We're early. Here's what's true about WorkstyleIQ today, what we're building toward, and what's available now for your security and privacy team.
These aren't claims we plan to evidence later — they're properties of the architecture, verifiable in our source. Most of them are stronger than the certifications they would otherwise stand behind.
The sensor is engineered to keep what could identify you on your device. This is GDPR Article 25 made concrete: minimisation as default, not as setting.
Server-side, personal identifiers are opaque tokens. Only your workstation and your Microsoft Teams tenant can resolve them to a person — we cannot.
Cohort comparisons are computed from statistical aggregates (counts, sums, sums of squares) over cohorts of at least 5 people. Individual values are never stored. No peer can be reconstructed — by us, by you, or by anyone.
The sensor has no code path for screenshots, keystroke capture, screen recording, webcam access, or location tracking. These aren't disabled by a setting. They were never built.
Page titles stay on your device. The sensor translates them locally into safe app labels — “Slack”, “Gmail”, “VS Code” — and only those labels leave the device.
The sensor only initiates outbound connections to our cloud. Nothing listens on the endpoint.
Each tenant's data is encrypted with a tenant-specific key. One tenant's key cannot decrypt another tenant's data, even if the underlying storage were exposed.
All stored data is encrypted at rest using AES-256, including S3 server-side encryption, DynamoDB default encryption, and an application layer for sensitive identifiers.
The sensor connects to AWS IoT Core over MQTT 5 on a TLS-encrypted WebSocket (port 443) authenticated with AWS SigV4. TLS 1.2+, TLS 1.3 supported.
The sensor runs natively on Windows 11 and macOS 14+. Lightweight, compiled C++. No Linux build, no plans for one.
WorkstyleIQ Ltd. is registered with the UK Information Commissioner's Office. Registration number: CSN9543577.
Honest answer: all WorkstyleIQ telemetry currently resides in AWS us-east-1. The architecture is region-parameterised, but no EU or UK region is wired up yet.
We will stand up an EU/UK data region in 2027 in line with European customer demand. Until then, EU and UK customers should treat their WorkstyleIQ telemetry as transferred to the US under the EU-US Data Privacy Framework. Our DPA template (see “Available now, on request” below) covers the transfer mechanism, supplementary measures, and SCC fallback.
The mapping from opaque tokens back to real people stays in your Microsoft Teams tenant, regardless of where the telemetry rows live. We carry pseudonymous data; you hold the key.
We are pre-certification. We've chosen to be specific about target dates rather than hide behind “in progress.” If we miss a target, this page is where you'll see it.
Live now — Reg. number above
August 2026 — UK government scheme
Q4 2026 — Hands-on audit
Q1 2027 — Engagement Q3 2026
H2 2027 — Engagement Q3 2026
H2 2027 — Six-month observation post-Type 1
2027 — Following European customer demand
2028 — Sits on top of ISO 27001
For your security or privacy review, we can share the following under NDA:
Email trust@workstyleiq.com and we'll send the relevant documents within one business day.
WorkstyleIQ is designed to make the principles of GDPR easy to demonstrate, not just to assert. The architecture aligns with the relevant Articles of the regulation:
Article 5 (principles) — Lawfulness, fairness, transparency through clear in-product disclosure; purpose limitation through tenant-bound usage; data minimisation through on-device classification; accuracy through your direct control of your own metrics; storage limitation through configurable retention; integrity and confidentiality through the encryption and tenant isolation described above.
Article 4(5) (pseudonymisation) — Server-side individual data is pseudonymous as defined in the regulation. We do not hold the identifier mapping.
Article 15–21 (data subject rights) — Right to access, rectification, erasure, restriction, portability, and objection are honoured via configuration-level per-user controls and automated deletion routines.
Article 25 (data protection by design and by default) — The minimisation outcomes are properties of the architecture, not configuration choices.
Article 32 (security of processing) — Per-tenant encryption, AES-256 at rest, TLS in transit, immutable consent logging.
Workplace AI sits under the EU AI Act's high-risk classification framework. We are tracking the regulation's phased obligations and designing the product to support transparency, human oversight, and consent-first interaction.
We do not yet assert EU AI Act compliance. We will publish a formal compliance statement once our outside counsel has reviewed our position and the relevant obligations are in force.
A lightweight, compiled-C++ component for Windows 11 and macOS 14+. It measures the shape of your working day without watching its content.
The sensor only initiates outbound connections to our cloud. There are no open inbound ports on endpoints, no direct database access for users — everything is mediated by secure APIs and IAM roles with least-privilege policies.
No screenshots. No keystroke logging. No screen recording. No webcam access. No location tracking. No email content scanning. No browsing history. These capabilities were never built — they don't exist as disabled features.
Every consent request, acceptance, denial, and revocation is immutably logged with timestamps in an append-only store. No silent access, no backdoors, no administrative overrides.
Organisations set their own retention periods. When data expires, records are automatically purged from active storage via DynamoDB TTL; backup snapshots age out per AWS's standard retention. Deletion confirmation is available on request to support audits and data subject access requests.
The sensor is engineered in C++ for minimal resource usage — negligible CPU and network impact even on older hardware. Data is buffered and sent in small packets. It runs natively on Windows 11 and macOS 14+. A lightweight sensor is a secure sensor: users have no reason to tamper with it.
In transit. The sensor connects to AWS IoT Core over MQTT 5 on a TLS-encrypted WebSocket (port 443) authenticated with AWS SigV4. TLS version is negotiated with AWS IoT Core (TLS 1.2 minimum, TLS 1.3 supported).
At rest. All stored data is encrypted at rest using AES-256: S3 server-side encryption, DynamoDB default encryption, and an additional application-layer envelope for sensitive identifiers and tokens.
Per-tenant keys. Each tenant's data is encrypted with a tenant-specific 256-bit key derived per tenant. One tenant's key cannot decrypt another tenant's data. The master secret used in key derivation is stored in AWS Secrets Manager.
WorkstyleIQ includes a built-in Security Specialist AI assistant that can answer any question about how your data is collected, stored, processed, and protected — in real time, right inside Teams. No support tickets. No waiting. Transparency on demand.
For anything the assistant can't answer, or to request the documents above, email trust@workstyleiq.com. For data subject requests, see our Privacy Notice.