← Back to WorkKept

Privacy Policy

Last updated: May 2026

1. Who We Are

WorkKept ("we", "us", "our") operates the WorkKept service. Contact: [email protected].

2. What Data We Process

2.1 Data You Provide

• Email address (when you sign in with Google)
• Name and profile picture (from Google profile)
• Payment information (processed entirely by PayPal — we never see your card details)

2.2 Data We Access on Your Behalf

When you connect a Google Workspace account, we request read-only access to:

• Google Drive: File names, metadata, and content you choose to export
• Gmail: Email subjects, bodies, and attachments you choose to export
• Google Calendar: Event details you choose to export
• Google Profile: Your name and email address

2.3 Data We Do NOT Collect

• Passwords (we use OAuth — you authenticate directly with Google)
• Credit card numbers (processed by PayPal)
• Browsing history
• Location data
• Any data from non-connected accounts

3. How We Use Your Data

• To generate your export: We process your selected data into organized DOCX/PDF/archive files
• To provide support: We may access minimal account info to debug issues
• To improve the service: We track anonymized usage metrics (e.g., "export completed successfully")

4. Data Retention

Data Type	Retention Period
OAuth tokens	Deleted after export completes or within 24 hours
Exported files	24 hours, then permanently deleted
Account info (email, name)	Retained until you request deletion
Payment records (PayPal transaction ID)	Required for tax records (7 years)

5. Data Deletion

You can request deletion of all your data at any time by emailing [email protected]. We will:

1. Revoke all Google OAuth tokens
2. Delete all your account data from our database
3. Confirm deletion via email within 48 hours

6. Third-Party Services

Service	Purpose
Google (OAuth + APIs)	Authentication & data access
PayPal	Payment processing
Hetzner	Server hosting (EU — Helsinki, Finland)

7. Data Transfers

All data is processed and stored on servers in Helsinki, Finland (EU). Your Google data is accessed from there. We do not transfer your data outside the European Economic Area.

8. Cookies

WorkKept uses a minimal set of cookies, all of which are strictly necessary for the service to function. We do not use any tracking, analytics, advertising, or third-party cookies.

Cookie	Purpose	Duration	Type
session	Encrypted session cookie — keeps you logged in during your export session. Contains your OAuth tokens and payment status.	24 hours or until logout	Essential

Because we only use essential cookies, we do not require prior consent under the ePrivacy Directive. However, we believe in transparency — the banner on our site informs you of our cookie usage and links here for details.

You can withdraw your cookie consent at any time by clearing your browser cookies and refreshing the site. To manage cookie preferences, click "Cookie Settings" in the footer of any page — this will re-show the cookie banner.

9. GDPR Rights

If you are in the EU/EEA, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests

To exercise any GDPR right, contact us at [email protected].

9. Security

• All connections are HTTPS/TLS encrypted
• OAuth tokens are encrypted at rest
• We use short-lived access tokens where possible
• We follow the principle of least privilege (read-only API scopes)
• No stored credit card data (PayPal handles everything)

10. Children's Privacy

WorkKept is not intended for users under 18. We do not knowingly collect data from children.

11. Contact

Privacy inquiries: [email protected]
Data Controller: WorkKept, Helsinki, Finland