Workmaster is the faster, no code app builder for everyone, and it helps you create business apps that run on mobiles and desktops. No programming or knowledge of HTML is needed.

How does Workmaster save you time and money?

It's free to build your app on the platform, and in 3 easy steps, you can have your app up and running. To upgrade, you have the choice of affordable pricing plans.

Can Workmaster apps integrate with my existing systems?

Yes, you can upload your existing data into Workmaster and download it from Workmaster as well. We provide connectors to integrate with many online services.

What businesses can benefit from the Workmaster platform?

Workmaster is a versatile platform that can build apps tailored to fit the needs of entrepreneurs, start-ups, and SMEs across business segments.

Data Processing Agreement

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions between Workstream Automation Limited (“Workstream”), operating the no-code application development platform Workmaster (“Service”), and the User (“Controller”), collectively referred to as the Parties.

1. DEFINITIONS

1.1. “GDPR” means the General Data Protection Regulation (EU) 2016/679.

1.2. “U.S. State Privacy Laws” means all applicable U.S. state laws governing the collection, use, disclosure, and other processing of Customer Personal Data by Workmaster in the context of providing its services, including, without limitation, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (“CCPA”); the Colorado Privacy Act; the Connecticut Data Privacy Act; the Utah Consumer Privacy Act; and the Virginia Consumer Data Protection Act; as well as any other similar U.S. state privacy laws that may come into effect from time to time.

1.3. “Personal Data” means any information relating to an identified or identifiable natural person processed by the Workmaster on behalf of the Controller.

1.4. “Processor” means Workmaster.

1.5. “Processing” means any operation performed on Personal Data as defined under GDPR Article 4(2).

1.6. “Subprocessor” means any third party engaged by Workmaster to process Personal Data on behalf of the Controller.

1.7. “Data Subject” means an individual whose Personal Data is processed.

1.8. “Controller” means the natural or legal person, public authority, agency, or other body that determines the purposes and means of processing Personal Data.

2. SCOPE AND PURPOSE OF PROCESSING

2.1. Workmaster processes Personal Data solely to provide the Workmaster platform to the Controller and as per instructions from the Controller.

2.2. The types of Personal Data processed include, but are not limited to: names, contact information, user-generated content, and application metadata.

2.3. Workmaster shall not process Personal Data for any other purpose unless required by law. Workmaster shall immediately inform the Controller if it believes an instruction violates GDPR.

3. OBLIGATIONS OF WORKMASTER (PROCESSOR/SERVICE PROVIDER)

3.1. Workmaster shall implement appropriate technical and organizational measures (e.g., encryption, access controls) to ensure the security, confidentiality, integrity, and availability of Personal Data, aligned with GDPR Article 32 and the “reasonable security” requirements under applicable US State Privacy Laws.

3.2. Workmaster shall ensure that its personnel authorized to process Personal Data are subject to confidentiality obligations, whether under contract or law.

3.3. Workmaster shall promptly notify the Controller of any actual or suspected Personal Data breach, in accordance with GDPR, UK GDPR, and applicable US State Privacy Laws (including any required breach notifications under the CCPA or similar laws).

3.4. Workmaster shall assist the Controller in responding to Data Subject rights requests under GDPR (e.g., access, rectification, deletion) and, where applicable, consumer rights requests under US State Privacy Laws (e.g., access, deletion, opt-out of sale or sharing).

3.5. Where required under GDPR, Workmaster shall assist the Controller in conducting Data Protection Impact Assessments (DPIAs) and engaging with supervisory authorities under Articles 35–36. Where applicable under US State Privacy Laws, Workmaster shall cooperate with the Controller to support risk assessments or regulatory inquiries.

3.6. Workmaster shall maintain appropriate records of processing activities as required under GDPR Article 30(2) and any applicable recordkeeping obligations under US State Privacy Laws.

4. SUBPROCESSORS

4.1. Workmaster may engage Subprocessors to support the delivery of its Services, provided that such Subprocessors adhere to the requirements set forth under applicable data protection laws, including the EU GDPR, UK GDPR, and U.S. State Privacy Laws such as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and any other relevant state privacy legislation.

4.2. A list of current Subprocessors is provided in Appendix A.

5. CONTROLLER OBLIGATIONS

5.1. The Controller ensures Personal Data provided to Workmaster is collected and processed lawfully.

5.2. The Controller is responsible for obtaining necessary consents from Data Subjects under GDPR.

5.3. The Controller shall provide Workmaster with documented, lawful instructions for processing.

6. SECURITY AND COMPLIANCE

6.1. Workmaster shall implement and maintain appropriate technical and organizational security measures in accordance with Article 32 of the GDPR, as well as applicable requirements under U.S. privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA). These measures shall ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

6.2. Applications are strictly prohibited from monitoring, intercepting, or analyzing data or network traffic of any System without explicit prior written authorization, in accordance with applicable data protection and privacy regulations, including but not limited to the GDPR, CCPA/CPRA, and other relevant U.S. state privacy laws.

6.3. Applications must not access, interact with, or attempt to use any network, hardware, or software without proper authorization. This includes any attempts to probe, scan, test for vulnerabilities, or bypass security and authentication measures of a System. Such unauthorized access may constitute a violation under applicable cybersecurity, privacy, and consumer protection laws.

6.4. The Controller may conduct audits (with 30 days’ advance written notice) to verify compliance with this Agreement and with applicable data protection and privacy laws. Audits shall be at the Controller’s expense unless material non-compliance is found, in which case Workmaster shall bear reasonable costs of the audit.

6.5. Except for the legitimate use of aliases and anonymous remailers permitted under applicable law, applications must not forge, manipulate, or misrepresent TCP-IP packet headers, email headers, or any other part of a message related to its origin or routing. This includes actions that may constitute violations of U.S. consumer protection and privacy laws or regulations related to fraud, data integrity, or misrepresentation.

7. DATA TRANSFERS

7.1 International Data Transfers (Outside the EEA):

Transfers outside the European Economic Area (EEA) shall comply with GDPR Chapter V. Workmaster shall use EU Standard Contractual Clauses (SCCs) (attached in Appendix B) or other approved mechanisms.

7.2 US State Privacy Compliance:

Where Workmaster processes Personal Data of individuals residing in the United States, it shall comply with applicable U.S. State Privacy Laws, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA). For such processing, Workmaster acts as a “Processor” or “Service Provider” (as defined under applicable law) and shall:

a) Process Personal Data solely on behalf of and in accordance with the instructions of the Controller.
b) Not sell or share Personal Data as defined under relevant laws.
c) Not retain, use, or disclose Personal Data for any purpose other than as necessary to provide the Services.
d) Provide assistance to the Controller to enable compliance with data subject rights, including access, deletion, and opt-out requests, where applicable.
e) Notify the Controller without undue delay of any unauthorized access, use, or disclosure of such Personal Data.

8. DATA RETENTION AND DELETION

8.1. Workmaster will retain Personal Information only for as long as necessary to deliver the Service, unless a longer retention period is mandated or permitted by applicable law (e.g., for regulatory compliance purposes).

8.2 Workmaster shall assist the Controller in fulfilling its obligations under applicable privacy laws, including responding to requests for deletion of Personal Data in accordance with the rights granted to data subjects under the GDPR, CCPA, CPRA, and other applicable state laws.

9. LIABILITY AND INDEMNIFICATION

9.1. Workmaster is liable for damages caused by its breach of GDPR obligations and applicable U.S. State Privacy Laws.

9.2. The Controller shall indemnify Workmaster against claims arising from the Controller’s non-compliance with the GDPR, CCPA, CPRA, or other applicable state privacy laws.

9.3. Liability is mutual and limited to direct damage under this DPA, with consideration for both GDPR and U.S. state law breaches.

10. TERM AND TERMINATION

10.1. This DPA remains effective while Workmaster processes Personal Data on behalf of the Controller in compliance with the GDPR and applicable U.S. State Privacy Laws.

10.2. Either party may terminate this DPA in the event of a material breach of its terms, including violations of applicable data protection laws, provided the breaching party fails to cure the breach within thirty (30) days of receiving written notice.

11. CONTACT INFORMATION FOR DATA PROTECTION

If you have any questions regarding how Workmaster processes your personal data or if you wish to exercise your data protection rights, you can contact our Data Protection Officer (DPO) at:

Email: legal@workmaster.ai

12. GOVERNING LAW AND JURISDICTION

12.1. Governing Law: This Data Processing Agreement (DPA) shall be governed by and construed in accordance with the laws of England and Wales, including the UK GDPR and the Data Protection Act 2018. For data processing activities subject to U.S. State Privacy Laws (e.g., CCPA/CPRA, VCDPA, CPA), such laws shall apply to the extent required. 12.2. Jurisdiction: Any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where applicable U.S. State Privacy Laws require adjudication or enforcement in U.S. jurisdictions. 12.3. Compliance with EU and U.S. Laws: If Workmaster processes the Personal Data of data subjects located in the European Economic Area (EEA) or applicable U.S. states, it agrees to comply with the EU GDPR, relevant U.S. State Privacy Laws, and, where required, appoint a representative in the EU or the relevant U.S. jurisdiction.

Appendix A – List of Subprocessors

(The services listed below may process end user data.)

Microsoft Azure
MongoDB Atlas
Discourse
GitBook
N8N
OpenRouter
Fastlane (for mobile builds)
GitHub
Pinecone
Zapier

Appendix B – Standard Contractual Clauses (SCC)

Incorporation of SCCs

1.1 This Appendix incorporates the EU Standard Contractual Clauses (SCCs) as the legal mechanism for transferring Personal Data outside the European Economic Area (EEA) in accordance with Chapter V of the General Data Protection Regulation (GDPR) (EU) 2016/679.

1.2 The SCCs shall apply between Workmaster (Processor) and the Controller, ensuring compliance with GDPR when Personal Data is transferred to jurisdictions that lack an adequacy decision from the European Commission.

Applicability of Modules

2.1 The following SCC Modules shall apply based on the roles of the parties:

Module 2: Controller to Processor – When the Controller transfers Personal Data to Workmaster for processing.
Module 3: Processor to Sub-Processor – When Workmaster engages third-party Subprocessors for data processing outside the EEA.

Key Provisions of SCCs

- Obligations of the Data Exporter (Controller)

Ensure that Personal Data transferred is limited to the necessary scope and is lawfully collected.
Inform Data Subjects about the transfer and their rights under GDPR.

3.2 Obligations of the Data Importer (Workmaster / Processor)

Process Personal Data only on documented instructions from the Controller.
Implement appropriate technical and organizational security measures to protect Personal Data.
Notify the Controller in case of any data breach.
Assist the Controller in responding to Data Subject requests.
Allow audits and provide evidence of compliance upon request.

3.3 Sub-processing

Workmaster shall not engage sub-processors without prior written approval from the Controller.
Any subcontracting shall be governed by a written agreement ensuring the same level of protection required by the SCCs.

3.4 Data Transfers & Onward Transfers

Transfers beyond the initial recipient shall only occur under the same or stricter data protection safeguards as outlined in the SCCs.

3.5 Legal Challenges & Government Requests

Workmaster shall inform the Controller if it receives any government or law enforcement request for Personal Data unless prohibited by law.
If legally required to disclose data, Workmaster shall take reasonable measures to challenge the request and inform the Controller.

Governing Law & Jurisdiction

4.1 The SCCs shall be governed by the laws of Ireland or another mutually agreed EEA Member State.

4.2 Any disputes arising from the SCCs shall be subject to the jurisdiction of the competent EEA courts.