Plainwork
Sign inGet started

Privacy Policy

Last updated: April 12, 2026 · Aligned with the Common Paper CSA v2.1 (CC BY 4.0)

This Privacy Policy describes how Sidefort Inc. (“Plainwork”, “we”, “us”, or “our”) collects, uses, and protects information when you use the Plainwork cloud service (“Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address, name, and optionally a profile picture. If you sign in through a third-party provider (e.g., Google), we receive basic profile information from that provider.

1.2 Customer Content

We collect and store the content you create, upload, or submit to the Service, including notes, documents, files, and other materials (“Customer Content”). We process Customer Content only as needed to provide and maintain the Service.

1.3 Usage Data

We automatically collect information about how you interact with the Service, including feature usage, session duration, device type, browser, operating system, and IP address. Usage data is collected in aggregated form and does not identify you personally when disclosed to others.

1.4 Cookies and Similar Technologies

We use a small number of first-party cookies to keep you signed in and to remember your preferences. We do not use third-party tracking cookies or advertising pixels. Specifically:

  • Authentication cookies— essential, session-based cookies that maintain your signed-in state.
  • Preference cookies— store your display settings (e.g., theme, view preferences).

2. How We Use Your Information

2.1 To Provide the Service

We use your account information to authenticate you, your Customer Content to deliver the Service (including syncing across devices), and your usage data to maintain and monitor service performance.

2.2 To Improve the Service

We use aggregated and de-identified usage data to maintain, improve, enhance, and promote our products and services. We may freely use such aggregated data without restriction or obligation, provided it does not identify you or your users.

2.3 To Communicate With You

We use your email address to send transactional messages (e.g., account verification, password resets, billing receipts) and important service announcements. We will not send marketing emails without your consent.

2.4 Machine Learning

We do not train machine-learning models on your Customer Content. If we use usage data to develop or improve AI/ML features within the Service, we will only use aggregated and de-identified data. Nothing in this section reduces or limits our obligations regarding personal data under applicable data protection laws.

3. How We Share Your Information

3.1 No Sale of Personal Data

We do not sell, rent, or share your personal data with advertisers or data brokers.

3.2 Service Providers

We may share information with third-party service providers who assist us in operating the Service (e.g., cloud hosting, payment processing, email delivery). These providers are bound by confidentiality obligations and may only process data as instructed by us. See our Data Processing Agreement for details on subprocessor management.

3.3 Legal Requirements

We may disclose your information to the extent required by applicable laws, regulations, court orders, or other legal processes. Unless prohibited by law, we will provide you reasonable advance notice of any required disclosure.

3.4 Business Transfers

If Plainwork undergoes a merger, acquisition, reorganization, or sale of all or substantially all its assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Storage and Security

4.1 Encryption

Your Customer Content is stored encrypted at rest and transmitted using TLS encryption in transit.

4.2 Infrastructure

The Service is hosted on industry-standard cloud infrastructure. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

4.3 Prohibited Data

You should not submit to the Service any: (a) protected health information regulated by HIPAA; (b) financial account numbers; (c) government ID numbers; (d) special categories of data as defined in the GDPR; or (e) other similar categories of sensitive information, unless expressly authorized in writing.

5. Data Retention and Deletion

5.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

5.2 Account Deletion

You can export or delete your data at any time from account settings. Upon account deletion, Plainwork will delete your Customer Content within 60 days. We may retain aggregated, de-identified data that does not identify you.

5.3 Legal Retention

We may retain certain information as required by applicable laws (e.g., tax records, billing history) even after account deletion, in which case we will continue to protect it in accordance with this policy.

6. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate. Where required by GDPR or UK GDPR, we implement appropriate safeguards for such transfers, including EU Standard Contractual Clauses and the UK International Data Transfer Addendum. See our Data Processing Agreement for full details.

7. Your Rights

Depending on your location and applicable data protection laws, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at privacy@plainwork.app.

8. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-product notice at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email privacy@plainwork.app.

Sidefort Inc.
Plainwork Privacy Team