Privacy Policy

This policy explains what information Workhorse Collective, LLC ("Workhorse," "we," "us") collects, how we use it, how we store and protect it, and the choices you have. It covers the Workhorse platform at wrkhrs.co and the services connected to it.

Workhorse is a brand and content platform. We design systems, build sites, and help teams create and publish on-brand work, with AI assistance throughout. When you use the platform, you trust us with your data and your clients' data. We take that seriously.

Information we collect

• Account information. Your name, email address, and password (stored hashed, never in plain text). If you sign in with Google or GitHub, we receive your email and basic profile instead of a password.
• Content you create. Projects, pages, brand records, documents, media, social posts, and other work you produce, plus the files you upload.
• Messages and conversations. The messages you send in the platform, including to AI agents, and any documents or context attached to them.
• Contacts and audience data. If you use our CRM and email tools, the contact and subscriber records you import or create: names, email addresses, tags, segmentation fields, and an activity history of interactions.
• Connected accounts. When you connect a third party service (Google, GitHub, Meta, and others), we store the access tokens needed to act on your behalf. Tokens are encrypted at rest.
• Payment information. When you pay through the platform, our payment processor handles your card. We store only a reference (such as the last four digits, card brand, and a transaction ID), never full card numbers.
• Technical and usage data. Standard logs, device and browser information, IP address, referring page, and analytics about how the platform is used. Some forms and submissions record the IP address and browser they came from.

AI processing of your content

Workhorse uses AI to help you write, design, and analyze. When you use an AI feature, we send the relevant content to a third party AI provider to generate a response. That content can include your prompts, conversation history, attached documents, brand guidelines, and other material needed for the task.

By default we use Anthropic (Claude). If you supply your own provider key (for example Anthropic, OpenAI, or Google), your content is sent to that provider under your key. Providers process the content under their own terms and do not receive your Workhorse password or stored tokens. We retain the resulting messages and a record of token usage to operate the feature and show you your history.

How we use Google user data

Workhorse offers two optional Google integrations. We request only the access each one needs.

• Sign in with Google. If you sign in with Google, we receive your email address and basic profile information (your name and profile picture) to create and secure your account. We do not receive your Google password.
• Google Analytics. If you connect Google Analytics, we request read-only access (the analytics.readonly scope) to retrieve your reporting data and display it inside the platform. We do not change your Analytics configuration, and we do not write to your Analytics data.

We use Google user data only to provide and improve these features for you. We do not use it for advertising. We do not sell it. We do not transfer it to third parties except as needed to run the service (see Sharing below) or where you direct us to. We do not use Google user data to train AI or machine learning models.

Workhorse Collective, LLC's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How we use Meta (Facebook and Instagram) data

If you connect a Facebook Page or Instagram Business account, we request the access needed to list your accounts and publish the posts you create. We publish only when you ask us to. We store the page and account identifiers and an encrypted access token. We do not read your private messages, and we do not post without your action.

Other services you connect

The platform can connect to other services at your request, such as GitHub (sign-in and repository activity digests), content sources you choose to sync, and the integrations available in your workspace. For each, we store only the credentials and data needed to provide the feature, and we act only on your instruction. You can disconnect any service at any time.

When you search stock media, your search terms are sent to the stock media providers (such as Pexels and Unsplash) to return results.

Email and marketing

If you send email campaigns through the platform, we store your subscriber lists and deliver messages through an email provider on your behalf. To report delivery and engagement, we track opens (with a small tracking pixel) and clicks (through a redirect link) using an opaque per-recipient token, not the recipient's email or name. Every marketing email includes an unsubscribe link, and unsubscribes are honored.

We also send transactional email related to your account, such as sign-in, invitations, and notifications.

Payments

Payments are processed by Stripe. Your full card details go directly to Stripe and never touch Workhorse servers. We store a payment reference (last four digits, card brand, transaction and session IDs) and, for orders, the billing and shipping details you provide. If your workspace accepts payments, we store the connected payment account identifiers needed to route funds. Access to signed contracts and payment flows is logged, including the IP address and outcome.

How we store and protect your data

Access tokens for connected accounts and any AI provider keys you supply are encrypted at rest using AES-256-GCM. Passwords are hashed. Data is transmitted over HTTPS. Uploaded files are stored in cloud object storage. Access to production systems is limited to the people who operate the platform.

Sharing

We do not sell your personal information. We share data only in these cases:

• Service providers. Infrastructure and tools we use to run the platform: hosting and object storage, the database, email delivery, payment processing, and AI providers. They handle data on our behalf, for the purpose of providing the service.
• At your direction. When you publish, send, or sync content to a connected service, we transmit it to that service.
• Within your workspace. Content you create is visible to other members of your workspace according to their role.
• Legal reasons. When required by law, or to protect the rights and safety of our users and the public.

Your rights and choices

• Access and correction. You can view and update your account information in the platform.
• Disconnect services. You can disconnect any third party account at any time, which revokes and deletes the stored token for that service. You can also revoke access directly from your Google account permissions.
• Unsubscribe. Use the unsubscribe link in any marketing email to stop receiving them.
• Deletion. To delete your account and the data associated with it, contact us at the address below and we will remove it.

Retention

We keep your data for as long as your account is active or as needed to provide the service. We retain some records longer where required for legal, accounting, or security reasons. When you disconnect a service or delete content, we remove the associated data on our side.

Cookies

We use cookies to keep you signed in and to understand how the platform is used, including through Google Analytics on our own site. You can control cookies through your browser settings. Some features will not work without session cookies.

Children

Workhorse is not directed to children under 13, and we do not knowingly collect their data.

Changes to this policy

We may update this policy as the platform changes. When we do, we will revise the date at the top. Material changes will be communicated through the platform.

Contact

Questions about this policy or your data: email privacy@wrkhrs.co. This service is operated by Workhorse Collective, LLC.