1. Overview
WorkOnward Reach is an email-infrastructure platform. To run the service we need to process some information about you, your team, and the emails your team sends. We collect only what we need, we store it securely, and we never sell personal information.
This policy applies to the website at send.gitdate.ink, the dashboard, the public API, and the SMTP service.
2. Information we collect
Account information. Name, email address, password hash (if you sign up with a password), or OAuth identifier (if you sign up with Google/GitHub), and the workspaces you belong to.
Workspace metadata. Workspace name, mailbox and provider configuration, AWS region selection, team-member list, and roles.
Encrypted credentials. When your workspace connects an AWS SES account, the AWS access keys are encrypted at rest using AES-256-GCM and decrypted only when required to send email or refresh SES status.
Email metadata. Sender, recipient, subject, message ID, status (queued / sent / delivered / bounced / complained), timestamps, and SES feedback events. Message bodies are stored only as long as required for product operation, configured retention, or legal/security needs.
Product usage. Pages visited inside the dashboard, feature toggles, API request metadata (IP, endpoint, status code, latency), and webhook delivery attempts.
Support communications. Messages you send us, attachments, and contact information.
3. How we use information
We use information to (a) operate and secure the service, (b) authenticate users and enforce tenant isolation, (c) send you transactional emails about your account, (d) monitor deliverability and platform reputation, (e) detect and prevent abuse, and (f) provide support.
We do not use the contents of emails you send through the platform for advertising, model training, or any purpose unrelated to delivering the service.
4. Legal basis (GDPR)
If you're in the EU/EEA/UK, we rely on the following lawful bases under GDPR:
Contract — to provide the service you signed up for. Legitimate interests — to keep the platform secure, prevent abuse, and improve the product. Consent — for any optional analytics or marketing communications, where you can withdraw consent at any time. Legal obligation — to comply with tax, accounting, and similar requirements.
5. Sharing and subprocessors
We do not sell personal information. We share information with the following categories of service providers, each bound by data processing terms:
Hosting & infrastructure — DigitalOcean, AWS (compute, storage, S3, SES). Data location depends on the region your workspace selects.
Email delivery — AWS SES accepts and delivers the actual messages. If you bring your own SES account, AWS is your data processor directly.
Analytics — privacy- friendly product analytics (no third-party ad networks).
We may disclose information if required by law or to protect the rights, property, or safety of WorkOnward, our users, or the public.
6. Data retention
We keep account information for as long as your account is active. Email logs, events, and webhook calls follow the retention settings configured for the service, unless a longer period is required for security, abuse prevention, or legal obligations.
When you delete your account, we delete account information within 30 days, with limited exceptions for legal, security, and accounting records.
7. Security
Data is encrypted in transit (TLS 1.2+) and at rest. AWS credentials are encrypted with a dedicated symmetric key (AES-256-GCM) that is never logged, exposed via the API, or sent to the browser. The encryption key is stored in our production secret store, separate from the database.
We follow the principle of least privilege internally: production access is restricted, audited, and revoked when no longer needed. We run automated dependency scanning and address known vulnerabilities promptly.
8. Your rights
Depending on where you live, you may have rights to access, correct, export, restrict processing of, or delete your personal information. To exercise these rights, email info@workonward.com from the address tied to your account. We respond within 30 days.
You can also lodge a complaint with your local data-protection authority if you believe we've mishandled your information.
9. International transfers
We're based in the United States. If you're in another country, your information may be transferred to and processed in the U.S. and in the AWS region your workspace selects. We rely on Standard Contractual Clauses for transfers from the EU/EEA/UK to the U.S.
If you have residency requirements, choose an AWS region in your region of preference when creating workspace SES configuration.
10. Changes to this policy
We'll update this page when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced via email or in-product notice before they take effect.
11. Contact
For privacy questions, email info@workonward.com. You can also write to:
WorkOnward, Inc.
124 E 14th St
New York, NY 10003
United States