Skip to main content
Windmill is designed to work with the data that already exists in your business systems. This page explains what personally identifiable information (PII) Windmill collects and the conditions under which it’s stored.

The core principle

Windmill stores the data your organization makes available to it—no more and no less. If you connect a system to Windmill and grant access to certain data, Windmill will store and process that data to provide its services. If data is private or restricted in the source system, Windmill does not have access to it.

What Windmill collects from HRIS

From your HR system, Windmill collects the following employee information:
  • First and last name
  • Email address
  • Job title
  • Department or team
  • Manager and reporting structure
  • Gender (if provided by your HRIS)
What Windmill does NOT collect from HRIS:
  • Social Security Numbers (SSNs)
  • Credit card numbers
  • Bank account numbers
  • Payroll information
  • Benefits information
  • Employment contracts
These fields are never requested or stored, even if your HRIS system contains them.

What Windmill collects from other integrations

When you connect productivity tools like Slack, Google Workspace, GitHub, Jira, or Linear, Windmill stores the data it has access to. This can include PII if users have shared it in those systems. Examples of when Windmill would store PII:
  • If someone posts a credit card number in a Slack channel where Windy is present, Windmill stores that message
  • If you send PII to Windy in a direct message, Windmill stores it
  • If you add sensitive information to private notes or 1:1 agendas in Windmill, Windmill has access to it
  • If background checks, application materials, or other sensitive documents are stored in a Google Drive that Windmill has access to, Windmill may store that content
Examples of when Windmill would NOT store PII:
  • If a document is in a Google Drive that isn’t connected to Windmill, Windmill cannot see it
  • If a Slack channel is private and Windy is not added to it, Windmill does not have access
  • If files are stored in systems you haven’t connected to Windmill, Windmill cannot see them

Controlling what Windmill accesses

You have control over which integrations are connected and what data they can access. For certain integrations, you have granular control over what Windmill can see:
  • Slack: Choose which channels Windy is added to
  • Google Workspace: Choose which Shared Drives Windmill has access to
This behavior is functionally equivalent to connecting any third-party system to your business tools—Windmill stores what you choose to share.

How Windmill protects all data

Windmill treats all customer data as critical to your business operations. Learn more about our security measures: For additional information, review our Privacy Policy or contact support@gowindmill.com.