Privacy Policy

1. Our Core Privacy Principle

WorkLens never sees, stores, or transmits your files. All file processing — scanning, detection, and redaction — runs entirely in your web browser using WebAssembly. Your files never leave your device. There is no server-side processing of user documents.

You can verify this yourself: open your browser's Developer Tools, go to the Network tab, drop a file on WorkLens, and observe that zero outbound requests are made during scanning or redaction.

2. What We Collect

We collect minimal data, limited to:

• Email address — only if you voluntarily submit it via the email signup form. Used to notify you of product updates. We do not sell, share, or use your email for any other purpose.
• Basic analytics — page views, browser type, and country (via Vercel Analytics). No personally identifiable information is collected. No cookies are used for analytics tracking.
• Error reports — anonymous crash reports (via Sentry) to help us fix bugs. These contain stack traces and browser information only — never file content or detection results.

3. What We Do NOT Collect

• File content — your CSVs, spreadsheets, JSON, and XML files are never uploaded
• Detection results — the PII found in your files stays in your browser
• Redacted output — the redacted files you download are generated locally
• Audit hashes — the SHA-256 audit receipts are computed in your browser
• AI model inputs — text sent to the NER or Semantic model never leaves your device

4. AI Models

WorkLens uses two AI models for PII detection: a Named Entity Recognition model (for detecting person names, organisations, and locations) and a Semantic Similarity model (for matching non-standard column headers to known PII types).

Both models are downloaded to your browser on first use and cached locally. They run entirely in your browser via WebAssembly — no data is sent to any external AI service. The models perform inference only and do not learn from or retain any data from your files.

5. Cookies

WorkLens uses only essential cookies:

• Access gate cookie — stores a session token when you enter the access code on non-production environments. HTTP-only, expires in 7 days.

We do not use advertising cookies, tracking cookies, or third-party cookies.

6. Third-Party Services

• Vercel Analytics — anonymous page view counting. No PII collected. Vercel Analytics Privacy
• Sentry — error monitoring. Collects stack traces and browser info for crash reports only. Sentry Privacy
• AWS CloudFront — content delivery network serving the application files. Standard access logs only.

No third-party service receives your file content, detection results, or any data derived from your documents.

7. Data Retention

• Email addresses — retained until you unsubscribe or request deletion
• Analytics data — retained for 30 days (Vercel Analytics default)
• Error reports — retained for 90 days (Sentry default)
• File data — never retained because it is never collected

8. Your Rights

Under the Australian Privacy Act 1988, GDPR, and CCPA, you have the right to:

• Request access to any personal data we hold about you (limited to your email address if provided)
• Request deletion of your email address from our mailing list
• Opt out of analytics tracking by using a browser ad blocker

To exercise these rights, email privacy@theworklens.com.

9. Security

WorkLens's architecture is its primary security measure: by never receiving your data, we eliminate the risk of data breaches, unauthorised access, or data loss on our side. The application is served over HTTPS with strict security headers (HSTS, COEP, COOP, X-Frame-Options).

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of WorkLens after changes constitutes acceptance of the revised policy.

11. Contact

WorkLens is operated by WorkLens Pty Ltd, Australia.
For privacy inquiries: privacy@theworklens.com