WorkLLM is designed to give your organization control over its data. This page explains what data WorkLLM collects and stores, how long it is retained, how integrations handle data, and what options you have as a data controller under GDPR, CCPA, and similar frameworks. For WorkLLM’s full privacy policy, see workllm.io/privacy-policy.Documentation Index
Fetch the complete documentation index at: https://workllm.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What data WorkLLM stores
WorkLLM stores the data you and your team create while using the platform. This includes:| Data type | Description |
|---|---|
| Conversations | All messages sent in threads, including AI responses and co-prompting activity |
| Uploaded documents | Files attached to threads or used in document chat sessions |
| Memory layers | Content stored in Thread, Project, Team, Personal, and Organization memory |
| Agent configurations | AI Agent definitions, triggers, and action logs |
| Assistant definitions | AI Assistant configurations including instructions and attached knowledge |
| Usage metadata | Metadata about AI usage — model used, token counts, timestamps — used for reporting and billing |
| Authentication data | Account credentials, SSO tokens, and session identifiers |
| Integration tokens | OAuth tokens used to connect third-party services (stored encrypted) |
Data retention
By default, WorkLLM retains your data for as long as your organization’s account is active. You can manage retention in the following ways:- Retention configuration: Enterprise plans can configure retention periods for conversation history and uploaded documents. Contact WorkLLM to configure custom retention rules for your organization.
- Account deletion: If you close your WorkLLM account, your data is deleted within 30 days of account closure, subject to any legally required retention periods.
- Data deletion requests: You can request deletion of specific data or your entire organization’s data by contacting info@workllm.io.
Audit logs are retained for 12 months on Business plans and 24 months on Enterprise plans. Audit log retention periods cannot be shortened, as they exist to support compliance requirements.
How integrations handle data
WorkLLM connects to third-party services — such as Google Workspace, Slack, Notion, Jira, and CRM platforms — through OAuth-based integrations. Here is how data flows through these connections:- OAuth tokens are stored encrypted. WorkLLM stores only the access token needed to perform authorized actions on your behalf. Tokens are encrypted at rest.
- WorkLLM reads but does not copy third-party data by default. When you connect an integration, WorkLLM can read content from that service (for example, browsing Google Drive files). This content is not copied into WorkLLM’s storage unless you explicitly attach it to a thread or assistant.
- Explicitly attached content is stored in your tenant. When you attach a document from a connected service to a thread, that content is stored in your WorkLLM tenant and is subject to your tenant’s retention and deletion settings.
- Revoking an integration removes WorkLLM’s access. If you disconnect an integration, WorkLLM can no longer access data from that service. Previously attached content that was copied into WorkLLM must be deleted separately.
Data residency
WorkLLM stores data in the region that you selected during sign-up. Available regions and exact residency configurations vary. Contact info@workllm.io to discuss data residency requirements before signing up for an Enterprise plan.Data residency affects where WorkLLM stores your data at rest. AI model inference may still be processed by third-party model providers in their infrastructure regions. Ask WorkLLM for details on model provider data processing locations for your specific use case.
Your rights as a data controller
Under GDPR and CCPA, your organization acts as the data controller for the personal data of your employees and end users that flows through WorkLLM. WorkLLM acts as a data processor on your behalf. As a data controller, you have the following rights and responsibilities:- Right of access: You can request a copy of the data WorkLLM holds for your organization.
- Right to erasure: You can request deletion of your organization’s data. See Requesting data deletion below.
- Right to portability: You can request an export of your organization’s data in a machine-readable format.
- Data processing agreement (DPA): Enterprise customers can execute a DPA with WorkLLM that formalizes the data processor relationship and sets out obligations under GDPR.
GDPR and CCPA considerations
WorkLLM’s data practices are designed to support your compliance obligations under GDPR (EU) and CCPA (California):- Lawful basis: WorkLLM processes data under the lawful basis of contract performance (providing the service you’ve subscribed to) and legitimate interests.
- Sub-processors: WorkLLM uses third-party sub-processors, including AI model providers. A current list of sub-processors is available upon request at info@workllm.io.
- No sale of personal data: WorkLLM does not sell your personal data. This applies under both GDPR and CCPA.
- Cross-border transfers: WorkLLM uses standard contractual clauses (SCCs) to govern transfers of personal data from the EU to the United States where applicable.
Requesting data deletion
To request deletion of your organization’s data or a subset of it:Contact support
Email info@workllm.io with the subject line “Data deletion request” and include your organization name and the scope of the deletion you’re requesting.
Verify your identity
WorkLLM will verify that the request comes from an authorized Admin in your organization before proceeding.
Confirm the deletion scope
WorkLLM will confirm the exact data to be deleted before taking action. You will receive a summary of what will be removed.