Windmill
Feedback is a gift, and Windmill makes it easy to share that gift with your team and colleagues. Windmill makes continual feedback an important piece of your culture, and helps make the feedback insightful, actionable and real time. By connecting to your business systems (Zoom, Slack, Jira etc.), Windmill "Windy" will prompt you for feedback based on the actual work that is happening across the org. Using Windmill ensures that the feedback your team receives is real time, based on the work product and free from bias. Windmill will help unlock your team's potential.This app is available as part of a subscription to Windmill, pricing available upon request or on our website. For more information, please visit www.gowindmill.comThis application utilizes advanced language models (LLMs) to generate responses, summaries, and other outputs. While we strive for accuracy and reliability, the content provided may occasionally contain inaccuracies or inconsistencies.
Permissions
Windmill will be able to view:
Windmill will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Windmill
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
The following types of data must be retained for the periods noted, to effectively support Windmill's services and compliance requirements:
Account management: Supporting customers’ needs by maintaining a history of dealings with them. This includes the history of interactions, contact details, agreements, services information and key conversation records. This data is retained Until deletion is requested.
Service information: Confidential information is shared during the course of providing Windmill’s services. This may include proprietary documentation and confidential data of customers' business activities. This is data retained Until deletion is requested.
Employment records: Maintaining compliance as an employer of the Windmill team requires retaining records of key human resources activities for 7 years. Requests for information or deletion by Windmill employees will consider and attempt to remove sensitive private information that does not directly impact compliance with required human resources legislation. Any data that cannot be deleted when requested will be communicated to the employee with the associated reasons why. This data is retained Until deletion is requested.
Multiple systems are in place to support debugging of issues and to improve the products and services. All data is anonymized where possible to reduce the sensitivity of the information. This data is retained until deletion is requested.
Private data: Personally identifiable data is collected, processed and stored for users of Windmill’s services. This is subject to those users' privacy rights, including the right to access, modify and delete that information where it does not conflict with Windmill’s legitimate needs and regulatory compliance requirements. Where data requests cannot be fulfilled this is communicated with the reason(s) why. This data is retained Until deletion is requested.
Data archiving and removal policy
When system assets, devices and any hard copy documents are disposed of, the information security practices that otherwise apply, are removed. It is important to ensure all sensitive data is completely and effectively erased, destroyed or left unreadable prior to the removal of these security protections.
Data storage policy
Data handling is a broad practice that is critically important to protecting the security, confidentiality, integrity and availability of data used by Windmill and its customers.
The following practices are required to be applied to ensure effective data handling:
-The security and confidentiality of all data is protected by default, unless known or approved otherwise.
-All sensitive data is restricted to approved and secure storage locations.
-Key information and documents are backed up regularly to separate and secure locations to ensure recoverability in the event of an adverse event, third-party vendor failure or other issue.
Data hosting details
Cloud hosted
Data hosting company
TimescaleDB
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
We use OpenAI models (specifically GPT-4o-mini, GPT-3.5-turbo, and GPT-4-turbo) and Claude (Sonnet 3.5).
LLM retention settings
Our LLMs are configured to not retain customer data beyond the duration of the API request.
LLM data tenancy policy
Our LLM operates in a secure, multi-tenant environment managed by the respective LLM providers (e.g., OpenAI and Anthropic). Each provider adheres to stringent data isolation and security protocols to ensure customer data is not accessible across tenants.
LLM data residency policy
Our LLMs operate in compliance with the data residency requirements of the LLM providers we use (OpenAI and Anthropic).
Certifications & compliance
Data deletion request procedure
We have a copy of our draft report for SOC 2 Type 1 compliance. When we get requests for data deletion, we act on them within reason. Clients always have the option to delete their own accounts.
We are in the process of a Soc 2 Type 2 audit now.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-11-09
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Google SSO
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
no
Contact for security issues
support@gowindmill.com
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no