Privacy and Security at Workorb AI: Controls, Compliance, and a Customer Data Playbook

April 29, 2026

Why Security and Privacy Are the First Question, Not the Last

For AEC firms, the deciding question on a new pursuit platform is not whether it generates good drafts. It is whether the firm's most sensitive content — past performance, fee data, project relationships, safety records — is handled in a way the firm can describe to a client, an auditor, or a regulator. Workorb AI is built so the privacy and security answer is the easy one.

Workorb's security posture — SOC 2 Type II alignment, role-based access controls, full-cycle data lifecycle management, and a published customer data playbook — is built so AEC firms can adopt AI without expanding their risk surface.

An AI platform that cannot describe its data handling will never make it through procurement.

Access, Identity, and Role-Based Permissions

Workorb integrates with the firm's identity provider for single sign-on and supports granular role-based permissions. Access is structured around the firm's actual organizational reality:

  • Pursuit-level access keeps client-confidential drafts inside the right team.
  • Practice-area scoping ensures content is segmented by business unit when required.
  • Reviewer roles can be limited to read or comment without granting edit rights.
  • Every access event — view, edit, export, share — is logged for governance review.

Every access event in Workorb is governed, logged, and reversible.

Encryption, Retention, and Data Lifecycle

Workorb encrypts data at rest and in transit using industry-standard cryptography, with key management aligned to enterprise requirements. Data retention follows a documented schedule that respects both firm policy and client confidentiality terms — including end-of-engagement deletion paths and verifiable destruction certificates where required. The data lifecycle is a managed process, not a side effect.

Data is protected at rest, in transit, and through retirement.

SOC 2 Type II Alignment and Audit Readiness

What SOC 2 Type II alignment means in practice for AEC clients.

Workorb maintains SOC 2 Type II alignment across security, availability, processing integrity, confidentiality, and privacy criteria. Customers receive audit summaries on request and can review controls during procurement. For firms supporting public-sector or critical-infrastructure clients, this alignment is foundational — both for the firm's own compliance commitments and for the security questionnaires that increasingly accompany pursuit qualifying processes.

A Published Data Handling Playbook

Workorb publishes the playbook so firms know exactly what to expect.

Workorb's customer data handling playbook describes — in plain language — what the platform does with firm content, how access is controlled, what triggers an incident response, and what third-party risk reviews have been completed. The playbook is the operational expression of the platform's privacy and security commitments. It exists so the answer to a procurement question is never improvised.

Want the security playbook for your IT review? Request Workorb's privacy and security overview.