account and workspace data for as long as the account is active and as needed to provide the Services. When a Google integration is disconnected (either from within the product or via your Google Account permissions), the corresponding refresh token and any cached scope-restricted data are deleted within 30 days.
You may request deletion or export of workspace data by contacting support@wrkshp.dev. We will action verified requests within 30 days, subject to legal retention requirements.
Open Settings → Integrations (or the relevant feature page) and click Disconnect. Tokens are revoked immediately on our side.
Visit myaccount.google.com/permissions and remove WRKSHP. Our backend will detect the revocation on the next API call and clean up.
We may update this policy from time to time. We will post the revised policy with an updated "Last updated" date and, where required by law, notify you via the email address associated with your account. Continued use of the Services after changes constitutes acceptance of the revised policy where permitted by law.
Questions about this Privacy Policy, data subject access requests, or to report a security concern: contact your WRKSHP account lead or email us directly.
The companion document covering acceptable use, payment, and liability.
Read Terms of Service