Private beta

Privacy and data handling

Workflow Record is currently a private beta for operational knowledge workflows. During beta, upload redacted or lightly sensitive operational materials only. Avoid regulated data, customer personally identifiable information, credentials, secrets, and highly confidential contracts.

What to upload during beta

Operational policies and procedures
Escalation playbooks and approval rules
Runbooks, rollback guidance, and messaging constraints
Redacted or lower-risk materials when possible

How storage works

Workspace access is private-beta gated through Supabase Auth.
Workspace database rows are protected with Supabase row-level security.
Uploaded source files are stored in a private Supabase Storage bucket.
Extracted source text is stored in Supabase so the app can compile workflow records.

OpenAI processing

Text, markdown, and selectable-text PDFs can be ingested without OpenAI.
Images and scanned PDFs require explicit OpenAI visual extraction consent.
AI workflow detail drafting is optional and only runs when requested by an owner or admin.
OpenAI-derived text must be reviewed before it becomes part of an approved workflow boundary.

What to avoid during beta

Regulated data
Personally identifiable information
Customer data or customer-specific notes
Highly confidential company materials
Data that would require a formal compliance or enterprise security review

How deletion works today

You can delete uploaded files from your workspace directly in the product.
Deleting a file removes both the uploaded object and its source record.
Workspace owners can delete all uploaded source files and source records from settings.
Metadata-only audit events may remain so owners can understand what happened in the workspace.
If you want broader workspace cleanup during beta, we can manually delete workspace data on request.

Beta trust boundary

This page is meant to set honest expectations for a private beta. It is not a formal legal policy or enterprise security commitment.