WorkAndGo is a team communication and workforce management platform. Your employer uses it to help their team collaborate and stay organised. This policy explains what data we collect, why, and who can see it.
The short version: Your employer is the data controller. They decide what monitoring features to enable and how long your data is kept. We process your data on their behalf and never sell it to anyone.
What we collect
Account information
- Your name, email address, and profile photo
- Your role and team assignment within your organisation
- Login timestamps and authentication tokens
Communication data
- Messages you send in channels and direct messages
- Files, images, and documents you share
- Reactions, mentions, and message edits
- Voice and video call metadata (duration, participants) -- we do not record call audio or video unless your employer enables that feature
HR data
- Clock-in and clock-out times, including location data if your employer enables geofencing
- Break and lunch duration
- Leave requests and balances
- Roster and shift assignments
Productivity insights
- Application usage patterns (which apps you use during work hours, and for how long)
- Periodic screenshots -- if your employer enables this feature. Screenshots are captured at configurable intervals and are visible only to your admin
- Focus scores and activity summaries generated from the above data
Device information
- Operating system and app version
- IP address (used for regional data routing, not tracking)
- Device type (desktop or mobile)
How we use your data
- Provide the service. Deliver messages, manage tasks, run HR features, and keep your workspace in sync across devices.
- Generate productivity insights. If enabled by your employer, we compile activity data into team-level productivity reports. These help managers understand workload and patterns.
- Power Jeeves AI. Our AI assistant processes your messages and workspace data to answer questions, summarise discussions, and automate tasks. Jeeves runs within your organisation's data boundary -- your data is never used to train models.
- Compliance monitoring. If your employer enables compliance features, we can flag messages that match configured patterns (for example, sharing of sensitive data). This is fully controlled by your employer.
- Improve the product. We use aggregated, anonymised usage patterns to improve WorkAndGo. We never use your message content or personal data for this purpose.
Who sees your data
Not everyone sees everything. Here is how visibility works:
- Your messages are visible to members of the channel or conversation they are posted in. Admins can access channel archives if granted permission by your organisation.
- Team-level analytics (productivity scores, attendance summaries) are visible to your employer's admins and managers. These are typically shown as team averages, not individual breakdowns, unless your employer configures individual reporting.
- Screenshots and app usage are visible only to admin users designated by your employer.
- Your own data is always visible to you on the My Productivity page, so you can see exactly what your employer sees.
- WorkAndGo staff do not access your data unless required to resolve a support ticket you or your admin raised, and only with your organisation's consent.
We never sell your data. Not to advertisers, not to data brokers, not to anyone. Your data exists to serve your team, and that is it.
Data storage and regional sovereignty
All your data is stored in the region your organisation selects during setup:
- Australia -- Sydney (australia-southeast1)
- United States -- Iowa (us-central1)
- European Union -- Frankfurt (europe-west3)
Your data never leaves your configured region. Processing, storage, backups, and AI inference all happen within the same region. For Australian organisations, this means full compliance with Australian Privacy Principles (APPs).
Your rights
- See your data. Visit the My Productivity page in WorkAndGo to view everything collected about you -- activity logs, productivity scores, screenshots, and attendance records.
- Export your data. Request a full export of your personal data by contacting your admin or emailing [email protected].
- Request deletion. You can request deletion of your data. Note that your employer may have retention policies that require certain data to be kept for a period. We will delete everything that is not subject to such a policy.
- Opt out of non-essential collection. You can disable productivity tracking from your profile settings, subject to your employer's configuration. Essential data (messages, authentication) cannot be opted out of while using the service.
Cookies
We keep it simple:
- Session cookie -- one httpOnly cookie to keep you logged in. It expires when your session ends or after 30 days of inactivity.
- No tracking cookies. We do not use advertising cookies, analytics cookies, or any third-party cookies.
- No cookie banner needed. Because we only use a strictly necessary session cookie, there is nothing to consent to.
Data retention
Your employer configures how long data is kept. Here are the defaults:
- Messages and files -- retained indefinitely (searchable forever), unless your employer sets a limit
- Screenshots -- 90 days, then automatically deleted
- Activity telemetry (app usage, focus scores) -- 180 days
- HR records (attendance, leave) -- retained for the duration of employment plus 7 years (Australian legal requirement)
- Account data -- deleted within 30 days of account removal
Your employer can adjust these defaults (shorter or longer) from their admin panel.
Security
- Encryption at rest -- AES-256 for all stored data
- Encryption in transit -- TLS 1.3 for all connections
- Access control -- role-based access control (RBAC) with principle of least privilege
- Authentication -- OAuth 2.0 with session tokens stored in httpOnly cookies
- Infrastructure -- hosted on Google Cloud Platform with SOC 2 Type II certification
- Monitoring -- 24/7 automated threat detection and incident response
Changes to this policy
If we make changes to this policy, we will notify you through the WorkAndGo app. For material changes -- anything that affects what data we collect, how we use it, or who can see it -- we will give you at least 30 days notice before the changes take effect.
We will never retroactively change how we handle data that was collected under a previous version of this policy.
Contact
If you have questions about your privacy or this policy:
- Email: [email protected]
- For data access or deletion requests, include your organisation name and the email address associated with your WorkAndGo account
- We aim to respond within 5 business days
Fintech Development Pty Ltd, ACN 655 608 969. Level 1, 18-20 Knuckey Street, Darwin NT 0800.