1. Scope and summary
This Privacy Policy applies to the cross-platform app Workspace, known as Nucleus Desktop in the technical project and also referred to as Workbench on this website. Its Android package ID is com.schukai.nucleus, and its Apple bundle ID is com.schukai.nucleusDesktop. The app is intended for Android, iOS, Linux, macOS and Windows.
Without a server connection, personal tasks, time tracking and settings remain on the device. If you connect the app to a Nucleus system, sign-in and work data are exchanged directly with the system you select.
Effective: 17 July 2026
2. Provider, responsibility and privacy contact
The app provider and controller for its own processing described here is:
Ingrid Schukai & Volker Schukai GbR
Eichenstraße 26
82290 Landsberied
Germany
Email: hey@schukai.com
Data in a connected Nucleus system are normally controlled by the organisation that provides the system and your work account. Its privacy information, retention rules and contact routes apply in addition. Further provider details are available in the German-language legal notice.
3. Personal local use
Local use requires no account. Depending on how you use the app, it stores a display name, workday and weekly preferences, tasks with titles, descriptions, status, priority and due dates, work and break periods, change history, reminder state, and language, appearance and other settings on the device.
These data are held in a profile-specific SQLite database. Up to two rotating recovery points can contain configuration, tasks, time tracking and reminder state. Older data that cannot be migrated safely may be quarantined on the device until you decide how to handle them. Local data are not automatically transferred to a Nucleus system.
Tasks and time-tracking data can be deliberately exported as CSV or JSON. You choose the save location or sharing destination. Exported files then exist outside protected app storage and must be protected or deleted separately.
4. Saved systems and sign-in
For a connected system, the app stores its address, an optional display name, the last username, usage times, detected server properties and any certificate-trust setting you explicitly select on the device.
When you sign in, the username and password are sent directly to the selected Nucleus system. The app does not persist the password. To restore a session, it stores only the session credential issued by that system, including the cookie name, expiry and any selected tenant, in protected operating-system storage.
Supported systems may alternatively offer QR or device-pairing sign-in. This exchanges short-lived identifiers, codes, a device label, platform and app version with the selected Nucleus system.
5. Data in connected workspaces
After sign-in, the app loads the authorised profile and the workspaces enabled for the account, platform and system. Depending on use, the following data in particular may be exchanged with the selected Nucleus system:
- profile and permission data such as display name, user, person and tenant identifiers, and profile image;
- time-tracking data such as work and break events, periods, correction reasons, absences and vacation requests;
- task data such as title, description, status, priority, due date and associated editing actions;
- chat data such as conversations, reply drafts and sent replies, together with deliberately triggered assignment, closing, context, sharing and export actions.
The exact scope depends on the connected system, your permissions and the app version. Company changes are not queued while offline and are not submitted automatically later.
6. Encrypted device cache for company data
Confirmed task and time-tracking data from a connected system may be cached on the device in encrypted form for no more than 24 hours while the stored session remains valid and the profile is active. The key is held separately in protected operating-system storage.
Chat messages, files, attachments, secrets, voice data, sharing links and compliance exports are not stored in this cache. Signing out, removing the profile, session expiry or loss of permission makes affected data inaccessible and triggers removal.
7. Camera, microphone, speech, notifications and links
On mobile devices, the app uses the camera after you grant permission to scan a Nucleus pairing QR code. The camera image is evaluated for that purpose and is not stored as a photo by the app.
In Chat, speech input can turn dictated replies into text after you grant permission, while text-to-speech can read text through the device speech service. Whether audio is processed only on the device or additionally by the provider of the configured recognition service depends on the operating system, device and selected service. The app sends the recognised reply to the selected Nucleus system only after the intended user action.
Local task and workday reminders, active time-status notices and running-session chat notices use operating-system notification features. Chat notices shown while the app is running contain no message body. External links open in the selected default application, whose provider's terms then apply.
8. No advertising or developer analytics
The current app contains no advertising, advertising-ID processing, or developer SDK for usage analytics, crash reporting or telemetry. It contains no embedded web view; external websites open outside the app.
Connection data required to operate the service may arise at the selected Nucleus system and its network providers. The type and retention of that processing depend on the system's operation.
9. Security, retention and deletion
The app treats HTTPS and normal certificate validation as the default. If you explicitly select an HTTP address or trust an invalid certificate for a development system, transport protection may be reduced.
Local workspace data remain until you reset them, remove the local profile or clear app storage through the operating system. A reset first creates a recovery point; to remove recovery points as well, remove the local profile or clear app storage. Whether uninstalling the app also removes remaining app data depends on the platform.
Removing a connected profile deletes its local session and cache, but does not delete the work account or data in the Nucleus system. Contact the organisation that provides the system for correction, retention or deletion of those data. Files you exported manually must be deleted separately at the chosen location.
10. Rights and requests
Subject to the applicable legal requirements, rights may include access, correction, deletion, restriction, portability, objection and the right to complain to a data-protection authority.
Questions about processing by the app provider can be sent to hey@schukai.com. For data linked to a connected work account, first contact the organisation that operates the Nucleus system and provided your account.
Workspace is a work application for professional workflows and is not directed specifically at children.
11. Changes
We update this policy when the app's workspaces, permissions, integrated services, storage or data transfers change. The effective date above identifies the current version.