Privacy Notice

Privacy, built into how Redwood works

At Redwood, privacy is part of how our products are designed and operated.

Our customers rely on Redwood to automate critical business processes across systems, teams, and regions. That trust depends on handling data with precision, security, and transparency.

This notice explains:

  • what data we handle
  • how our products use it
  • where it goes
  • and how we protect it

This notice describes how Redwood designs and operates its services. It does not modify contractual terms agreed with customers, including the Master Subscription Agreement (“MSA”) and Data Processing Agreement (“DPA”), which govern in the event of any conflict.

How we operate

Redwood provides enterprise-grade automation and orchestration software to businesses:

Processor (Service Provider) — when customers use our products and services
(e.g., automation workflows, file transfers, job execution, logs, and integrations)

Controller (limited) — for business contact and operational data (e.g., website, marketing, events, billing, account management)

In practice:

  • customers control what data enters the platform and are responsible for protecting Personal Data
  • Redwood operates and secures the platform that processes it

What data we handle

Website and marketing

  • device and browser data (IP, pages viewed)
  • cookies and analytics data
  • form submissions (including website chat bot) and event registrations
  • business contact details

Accounts and billing

  • account users and administrators
  • roles and permissions
  • billing and subscription records
  • support interactions

Product usage data

  • authentication and login data
  • role and access configurations
  • usage and performance data
  • audit logs and activity records

Customer Data (processed on behalf of customers)

  • workflows and job definitions
  • scripts and execution data
  • files and integrations

Customers determine the types of data processed, and Redwood does not require the submission of Personal Data unless explicitly agreed.

Categories of data in our products

Customer Data (controlled by customers)

Customer Data is any data that customers or their users submit to the Products, including workflows, files, scripts, and any Personal Data contained within them.

  • Customers determine what Customer Data is processed

Telemetry Data (system-generated operational data)

Telemetry Data is data generated by the configuration and use of the Products, such as:

  • system logs
  • performance metrics
  • configuration data
  • job metadata

Telemetry Data does not include Customer Data content but may relate to how the Products are used.

Redwood uses Telemetry Data for:

  • operational, security, and product improvement and maintenance purposes, consistent with applicable law
  • Aggregated and Anonymized Data
    Aggregated and Anonymized Data is data that has been: combined with data from multiple customers, and de-identified so that no individual or customer can reasonably be identified

Redwood may use this data to:

  • improve Products and Services
  • develop insights and analytics
  • enhance performance and functionality

Why we use data

We process data to:

  • deliver and operate our products and services
  • maintain system security and integrity
  • provide customer support
  • manage accounts and billing
  • improve performance and reliability

We use marketing data to communicate with you, with opt-out controls available.

Legal bases (where applicable)

We rely on:

  • contract (to deliver services)
  • legitimate interests (to operate and improve our business)
  • consent (for optional processing such as cookies)
  • legal obligations

For Customer Data processed on behalf of customers, the customer is responsible for establishing the legal basis for processing.

How Redwood protects data

Redwood designs and operates its platform with layered security controls.

These include, where applicable:

  • encrypted communications (e.g., TLS 1.2+)
  • secure data transfer mechanisms (such as Secure Gateway)
  • role-based access controls
  • Single Sign-On integrations
  • audit logging of system and user activity
  • separation between customer environments and Redwood systems

Access to data is limited to authorized personnel with a business need.

Security measures are designed to meet industry standards and applicable law.

Customers are responsible for configuring security controls appropriate to their use case.

Where data is processed

Redwood operates globally and may process data in multiple regions.

We:

  • use secure cloud infrastructure
  • provide transparency into hosting regions where available
  • maintain visibility into data processing locations

Data processing locations and transfers are governed by the DPA, including applicable transfer mechanisms.

Sharing and subprocessors

We share data to operate our services and provide our products.

This may include:

  • infrastructure providers
  • support and service platforms
  • communication and delivery providers
  • monitoring and security tools
  • Redwood affiliates

All subprocessors are bound by contractual obligations providing a level of data protection consistent with the DPA.

We maintain a current list of subprocessors.

We do not sell personal data as defined under applicable law.

International transfers

Data may be transferred internationally.

Where this occurs, Redwood implements safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • UK transfer mechanisms
  • other recognized legal tools

The specific mechanisms applicable to Customer Data are defined in the DPA.

Data retention

Personal Data is retained for the duration of the Agreement and thereafter in accordance with contractual, legal, and operational requirements.

Security incidents

Redwood maintains an incident response program.

In the event of a confirmed Data Breach affecting Customer Data, Redwood will notify customers without undue delay and provide relevant information as required under the DPA and applicable law.

Your rights

Depending on your location, you may have rights to:

  • access, correct, or delete your data
  • restrict or object to processing
  • request data portability
  • lodge a complaint with an applicable supervisory authority

For Customer Data, requests should generally be directed to the customer (data controller), and Redwood will assist as required under the DPA.

California residents

You may also:

  • request disclosure of data practices
  • request deletion or correction
  • opt out of certain data sharing

We provide mechanisms to exercise these rights.

Browser Storage

We use native browser storage technologies to:

  • Enable core website functionality 
  • Detect fraud and maintain security
  • Remember site preferences and improve user experience
  • Track user behavior and session recording

We use cookies to operate and improve our website.

Where required:

  • non-essential cookies are used with consent
  • preferences can be managed at any time through our preference center

Third-party services

Some third-party services integrated on our website may place their own cookies or use similar technologies. You can review their privacy policies for details on how they process data.

Contact

We respond in accordance with applicable laws.

Updates

We update this notice as our products, services, and legal requirements evolve.

Material changes will be communicated in accordance with applicable law and contractual obligations.

Solutions

Company

ISO 27001

© 2026 All Rights Reserved

close