Skip to main content
At Windmill, privacy and security are at the core of what we do. We act as a central hub for your cloud service providers, integrating them into a single place to help improve company efficiency and operations.

What Windmill collects

Windmill connects to your authorized business applications through their APIs. We only collect data that’s necessary to provide our service and only from systems you explicitly authorize. From your HRIS (HR system) We collect basic organizational data to build your org chart and roster:
  • Employee first name
  • Employee last name
  • Employee email
  • Employee manager/reporting structure
What we do NOT collect from HRIS
  • Payroll information
  • Addresses, Social Security Numbers, or other forms of PII
  • Employment contracts
  • Benefits information
From connected productivity tools When you connect tools like Slack, Google Workspace, GitHub, Jira, or Linear, we collect activity data that helps Windy understand collaboration patterns and generate insights. The specific data collected depends on which integrations you enable.

No browser installations

Windmill does NOT install anything on employee computers or in browsers. We only connect with the APIs of explicitly authorized business applications.
  • Windmill does NOT track anything directly and is limited to the APIs of business applications
  • We collect as little or as much as authorized by the business owner
  • Windmill simply pieces together data that already exists in your connected systems

Privacy and access controls

Permission mirroring Windmill mirrors the settings across your systems to ensure we adopt the same access and permissions already implemented by your team. You’ll only see information you already have permission to access in the source application. Org chart-based access Windmill is built around your org chart. Only your manager (or managers) will have access to your data in Windmill. If you don’t manage anyone, you’ll only have access to your own information. User delegation Admins can delegate access permissions to another user in Windmill. When you delegate access, you’re granting another individual from your org access to a user’s Windmill account. Delegated users have access to everything the original employee sees in Windmill. However, this does NOT alter privacy settings for Google meetings or Google Docs—if a user doesn’t have access to a Google Doc or meeting, they still won’t have access or visibility within Windmill.
Delegating access takes about an hour to go into effect. Only Windmill Admins can add or edit delegated users.

Historical data

When you connect systems, the amount of historical data varies by integration. The default is one week of data. If you need more than one week of historical data, let us know during onboarding or reach out via your shared support Slack channel.

Data retention

Windmill retains data from customers as long as they have an active engagement with Windmill. You have the right to request complete data deletion after ending an engagement with Windmill.

Additional resources

For more detailed information about our privacy practices: