Security, Privacy, and How Workmate Protects Your Data
Last updated: March 16, 2026
Security and privacy are foundational to how Workmate is built and operated. Because Workmate interacts with your email and calendar to coordinate meetings, the platform is designed to follow strict security practices that protect your data and limit access only to what is necessary.
This article outlines the key security principles and protections used by Workmate.
CASA Compliance
Workmate follows the Cloud Application Security Assessment (CASA) framework.
CASA is an industry security standard created by the App Defense Alliance, an initiative supported by companies such as Google, Meta, and Microsoft. It provides a standardized set of requirements to ensure that cloud applications handle user data securely.
The framework is based on the OWASP Application Security Verification Standard (ASVS) and evaluates whether applications implement strong security controls for handling sensitive data.
CASA assessments are designed to:
Identify potential security vulnerabilities
Validate secure handling of user data
Ensure strong security practices in cloud applications
These evaluations are performed through structured security assessments and periodic reviews.
SOC 2 Type II
Workmate is currently working toward SOC 2 Type II certification.
SOC 2 is a widely recognized security standard used by technology companies to demonstrate adherence to strong controls for protecting customer data.
SOC 2 evaluations typically review areas such as:
Security controls
Data access policies
System monitoring
Incident response processes
Achieving SOC 2 certification requires independent third-party auditing of these operational practices.
Encryption
All data transmitted between Workmate and connected services is protected using TLS 1.3 encryption.
Encryption helps ensure that information moving across networks remains secure and cannot be intercepted or read by unauthorized parties.
Workmate also encrypts data at rest, adding an additional layer of protection for stored information.
Minimal Data Collection
Workmate follows a minimal data access principle.
The system only accesses the information necessary to coordinate meetings, such as:
Scheduling-related email content
Calendar availability
Meeting details required to create events
Workmate does not retain unnecessary data and does not share user data with undisclosed third parties.
AI Privacy
Workmate uses AI models to understand scheduling requests and coordinate meetings.
Your data is not used to train AI models.
Instead, Workmate uses privacy-preserving approaches that allow the system to process scheduling requests without using customer data to improve the underlying models.
Principle of Least Privilege
Workmate follows the Principle of Least Privilege, a common security best practice.
This means that team members and internal systems receive only the minimum access required to perform their roles.
Access controls help ensure that:
Internal systems cannot access unnecessary information
Human reviewers only see the information required to resolve a scheduling request
Sensitive data exposure is minimized
You Own Your Data
Your data remains yours.
Workmate acts as a data steward, meaning it processes information only to perform the scheduling tasks requested by users.
Workmate does not claim ownership of customer data and does not use it beyond the purpose of coordinating meetings and supporting the product’s functionality.