Privacy Policy
Effective date: April 5, 2026 · Last updated: April 5, 2026
WorkflowStack AI, operated by Blueteem LLC ("we," "us," or "our"), operates the website at workflowstackai.com (the "Site"). This Privacy Policy explains what personal information we collect, how we use and protect it, who we share it with, and the choices and rights you have regarding that information.
By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Site.
1. Information We Collect
1.1 Information You Provide Directly
We collect personal information when you voluntarily submit it through forms on the Site:
| Touchpoint | Data Collected |
|---|---|
| Newsletter signup | Email address, first name (optional), signup source |
| Guide / resource download | Email address (collected via newsletter signup) |
| AI Readiness Assessment | Email address, industry, company size, operational details, automation level, AI experience, primary goals |
| Consulting / audit request | Name, email address, industry, company size, message |
| Contact form | Name, email address, subject, message |
1.2 Information Collected Automatically
When you visit the Site, certain information is collected automatically:
- IP address: Used solely for rate limiting and abuse prevention. We do not store IP addresses in marketing or analytics databases.
- Device & browser information: Browser type, operating system, screen resolution, and language preference — collected in aggregate for analytics purposes.
- Usage data: Pages visited, time spent on pages, referral source, and anonymized interaction events (e.g., "newsletter signup," "guide download"). We strip sensitive query parameters (such as tokens or keys) before storing any URL data.
1.3 Cookies & Similar Technologies
The Site uses minimal cookies:
- Essential authentication cookies: Set only when an administrator logs in to manage the Site. These are not set for regular visitors.
- Analytics: We use privacy-focused, cookieless analytics to collect anonymized performance metrics (page load times, web vitals). This service does not track individual users across sites.
We do not use advertising cookies, social media tracking pixels, retargeting tags, or third-party analytics cookies.
2. How We Use Your Information
We process your personal information only for the purposes described below. Under GDPR, the legal basis for each purpose is noted in parentheses.
- Deliver content and services you request (performance of contract) — including guide downloads, newsletter emails, assessment results, and responses to inquiries.
- Send marketing communications (consent) — after you subscribe, we send a welcome email, an automated email sequence (up to 7 emails over approximately two weeks), and periodic newsletter updates. You can withdraw consent at any time.
- Respond to consulting and contact requests (legitimate interest) — to follow up on inquiries you initiate.
- Improve the Site and our offerings (legitimate interest) — to analyze aggregated, non-personally-identifiable usage patterns, improve content relevance, and enhance user experience.
- Prevent abuse and ensure security (legitimate interest) — to enforce rate limits, detect fraud, and protect the integrity of the Site.
- Comply with legal obligations (legal obligation) — where required by applicable law, regulation, or legal process.
We do not sell, rent, or share your personal information with third parties for their own marketing purposes.
3. Third-Party Service Providers
We use a limited number of trusted third-party service providers to operate the Site. These providers process data on our behalf under contractual obligations to protect your information and use it only for the purposes we specify:
- Cloud database hosting provider — stores subscriber, assessment, consulting, and analytics data in a secured, encrypted database.
- Email delivery provider — processes email addresses and first names to send newsletters, welcome emails, and transactional messages on our behalf.
- Website hosting & CDN provider — serves the Site and processes standard web request data (IP address, user agent) during delivery. Also provides anonymized, cookieless performance analytics.
All third-party providers are selected for their strong privacy and security practices. We do not permit them to use your data for any purpose other than providing services to us.
4. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law:
- Newsletter subscribers: Retained until you unsubscribe. After unsubscribing, we keep a minimal record (email and unsubscribed status) to honor your opt-out preference and prevent accidental re-enrollment.
- Assessment submissions: Retained for up to 24 months, then deleted.
- Consulting & audit requests: Retained for up to 24 months, then deleted.
- Contact form submissions: Retained for up to 12 months, then deleted.
- Analytics data: Aggregated, non-personally identifiable event data is retained indefinitely.
You may request earlier deletion of your data at any time (see Section 6).
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- HTTPS/TLS encryption on all pages with HTTP Strict Transport Security (HSTS) enabled.
- CSRF protection and origin validation on all form submission endpoints.
- Rate limiting on all public-facing endpoints to prevent abuse.
- Cryptographically signed, time-limited download tokens for guide access.
- Security headers including Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
- Row-level access controls on our database to enforce data isolation.
- Input validation and sanitization on all user-submitted data.
While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will notify affected users of any data breach in accordance with applicable law.
6. Your Rights & Choices
Depending on where you reside, you may have some or all of the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure / deletion: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we limit how we process your data in certain circumstances.
- Data portability: Request a machine-readable copy of data you have provided to us.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
- Unsubscribe: Opt out of marketing emails at any time using the unsubscribe link in every email we send.
To exercise any of these rights, contact us at privacy@workflowstackai.com. We will respond within 30 days (or sooner if required by applicable law). We may need to verify your identity before fulfilling your request.
7. International Data Transfers
The Site is operated from the United States. If you access the Site from outside the United States — including from the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions — your personal information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.
Where required, we rely on appropriate safeguards for international transfers, including standard contractual clauses approved by the European Commission, or other lawful transfer mechanisms. By using the Site, you consent to the transfer of your information as described in this policy.
8. European Economic Area, United Kingdom & Swiss Users (GDPR)
If you are located in the EEA, UK, or Switzerland, the following additional provisions apply:
- Data controller: WorkflowStack AI is the data controller responsible for your personal information.
- Legal bases: We process personal data under one or more of the following legal bases: your consent, performance of a contract, our legitimate interests (as described in Section 2), or compliance with legal obligations.
- Rights: You have the rights described in Section 6 above, including the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not adequately addressed your concerns.
- Automated decision-making: Our AI Readiness Assessment uses automated scoring to generate recommendations. These results are informational only, carry no legal or similarly significant effects, and you may request human review at any time.
- Data minimization: We only collect data that is necessary for the stated purposes. Optional fields are clearly marked.
9. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request that we delete personal information we have collected from you.
- Right to opt out of sale: We do not sell your personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise your CCPA/CPRA rights, contact us at privacy@workflowstackai.com.
10. Canadian Residents (PIPEDA)
If you are located in Canada, we process your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and challenge the handling of your personal information. Contact us at privacy@workflowstackai.com to make a request.
11. Children's Privacy
The Site is not directed to individuals under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@workflowstackai.com.
12. Third-Party Links
The Site may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on this page with an updated "Last updated" date. If we make material changes, we will provide prominent notice (such as a banner on the Site or an email to subscribers). Your continued use of the Site after changes are posted constitutes acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
- Privacy inquiries: privacy@workflowstackai.com
- General support: support@workflowstackai.com
- Legal matters: legal@workflowstackai.com
See also our Terms of Service.