Legal
Privacy Policy
Effective date: April 5, 2026
Your privacy matters to us. This policy explains what data we collect, how we use it, and what choices you have.
1. Overview
Purpleant Technologies Inc., a Delaware C Corporation ("we", "us", or "our") operates the Wrrk platform at wrrk.ai. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. By using Wrrk, you consent to the practices described in this policy.
2. Information We Collect
We collect the following categories of information: • Account Information: name, email address, organization name, profile photo, and password when you register. • Payment Information: billing address and payment details (processed securely by our payment provider; we do not store raw card numbers). • Usage Data: pages visited, features used, actions taken, session duration, IP address, browser type, and device information. • Integration Data: when you connect third-party accounts (Google Calendar, Gmail, Outlook, WhatsApp, Instagram), we access only the data required to provide the integration — such as calendar events, email metadata, and messaging activity — in accordance with the permissions you grant. • AI Interaction Data: prompts, queries, and content you submit to AI-powered features for the purpose of generating responses. • Communications: messages, notes, or support requests you send us. • Cookies & Tracking: see Section 9.
3. How We Use Your Information
We use your information to: • Provide, maintain, and improve the Service • Process transactions and send related notices • Send product updates, security alerts, and support messages • Personalize your experience and surface relevant features • Process your inputs through AI models to generate content, suggestions, and automated responses • Analyze usage patterns to improve our product • Detect and prevent fraud, abuse, and security incidents • Comply with legal obligations We do not sell, rent, trade, or otherwise monetize your personal information to any third party. Your data is used exclusively to provide and improve the Service.
4. AI Data Processing & Third-Party AI Providers
Wrrk uses artificial intelligence to power features such as content generation, email drafting, document creation, image generation, analytics insights, and automated workflows. To provide these features, your inputs (prompts, text, context data) may be processed by the following third-party AI model providers: • Anthropic (Claude) — for text generation, analysis, and conversational AI • OpenAI (GPT models) — for text generation and content creation • Amazon Web Services (Amazon Bedrock) — for AI model hosting, image generation, and text processing When your data is sent to these providers: • It is transmitted securely over encrypted connections (TLS) • It is processed solely to generate a response to your request • We do not authorize these providers to use your data for training their models (where such opt-out is available, we have opted out) • These providers may retain data temporarily for abuse prevention and debugging in accordance with their own data processing agreements We do not sell, share, or otherwise provide your data to these AI providers for any purpose other than generating responses within the Service. We have entered into data processing agreements with our AI providers that include confidentiality and data protection obligations. For more information, see the privacy policies of our AI providers: Anthropic (anthropic.com/privacy), OpenAI (openai.com/privacy), and AWS (aws.amazon.com/privacy).
6. Third-Party OAuth Integrations
When you connect your Google, Microsoft, or Meta accounts: • Google Calendar & Gmail: We access calendar events and email data solely to display them within Wrrk and to perform actions you explicitly request (e.g. creating events). We do not store email body content beyond what is needed to display it in the app. • Microsoft Outlook & Calendar: Same scope as Google — read/write calendar and email data as you direct. • WhatsApp & Instagram (via Meta): We access messaging data to enable customer communication features. Messages are processed to deliver the Service and are not used for advertising. You can revoke any integration at any time from your account settings or from the respective provider's account security page.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 90 days, unless we are required to retain it for legal or regulatory purposes. AI interaction logs (prompts and responses) are retained for up to 30 days for debugging purposes and then deleted. Aggregated, anonymized analytics data may be retained indefinitely.
8. Security
We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256), access controls, and regular security reviews. Data sent to AI providers is transmitted over encrypted connections and is not stored in plaintext. However, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and to enable any two-factor authentication options we provide.
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Deletion: Request deletion of your personal data ("right to be forgotten"). • Portability: Request your data in a machine-readable format. • Objection: Object to certain processing activities, including AI processing of your data. • Withdrawal of Consent: Withdraw consent where processing is based on consent. • AI Opt-Out: Request that your data not be processed by AI features (note: this may limit functionality). To exercise any of these rights, contact us at privacy@wrrk.ai. We will respond within 30 days. For EU/EEA users, you also have the right to lodge a complaint with your local data protection authority. For California residents, you have additional rights under the CCPA.
11. Children's Privacy
The Service is not directed to children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us at privacy@wrrk.ai and we will delete it promptly.
12. International Data Transfers
Wrrk is operated by Purpleant Technologies Inc., headquartered in the United States. Our infrastructure is hosted on Amazon Web Services with servers in multiple regions. If you access the Service from outside the United States, your information may be transferred to and processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers. We take appropriate measures, including data processing agreements and standard contractual clauses where applicable, to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date, or by emailing the address associated with your account. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
14. Data Breach Notification
In the event of a data breach that affects your personal data, we will: • Notify affected users via email within 72 hours of becoming aware of the breach • Notify relevant data protection authorities as required by applicable law • Provide details about the nature of the breach, the data affected, and the steps we are taking to mitigate the impact • Provide guidance on steps you can take to protect yourself We maintain an incident response plan and conduct regular security assessments to minimize the risk and impact of data breaches.
15. Sub-Processors
We use the following third-party sub-processors to provide the Service: • Amazon Web Services (AWS) — Infrastructure hosting, compute, storage, email (SES), database (DynamoDB). Regions: ap-south-1 (Mumbai), us-east-1 (Virginia). • Anthropic — AI model provider (Claude) for content generation, analysis, and conversational AI. • OpenAI — AI model provider for text generation (fallback). • Stripe — Payment processing and subscription management. • Google — OAuth authentication, Calendar and Gmail integration. • Microsoft — OAuth authentication, Outlook and Teams integration. • Meta — WhatsApp Business API and Instagram integration. • Nango — Third-party integration management (self-hosted on our AWS infrastructure). We maintain data processing agreements with all sub-processors. We will update this list when sub-processors are added or changed. You can contact privacy@wrrk.ai to be notified of sub-processor changes.
16. AI Model Training
To be clear about our AI data practices: • Purpleant Technologies Inc. does NOT use your personal data, content, or conversations to train AI models. • Your inputs to AI features (prompts, content) are sent to third-party AI providers solely to generate a response. • We have opted out of AI provider training programs where such opt-out is available. • We may use aggregated, anonymized, and de-identified usage statistics (not your content) to improve the Service's AI feature recommendations and defaults. • You can opt out of AI processing entirely by contacting privacy@wrrk.ai. Note: this will disable AI-powered features in your account.
17. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: Purpleant Technologies Inc. a Delaware C Corporation Privacy: privacy@wrrk.ai Data Protection Officer: Nitya Prakhar (nitya@wrrk.ai) Website: https://wrrk.ai
See also our Terms of Service. For privacy questions, email privacy@wrrk.ai.