We don't save your workplace data.
Chat with Work doesn't copy your Drive or Slack into a permanent index. It searches connected accounts when you ask, uses the matching sources, and links back to the original.
Some results are cached so repeat questions are faster. That cache is encrypted and deleted after 30 days if it is not used.
No one can quietly read your work.
Admin screens don't show customer chat text or document text. Support can work from account metadata, error summaries, and usage records.
If deeper production access is ever needed, it has to leave a trail: why it was needed, who did it, a recorded session, and a review.
No one trains models on your data.
For each answer, the selected model gets the prompt, chat context, and tool results needed for that answer. Nothing more.
Chat with Work doesn't train models either. The hosted app uses model providers that say customer data is not used to train their models. It runs in Germany, and the default Gemini path uses Google Cloud's EU region.
Uploads are checked before they are used.
Uploads stay outside the public web root. SVG and Flash files are blocked.
In production, ClamAV scans uploads before Chat with Work can read them. If scanning fails, the file is deleted and the answer does not run. Unsafe files are stopped before they can be processed.
Security checks are part of shipping.
Before changes go live, the app runs tests, dependency audits, Rails security scans, and secret scanning.
CASA evidence covers app scans, TLS, DNS, security headers, backups, malware scanning, encrypted fields, MFA, and access logs.
Questions?
For security questions, vendor reviews, vulnerability reports, CASA evidence, or SOC 2 status, email hello@chatwithwork.com .