AugWork Privacy Policy.

AugWork is an AI Operating System for small and mid-sized businesses. We help companies run real work through AI Employees, a personal AI assistant called My Augie, and a set of products including Projects, Prompt, the Company Command Center, and DuplicateME.

This Privacy Policy explains what data we collect, where it lives, who we share it with, and the rights you have over it.

If you have a question about this policy or want to exercise one of your rights, write to us at privacy@augwork.ai.

Legal entity: AugWork, Inc., a North Carolina corporation, with offices at 1017 Ashes Drive, Suite 200, Wilmington, NC 28405.

We collect the data we need to provide AugWork to you and to keep it secure.

• Account data. Names, work email addresses, phone numbers (optional), profile photos, role within your company, and authentication information for the people in your organization who use AugWork.
• Customer content. Anything you or your team puts into AugWork: conversations, project notes, files you upload, documents created in AugWork, AI Employee memory about your business, recordings made through DuplicateME, and any other content you create or store.
• Connected-tool tokens. When you connect a SaaS tool to AugWork using OAuth (for example Google, Microsoft, Slack, Apple services, or your CRM), we receive an access token and a refresh token from that vendor. We store only what we need to act on your behalf inside that tool.
• AI Employee execution logs. Records of work AI Employees performed, including the inputs they received, the actions they took, the tools they used, and the outputs they produced. This is the audit trail that lets you supervise your AI Employees the way you would supervise a person.
• Usage telemetry. Anonymous product-usage information such as which features are opened, how often AI Employees run, response timing, and error rates. We use this to improve the platform for your organization.
• Error logs. Diagnostic information when something goes wrong, including stack traces and the action that triggered the error.
• Billing information. Your subscription details. Payment card data is handled by Stripe; we do not store full card numbers on our systems.

We use your data to:

• Provide and operate AugWork for your organization.
• Improve the platform for your organization (model behavior, recommended workflows, and AI Employee performance are tuned per customer, not pooled across customers).
• Keep your environment secure (intrusion detection, fraud prevention, abuse monitoring).
• Bill you for your subscription.
• Communicate with you about your account, security issues, and product updates.

We do not use your customer content to train shared AI models that other customers benefit from. Your content trains your AI Employees, not someone else's.

Every paying AugWork customer gets a dedicated private instance of AugWork running on cloud infrastructure. Your data lives only inside your organization's environment. We use VPC-level network isolation between customer environments, so other AugWork customers cannot reach your data and you cannot reach theirs.

Your customer content (conversations, files, AI Employee memory, OAuth tokens, execution logs) is:

• Encrypted at rest using AES-256-GCM with per-row encryption keys.
• Encrypted in transit using TLS 1.2 or higher.
• Backups encrypted before they leave your environment.

Our integration layer runs inside your dedicated environment. OAuth tokens for the SaaS tools you connect never sit in a third-party broker.

At launch, all customer environments are hosted in United States regions. AugWork is sold in the United States only at this time.

We share your data only with vetted sub-processors, only as needed to provide the service, and only when you explicitly grant permission for a connected tool.

A current list of every sub-processor that handles AugWork customer data, including what each one does, where it is located, and its security certifications, is maintained at augwork.ai/subprocessors.

Adding a new sub-processor. When we plan to add a new sub-processor that will have access to customer content, we will notify every customer by email to their designated compliance contact (or primary account owner if no compliance contact is set) at least 30 days before the change takes effect. If a customer objects, they can cancel before the effective date.

We do not sell your data to anyone.

This part matters, so we are being specific.

• Default AI. AugWork ships with open source models. By default, every AI Employee uses AugWork's open source AI, and your AI Employee conversations stay inside your dedicated environment.
• Opt-in third-party providers. You can choose to point a specific AI Employee, or a specific task, at Anthropic, OpenAI, Google Gemini, or xAI. This is an explicit setting in the AugWork admin console.

When you opt in:

• Only the inputs needed for that task leave your environment.
• The provider receives them under their standard zero-retention API terms where available.
• We log every cross-boundary call in your audit trail.

• PII scanning. AI Employee outputs and inputs that are about to cross your environment boundary are scanned for personally identifiable information (PII) before they leave. You can configure the redaction rules per AI Employee.
• Memory. AI Employees keep memory about your business: people, processes, preferences, prior decisions. This memory lives in your dedicated environment, never in a shared store.

AugWork is built for SMBs in many industries, including healthcare and financial services. If your business is regulated, please read this carefully.

• Healthcare (HIPAA). AugWork is not currently configured as a HIPAA Business Associate, and we do not have signed Business Associate Agreements (BAAs) in place at launch. Do not upload Protected Health Information (PHI) into AugWork until we have a signed BAA with your organization. BAA availability is on the roadmap; contact privacy@augwork.ai if your business needs one.
• Financial services (GLBA, state privacy rules). AugWork is not a financial institution. If your business is subject to the Gramm-Leach-Bliley Act or similar state laws, you remain responsible for your own compliance, including the safeguards required of your business. AugWork acts as your service provider; you decide what data you put in.

After the retention window, data is permanently deleted from your environment and from backups during the next scheduled backup rotation.

You have the right to:

• Export your data at any time using the self-service export in the admin console (full JSON archive of conversations, files, AI Employee memory, and audit logs).
• Delete your data by triggering the self-service offboarding flow. This destroys your entire dedicated environment, revokes every OAuth grant, and purges backups within 30 days.
• Correct your data through the in-app data management screens (profiles, AI Employee memory entries, project content).
• Restrict or object to processing by contacting privacy@augwork.ai.
• Lodge a complaint with your local data protection authority if you believe we have mishandled your data.

We will respond to rights requests within 30 days, or sooner if your jurisdiction requires it.

If you are a California resident, you have additional rights:

• Right to know what personal information we hold about you and the categories of sources, purposes, and third parties involved.
• Right to delete your personal information.
• Right to correct inaccurate personal information.
• Right to opt out of any sale or sharing of personal information. We do not sell or share your personal information.
• Right to non-discrimination for exercising any of these rights. We will not deny you service, charge you more, or give you a lower quality of service because you exercised a privacy right.

To exercise a CCPA right, email privacy@augwork.ai.

AugWork is a business product. We do not direct it at children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, write to privacy@augwork.ai and we will delete it.

We protect your data with:

• Per-customer VPC isolation on Vultr.
• AES-256-GCM encryption at rest with per-row keys.
• TLS 1.2 or higher in transit.
• Role-based access control inside your environment, with audit logs on every privileged action.
• 24/7 security information and event monitoring (SIEM).
• Annual third-party penetration testing, beginning once SOC 2 attestation is in place.
• Secrets stored in 1Password with hardware-key-protected access for our team.

SOC 2. We are targeting SOC 2 Type I attestation by December 1, 2027 (within 18 months of our June 2026 launch). Updates will be published in this policy as we progress.

Breach notification. If your data is involved in a confirmed security incident, we will notify your designated security contact within 72 hours of confirming the incident.

AugWork is sold in the United States only at launch. All customer data is hosted in Vultr United States regions. We do not currently offer EU or other international hosting. If your business is located outside the United States and you are interested in AugWork, contact privacy@augwork.ai so we can discuss options.

On the AugWork web app (app.augwork.ai) we set essential session cookies that keep you logged in. We do not set third-party advertising cookies. We do not use cross-site tracking pixels.

On the marketing site (augwork.ai) we set essential session cookies only. We do not load third-party analytics, advertising, or tracking cookies.

For privacy questions or to exercise a right under this policy:

• Email: privacy@augwork.ai
• Mail: AugWork, Inc., 1017 Ashes Drive, Suite 200, Wilmington, NC 28405

For escalation, email contact@augwork.ai.

We will update this policy as the product changes. When we make a material change (one that meaningfully affects your rights or how your data is handled) we will notify every customer at least 30 days before the change takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision.