Overview
Eddy Works' commitments to security, privacy, and transparency.
Eddy is a process-centric coordination tool — teams run client intake, onboarding, approvals, and other recurring work through it, which means they trust us with real operational data.
This Trust Center is the official publication location for our policies, and for what we can share publicly about how we protect the data you and your participants entrust to us.
Policies
Current versions of our legal documents, published as counter-drafts under review with counsel. Each carries a notice until it is approved and in force.
Terms of Use
Subscription, accounts, data licence, termination, and liability
Acceptable Use Policy
Technical prohibitions and human-process misuse
Privacy Policy
How we handle personal information — roles, lawful bases, and your rights
Data Processing Agreement
Processor terms for EU & UK GDPR — transfers, subprocessors, breach notification
Definitions
Defined terms shared across all four policy documents
Data categories and subjects
The categories of data in Eddy, who controls each, and the data subjects covered
Transparency
Security
Encryption, access control, data residency, and incident response
Subprocessors
Third-party vendors we use, what they process, and where
AI Transparency
Our current AI stance, data use commitments, and roadmap
Contact
- Privacy questions or data subject rights — privacy@eddy.works
- Security disclosures — security@eddy.works, with reasonable time to respond before public disclosure
- Procurement reviews and anything else — legal@eddy.works