What is The Work Buddy?

The Work Buddy is your AI work companion that captures information and takes action through natural conversation. Capture contacts, assign tasks, track progress - all by just chatting naturally via web, Telegram, or WhatsApp.

How does The Work Buddy capture information?

Simply chat naturally about your work. Our AI analyzes the content and automatically extracts names, emails, companies, tasks, and other relevant information - no forms to fill out.

Does The Work Buddy integrate with Google Sheets?

Yes! Google Sheets integration is optional. Your data stays yours - view it anytime in a familiar spreadsheet format, share specific data with team members, and export whenever you want.

Is The Work Buddy free to use?

The Work Buddy offers a free tier for individuals. Upgrade to Pro for team features like task assignment, multi-user collaboration, and unlimited AI requests.

Privacy Policy

Last Updated: February 25, 2026

1. Introduction

Welcome to The Work Buddy ("we," "our," or "us"), operated by Ashish Kumar Deo Mathpal (sole proprietor). We are committed to protecting your privacy and ensuring the security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform through the web application, mobile applications (iOS and Android), or any associated services (collectively, the "Service").

The Work Buddy is a business-to-business ("B2B") work management platform. Access and use of the Service is governed by individual commercial agreements between us and each client organisation. This Privacy Policy applies to all deployment models described herein.

2. Deployment Models and Data Responsibility

The Work Buddy is offered under two deployment models. The allocation of data responsibility differs for each:

2.1 Cloud-Hosted (Multi-Tenant)

In the cloud-hosted model, we operate and maintain the infrastructure on behalf of the client. All data is stored on our managed servers. We bear the cost of infrastructure and are responsible for platform-level security, uptime, backups, and maintenance. The client's data is logically isolated using row-level security policies, ensuring strict tenant separation.

2.2 Self-Hosted (On-Premise)

In the self-hosted model, the client deploys and operates the platform on their own infrastructure. The client bears all infrastructure costs, and is solely responsible for server security, backups, access controls, and data protection. We provide the software and may provide support under a separate agreement, but we do not access, store, or process the client's data in this model. This Privacy Policy applies to our software's behaviour; the client is responsible for ensuring their deployment complies with applicable data protection laws.

3. Information We Collect

3.1 Information You Provide

Account Information: Name, email address, and organisation details when you register
Business Data: Contacts, companies, deals, projects, tasks, notes, and other entities you create within the workspace
Communication Data: Messages and interactions through the chat interface, including AI-assisted conversations
Authentication Data: Email and OTP verification data used to secure your account

3.2 Automatically Collected Information

Usage Data: Features used, actions taken, and interaction patterns to improve the Service
Device Information: Browser type, operating system, IP address, device model, and unique device identifiers
Cookies: Session cookies strictly for authentication and maintaining user sessions

3.3 Mobile Application Data

When you use our iOS or Android mobile application, we may request access to the following device capabilities. Each permission is optional and requested only when the corresponding feature is used:

Contacts: To import and sync your device contacts with your Work Buddy workspace. Contact data is transmitted to our servers only when you explicitly initiate a sync or import action.
Calendar: To display upcoming events and create meetings. Calendar data is read locally and synced to your workspace when you choose to create or link an event.
Location: To enable check-ins and geo-tag notes. Location data is captured only when you perform a check-in or geo-tag action; we do not track your location in the background.
Biometric Authentication (Face ID / Fingerprint): To secure access to the app after periods of inactivity. Biometric data is processed entirely on your device by the operating system; we never receive, transmit, or store biometric data.
Photo Library: To save scanned business card images to your device gallery and to attach images to notes or conversations. We access photos only when you explicitly select or save an image.
Camera: To scan business cards and capture images for attachment. Camera access is used only during active capture; no images are taken without your action.
Push Notifications: To deliver task reminders, follow-up alerts, and new message notifications. You can disable notifications at any time through your device settings.
Microphone: To record voice notes for AI-powered transcription and data extraction. Audio is captured only when you press and hold the record button.

You may revoke any of these permissions at any time through your device's system settings. Revoking a permission will disable the corresponding feature but will not affect the core functionality of the application.

4. How We Use Your Information

We use your information to:

Provide, operate, and maintain the Work Buddy platform
Process AI-powered data extraction, intent classification, and task assignment
Send transactional communications (OTP codes, system notifications, push notifications)
Personalise your experience with AI personas and contextual assistance
Respond to support enquiries and provide customer service
Detect and prevent fraud, abuse, or security threats
Comply with legal obligations and enforce our Terms of Service
Generate aggregated, anonymised analytics to improve the Service (no individual user data is exposed)

5. AI and Third-Party Data Processing

The Work Buddy uses third-party AI providers to power its intelligent features, including contact extraction, intent classification, email drafting, and voice transcription. This section explains how your data interacts with these services.

5.1 How AI Processing Works

When you send a message or use an AI-powered feature, the relevant content (your message, context from recent conversation history, and relevant entity data) is sent to a third-party large language model (LLM) provider for processing. The AI provider returns a response, which is displayed to you within the platform. We do not send your entire database or account data to AI providers — only the minimal context needed to process your specific request.

5.2 Third-Party AI Providers

We currently use Groq as our primary AI inference provider. Groq processes your data under the following conditions:

Your data is not used to train, fine-tune, or improve any AI models
Data is processed in transit and is not persistently stored by the AI provider beyond the duration of the API request
We may change or add AI providers in the future; any new provider will be held to equivalent data protection standards

5.3 AI Accuracy Disclaimer

AI-generated content (summaries, email drafts, extracted data, classifications) is provided on a best-effort basis. We do not guarantee the accuracy, completeness, or suitability of AI outputs. You are responsible for reviewing and verifying all AI-generated content before acting upon it.

5.4 Custom AI Configuration

For clients with specific data sovereignty or compliance requirements, we offer the ability to configure alternative AI providers under a separate commercial agreement. In the self-hosted deployment model, the client is responsible for selecting and configuring their own AI provider.

6. Data Storage and Security

We implement industry-standard security measures to protect your data. For more technical details, see our documentation:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Database Security: PostgreSQL with enforced row-level security (RLS) ensures complete tenant data isolation — no organisation can access another's data
Access Controls: Role-based access control (RBAC) within each organisation, with separate admin and application database pools
Authentication: Email OTP-based authentication with session token management; optional biometric lock on mobile devices
Rate Limiting: API rate limiting to prevent abuse and brute-force attacks
Regular Backups: Automated database backups for disaster recovery
Security Headers: Industry-standard HTTP security headers (X-Frame-Options, Content-Security-Policy, Strict-Transport-Security)

7. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal data. For complete legal terms, see our Terms of Service. We may share your information only in the following limited circumstances:

With Your Consent: When you or your organisation's administrator explicitly authorise data sharing
AI Processing: Minimal conversational context is sent to third-party AI providers as described in Section 5, strictly for processing your requests
Infrastructure Providers: Cloud hosting and content delivery providers that store and serve the platform (subject to data processing agreements)
Email Delivery: Transactional email providers for OTP delivery and system notifications
Legal Requirements: When required by law, court order, subpoena, or to protect our legal rights, safety, or property
Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected clients

8. Third-Party Services

The Service integrates with the following third-party services. Use of these integrations is subject to their respective privacy policies:

Groq (AI Inference): Processes conversational AI requests. Your data is not used for model training. See Groq's Privacy Policy.
SMTP Provider (Email): Delivers OTP codes and transactional notifications
Expo (Push Notifications): Routes push notification tokens for mobile app delivery
Cloud Hosting Provider: Hosts the platform infrastructure for cloud-deployed clients

We evaluate all third-party providers for adequate security and data protection practices. Clients with specific compliance requirements may request a list of all sub-processors under their commercial agreement.

9. Your Rights and Choices

Depending on your jurisdiction, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your account and associated data
Export: Request your data in a structured, machine-readable format
Restriction: Request that we restrict processing of your data in certain circumstances
Objection: Object to processing of your data for specific purposes
Withdraw Consent: Withdraw consent for any processing based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at: ashishkdmathpal@gmail.com. For common questions about data handling, visit our FAQ.

For enterprise clients, data requests should be directed through your organisation's designated administrator, in accordance with your commercial agreement.

10. Data Retention

We retain your data for as long as your account or your organisation's subscription is active, or as needed to provide the Service.

Upon account deletion, we permanently delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, dispute resolution).
Aggregated, anonymised data that cannot identify individuals may be retained indefinitely for analytics and service improvement.
For self-hosted deployments, data retention is entirely under the client's control.

11. Children's Privacy

The Work Buddy is a B2B platform intended for use by businesses and professionals. The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete it.

12. International Data Transfers

Your data may be processed in countries outside your country of residence, including where our infrastructure providers and AI processing services operate. We ensure appropriate safeguards are in place, including contractual protections with our sub-processors, to protect your data in accordance with applicable data protection laws.

For clients with data residency requirements, we offer self-hosted deployment where all data remains within the client's chosen jurisdiction.

13. GDPR Compliance (EU/EEA Users)

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation (GDPR):

Right to data portability
Right to restrict processing
Right to object to processing based on legitimate interests
Right to lodge a complaint with your local data protection supervisory authority

Our lawful bases for processing include: contract performance (providing the Service), legitimate interests (security, fraud prevention, service improvement), and consent (where explicitly obtained for specific processing activities).

For enterprise clients requiring a Data Processing Agreement (DPA), please contact us to arrange one as part of your commercial agreement.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through the Service at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, contact us:

Looking for more information? Check our homepage, documentation, FAQ, or Terms of Service for additional details.