Windmill is designed to work with the data that already exists in your business systems. This page explains what personally identifiable information (PII) Windmill collects and the conditions under which it’s stored.Documentation Index
Fetch the complete documentation index at: https://help.gowindmill.com/llms.txt
Use this file to discover all available pages before exploring further.
The core principle
Windmill stores the data your organization makes available to it—no more and no less. If you connect a system to Windmill and grant access to certain data, Windmill will store and process that data to provide its services. If data is private or restricted in the source system, Windmill does not have access to it.What Windmill collects from HRIS
This is the canonical list of fields Windmill syncs from your HR system. Names, emails, job titles, managers, departments, and gender are personal information — Windmill stores them to build your org chart and power reviews, 1:1s, and feedback.| Field | Collected? | Source |
|---|---|---|
| First and last name | Yes | HRIS (falls back to Google Workspace or Slack if no HRIS is connected) |
| Work email | Yes | HRIS (falls back to Google Workspace or Slack) |
| Job title | Yes | HRIS |
| Department or team | Yes | HRIS |
| Manager and reporting structure | Yes | HRIS |
| Start date | Yes | HRIS |
| Employment status (active / terminated) | Yes | HRIS — used to auto-archive employees who leave |
| Gender | Yes, if your HRIS provides it | HRIS |
| Profile picture | Yes | Slack (not your HRIS) |
| Home address | No | — |
| Social Security Numbers (SSNs) and government IDs | No | — |
| Date of birth / birthday | No | — |
| Phone number | No | — |
| Pronouns | No | — |
| Compensation, salary, or pay rate | No | — |
| Payroll information | No | — |
| Benefits information | No | — |
| Bank account or credit card numbers | No | — |
| Employment contracts | No | — |
What Windmill collects from other integrations
When you connect productivity tools like Slack, Google Workspace, GitHub, Jira, or Linear, Windmill stores the data it has access to. This can include PII if users have shared it in those systems. Examples of when Windmill would store PII:- If someone posts a credit card number in a Slack channel where Windy is present, Windmill stores that message
- If you send PII to Windy in a direct message, Windmill stores it
- If you add sensitive information to private notes or 1:1 agendas in Windmill, Windmill has access to it
- If background checks, application materials, or other sensitive documents are stored in a Google Drive that Windmill has access to, Windmill may store that content
- If a document is in a Google Drive that isn’t connected to Windmill, Windmill cannot see it
- If a Slack channel is private and Windy is not added to it, Windmill does not have access
- If files are stored in systems you haven’t connected to Windmill, Windmill cannot see them
Controlling what Windmill accesses
You have control over which integrations are connected and what data they can access. For certain integrations, you have granular control over what Windmill can see:- Slack: Choose which channels Windy is added to
- Google Workspace: Choose which Shared Drives Windmill has access to
How Windmill protects all data
Windmill treats all customer data as critical to your business operations. Learn more about our security measures:- Data Privacy and Collection - Access controls, retention policies, and data deletion
- Security and Compliance - Encryption, SOC 2 compliance, and infrastructure protection
- AI and Data Usage - How AI processes your data and zero-retention policies