What we collect
From you (the Workhand customer): name, email, phone, business details, payment information (handled by Stripe � we never see card numbers), the OAuth credentials you grant us for your connected channels (Gmail, Calendar, GBP, Metricool), and the knowledge-base content you author for Workhand.
From your customers (people who interact with Workhand on your behalf): the content of their interactions � call recordings, email bodies, SMS messages, review text � plus the metadata Workhand needs to handle them (timestamps, contact identifier, booking details, payment receipts).
What we do with it
We use your data exclusively to operate the Workhand service for you. That means: routing inbound interactions through the AI prompts to draft replies, storing the audit log so you can see what happened, sending you summaries, billing you for the service. We don't use your data to train AI models. We don't sell or share data outside the named sub-processors.
How long we keep it
Active customer data: kept for as long as you're a customer. After cancellation: 30-day grace period to download your export, then permanent deletion. Call recordings: 90 days from the call, then deleted automatically. Audit log: 7 years (regulatory requirement). Payment records: 7 years (HMRC).
Your rights
Under UK GDPR you can request a copy of your data, ask us to correct anything wrong, or ask us to delete it. We respond within 30 days; the in-app form is the fastest path because the request lands in the audit log directly.
How we use Google user data
This section describes how Workhand accesses, uses, stores, and shares Google user data when you connect your Google account. It supplements the rest of this Privacy Policy and is written to satisfy the Google API Services User Data Policy, including the Limited Use requirements. Last updated 10 May 2026.
Google APIs we use
- Gmail API � to read, organise, draft, and send email on your behalf from your connected Gmail mailbox.
- Google Calendar API � to read your upcoming events and to create, update, and reschedule events on your behalf.
- Google Cloud Pub/Sub (Gmail push notifications) � Google sends Workhand an authenticated webhook when your mailbox state changes so we can react in near real time without polling.
OAuth scopes we request, and why
We request the minimum scopes required to deliver the features you have asked for. Each scope below is shown by its exact Google scope string.
gmail scopes
https://www.googleapis.com/auth/gmail.modify
- Data accessed: message metadata (sender, recipients, subject, timestamps, labels, thread IDs) and message body content (text and HTML), including attachments, for messages in your mailbox; ability to change message state (mark read/unread, add or remove labels, archive, move to trash).
- What we do with it: surface relevant inbound email threads in your Workhand dashboard; let our AI features summarise threads, classify intent (e.g. "new job enquiry", "invoice query"), and suggest next actions; apply Workhand labels to threads we have actioned; mark messages read once you have reviewed them in Workhand; archive messages you have dismissed.
- Why we need it: without this access we cannot show you your inbound email inside Workhand or trigger any of the AI assistance you signed up for, and actions you take in Workhand would not be reflected in Gmail.
https://www.googleapis.com/auth/gmail.send
- Data accessed: none on its own � this scope only grants the ability to send mail as you.
- What we do with it: send the replies you (or you-with-AI-assistance) compose in Workhand, from your own Gmail address, so recipients see your normal sender identity.
- Why we need it: so that outbound replies sent from Workhand reach your customers from your own mailbox rather than a Workhand address.
calendar scopes
https://www.googleapis.com/auth/calendar.readonly
- Data accessed: event titles, descriptions, locations, start/end times, attendees, and free/busy status across the calendars on your connected account.
- What we do with it: display your upcoming schedule in the Workhand dashboard; give the AI scheduling feature awareness of your existing commitments so it does not double-book you.
- Why we need it: the AI cannot suggest sensible meeting times without knowing when you are already busy.
https://www.googleapis.com/auth/calendar.events
- Data accessed: read and write access to events on your calendars.
- What we do with it: create new events when you (or the AI on your behalf) book a job, call, or meeting; update or reschedule events; cancel events you have called off.
- Why we need it: this is what lets Workhand book and reschedule on your behalf, which is the core of the AI scheduling feature.
pub/sub
We do not request a user-facing OAuth scope for Pub/Sub. We register a Gmail watch on your mailbox using the Gmail scopes above; Google then pushes change notifications to a Workhand endpoint authenticated with a Google service account. The notification itself contains only your mailbox identifier and a history ID � no message content � which we then fetch using the Gmail scopes you have already granted.
Limited Use of Google user data
Workhand's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide or improve user-facing features that are prominent in the Workhand application's user interface � namely the inbox view, AI assistance, and AI scheduling features described above.
- We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
- We do not sell Google user data.
- We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or where the data has been aggregated and anonymised for internal operations.
AI and machine learning
We do not use your Google user data � including the content of your Gmail messages or Calendar events � to develop, improve, or train generalised or non-personalised AI or machine learning models.
We do route your data through a third-party Large Language Model provider to power AI features (summarisation, drafting, scheduling decisions) that you see in the product. Our contract with that provider prohibits them from using your data to train their models and requires deletion after the request is served. The provider is contractually bound by the same Limited Use restrictions described above.
Sub-processors that may handle Google user data
Google user data flows through the following sub-processors only to deliver the features above:
| Sub-processor | Role | Region |
|---|---|---|
| Supabase | Primary application database; encrypted at rest | London, UK (eu-west-2) |
| Vercel | Web request handling and application hosting | London, UK (lhr1) |
| n8n on Railway | Workflow orchestration (including routing to the LLM provider) | EU |
| Sentry | Error capture (PII scrubbing applied) | Frankfurt, EU |
| Axiom | Application logs (PII redaction policy applied) | EU |
| Third-party LLM provider | Assistive AI features (summarisation, drafting, scheduling). No training on your data. | EU/US (per contract) |
We keep our sub-processor list current. Material changes are communicated in advance via in-product notice and on our public sub-processor page.
How long we keep Google user data
- Hot storage: 90 days from the date the data first enters Workhand.
- Archive: after 90 days, data moves to cold archive storage in the same region for the remainder of your active subscription, unless you delete it sooner.
- Account closure: all Google user data associated with your account is deleted within 30 days of account closure.
- Revoking access:you can revoke Workhand's access at any time via myaccount.google.com/permissions. When you revoke, we stop fetching new data immediately and delete the cached copies within 30 days.
Your rights and how to reach us
For data subject requests (access, correction, deletion, export, or any question about how we handle your Google user data), email privacy@workhand.co.uk. We respond within 30 days.
You can also delete specific data without contacting us by removing the relevant items from inside the Workhand dashboard or by disconnecting your Google account in Settings ? Integrations ? Google.
Sub-processors + transfers
We use a small set of named sub-processors (Anthropic, Twilio, Retell, Supabase, Vercel, Stripe, Resend, Metricool, Sentry, Axiom). The full list with country and purpose is at /legal/sub-processors. Some sub-processors are based outside the UK / EEA � those transfers run on Standard Contractual Clauses or equivalent adequacy basis. We notify you 30 days before adding any new sub-processor.
How to contact us
Workhand Ltd, registered in England & Wales, company number 17196069. Registered office: 5 Yarnfield Croft, Stone, Staffordshire, ST15 0GH. ICO registration ZC145776. Email privacy@workhand.co.uk for any privacy queries (or felix@workhand.co.uk if you'd rather reach the founder directly).
Questions on this page? Email felix@workhand.co.uk , every reply is read. For DSAR submissions specifically, use the in-app DSAR form so the request lands in the audit log directly.