Even though the Porsche Desk app is currently a demo, the technology that moves data in the Backend is well-established. In a variety of different applications, our "Work-API" is trusted by hundreds of businesses.

We take our responsibilities regarding your data very seriously, and have built both the app and the API around data privacy at its core from the start.

How it works: An example

How and where is my data used?

Your Content:

• We fetch and display your content (e.g. emails, calendar events) solely for the work process you request.

• When you connect integrations to your account, we do not see your username and password. We receive a token from the tool provider (e.g. Gmail) that gives us the permission to access the content you request.

• When you remove an integration (and/or delete your account) the token is no longer valid and we can no longer access the corresponding content.
  

Account Data:

• When you create an account we receive the personal info you provide (e.g. your name or email address) and solely use it for the provision of the service.

• When you delete your account, all that data will be irretrievably deleted.

What happens with my passwords?

Passwords for different work tools:

• At initial setup you enter your passwords for your different accounts (e.g. Gmail, Outlook Calendar) exclusively on the pages of the tool provider (e.g. Google, Microsoft 365).

• We neither see any passwords for any of your tools, nor do we store them.

• After you established the connection we receive an access token from the tool provider (Info see below).
  

Passcode for the Porsche Desk account:

• Independent from your passwords for your tool accounts, at first registration you set up a six-digit passcode for the Porsche Desk app, that (in combination with your account name) provides access to the Porsche Desk app.

Providing access - What does that allow you to do?

• We receive an access token from the tool provider for each integration that you connect to the Porsche Desk app.

• These access tokens allow this specific app only to perform the work processes (fetch email list, create event, ...) on your behalf.

• To keep the triangular setup secure, the tokens are secretly exchanged between the user, the tool provider and us, and last only for an hour.

Revoking access - What can you still do with my content?

• You can at any point revoke the Porsche Desk app's access to your content.

• You can do this from inside the app
  e.g. by deleting your Porsche Desk account
  e.g. by removing an integration

• You can also revoke permissions for any third party app from your account provider
  e.g. for Google accounts: https://myaccount.google.com/u/1/security

• After you revoke access the app immediately loses access to your connected accounts.

What information do you hold on me?

• Account info: Information you provided when you created the account, such as your name or email address.

• Access tokens for your different integrations, where provided (and not revoked).

• We monitor anonymized usage data to help improve the app and for security purposes.

Where is your service hosted?

• We use AWS (Amazon Web Services) for everything, with servers in the European Union.

• AWS security measures are second to none and can be seen here.

What security measures do you have in place?

The following is a selection of the measures we employ.

• Content remains hosted by content providers
  

• No server-side caching
  

• Isolation of services
  

• No plain text communication whatsoever: everything encrypted; data encrypted at rest (in DB)
  

• Exceeding content providers’ security requirements (e.g. Gmail OAuth)
  

• Monitoring for "unusual activity" (e.g. changes of access location or timing)
  

• Regular and thorough independent security assessments / penetration tests

Can there still be a breach?

• Through a series of measures we minimize the risk of a breach and we minimize the implications of a breach, should they occur.

• We go through a series of assessments and constantly review our own solutions.

• Being a business ourselves with our own sensitive data, we understand any concerns you may have. We were in the same position and worked hard to make our system secure, before we connected our own real accounts.

What is Work-API's Privacy Policy and Terms of Use?

• Please find the Privacy Policy here: https://www.work-api.com/privacy/

• The Terms of Use can be found here: https://www.work-api.com/terms/

How am I protected?

• Beyond our own actions and precautions, your local laws and regulations protect you and the use of your data by third parties.

• As one example, in the European Union, the service is subject to the "General Data Protection Regulation" (GDPR), amongst others.