OnlyWorks turns your captured work into a report — and you decide who sees it. Here’s exactly what we collect, who processes it, and how to delete it.
Your data is encrypted in transit (HTTPS/TLS) and at rest on our providers’ infrastructure. OnlyWorks is not end-to-end encrypted: to generate your reports, screenshots and OCR text are uploaded to our backend and processed by Google Gemini.
Capture only runs during sessions you start and stop — it is not always-on. During a session, OnlyWorks captures screenshots, on-screen text (OCR), active app and window titles, and click/keystroke counts, then sends them to OnlyWorks and our sub-processors to produce your report. Screenshots may also be used to improve our AI.
Your data is processed by a small set of providers: Google Gemini (AI report generation), Supabase (database and storage), Render (backend hosting), and Resend (email). Each handles only the data needed for its function.
You can purge the screenshots used to train our AI at any time, and delete your account from the app. There is no automatic time-based deletion: after account deletion, account data is removed within 30 days, session data is kept up to 90 days, and full deletion can take up to 90 days due to backups. Aggregated, de-identified analytics may be retained indefinitely.