Privacy Policy

Wurkn (“Wurkn”, “we”, “us”, or “our”) is committed to protecting the privacy of every person who interacts with our platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

Wurkn is operated from Kitchener-Waterloo, Ontario, Canada. This policy is written to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Law 25 (Law Modernizing Privacy Protection Provisions). If you are accessing Wurkn from outside Canada, your data may be subject to Canadian law.

1. Who This Policy Applies To

This policy applies to:

  • Employer-side users (administrators, HR professionals, executives, managers) who access the Wurkn platform on behalf of their organization
  • Employees who submit feedback through Wurkn-integrated channels (Slack, the Wurkn web portal)
  • Visitors to wurkn.com

2. Information We Collect

2.1 Anonymous Employee Feedback

When an employee submits feedback through Wurkn, we collect:

  • The text content of the feedback submission
  • An anonymized session identifier (not linked to any named individual or account)
  • Timestamp of submission
  • Submission channel (e.g., Slack, web portal)

Wurkn is designed to reduce or remove personal identifiers from feedback before long-term storage and analytical processing where applicable. Feedback records are intended to be stored using de-identified session references rather than named employee identities.

Certain metadata required for security, routing, troubleshooting, or integration operation may be processed temporarily but is not intended to be used to identify employees in employer-facing outputs.

Audio feedback: Audio transcription is currently processed through our pipeline. PII redaction for audio is part of an active development sprint. Until that sprint is complete, we recommend that pilot customers use text-only feedback collection.

Where supported by the applicable integration and customer configuration, Wurkn may automatically remove processed feedback messages from supported communication channels according to configured retention settings.

Wurkn does not control exports, backups, retention policies, administrative actions, or records maintained by third-party communication platforms.

2.2 Employer Account Information

When an organization signs up for Wurkn, we collect information about the employer account:

  • Company name and domain
  • Administrator name and email address
  • Billing contact information
  • Role assignments for employer-side users

This information is used to operate the platform, communicate with account holders, and process billing.

2.3 Technical and Usage Data

We automatically collect certain technical data when the platform is used:

  • Hashed IP address (not stored in plaintext)
  • Hashed user-agent string
  • API request and response logs (for security monitoring and audit purposes)
  • Platform interaction data (feature usage, session duration)

We do not collect or store plaintext IP addresses or device fingerprints.

2.4 Cookies and Session Tokens

Wurkn uses session tokens to authenticate logged-in users. Access tokens expire after 15 minutes. We may use cookies necessary for platform operation. We do not use advertising cookies or third-party tracking pixels.

3. How We Use Your Information

We use the information we collect to:

  • Operate the Wurkn platform and deliver employer-facing cultural intelligence dashboards
  • Analyze aggregated and de-identified workplace feedback and generate organizational insights
  • Detect workplace themes, trends, and organizational patterns using aggregated analytical methods
  • Maintain platform security, investigate abuse, and support audit trails
  • Communicate with employer account holders regarding their account, billing, and product updates
  • Comply with applicable legal obligations

We do not use employee feedback data for advertising. We do not sell any personal information to third parties.

4. How We Protect Privacy and Reduce Identification Risk

Privacy protection and reduction of identification risk are built into Wurkn’s architecture and operational processes.

  • Employee feedback is designed to be stored against de-identified session references rather than employee identities where supported by the collection flow. The employee field on feedback records is null by design for anonymous submission paths.
  • Employer-side dashboards surface aggregated, anonymized insights. Departmental analytics require a minimum pool of 30 employees before insights are displayed, preventing identification through small group analysis.
  • Employer-facing outputs are designed to prevent ordinary platform users from tracing individual submissions back to employees through standard platform functionality.
  • Company data is isolated at the database level. One organization cannot access another organization’s data.

5. AI Processing and Third-Party Sub-Processors

Wurkn uses artificial intelligence to analyze feedback submissions for sentiment, emotion, and workplace factor classification. This analysis involves third-party AI providers.

5.1 Current Processing Arrangement

Feedback submissions may undergo automated analysis to generate sentiment, workplace signals, categorization, and organizational insights.

Wurkn applies technical measures intended to reduce or remove personal identifiers before analytical processing where applicable.

Depending on customer configuration and processing architecture, certain processing activities may involve third-party service providers that support infrastructure, analytics, communication, transcription, artificial intelligence, and platform operations.

Where third-party providers process customer information on behalf of Wurkn, Wurkn takes reasonable steps to require appropriate privacy and security obligations consistent with applicable law.

Wurkn may maintain and update information regarding third-party processing arrangements through this Privacy Policy or related documentation.

5.2 AI Training on Your Data

It is our policy not to authorize our AI sub-processors to use Wurkn customer data to train or improve their general AI models. We are formalizing this commitment through our Data Processing Agreement process with each sub-processor. It is Wurkn’s policy not to authorize AI providers to use customer content submitted through Wurkn to train or improve general-purpose AI models, except where explicitly disclosed or authorized.

6. Data Retention

We retain data for the following periods:

  • Feedback and analytical outputs are retained according to customer configuration, service agreements, operational requirements, and applicable legal obligations. Where automated retention controls are enabled, source feedback may be deleted or shortened according to configured retention periods.
  • Employer account information: retained for the duration of the account and for up to 90 days following account closure
  • API audit logs: retained for a minimum of 12 months for security and compliance purposes
  • Anonymous session data: sessions are anonymized after 30 days

Upon contract termination, Wurkn will delete or de-identify customer data according to applicable agreements and documented retention procedures.

7. Your Rights

7.1 Employer-Side Users

If you are an employer-side account holder, you have the right to:

  • Access the personal information we hold about your account
  • Correct inaccurate personal information
  • Request deletion of your account and associated personal information
  • Withdraw consent to data processing (which may affect your ability to use the platform)
  • File a complaint with the Office of the Privacy Commissioner of Canada

7.2 Employee Submitters

Because feedback is submitted anonymously, Wurkn does not hold personally identifiable information about individual employees. We therefore cannot link a deletion or access request to a specific individual’s feedback submissions. If you believe information about you may have been captured and wish to raise a concern, please contact us at the address below and we will investigate.

7.3 Right to Erasure

Deletion requests may be submitted using the contact information below and will be processed in accordance with applicable law and operational procedures.

8. Security

We apply the following technical security measures:

  • Passwords are hashed using Django’s PBKDF2 implementation. Plaintext passwords are never stored.
  • Invitation codes, session IDs, and tokens are generated using cryptographically secure randomness.
  • All data in transit is protected with TLS 1.2 and TLS 1.3. HSTS is enabled.
  • Role-based access control (RBAC) restricts data access by user role. Cross-company data access is blocked at the database query level.
  • All API requests are logged via audit middleware.

Wurkn continuously reviews and improves its security practices as part of its ongoing security and compliance programme.

9. International Data Transfers

Wurkn is operated from Canada. If you are located outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada, and by our sub-processors in the United States and other jurisdictions.

We take steps to ensure that data transferred internationally receives an adequate level of protection consistent with applicable Canadian privacy law.

10. Children’s Privacy

Wurkn is a business-to-business platform intended for use by organizations and their adult employees. We do not knowingly collect personal information from anyone under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify employer account holders by email and update the effective date at the top of this document. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact:

Email: hello@wurkn.com