Built on Cloudflare
🔒 Data stays in Cloudflare R2 — never leaves the edge
🏛 NZ-based — Palmerston North
📋 Full audit log — every query, every user
AI knowledge platform for regulated industries

The right answer.
Right now.
From your own docs.

Your staff have one question. Your procedures have the answer — buried in a PDF somewhere. Workstep connects the two, instantly, on any device, citing the exact clause. Built for organisations where getting it wrong has consequences.

Book a demo → How we protect your data
📱 Staff tap the PWA icon → loads straight into their account → asks a question → gets the answer with source citations. No login screen. No searching.
🔒 Sunrise Care Group
Clinical Operations — 4 documents indexed
📄 Falls Management Protocol v3.2.pdf 14 chunks
📄 Incident Reporting SOP 2025.docx 9 chunks
📄 NZ Aged Care Standards — HealthCERT.pdf 38 chunks
📄 Health and Safety at Work Act 2015.pdf 52 chunks
Sione · HCA · 11:04pm
"A resident just had a fall. What do I do right now?"
Immediate steps (Falls Protocol §4.2):
1. Do not move the resident — assess for injury in place.
2. Call for the on-duty RN immediately via the call system.
3. Stay with the resident and keep them calm and still.
4. Once the RN arrives, complete a Falls Assessment Form (Appendix C) within 15 minutes.
5. Notify the family/next of kin within 4 hours per HDC Standard 1.8.
6. Lodge an incident report in the system before end of shift.
↑ Falls Protocol §4.2 · Incident SOP §2.1 · Aged Care Standard 1.8
🔒 4 text fragments (≈4,200 chars) retrieved — full documents stayed in R2
Powered by Cloudflare

The infrastructure your IT team already trusts.

Workstep doesn't run on a startup server in someone's garage. Every component runs on Cloudflare — the same global network protecting over 20% of all internet traffic worldwide.

🌐

Cloudflare Edge Network

Your queries are processed at Cloudflare's edge — the closest data centre to your users. No single point of failure. 99.99% uptime SLA backed by Cloudflare's infrastructure guarantee.

🗄

Cloudflare R2 Object Storage

Your uploaded documents are stored in Cloudflare R2 — encrypted at rest with AES-256, with no egress fees. Documents never leave Cloudflare's infrastructure. No third-party storage providers.

🔐

Cloudflare Durable Objects

Your knowledge base index lives in Cloudflare Durable Objects — strongly consistent, isolated storage that is cryptographically separated from other organisations' data.

🛡

Cloudflare D1 Database

All user access logs, document metadata, and audit trails are stored in Cloudflare D1 — with row-level isolation ensuring your organisation's records are never accessible to others.

20%
of global internet traffic protected by Cloudflare
320+
cities with Cloudflare network presence
99.99%
uptime SLA on Cloudflare's infrastructure
AES-256
encryption for all data at rest in R2
What this means for your IT team: Workstep uses no self-hosted servers, no unknown cloud providers, no proprietary infrastructure. Your security review is a review of Cloudflare — a company with SOC 2 Type II, ISO 27001, and PCI DSS compliance. We're the application layer on top of infrastructure your team already knows.
Built for these industries
🏥 Aged care & rest homes 🦺 Construction & site safety 🧒 Early childhood education 🏛 Local government 🚑 Community health ⚖ Compliance teams
How it works

Your procedures. Your legislation.
One question. One answer.

Staff ask in plain English. Workstep retrieves the exact relevant sections from your documents — not the whole file, just the 3-4 chunks that answer the question — and the AI responds citing the source. No hallucination. No guessing. No liability.

The data flow — step by step
📄
You upload a document
Text is extracted client-side in your browser. Raw files go to Cloudflare R2 encrypted at rest.
✂️
Chunked into fragments
Your text is split into 1,200-character segments. No single chunk contains a complete document section.
🔍
Query retrieves 3-4 chunks
When someone asks a question, only the most relevant fragments are retrieved — roughly 4,800 characters total.
🤖
AI sees only fragments
The AI model receives fragments, not files. It answers based on the retrieved context. The full document is never transmitted.
Role-based access

Workspace owners, admins, and members. Only admins can upload. All queries are user-attributed.

Immutable audit log

Every document upload, query, and member change is logged with timestamp and user handle. Exportable.

No cross-org leakage

Cloudflare Durable Objects are cryptographically isolated per workspace. Organisation A cannot access Organisation B.

AI model transparency

We tell you exactly which AI model handles each query. You choose the model. Default: Perplexity Sonar Pro.

No training on your data

Your documents are never used to train AI models. They are retrieval-only. Chunks are not shared with model providers beyond the active query.

Revoke at any time

Workspace owners can delete documents, remove members, or close the workspace entirely. All associated data is purged.

Audit-ready by design

Every query is logged with the staff member's handle, timestamp, and the documents retrieved. Present the log to HealthCERT, ERO, or WorkSafe with confidence.

Who uses Workstep

Built for regulated industries
where the answer matters.

🏥
Aged Care & Disability
Rest Homes & Care Facilities
New HCAs and support workers field complex situations at all hours. Workstep gives them the right protocol — falls management, medication, restraint, incident reporting — instantly, citing the exact HealthCERT standard and your internal procedure.
"A resident just fell. What do I do right now?" → 6-step protocol with source citations in 3 seconds.
🦺
Construction
Site Safety & Compliance
New subcontractors and site workers need to know the rules before they start — height safety, confined spaces, hot work permits, SWMS requirements. Workstep replaces a stack of laminated A4 sheets with a mobile app that actually answers questions.
"Do I need a permit to work above 3 metres on this site?" → WorkSafe NZ regs + your site SSSP cited.
🧒
Early Childhood Education
ECE Centres
Licensing criteria, MoE regulations, child protection obligations, and centre policy — your staff need to know it cold for ERO audits. Workstep means every teacher can answer an auditor's question with a document citation, not a guess.
"What's our obligation if a child discloses abuse?" → Child protection policy + Oranga Tamariki Act cited.
⚖️
Legal & Compliance
Compliance & Risk Teams
Upload the Privacy Act, Employment Relations Act, Health and Safety at Work Act — and your internal policies. Staff get the specific clause, not a search result. Compliance managers spend less time answering the same questions.
"Does our health monitoring policy meet section 27 of HSWA?" → Direct clause reference.
🏛
Local Government
Council Operations Teams
Procurement rules, Resource Management Act obligations, delegations policy, and bylaws — your staff need answers fast without creating legal risk. Every response is traceable to a document you uploaded.
"What's the delegation threshold for this contract value?" → Delegations Register cited.
🚑
Health & Social Services
Community Health Providers
Community support workers, outreach nurses, and social workers operate in the field with limited access to colleagues. Workstep gives them instant access to clinical guidelines, referral pathways, and mandatory reporting obligations.
"What are my mandatory reporting obligations if I suspect elder abuse?" → HDC Act + internal policy cited.
Pricing

Transparent pricing. No surprise bills.

All plans include the full Cloudflare-backed security model. Larger organisations can contact us for volume pricing and custom data residency arrangements.

Starter
$5/mo
NZD · per user · billed monthly
  • 1 private workspace
  • 100 queries / day
  • Up to 5 documents
  • 2 team members
  • Audit log
  • Custom AI model selection
  • Dedicated support
Get Starter
Most Popular
Team
$15/mo
NZD · per user · billed monthly
  • 3 private workspaces
  • 300 queries / day
  • Unlimited documents
  • Up to 20 team members
  • Audit log + export
  • Custom AI model selection
  • Dedicated support
Get Team
Organisation
$30/mo
NZD · per user · billed monthly
  • Unlimited workspaces
  • 500 queries / day
  • Unlimited documents
  • Unlimited team members
  • Full audit log + export
  • Custom AI model selection
  • Priority email support
Get Organisation

Need a custom arrangement, data residency agreement, or volume pricing for 50+ users? Contact us directly →

Common questions

What organisations ask us.

Can a new staff member with limited English use this?
Yes — that's one of the core use cases. Workstep responds in plain, clear language regardless of how the question is phrased. A new HCA who types "resident fell what do" gets the same accurate, step-by-step protocol response as a senior nurse who types the full clinical question. The AI is trained to respond in simple, direct language appropriate to the question context.
What if the AI gives a wrong answer? What's our liability?
Every response cites the exact source document and clause. If the AI's answer is wrong, it's traceable — you can see exactly which document chunk was retrieved and why. This is fundamentally different from a chatbot making things up. Your organisation retains control by controlling which documents are uploaded. Wrong answers don't come from nowhere — they come from ambiguous or outdated source material, which you can update at any time.
Will this satisfy HealthCERT / ERO / WorkSafe auditors?
Workstep doesn't replace your compliance obligations — it helps your staff meet them. The audit log shows every query, every user, and every timestamp. If an auditor asks "how does your staff know the falls protocol?", you can show them the system, the documents loaded into it, and a log of queries. That's a stronger answer than "we gave them a laminated card".
Does our IT team need to do anything?
No installation, no servers, no VPN. Staff open a browser or tap the PWA icon on their phone — it loads directly into their account. Admin sets up the workspace, uploads documents, and adds staff members. The whole setup takes under an hour. If your IT team wants to review the security architecture, we provide full documentation.
Is our confidential policy content used to train AI?
No. Your documents are stored in Cloudflare R2 and only retrieved as fragments at query time — roughly 4,800 characters per query. These fragments are sent to the AI model as context for that specific query only, and are not retained for training. We use Perplexity's Sonar Pro API, which has a clear no-training policy for API customers.
What if our procedures change?
Upload the updated document and it's indexed immediately — the old version can be removed. Because Workstep retrieves from your documents rather than memorising them, version control is straightforward. You control what's in the knowledge base at all times.
Get started
See it with your actual documents.

Book a 20-minute demo. Bring one of your real procedures — we'll upload it live and show you what your staff would see when they ask a question about it.

Book a demo → Try the platform free