Policies, Terms, and Legal

Toggle policies navigation

Terms of service

Last Updated on April 28, 2023

Hey there! A big thanks from all of us at Workflow for choosing our products. We create them to help you achieve your best work. With many users relying on Workflow products daily, we need to set some Terms of Service to keep everything running smoothly.

In this document, when we mention "Company," "we," "our," or "us," we're referring to Workflow.

"Services" refers to our websites, including workflow.cm, and any products developed and maintained by Workflow.

When we say "You" or "your," we're talking about the people or organizations that own an account with one or more of our Services. We maintain specific ownership policies for our products, which you can find here.

We might update these Terms of Service ("Terms") in the future. Generally, we make updates to clarify terms by linking to related policies. When we introduce significant changes to our policies, we'll update the date at the top of this page and take other necessary steps to inform account holders.

By using our Services, now or later, you agree to the most recent Terms. There might be instances where we don't exercise or enforce a right or provision of the Terms; however, that doesn't mean we're waiving that right or provision.** Please note that these Terms include a limitation of our liability.**

If you breach any of the Terms, we may terminate your account. That's a broad statement, and it means you need to trust us a lot. We strive to earn that trust by being transparent about who we are, how we work, and maintaining an open line for your feedback.

Account Terms

  1. You're in charge of keeping your account and password secure and ensuring your users do the same. Workflow isn't responsible for any loss or damage resulting from security breaches.
  2. You and your users mustn't use our Services for any purpose stated in our Use Restrictions policy.
  3. You're accountable for all content and activities under your account, including those of your users.
  4. You must be human—no bots or automated methods for account registration allowed!

Payment, Refunds, and Plan Changes

  1. Our free Services are genuinely free — no credit card required and no selling of your data.
  2. For paid Services with a free trial, we'll tell you the trial duration when signing up. Afterward, you must pay to keep using the Service. If you don't, your account will be frozen until payment is made, eventually leading to auto-cancellation. Check our Cancellation policy for details.
  3. Upgrading from a free to paid plan means immediate card charging and your billing cycle starts on the upgrade day. For other plan changes, the new rate applies from the next billing cycle.
  4. All fees exclude taxes, levies, or duties. If required, we'll collect and remit taxes on behalf of taxing authorities. See our Taxes policy for details. Otherwise, you're responsible for all taxes, levies, or duties.
  5. We handle refunds according to our Fair Refund policy.

Cancellation and Termination

  1. You're responsible for properly canceling your account. We offer a straightforward cancellation link within each Service. Consult our Cancellation policy for instructions. Email or phone requests don't automatically qualify as cancellations. Need help? Contact our Support team.
  2. Upon cancellation, your content becomes immediately inaccessible. It's permanently deleted from active systems and logs within 30 days and from our backups within 60 days. It's unrecoverable afterward. To export data before cancellation, please email us.
  3. Canceling before your paid-up month ends takes effect immediately and won't result in future charges. Unused time in the last billing cycle isn't automatically prorated. See our Fair Refund policy for details.
  4. We reserve the right to suspend or terminate your account, deny current or future Services access for any reason, at any time. Suspension blocks account access, while termination deletes your account, forfeits all content, and revokes access. We may also refuse Service to anyone for any reason at any time. This clause targets the few nefarious accounts among the many. Check our Use Restrictions policy for details.
  5. Any abuse (verbal, physical, written, or otherwise) towards Workflow employees or officers results in immediate account termination.

Modifications to the Service and Prices

  1. We promise our customers to support our Services we're not going anywhere , including maintaining security, privacy, and customer support for legacy Services. However, we may modify, redesign, or discontinue features or Services—temporarily or permanently—at any time, with or without notice, due to technical limitations or improvements.
  2. We may change our product pricing structures, usually exempting existing customers. However, we might change prices for existing customers too, in which case we'll provide at least 30 days' notice via email and possibly post notices on our websites or the affected Services.

Uptime, Security, and Privacy

  1. Your use of the Services is at your sole risk. We provide these Services on an “as is” and “as available” basis. We don't offer service-level agreements for most of our Services, but we take application uptime seriously. Visit https://workflow.statuspage.io/ to see the status of our Services.
  2. We reserve the right to temporarily disable your account if your usage significantly exceeds the average usage of other customers of the Services. We’ll reach out to the account owner before taking any action, except in rare cases where the usage level may negatively impact the Service's performance for other customers.
  3. We protect and secure your data through backups, redundancies, and encryption, enforcing encryption for data transmission from the public Internet. In some edge cases, data may be transmitted through our network unencrypted. Please refer to our Security Overview for full details and our Security Response page for reporting a security incident or threat.
  4. By using our Services, you entrust us with your data. We take that trust seriously. Workflow processes your data as described in our Privacy Policy and for no other purpose. Our team can access your data for the following reasons: -** To assist with support requests you make.** We'll ask for express consent before accessing your account. -** On rare occasions when an error occurs that stops an automated process partway through.** We receive automated alerts for such errors. When we can fix the issue and restart automated processing without looking at any personal data, we do. In rare cases, we must look at a minimum amount of personal data to fix the issue. We aim to fix the root cause to prevent errors from recurring. -** To safeguard Workflow.** We review logs and metadata as part of our work to ensure data security and the Services' overall security. If necessary, we may also access accounts as part of an abuse report investigation. -** To the extent required by applicable law.** As a UK company with all data infrastructure located in the EU, we preserve or share customer data only if compelled by a government authority with a legally binding order, or in limited circumstances in the event of an emergency request. If a non-UK authority approaches Workflow for assistance, our default stance is to refuse unless the order has been approved by the UK government, which compels us to comply through procedures outlined in an established mutual legal assistance treaty or agreement mechanism. If Workflow is audited by a tax authority, we share only the bare minimum billing information needed to complete the audit.
  5. We use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. You can see a list of all subprocessors who handle personal data for Workflow and Workflow Figma plugin, as well as a list of Company processors.
  6. Under the California Consumer Privacy Act (“CCPA”), Workflow is a “service provider”, not a “business” or “third party”. We process data you share with us only for the purpose you signed up for and as described in these Terms, the Privacy policy, and other policies. We don't retain, use, disclose, or sell any information for any other commercial purposes unless we have your explicit permission. Likewise, you agree to comply with your requirements under the CCPA and not use Workflow's Services in a way that violates the regulations.
  7. These Terms incorporate the Workflow Data Processing Addendum (“DPA”) when the EU General Data Protection Regulation (“GDPR”) or United Kingdom General Data Protection Regulation (“UK GDPR”) applies to your use of Workflow Services to process Customer Data as defined in the DPA. The linked DPA supersedes any previously agreed data processing addendum between you and W Taylor Property Limited relating to your use of Workflow Services.

Copyright and Content Ownership

  1. All content posted on the Services must comply with U.K. copyright law. We provide details on how to file a copyright infringement claim.
  2. You grant us a limited license to use the content posted by you and your users to provide the Services to you, but we claim no ownership rights over those materials. All materials you submit to the Services remain yours.
  3. We do not pre-screen content, but we reserve the right (but not the obligation) in our sole discretion to refuse or remove any content available via the Service.
  4. Workflow or its licensors own all right, title, and interest in and to the Services, including all intellectual property rights therein, and you obtain no ownership rights in the Services as a result of your use. You may not duplicate, copy, or reuse any portion of the HTML, CSS, JavaScript, or visual design elements without express written permission from Workflow. You must request permission to use Workflow's logos or any Service logos for promotional purposes. Please email us with requests to use logos. We reserve the right to rescind any permissions if you violate these Terms.
  5. You agree not to reproduce, duplicate, copy, sell, resell, or exploit any portion of the Services, use of the Services, or access to the Services without the express written permission of Workflow.

Features and Bugs

We design our Services with care, based on our own experience and the experiences of customers who share their time and feedback. However, there is no such thing as a service that pleases everybody. We make no guarantees that our Services will meet your specific requirements or expectations.

We also test all of our features extensively before shipping them. As with any software, our Services inevitably have some bugs. We track the bugs reported to us and work through priority ones, especially any related to security or privacy. Not all reported bugs will get fixed and we don’t guarantee completely error-free Services.

Services Adaptations and API Terms

We offer Application Program Interfaces (“API”s) for some of our Services (currently Workflow, and the Workflow Figma Plugin). Any use of the API, including through a third-party product that accesses the Services, is bound by these Terms plus the following specific terms:

  1. You expressly understand and agree that we are not liable for any damages or losses resulting from your use of the API or third-party products that access data via the API.
  2. Third parties may not access and employ the API if the functionality is part of an application that remotely records, monitors, or reports a Service user’s activity other than time tracking, both inside and outside the applications. Workflow, in its sole discretion, will determine if an integration service violates this bylaw. A third party that has built and deployed an integration for the purpose of remote user surveillance will be required to remove that integration.
  3. Abuse or excessively frequent requests to the Services via the API may result in the temporary or permanent suspension of your account’s access to the API. Workflow, in its sole discretion, will determine abuse or excessive usage of the API. If we need to suspend your account’s access, we will attempt to warn the account owner first. If your API usage could or has caused downtime, we may cut off access without prior notice.

Some third-party providers have created integrations between our Services and theirs. We are not liable or accountable for any of these third-party integrations.

Liability

We mention liability throughout these Terms but to put it all in one section:

You expressly understand and agree that Workflow shall not be liable, in law or in equity, to you or to any third party for any direct, indirect, incidental, lost profits, special, consequential, punitive or exemplary damages, including, but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if Workflow has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the Services; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the Services; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the service; (v) or any other matter relating to these Terms or the Services, whether as a breach of contract, tort (including negligence whether active or passive), or any other theory of liability.

In other words: choosing to use our Services means you are making a bet on us. If the bet does not work out, that’s on you, not us. We do our darnedest to be as safe a bet as possible through careful management of the business; investments in security, infrastructure, and talent; and in general we care about providing a long-lasting, stable and honest business. If you choose to use our Services, thank you for betting on us.

If you have a question about any of these Terms, please contact our Support team

Privacy policy

Last Updated on May 2, 2023

Your data is yours, not ours! And privacy is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

What we collect and why

Our guiding principle is to collect only what we need. Here’s what that means in practice:

Identity & access

When you sign up for a Workflow product, we ask for identifying information such as your name, email address, and maybe a company name. That’s so you can personalize your new account, and we can send you product updates and other essential information. We may also send you optional surveys from time to time to help us understand how you use our products and to make improvements. With your consent, we will send you our newsletter and other updates. We sometimes also give you the option to add a profile picture that displays in our products.

We’ll never sell your personal information to third parties, and we won’t use your name or company in marketing statements without your permission either.

Billing information

If you sign up for a paid Workflow product, you will be asked to provide your payment information and billing address. Credit card information is submitted directly to our payment processor and doesn’t hit Workflow servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for purposes of account history, invoicing, and billing support. We store your billing address so we can charge you for service, calculate any sales tax due, send you invoices, and detect fraudulent credit card transactions. We occasionally use aggregate billing information to guide our marketing efforts.

Product interactions

We store on our servers the content that you upload or receive or maintain in your Workflow product accounts. This is so you can use our products as intended, for example, to create projects in Workflow. We keep this content as long as your account is active. If you delete your account, we’ll delete the content within 60 days.

Geolocation data

For most of our products, we log the full IP address used to sign up a product account and retain that for use in mitigating future spammy signups. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this login data for as long as your product account is active.

Website interactions

We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. If you have an account and are signed in, these web analytics data are tied to your IP address and user account until your account is no longer active. The web analytics we use are described further in the Advertising and Cookies section.

Anti-bot assessments

We use CAPTCHA across our applications to mitigate brute force logins and as a means of spam protection. We have a legitimate interest in protecting our apps and the broader Internet community from credential stuffing attacks and spam. When you log into your Workflow accounts and when you fill in certain forms in HEY, the CAPTCHA service evaluates various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to try to detect if the activity is from an automated program instead of a human. The CAPTCHA service then provides Workflow with the spam score results; we do not have access to the evaluated information.

Advertising and Cookies

Workflow runs contextual ads on various third-party platforms such as Google, Reddit, and LinkedIn. Users who click on one of our ads will be sent to the Workflow marketing site. Where permissible under law, we may load an ad-company script on their browsers that sets a third-party cookie and sends information to the ad network to enable evaluation of the effectiveness of our ads, e.g., which ad they clicked and which keyword triggered the ad, and whether they performed certain actions such as clicking a button or submitting a form.

We also use persistent first-party cookies and some third-party cookies to store certain preferences, make it easier for you to use our applications, and perform A/B testing as well as support some analytics.

A cookie is a piece of text stored by your browser. It may help remember login information and site preferences. It might also collect information such as your browser type, operating system, web pages visited, duration of visit, content viewed, and other click-stream data. You can adjust cookie retention settings and accept or block individual cookies in your browser settings, although our apps won’t work and other aspects of our service may not function properly if you turn cookies off.

Voluntary correspondence

When you email Workflow with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.

We also store information you may volunteer, for example, written responses to surveys. If you agree to a customer interview, we may ask for your permission to record the conversation for future reference or use. We will only do so with your express consent.

How we approach mobile app permissions

We may offer optional desktop and mobile apps for some of our products. Because of how the platforms are designed, our apps typically must request your consent before accessing contacts, calendar, camera, and other privacy-sensitive features of your device. Consent is always optional and our apps will function without it, though some features may be unavailable. There are a few exceptions, for example:

  • Our iOS apps will ask for permission to use push notifications upon first sign-in.
  • Android apps do not require permission to send push notifications.

When we access or share your information

To provide products or services you’ve requested. We use some third-party subprocessors to help run our applications and provide the Services to you. We establish GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.

The following is a list of personal data subprocessors we use. These subprocessors are all located in the United Kingdom or United States:

We may share your information at your direction if you integrate a third-party service into your use of our products. For example, we may allow you, at your option, to connect your Gmail account to your HEY account so that you can use HEY to receive and respond to your Gmail email. Email that you receive and respond to through HEY from your Gmail address will be stored by both HEY and Google and will be available to you from your Gmail account as well as your HEY account.

No Workflow human looks at your content except for limited purposes with your express permission, for example, if an error occurs that stops an automated process from working and requires manual intervention to fix. These are rare cases, and when they happen, we look for root cause solutions as much as possible to avoid them recurring. We may also access your data if required in order to respond to legal process (see “When required under applicable law” below).

To help you troubleshoot or squash a software bug, with your permission. If at any point we need to access your content to help you with a support case, we will ask for your consent before proceeding.

To investigate, prevent, or take action regarding restricted uses. Accessing a customer’s account when investigating potential abuse is a measure of last resort. We want to protect the privacy and safety of both our customers and the people reporting issues to us, and we do our best to balance those responsibilities throughout the process. If we discover you are using our products for a restricted purpose, we will take action as necessary, including notifying appropriate authorities where warranted.

When required under applicable law.

Workflow is a U.K. company and all data infrastructure are located in the U.K.

Requests for user data. Our policy is to not respond to government requests for user data unless we are compelled by legal process or in limited circumstances in the event of an emergency request. However, if U.S. law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring us to share data, we must comply. Likewise, we will only respond to requests from government authorities outside the U.S. if compelled by the U.S. government through procedures outlined in a mutual legal assistance treaty or agreement. It is Workflow’ policy to notify affected users before we share data unless we are legally prohibited from doing so, and except in some emergency cases.

Preservation requests. Similarly, Workflow’ policy is to comply with requests to preserve data only if compelled by the U.S. Federal Stored Communications Act, 18 U.S.C. Section 2703(f), or by a properly served U.S. subpoena for civil matters. We do not share preserved data unless required by law or compelled by a court order that we choose not to appeal. Furthermore, unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we will destroy any preserved copies of customer data at the end of the preservation period.

If we are audited by a tax authority, we may be required to share billing-related information. If that happens, we will share only the minimum needed, such as billing addresses and tax exemption information.

Finally, if Workflow is acquired by or merges with another company — we don’t plan on that, but if it happens — we’ll notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.

Your rights with respect to your information

At Workflow, we strive to apply the same data rights to all customers, regardless of their location. Some of these rights include:

Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.

Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.

Right to Correction. You have the right to request correction of your personal information.

Right to Erasure / “To Be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, from all of our service providers. Fulfillment of some data deletion requests may prevent you from using Workflow services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.

Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.

Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data.)

Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.

Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party. If you want to export data from your accounts, please contact us at hello@workflow.design.

Right to not Be Subject to Automated Decision-Making. You have the right to object to and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes. This right is limited if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.

Right to Non-Discrimination. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights may, by virtue of your exercising those rights, prevent you from using our Services.

Many of these rights can be exercised by signing in and updating your account information.

If you have questions about exercising these rights or need assistance, please contact us at hello@workflow.design. or at Workflow, 1J Riverview Heights, 27 Bermondsey Wall West, London SE16 4TN. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.

If you are in the EU or UK, you can contact your data protection authority to file a complaint or learn more about local privacy laws.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. In addition, we go to great lengths to secure your data at rest. For more information about how we keep your information secure, please review our security overview.

With regard to products, except for your uploaded content, most data are not encrypted while they live in our database (since they need to be ready to send to you when you need them). With your uploaded content, we go further by encrypting the database at-work. Each piece of content is encrypted with its own key. The disks storing the data keys are encrypted as well. Our servers decrypt the data to send it to you when you need it.

What happens when you delete content in your product accounts

In many of our applications, we give you the option to delete content. Anything you delete in your product accounts while they are active will be removed immediately. The deleted content cannot be accessed via the application and we are not able to retrieve it for you. The deleted content may remain on our active servers for another 30 days, and copies of the content may be held in backups of our application databases for up to another 30 days after that. Altogether, any content deleted in your product accounts should be purged from all of our systems and logs within 90 days.

If you choose to cancel your account, your content will become immediately inaccessible and should be purged from our systems in full within 60 days. This applies both for cases when an account owner directly cancels and for auto-canceled accounts.

Location of site and data

Our products and other web properties are operated in the United Kingdom. If you are located in the US, or elsewhere outside of the United Kingdom,** please be aware that any information you provide to us will be transferred to and stored in the United Kingdom**. By using our websites or Services and/or providing us with your personal information, you consent to this transfer.

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify users.

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at hello@workflow.design and we’ll be happy to try to answer them!

Cancellation policy

Last Updated on April 28, 2023

We want satisfied customers, not hostages. That’s why we make it easy for you to cancel your account directly in all of our apps — no phone calls required, no questions asked.

Account owners can follow these instructions to cancel in-app:

  1. Visit your dashboard.
  2. Click your team name at the top left, and click "Team settings".
  3. In Team settings, click "Billing and Plans" from among the left navigation options.
  4. In the main content area, click the words "Billing information", and then under this click the word "Cancel plan".

Our legal responsibility is to account owners, which means we cannot cancel an account at the request of anyone else. If for whatever reason you no longer know who the account owner is, contact us. We will gladly reach out to any current account owners at the email addresses we have on file.

What happens when you cancel an account?

You won’t be able to access your excess content (above the free tier's limits) once you cancel, so make sure you download everything you want to keep beforehand.

We’ll permanently delete excess content in your account (above the free tier's limits) from our servers 30 days after cancellation, and from our backups within 60 days. Retrieving content for a single account from a backup isn’t possible, so if you change your mind you’ll need to do it within the first 30 days after cancellation. Content can’t be recovered once it has been permanently deleted.**

We won’t bill you again once you cancel. We don’t automatically prorate any unused time you may have left but if you haven’t used your account in months or just started a new billing cycle, contact us for a fair refund. We’ll treat you right.

Workflow-initiated cancellations

We may cancel accounts if they have been inactive for an extended period:

For frozen accounts: 180 days after being frozen due to billing failures

For free accounts: after 60 days of inactivity. We will check with you multiple times via email before making any change.

We also retain the right to suspend or terminate accounts for any reason at any time, as outlined in our Terms of Service. In practice, this generally means we will cancel your account without notice if we have evidence that you are using our products to engage in abusive behavior.

Refund policy

Last Updated on May 2, 2023

Bad refund policies are infuriating. You feel like the company is just trying to rip you off. We never want our customers to feel that way, so our refund policy is simple: If you’re ever unhappy with our products* for any reason, just contact our support team and we'll take care of you.

Examples of full refunds we’d grant.

  • If you were just charged for your next month of service but you meant to cancel, we’re happy to refund that extra charge.
  • If you forgot to cancel your account a couple months ago and you haven’t used it since then, we’ll give you a full refund for a few back months. No problem.
  • If you tried one of our products for a couple months and you just weren’t happy with it, you can have your money back.

Examples of partial refunds or credits we’d grant.

  • If you forgot to cancel your account a year ago, and there’s been activity on your account since then, we’ll review your account usage and figure out a partial refund based on how many months you used it.
  • If you upgraded your account a few months ago to a higher plan and kept using it in general but you didn’t end up using the extra features, projects, or storage space, we’d consider applying a prorated credit towards future months.
  • If we had extended downtime (multiple hours in a day, or multiple days in a month) or you emailed customer service and it took multiple days to get back to you, we’d issue a partial credit to your account.

Get in touch

At the end of the day, nearly everything on the edges comes down to a case-by-case basis. Send us a note, tell us what's up, and we'll work with you to make sure you’re happy.

**This policy applies to any product created and owned by Workflow. That includes Workflow, and The Workflow Figma Plugin.

Use restrictions policy

Last Updated on May 2, 2023

Countless teams rely on Workflow products*, and we're thrilled to offer them a better way to work. We recognize that, despite good intentions, technology can amplify harmful actions. That's why we've set up this policy. We feel an ethical responsibility to counter such harm, addressing instances where Workflow is misused to further harm and asserting that our products are not safe havens for those with harmful intentions. If you have an account with any of our products, you cannot use them for any of the restricted purposes listed below. If we discover you are, we will take action.

Restricted purposes

Violence, or threats thereof: If an activity is considered a violent crime in the United States or your country, you may not use Workflow products to plan, commit, or threaten that activity.

Child exploitation, sexualization, or abuse: We don't tolerate activities that generate, distribute, or otherwise result in child abuse. Stay away and just stop.

Hate speech: You cannot use our products to advocate for the extermination, domination, or oppression of people.

Harassment: Targeting or intimidating people or groups through repeated communication, including racial slurs or dehumanizing language, is unwelcome at Workflow.

Doxing: If you're using Workflow products to share others' private personal information for harassment purposes, we want nothing to do with you.

Malware or spyware: Code for good, not evil. If you use our products to create or distribute malware or spyware, including remote user surveillance, leave now.

Phishing or attempting fraud: Misrepresenting your identity or affiliations to steal from, extort, or harm others is unacceptable.

Spamming: Unsolicited commercial emails are unwanted. We don't allow people (or their bots) to use Workflow products for spamming. If your emails don't comply with CAN-SPAM or other anti-spam laws, it's prohibited.

Cybersquatting: We dislike username extortionists. If you purchase an Workflow product account in someone else's name and try to sell it to them, you're cybersquatting. Cybersquatting accounts will be canceled immediately.

Infringing on intellectual property: You can't use Workflow products to create or share work that uses others' intellectual property beyond the scope of fair use.

While our use restrictions are comprehensive, they can't cover everything. It's possible that an offense could defy categorization, be a first-time occurrence, or raise a moral dilemma we hadn't considered. Nevertheless, the overall spirit is clear: Workflow is not to be used for harm, whether mental, physical, personal, or civic. Different perspectives—philosophical, religious, and political—are welcome, but ideologies like white nationalism or hate-fueled movements anchored in oppression, violence, abuse, extermination, or domination of one group over another will not be tolerated here.

How to report abuse

For cases of suspected malware, spyware, phishing, spamming, and cybersquatting, please notify us at hello@workflow.design

For all other cases, please contact us by emailing hello@workflow.design

Security overview

Last Updated on May 2, 2023

We protect your data.

All data are written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Your data are sent using HTTPS.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.

Any files which you upload to us are stored and are encrypted at rest. Our application databases are generally not encrypted at rest — the information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted using GPG.

Full redundancy for all major systems.

Our servers — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.

Sophisticated physical security.

Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.

We protect your billing information.

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.

Constant monitoring

We have a team dedicated to maintaining your account’s security on our systems and monitoring tools we’ve set up to alert us to any nefarious activity against our domains. To date, we’ve never had a data breach.

We also audit internal data access. If an Workflow employee wrongly accesses customer data, they will face penalties ranging from termination to prosecution. Again, to our knowledge, this hasn’t happened.

We have processes and defenses in place to keep our streak of 0 data breaches going. But in the unfortunate circumstances someone malicious does successfully mount an attack, we will immediately notify all affected customers.

Decades of experience in web development.

Our team have been around the block and worked at a number of enterprise and Government organisations. Security isn’t just about technology, it’s about trust. Longevity and stability is core to our mission at Workflow.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please contact us at hello@workflow.design

Copyright infringement claims

Last Updated on May 2, 2023

Notification of Copyright Infringement Claims

Making original work is hard! As described in our Use Restrictions policy, you can’t use Workflow products* to make or disseminate work that uses the intellectual property of others beyond the bounds of fair use.

Are you a copyright owner? Under the Digital Millennium Copyright Act (17 U.S.C. § 512), you have the right to notify us (Workflow Design Limited) if you believe that an account user of any product we built and maintain has infringed on your work(s) as copyright owner. To be effective, the notification of claimed infringement must be written. Please include the following information:

  • A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
  • Identification of the copyrighted work(s) claimed to have been infringed. If there are multiple, please share a representative list of those works.
  • A way for us to locate the material you believe is infringing the copyrighted work.
  • Your name and contact information so that we can get back to you. Email address is preferred but a telephone number or mailing address works too.
  • A statement that you, in good faith, believe that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
  • A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Digital Millennium Copyright Act (“DCMA”) Counter-notifications

On the flip-side, if you believe your material has been removed in error, you can file a written counter-notification. Please include the following information:

  • A physical or electronic signature, or the signature of the person authorized to act on your behalf.
  • A description of the material that was removed.
  • A description of where the material appeared in Workflow products prior to their removal.
  • Your name and contact information so that we can get back to you. Email address is preferred but a telephone number or mailing address works too.
  • A statement under penalty of perjury that you have a good faith belief that the material was removed or disabled as a result of mistake or misidentification.
  • A statement that you consent to the jurisdiction of the courts of England and Wales (where Workflow is located).
  • A statement that you will accept service of process from the person who filed the original DMCA notice or an agent of that person. (In other words, you’ve designated that person to receive documents on your behalf.)

Where to Send Notices

You can notify us of either copyright infringement claims or DCMA counter-notifications through either of the following channels:

By email: hello@workflow.design

By mail: Workflow 1J Riverview Heights, Bermondsey Wall West London SE16 4TN, UK

*This policy and process applies to any product created and owned by Workflow Design Limited. That includes Workflow, and the Workflow Figma Plugin.

We’re not going anywhere

Last Updated on May 2, 2023

Internet services often vanish due to various reasons, making it risky to trust and store your data. We want better for our customers.

Our products are a result of dedication, representing our journey and future direction. We're proud and grateful for the support we've received over the years.

We promise to support our products indefinitely, countering the impermanence of many online services. Workflow is built to last, and we're committed to supporting our legacy products and customers.

Here’s what our promise means:

  1. The day you become a customer of any of our products, you can trust that Workflow will be around. In the event that the Workflow product you’re using enters a legacy phase, you’ll be able to keep using it indefinitely, assuming you continue to abide by our terms of service and keep your subscription active. We work hard to keep supporting existing features unless it becomes technically impossible to do so for reasons out of our control (e.g., changes to 3rd party integrations that make a feature incompatible or browser upgrades that leave a feature behind).
  2. Your data is safe. Regardless of status, all of our products receive the same rigorous care when it comes to security and privacy. While we may not add new features to legacy products, we’ll continue to apply the latest security updates; maintain the infrastructure that keeps them safe, fast, and secure; and continue to offer customer support.
  3. This is our life’s work — we’re in this for the long haul. In the unforeseen and unanticipated event that the company or one of our products is acquired by another company or spun-off into a separate company, we’ll do everything in our power to make sure the product and this promise live on.