General Information about Workist

Does the EU Artificial Intelligence Act affect Workist and companies using Workist?

The AI we use is part of a process automation software that automatically captures, extracts, and forwards data fields from transaction documents. It is classified as an "AI system with no risk or limited risk".

Following Article 50 of the AI Regulation, users can see which data is read out by AI.

Information Security and Data Protection at Workist

Workist operates a SOC2 Type II audited ISMS. All productive systems are located exclusively in the EU/EEA. A GDPR-compliant DPA is in place.

Storage Location and EU Exclusivity

Exclusively in data centers within the EU/EEA
Cloud providers: AWS (Ireland/Frankfurt) and Microsoft Azure (West Europe, North Europe, Germany West Central, Sweden Central)
Sub-processors are listed in the DPA Annex IV

Storage Duration

Transient data is discarded after processing
Structured extraction results, manual corrections, and original documents are stored for the duration of the contract
After contract termination: deletion after a 4-week safety period

Transmission and Protection

TLS 1.2+ for transmission
AES-256 for storage
Logical tenant separation, role-based access controls, audit logs

Processing at Multiple Locations

Cross-zone replication and geo-redundant backups within EU regions

Accuracy of Results (Quality Assurance)

Automated validation against customer catalogs/plausibility rules
Confidence score threshold system
Manual review via Workist Workbench when the threshold is not met

Does the EU Artificial Intelligence Act affect Workist and companies using Workist?​

Information Security and Data Protection at Workist​

Storage Location and EU Exclusivity​

Storage Duration​

Transmission and Protection​

Processing at Multiple Locations​

Accuracy of Results (Quality Assurance)​