Legal and Compliance
Security
Security Policy Security Updates Data in Motion Data at Rest and Retention Security Partners Security Innovations

WebWork AI Policy

1. Introduction

WebWork Time Tracker, Inc. (“WebWork,” “we,” or “us”) provides AI-powered features (“WebWork AI”) designed to help users understand productivity patterns, analyze workflows, automate insights, and improve team efficiency.

This AI Policy explains how WebWork AI works, how data is processed, and how privacy is protected.

This policy applies to all AI features within WebWork’s platform, including the web app, desktop applications, mobile apps, and team chat integrations.

2. How WebWork AI Works

WebWork AI uses machine learning models to:

  • Analyze time-tracking and activity data
  • Generate insights, summaries, and recommendations
  • Automate reporting and operational analysis
  • Support individuals with productivity feedback
  • Provide workspace-level trends when requested by workspace admins

WebWork AI does not make employment, disciplinary, or compensation decisions.

All AI outputs are advisory.

3. WebWork AI Data Usage & Privacy

3.1 AI Model Training

  • WebWork does not use customer or workspace data to train AI models.
  • AI processing occurs only within the workspace where the request is made.
  • Data from different workspaces is never combined or used for shared modeling.
  • Third-party AI providers, including OpenAI, do not use WebWork data to train or improve their public models.

3.2 AI Context & Processing

  • WebWork AI currently uses OpenAI’s API and may integrate additional vetted providers.
  • Data is processed only at the moment of the request, solely for the specific function initiated by the user.
  • Prompts, context, and submitted data are not stored or retained by WebWork or AI providers after processing.
  • All providers operate under Data Processing Agreements (DPAs) prohibiting data retention, model training, or unauthorized reuse.

3.3 Data Isolation

  • AI processing is strictly workspace-isolated.
  • AI responses are ephemeral; underlying request data is not retained after a result is generated.
  • WebWork does not sell, share, or expose workspace data to any AI provider beyond what is necessary to fulfill a specific request.

3.4 Screenshot, Activity, and Sensitive Data Handling

  • AI systems have no access to screenshots, screen recordings, keystrokes, or similar data unless explicitly required by a specific AI feature and enabled by the user or admin.
  • Sensitive data (e.g., health or financial information) is not processed unless the user includes it voluntarily in an AI prompt.
  • When used by HIPAA-covered customers, AI features operate under HIPAA-compliant controls and Business Associate Agreements (BAAs).

4. Data Privacy and Compliance

AI-related data is protected under the same technical and organizational safeguards applied across the WebWork platform, including:

  • Encryption in transit and at rest
  • Zero-retention policies for third-party AI providers
  • Role-based access control (RBAC)
  • Strict segregation of workspace data

WebWork complies with:

  • GDPR
  • CCPA / CPRA
  • HIPAA(for applicable customers)

Users may request data access, correction, deletion, or export in accordance with applicable regulations.

5. Human Oversight

  • AI-generated results are recommendations , not authoritative decisions.
  • Users and administrators must validate AI outputs before applying them to business or HR processes.
  • WebWork AI must not be used to:
    • Evaluate employee performance
    • Make hiring, firing, or compensation decisions
    • Conduct monitoring beyond configured WebWork settings
    • Infer protected characteristics or sensitive attributes

6. Prohibited Uses

Users may not use WebWork AI to:

  • Generate harmful, discriminatory, or abusive content
  • Attempt to extract private or confidential information about others
  • Perform automated employment or compensation decision-making
  • Engage in surveillance beyond WebWork-approved functionality
  • Conduct illegal or unethical activities
  • Interfere with security systems or attempt to manipulate AI behavior

Violations may result in suspension or account termination.

7. Third-Party AI Providers and Sub-Processors

Certain WebWork AI features rely on secure third-party AI infrastructure providers.

These providers:

  • Operate under binding Data Processing Agreements
  • Cannot store, reuse, or train on WebWork customer data
  • Must meet WebWork’s security and compliance requirements

A current list of AI-related sub-processors is maintained on our website.

8. Data Retention

  • AI requests and outputs follow WebWork’s standard data retention policies.
  • Temporary processing data is not retained by third-party AI model providers.
  • Users and workspace admins may delete AI-generated content at any time.

HIPAA-related records are retained as required under HIPAA regulations.

9. User Controls

Workspace admins may:

  • Enable or disable WebWork AI features
  • Restrict access to specific AI capabilities
  • Limit which roles or users can use AI
  • Review or delete AI-generated content

Users may request access, correction, or deletion of personal data processed by AI.

10. Security Measures

WebWork applies multiple layers of protection to all AI-related components:

  • End-to-end encryption
  • Secure API gateways
  • Misuse and anomaly detection
  • Regular internal security reviews
  • Comprehensive audit logging
  • Vulnerability scanning and penetration testing, including AI endpoints

11. Responsible AI Principles

WebWork AI follows these principles:

  • Privacy-first design
  • Data minimization
  • Security-by-default
  • Transparency in how AI operates
  • Human oversight and control
  • Fairness and non-discrimination

12. Updates to This Policy

WebWork may update this AI Policy as AI capabilities evolve.

Changes will be communicated on our website or within the platform.

13. Contact

For questions about WebWork AI or privacy practices:

[email protected]

[email protected]