LEGAL
Privacy policy
Effective date: March 15, 2026
Information we collect
When you interact with Workforce, we may collect personal information you provide directly — such as your name, email address, company name, and job title — when you submit a contact form, book a demo, or communicate with us. We also collect usage data about how you interact with our website, including pages visited, time spent, and referral sources. Technical information such as IP address, browser type, operating system, and device details may also be collected. Our site may use cookies and similar technologies to enhance your experience.
How we use your information
We use the information we collect to provide, maintain, and improve our services, to respond to your enquiries and deliver support, and to communicate product updates and relevant content where you have opted in. We analyse usage patterns to understand how visitors interact with our website and to improve performance and user experience. Your information may also be used to maintain security and prevent fraudulent activity.
How we share information
We do not sell or rent your personal information. We may share data with trusted service providers who assist in operating our business — such as hosting, analytics, and communication tools — under strict data processing agreements. If required by law, we may disclose information to comply with legal obligations. In the event of a business transfer such as a merger or acquisition, your information may be included in the transferred assets.
Data retention
We retain your information only as long as necessary to fulfil the purposes outlined in this policy, or as required by applicable law. When information is no longer needed, we securely delete or anonymise it.
At Driftwerk Ltd ("Workforce", "we", "us"), we are committed to protecting your privacy. This policy explains what information we collect through our website and platform, how we use it, and the choices available to you. By using workforceai.dev and our services, you agree to the practices described below.
Third-party links
Our website may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies before sharing personal information.
AI processing and third-party LLM providers
Workforce is a self-hosted platform. Your source code and proprietary data remain within your infrastructure at all times. However, to enable AI inference, the platform transmits prompts and code context ("Inference Data") to third-party large language model providers ("LLM Providers"). This Inference Data may include code snippets, function names, file paths, commit messages, and task descriptions. Current LLM Providers include: Anthropic (Claude), based in the United States; Google (Gemini), based in the United States; and xAI (Grok), based in the United States. We select LLM Providers that contractually commit to not using Inference Data for model training. Inference Data is transmitted via encrypted connections and is not stored by LLM Providers beyond the duration necessary to process the request. If Inference Data contains personal data, the transmission to LLM Providers constitutes a transfer of personal data to the United States. We rely on appropriate transfer mechanisms including the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses with UK Addendum, the EU-US Data Privacy Framework for certified providers, and mechanisms recognised under Australian Privacy Principle 8.
Sub-processors
We use the following categories of sub-processors to deliver our services: LLM Providers (as listed above) for AI inference processing; Framer for website hosting (Netherlands/EU); and Hostinger for email and domain services. A current list of sub-processors is available upon request at hello@workforceai.dev. We will provide at least 30 days' notice before engaging a new sub-processor that materially changes our data processing arrangements.
Data breach notification
In the event of a personal data breach affecting your data, we will notify you without undue delay, and in any event within 72 hours of becoming aware of the breach where feasible. We will provide details of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach. We will cooperate with you in investigating the breach and meeting your obligations under applicable data protection law, including notifications to supervisory authorities and affected individuals. Since Workforce is self-hosted, data breaches relating to your deployment environment are your responsibility to detect and report. This notification obligation applies only to breaches within Driftwerk Ltd's systems and control.
International data transfers
Driftwerk Ltd is incorporated in England and Wales. When we process personal data, it may be transferred to and processed in countries outside your jurisdiction, including the United States where our LLM Providers are located. For individuals in the United Kingdom or European Economic Area, we ensure such transfers are protected by adequacy decisions, the UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses (2021) with the UK Addendum where required, or the EU-US Data Privacy Framework for certified recipients. For individuals in Australia, we take reasonable steps to ensure that overseas recipients of personal information handle it in accordance with the Australian Privacy Principles, as required by APP 8. For individuals in the United States, we comply with applicable state privacy laws regarding cross-border data processing and service provider obligations.
Automated decision-making
The Workforce platform uses AI agents to make autonomous decisions about software engineering tasks, including which code to write, how to structure implementations, and whether to approve code reviews. These decisions relate to your codebase and engineering workflows, not to individuals. We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. For Australian customers, where the platform makes computer-driven decisions using personal information that could significantly affect individuals' rights or interests, we will disclose this as required by the Privacy Act 1988. As of the date of this policy, Workforce's automated decisions relate to code and engineering tasks, not to individual persons.
Your rights
Your privacy rights depend on your location. For individuals in the United Kingdom and EEA, under the UK GDPR and EU GDPR you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. For individuals in the United States, under the California Consumer Privacy Act (CCPA/CPRA) and applicable state privacy laws, you may have the right to know what personal information we collect, request deletion, and opt out of sale or sharing. Driftwerk Ltd does not sell personal information. For individuals in Australia, under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to access and correct personal information we hold about you. You may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. To exercise any of these rights, contact us at hello@workforceai.dev. We will respond within the timeframes required by applicable law.
Cookies and consent
We use cookies and similar technologies on workforceai.dev. Strictly necessary cookies are required for the website to function and do not require consent. Analytics cookies are used to understand traffic patterns and improve our website, and are only set after you provide consent. We do not currently use marketing or advertising cookies. When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time. Declining non-essential cookies will not affect core website functionality.
Security
We implement appropriate technical and organisational measures to protect your information from unauthorised access, misuse, or disclosure. Workforce is a self-hosted platform — customer code and data remain within the customer's own infrastructure. No online transmission or storage system is completely secure, but we take reasonable steps to safeguard your data.
Updates to this policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with a revised effective date. We encourage you to review this page periodically. For questions about this policy, contact us at hello@workforceai.dev.