Privacy isn't a marketing word here.
WorkYield measures contribution from the artifacts your team already produces. Below is exactly how we protect that data — and what's on the roadmap.
Architecture
Multi-tenant SaaS with row-level isolation in Postgres — every query is scoped to a tenant ID enforced at the database layer, not the application. Stateless edge compute on hardened cloud infrastructure, no long-lived servers to compromise. Secrets live in an isolated, access-audited vault — never in source control or environment files.
Data flow
OAuth into Slack, Jira, GitHub, Google Calendar and Docs. We ingest metadata only — ticket IDs, PR diff counts, message timestamps, calendar headers. Raw message bodies and document contents are never persisted. Signals are normalized, scored, and surfaced in your tenant. Nothing leaves your tenant for cross-customer training.
Encryption
TLS 1.3 in transit. AES-256 at rest for all customer data and OAuth tokens. Database backups encrypted with separate keys. Tokens rotated on revocation and on schedule.
Access controls
Role-based access with least privilege enforced via a security-definer has_role function in Postgres — roles are never client-side. SSO via Google and (Enterprise) SAML, SCIM for provisioning, MFA required for all admin accounts, and full audit logs for every admin action.
Vendor management
Every sub-processor is reviewed for SOC 2 / ISO 27001 posture before integration. Annual re-review. Customers are notified 30 days before any new sub-processor is added. Full list published below and updated in this page's commit history.
Penetration testing & vulnerability mgmt
Continuous automated vulnerability scanning against dependencies and infrastructure. Third-party penetration test planned alongside SOC 2 Type I; report available under NDA. Critical and high CVEs patched within 7 days; mediums within 30.
Data processing & retention
We process only the metadata required to compute Contribution Scores. Raw message bodies are never persisted. Customer data is purged within 30 days of contract termination. Per-employee data export and deletion available on request to support GDPR DSAR workflows.
GDPR & DPA
WorkYield acts as a data processor. A DPA is available on request and pre-signed for Growth and Enterprise. EU-only sub-processors and region-pinned storage for EU customers on the EU plan.
SOC 2 roadmap
SOC 2 Type I targeted within the next 12 months; Type II to follow. Controls already align with the Trust Services Criteria — RLS-isolated tenant data, encrypted secrets, principle-of-least-privilege roles, full audit logging, and documented incident response. A live trust report will publish at /trust once Type I completes.
Sub-processors
| Name | Purpose | Region |
|---|---|---|
| Supabase | Managed Postgres + Auth | Customer-selected |
| Cloudflare | Edge runtime + CDN | Global |
| Resend | Transactional email | US/EU |
Responsible disclosure
Found a security issue? Email support@getworkyield.com with details. We respond within one business day and credit researchers in our notes once a fix ships.