How is our pack's data protected?

Encrypted in transit and at rest. Aggregated for managers. Individual answers stay with individuals.

Three principles drive how we handle workplace data.

1. The honest view, not the surveilled view

Managers and admins never see who said what in a pulse or check-in. They see the distribution — the shape of the room. The only person who can read a packmate's individual mood log is that packmate.

2. Encrypted everywhere

In transit: TLS 1.2+ on every request, HSTS preload
At rest: AES-256 on the database
Client storage: localStorage for non-sensitive UI state only; auth tokens use httpOnly cookies

3. You own the data; we just hold it

Export-on-request is available to all workspace admins.
Deletion-on-request is binding within 30 days.
We never sell, share, or use workspace data to train AI models.

Where to read more

/security — Full security overview, sub-processor list, incident process
/privacy — The privacy policy itself
/trust — Security posture, certifications in progress

Top tips

Make the most of this feature

1
Share the /security and /trust pages with your IT or legal team when they ask about data handling.
2
The data deletion process is self-serve in /admin/settings — no support ticket needed.
3
Individual check-in data is private by design, not by configuration — it can't be exposed, even by support.

Keep reading

How billing works
Per-seat pricing, monthly or annual, 14-day free trial. Cancel anytime, packmates keep their data.

Still stuck?

We'd rather hear from you than have you guess. Real human, one working day.

Email the team Browse all articles