Trust

Trust is a contract,
not a banner.

Worxflow is a small company. Shop owners trust us with their customers' data. Here's what we built to deserve that trust — in the architecture, not in the marketing.

01

Your data is yours.

We sign this promise on Day 1:

  1. 1

    Five business days from cancellation: full data export to you in CSV format. Every customer, every vehicle, every repair order, every job, every message.

  2. 2

    Ten business days from cancellation: signed confirmation that every byte has been wiped from our systems, with the list of what we wiped and when.

  3. 3

    No exit fee. No retention pitch. No survey of why you're leaving.

  4. 4

    The cancellation can come from us, too. Same promise. Same timeline.

02

Where your data lives.

Storage

  • Your shop's database → US server (we operate)
  • Vector indexing → same US server
  • Call recordings → same US server
  • Backups (encrypted) → same US server, weekly offsite

Processing

  • Cloud-routed automation → Anthropic (US datacenters)
  • Not used for model training
  • 30-day retention by default
  • Edge-routed automation → GPU in Illinois (we operate)

What we don't do

  • · We don't route to OpenAI for any production task today.
  • · We don't route to any non-US datacenter.
  • · We don't sell, share, or sublicense your data to any third party for any purpose other than processing your own queries.

03

STOP means stop. Within 50 milliseconds.

The FCC requires 24 hours. We do it instantly.

When your customer texts STOP, our system does three things on the same inbound webhook tick:

  1. 1 Adds the number to our internal do-not-call list (5-year TCPA retention)
  2. 2 Revokes their SMS consent record
  3. 3 Cancels every queued message for that customer — transactional AND marketing

Latency: 47ms typical. ~1.7 million × faster than the FCC's tolerance.

04

Customer-facing messages are owner-approved.

We send nothing in your voice until you read every template, edit anything you don't like, and sign off. Day 7 of onboarding includes a 30-minute owner-approval ceremony.

Together we walk through 7 SMS templates and 4 email templates. You approve each one before it ever sends. Templates change only with your written re-approval. Every send is logged with the template hash, your approval date, and your countersignature.

05

Compliance posture.

TCPA + 10DLC

Six-gate evaluation at send time. Quiet-hours timezone-aware. Frequency cap. DNC honored across both transactional and marketing.

CAN-SPAM + Gmail/Yahoo 2024

RFC 8058 one-click unsubscribe. In-body link in every send. Synchronous opt-out write. Polymorphic recipient handling.

Call recording

13 all-party-consent states auto-flagged. Recording-consent prompt plays before audio capture. Customer can hang up to opt out.

06

SOC 2.

Not yet.

SOC 2 makes sense when we have multi-location or enterprise customers — neither today. When a specific deal requires it, we'll engage with one of Vanta / Drata / Secureframe and follow the standard playbook.

What we DO have, listed above. If you specifically need SOC 2 for your purchasing process, let's talk about timing.

Book a 15-min demo Email hello@worxflow.io