Privacy

Privacy Policy

Effective July 9, 2026

WorkLegacy is built and operated by Uhlmann Fabrication LLC, an independent, founder-led company based in the Commonwealth of Virginia, United States (“WorkLegacy,” “we,” “us”). This policy explains what we collect, why, who processes it on our behalf, how long we keep it, and the rights you have. It covers both this website and the WorkLegacy mobile and web application.

Contents: Who we are · What we collect · How we use it · Service providers · Retention & deletion · Your rights · California (CCPA) · Europe/UK (GDPR) · Age requirement · Security · Changes · Contact

1. Who we are & what WorkLegacy is

WorkLegacy is a workplace knowledge-capture tool. Its entire purpose is to preserve the hands-on, tribal knowledge of a workforce — the fixes, the service history, the “how we actually do it” — so that knowledge stays with the organization even after the people who captured it move on. Your employer (the “Organization”) is the account holder; for workplace data you contribute, the Organization is the data controller and WorkLegacy acts as its processor. For this marketing website and for the personal account information you give us directly, WorkLegacy is the controller.

2. What we collect

a. This website

When you submit the “Request Beta Access” form, we collect the name, work email, company, message, and interest option you enter. The site does not use advertising cookies or ad pixels.

b. The application

When your organization uses WorkLegacy, we collect and store:

  • Account & profile: email address, full name, and — if you provide them — job title, department, location, years of experience, bio, and avatar image.
  • Organization membership: which organization you belong to, your role (admin, supervisor, contributor, viewer), and your status.
  • Content you author: posts, comments, upvotes, service records, asset and parts knowledge, attachments (photos, PDFs, videos), and direct messages you send to teammates.
  • Device & push data: a push notification token/identifier so we can deliver alerts to your device.
  • Technical & usage data: IP address, device and app version information, product-analytics events (for example, “post created,” “asset viewed,” “QR scanned”), and crash/error reports. Crash reports carry a stack trace that is automatically scrubbed of emails, tokens, and keys before it leaves your device or our servers.

3. How we use it

  • To operate the service — authenticate you, store and display the knowledge your organization captures, and route it only to your organization.
  • To send transactional email (invitations, login credentials, password resets, and responses to bug reports) and push notifications you’ve enabled.
  • To understand product usage in aggregate and to find and fix crashes and bugs.
  • To keep the service secure and enforce our Terms of Service.

We do not sell your personal information, and we do not share it with advertisers or hand it to third parties for their own marketing.

4. Service providers (sub-processors)

We run WorkLegacy on a small set of trusted providers who process data only on our instructions. Data is hosted in the United States.

ProviderPurposeData it handles
SupabaseAuthentication, database, file storage, and backend functionsAccount, profile, all app content, attachments, IP
PostHogProduct analytics & error/crash trackingUsage events, device/app info, scrubbed crash reports, a user identifier
OneSignalPush notificationsPush token/device identifier, your user ID
ResendTransactional email (invites, credentials, bug-report replies)Email address, message content
NetlifyWeb hosting for this site and the web appIP and standard web-server request logs

5. Retention & deletion

WorkLegacy exists to preserve organizational knowledge, so the two kinds of data are kept differently:

  • Personal information (name, email, avatar, bio, job title, phone, device tokens, direct messages) is kept until you or your organization delete it, and is then removed.
  • Knowledge content (posts, comments, upvotes, service records, and other contributions) is retained for the organization for the long term — this is the “legacy” the product is built to protect. When you delete your account, this content stays with your organization but is de-identified and re-attributed to “Former Employee,” so the knowledge survives without remaining tied to your personal identity.

You can delete your own account at any time from Settings → Danger Zone → Delete my account in the app. Doing so permanently removes your personal information and your ability to sign in, deletes your direct messages, and unsubscribes your device from push — while your knowledge contributions remain with the organization as anonymized “Former Employee” content. This cannot be undone. An organization can also request full deletion of its account and all associated content by emailing us.

6. Your rights

Wherever you live, you can:

  • Access the personal information we hold about you.
  • Correct inaccurate information (most profile fields are editable in-app under Settings → Edit Profile).
  • Delete your account and personal information (see Retention & deletion).
  • Object to or restrict certain processing, and request a copy of your data.

Because your employer is the controller of workplace data, some requests may be directed to or coordinated with your organization’s administrator. Email support@worklegacy.app and a real person will help. We don’t discriminate against you for exercising any of these rights.

7. California residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect (see Section 2) and how we use it (Section 3), the right to request access and deletion, and the right to correct inaccurate information. We do not sell or “share” your personal information as those terms are defined under the CCPA/CPRA, and we do not use it for cross-context behavioral advertising. You will not be treated differently for exercising these rights. To make a request, email support@worklegacy.app.

8. Europe & the UK (GDPR/UK GDPR)

If you are in the European Economic Area or the United Kingdom: for personal-account data, our lawful bases are performance of a contract (operating your account), our legitimate interests (securing, maintaining, and improving the service), and your consent where required (for example, push notifications). For workplace content, your employer is the controller and WorkLegacy is the processor acting under its instructions. You have the rights of access, rectification, erasure, restriction, objection, and portability, and the right to lodge a complaint with your supervisory authority. Data is processed in the United States; where required, transfers rely on appropriate safeguards such as the Standard Contractual Clauses. Contact support@worklegacy.app to exercise any of these rights.

9. Age requirement

WorkLegacy is a workplace tool intended for members of the working-age workforce. It is not directed at children, and you must be at least 16 years old to use it. We do not knowingly collect personal information from anyone under 16; if we learn we have, we will delete it.

10. Security

Each organization’s data is isolated from every other organization and is enforced at the database level (row-level security), so your people see your data and no one else’s. We use encryption in transit, access controls, and scrubbing of sensitive values from logs and crash reports. No system is perfectly secure, but we work to protect your information and to respond promptly if something goes wrong.

11. Changes to this policy

We’ll update this page if anything material changes and revise the effective date at the top. Significant changes will be communicated through the app or by email where appropriate.

12. Contact

Questions, requests, or concerns? Email support@worklegacy.app and a real person will answer.
Uhlmann Fabrication LLC · Commonwealth of Virginia, United States.