SiWorks
Legal · Privacy

Privacy Policy

This policy explains how SI WORKS INC handles personal information across the SiWorks platform — what we collect, why we collect it, how long we keep it, and how to ask us to change or delete it.

Effective April 30, 2026Version 1.0Owner SI WORKS INC

1. Who we are

SI WORKS INC (“SiWorks”, “we”, “us”) is a Washington corporation headquartered in Bellevue, WA. We operate the SiWorks platform — a multi-tenant marketing and customer-engagement system delivered to business customers under a B2B Master Subscription Agreement.

For platform-administered data (the data your customer uploads or generates inside the platform), the customer is the data controller and SiWorks is the data processor. For our marketing site (siworks.com), corporate website, and direct prospect interactions, SiWorks is the controller.

2. What we collect

From customers and their authorized users

  • Account data: name, work email, role, and authentication identifiers managed by Firebase Auth.
  • Usage telemetry: pages viewed, actions taken, IP address, user-agent — used to operate the service, detect abuse, and compute audit log entries.
  • Support and billing communications, plus any documents you upload during onboarding.

From customer records inside customer tenants

  • Customer-uploaded customer data including names, mobile numbers, email addresses, visit history, reservation details, survey responses, call logs, transcriptions, and recordings.
  • Customer Proprietary Network Information (CPNI) where the customer is an AT&T Authorized Retailer. Access to CPNI inside the platform is gated, logged, and exportable.

From visitors to siworks.com

  • Standard server logs, cookie identifiers, and any information you submit through demo-request forms or email.

3. Why we collect it

  • To deliver the contracted services and operate the platform.
  • To meet legal and regulatory obligations including TCPA, A2P 10DLC, CPNI, and state privacy law.
  • To prevent abuse, fraud, and security incidents.
  • To support, bill, and communicate with our customers.
  • To improve the platform — limited to product analytics that do not identify individual end customers.

4. How long we keep it

Tenant data is retained for the duration of the active subscription and a 30-day post-termination grace period, after which it is deleted from BigQuery, Firestore, and Google Cloud Storage on a documented schedule. Audit logs are retained for a minimum of 24 months in accordance with AT&T Records Destruction guidance. Backups roll off within 35 days. Specific retention windows can be adjusted under the customer's Data Processing Agreement.

5. Where we store it

All production data is stored in Google Cloud (region us-west1) using BigQuery, Firestore, Cloud Storage, and Secret Manager. Authentication is provided by Firebase Auth. Compute runs on Cloud Run behind Cloud Armor with Workload Identity Federation. We do not transfer production tenant data outside the United States.

6. Who we share it with

We only share personal information with subprocessors necessary to deliver the platform — Google Cloud Platform (infrastructure), Firebase (identity), Twilio (voice and messaging), AssemblyAI and OpenAI / Anthropic (transcription and AI inference, opt-out available per tenant), Stripe (billing, when activated). A current list of subprocessors is maintained in the DPA appendix and is available on request.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

7. Your rights

End customers whose data is processed by SiWorks on a customer's behalf should direct rights requests (access, correction, deletion, portability, opt-out of sale or sharing) to the customer. Where permitted by law, you may also contact us directly at hello@siworks.us and we will route the request to the appropriate controller within 10 business days.

Customer users may exercise rights over their own account data by emailing us at the address above.

8. Security

Defense in depth — Cloud Armor WAF, Firebase Auth with TOTP MFA, granular RBAC, field-level masking on PII, immutable audit logging, secret rotation via Secret Manager, daily Firestore backups, and BigQuery snapshots. See the Data Processing Agreement for the full controls list.

9. Children

SiWorks is a B2B platform and is not directed to children under 13. We do not knowingly collect personal information from children.

10. Contact

Privacy questions, complaints, and rights requests:
SI WORKS INC
Bellevue, WA
hello@siworks.us

11. Changes

We will post material updates here and notify customer admins by email at least 30 days before they take effect.