If your organization is using WordFields, you need to understand what happens to the data your team will entrust us with. This page answers that.
How the product handles your data
Only the templates themselves are stored on our servers. The data you fill into templates, and the documents or emails generated as a result, are not.
Here is a detailed breakdown of how data is handled:
Templates and snippets — the reusable structures your team creates. These are stored on our servers because the product cannot function without them. They remain your intellectual property and are accessible only to your account.
Variable content — the values entered into a template at the point of use. Names, salaries, contract terms, client details, case numbers. For most snippets, this content is filled in directly in your browser and never reaches our servers. For documents and for snippets that use formulas to compute values, the content is processed on our server to produce the output and then discarded. It is not written to a database. It is not retained in our application logs. Once the document is downloaded or the snippet is inserted, that data does not exist on our servers.
Generated documents — the completed Word or Excel file produced from a template. These are streamed directly to the user's device. WordFields does not retain a copy. There is no document repository on our servers.
This is an architectural decision, not a policy. The data pipeline was built so that variable content and generated documents are never persisted.
What is stored on WordFields servers
For complete transparency, here is everything that is stored:
| Data | What it includes | Why it's stored |
|---|---|---|
| Account information | Your name and email address | To identify your account and communicate with you |
| Workspace content | The templates and snippets you create | This is the product, these remain your property |
| Billing records | Payment history, last four digits of card, billing address | Required for invoicing and tax compliance |
| Document activity metadata | Who generated a document, from which template, when, the document title, and any notes a template owner has configured the template to collect at generation time | Appears in your workspace activity log. |
| Aggregated product usage data | Feature usage statistics, not linked to individual users | Used to improve the product |
We do not store anything else. We do not analyze, mine, or otherwise process the templates you create for any purpose beyond serving them back to your team.
Where data is stored and how it is protected
All WordFields infrastructure runs on Microsoft Azure within the European Union. No data is transferred outside the EU.
Encryption. All data transmitted between your browser and WordFields is encrypted using TLS 1.2 or higher. Sensitive data at rest, such as access keys and authentication tokens, is encrypted using industry-standard encryption.
Key management. Cryptographic keys are managed using Azure Key Vault, which provides hardware-level security and access control for key storage.
Access control. Access to production systems is restricted to authorized personnel and follows the principle of least privilege. All access is logged.
Audit logging. Significant system actions are logged and monitored. Logs are retained for a period appropriate for security investigation.
Backups. Database backups are encrypted. Backup retention follows our data retention policy described in our Privacy Policy.
Chrome extension permissions
The Text Snippets & Templates Chrome extension is published in the Chrome Web Store and its permissions are publicly verifiable in the listing. Specifically:
- It does not read the content of pages you visit
- It does not access your browsing history
- It does not collect data from third-party websites
- It does not communicate with any servers other than WordFields' own
We also offer a Text Expander Chrome extension that operates without a WordFields account. In that mode, no account data of any kind exists.
Third-party services
WordFields uses a small number of third-party services to operate. None have access to your workspace content. We do not use advertising networks, analytics resellers, or data brokers. The complete list of services we use can be found on our privacy page.
GDPR compliance
WordFields was designed to align with the General Data Protection Regulation by architecture rather than by policy retrofit.
The most significant GDPR risk in a document generation tool is the inadvertent storage of personal data entered into forms, like names, addresses, identification numbers, employment details. By not storing that data at all, WordFields eliminates this category of risk at the source.
For organizations that require a Data Processing Agreement as part of their procurement process, we can provide one on request. Contact us at [email protected].
What we do not claim
We will not tell you that no breach is ever possible. No software company can honestly make that claim. What we can tell you is that our architecture deliberately minimizes the surface area of any potential breach. The most sensitive data your team handles is never on our servers in the first place.
We do not currently hold SOC 2, ISO 27001, or HIPAA certification. We follow security practices consistent with these frameworks but have not yet completed formal audit. If your procurement process requires a specific certification, contact us so we can discuss your requirements.
We are a small, independent company. That is a strength in some ways: clear lines of accountability, no third-party data sharing for revenue, decisions made by people who own the consequences. It also means we do not have a 24/7 SOC team. Critical security incidents are handled by the founding team directly.
Why our business model matters here
WordFields is funded entirely by subscriber revenue. We have no outside investors and no advertising business model. Our financial incentive is to keep customers happy enough to keep paying, not to extract value from data we hold.
This is the structural reason we can credibly claim we will never sell or analyze your content. We have no business reason to. If we ever did, customers would leave and the company would fail.
Questions and verification
If you are evaluating WordFields for your organization and have questions that are not answered here, contact us at [email protected]. We respond to procurement and security questions in plain language and as concretely as we are able.
For related material:
- Security — technical security measures
- Data Privacy — plain-language privacy overview
- Privacy Policy — full privacy policy
- Terms — terms of service
Last updated: May 2026