Privacy Policy
Last Update: 03 Dec, 2025
Quick Summary
This brief summary is provided for convenience only and does not replace the full, legally binding terms and conditions set out in this Privacy Policy.
Desku.io processes Personal Data in order to operate, maintain, and secure its website, platform, and associated Services. In particular:
We use this data to deliver, support, secure, and improve the Service.
For detailed information about the types of Personal Data we process, how we use it, and the rights available to individuals, please review the full Policy below.
Definitions
For the purposes of this Privacy Policy, the following terms have the meanings set out below:
“AI/ML Models”
Artificial intelligence or machine learning systems used within the Service to provide automated suggestions, insights, summaries, classifications, routing, or other assistive outputs.
“Controller”
The entity that determines the purposes and means of Processing Personal Data.
“Cookies & Trackers”
Small text files, scripts, and similar technologies used to enable session management, enhance performance, ensure security, and analyze activity across the website and platform.
“Customer”
A business entity, organization, or authorized individual who accesses or uses the Service. The person creating the account represents that they have authority to bind the Customer.
“Customer Data”
Any data submitted, transmitted, stored, or generated by Customers or their End-Users through use of the Service.
“Documentation”
All written or digital instructions, help articles, onboarding guides, product descriptions, and technical materials provided by Desku.
“Effective Date”
The date at which changes related to the Service, or Policies, or Terms & Conditions become effective. Continued usage of the Service after the Effective Date denotes acceptance of said changes.
“End-User”
Any individual who interacts with a Desku.io Customer through integrated communication channels such as messaging platforms, chat widgets, or email.
“Personal Data”
Any information relating to an identified or identifiable natural person. This may include, but is not limited to, names, contact details, account information, communication content, identifiers, and any data associated with an individual profile.
“Processor”
An entity that processes Personal Data on behalf of a Controller and in accordance with documented instructions.
“Processing”
Any operation performed on Personal Data, whether or not by automated means. Examples include collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, transmission, dissemination, restriction, erasure, or destruction.
“Service”
The Desku.io platform and all associated tools, features, and interfaces, including HelpDesk services, Live Chat, OmniChannel messaging, AI functionality, automation tools, analytics, integrations, and administrative components.
“Subscription”
The paid plan, free plan, trial plan, or any tiered access purchased or activated by the Customer, including all limits, features, and billing terms described in the applicable Order Form or Pricing page.
“Subprocessor”
A third-party appointed by Desku.io to process Personal Data strictly in accordance with Desku.io’s instructions and the Controller’s direction.
Introduction & Contact Information
This Privacy Policy describes how Desku.io (“we,” “us,” or “our”) collects, uses, stores, and safeguards Personal Data when individuals interact with our website, platform, or any connected integrations. It also outlines the rights available to individuals under applicable data protection laws and explains Desku.io’s obligations as a Controller or Processor of Personal Data.
Legal Entity: [Insert Full Legal Entity Name]
Registered Address: 4023 Kennett Pike #50230, Wilmington Delaware 19807, United States
Privacy Contact Email: support@desku.io
For requirements governing acceptable use of our Service, please review our Acceptable Use Policy (AUP)
Scope of This Policy
This Privacy Policy applies to all Personal Data processed by Desku.io in connection with the operation of its website, platform, integrations, and related services. It covers the following categories of individuals:
1. Website Visitors
Individuals who visit or interact with the Desku.io website, including those who browse pages, access Documentation, download resources, or subscribe to newsletters.
2. Platform Users
Individuals who access or operate accounts within the Desku.io platform, including administrators, agents, team members, and account owners.
3. End-Users
Individuals who communicate with Desku.io Customers through integrated channels, which may include:
Facebook Messenger
Instagram Messaging (where applicable)
Telegram
Shopify stores
WooCommerce stores
Slack (where conversations are forwarded into Desku.io)
Email or web chat integrations
Other supported platforms and communication channels
This Privacy Policy applies to all Personal Data processed through the Desku.io Service, its integrations, and any connected applications.
Data Controller vs Data Processor
Desku.io may act as either a Data Controller or a Data Processor, depending on the nature of the Personal Data Processing activity. The applicable role determines Desku.io’s responsibilities under data protection laws.
When Desku.io Acts as a Data Controller
Desku.io acts as the Controller when it determines the purposes and means of Processing Personal Data for its own business operations. This includes Processing carried out for:
Operating and maintaining the marketing website.
Managing account registration, authentication, and password-related workflows.
Administering billing, invoicing, and Subscription management.
Performing analytics to improve and enhance the Service and User experience.
Communicating platform updates, Service notifications, and security-related messages.
Implementing fraud prevention measures and maintaining platform security.
When acting as a Controller, Desku.io independently decides how and why Personal Data is processed.
When Desku.io Acts as a Data Processor
Desku.io acts strictly as a Processor when Customers use the platform to manage their own Customer Support and communications. In this capacity, Desku.io processes Personal Data on behalf of the customer, including:
Support tickets and Customer service conversations.
End-User messages received through integrated communication channels.
Customer contact details, order information, and historical records from systems such as Shopify or WooCommerce.
Files, attachments, media, and metadata submitted by End-Users.
In these scenarios, the Customer determines the purpose and means of Processing. Desku.io processes Personal Data only in accordance with the Customer’s documented instructions and the terms and conditions outlined in Desku.io’s Data Processing Agreement (DPA).
Information We Collect
Desku.io collects and processes different categories of Personal Data depending on how individuals interact with the Service. The types of information collected include:
a. Information Provided Directly
This category includes Personal Data that Users knowingly submit to Desku.io, such as:
Account registration details (e.g. name, email address, company information, and password).
Billing and payment-related contact information, as well as Subscription preferences.
Content submitted via tickets, conversations, forms, surveys, and chat widgets.
Uploaded files, attachments, media, screenshots, and similar materials.
Workspace configuration data, including settings, roles, permissions, and User-level preferences.
b. Automatically Collected Data
When accessing the website or platform, Desku.io may automatically collect technical and usage-related information, including:
Device identifiers, browser type and version, IP address, and timezone.
Operating system details, hardware characteristics, and login timestamps.
Session identifiers, authentication tokens, and security/access logs.
Platform usage analytics (e.g. navigation patterns, feature interactions, performance metrics).
Error logs and diagnostic data used for debugging, Service monitoring, and system stability.
c. Information Received From Third Parties
Desku.io may receive Personal Data from third-party services when Users connect external tools or authenticate using supported identity providers. This may include:
User profile information from login services such as Google or Facebook.
Analytics or performance metadata from monitoring tools.
Contact or order data imported from ecommerce systems such as Shopify or WooCommerce.
Messaging data from integrated communication channels (e.g. sender ID, message content, media attachments).
Authentication information from connected platforms (e.g. Shopify or Google OAuth).
d. Data Received From Customer Platforms
When Customers integrate Desku.io with their own systems or communication channels (e.g. Shopify, WooCommerce, WhatsApp, Telegram, Facebook Messenger, Slack, HubSpot, etc), Desku.io may receive:
Customer names, contact details, and communication identifiers.
Order and transaction details.
Conversation histories and message content.
Metadata required for routing, Processing, or managing interactions.
Facilitating communication between Customers and their End-Users across supported messaging platforms.
How We Use Your Information
Desku.io Processes Personal Data for the purposes necessary to operate, maintain, secure, and improve the Service. Specifically, Personal Data may be used for the following purposes:
All Processing is carried out in accordance with the roles described under this Privacy Policy and applicable data protection laws.
Legal Basis for Processing (GDPR)
Where the General Data Protection Regulation (GDPR) applies, Desku.io processes Personal Data under one or more of the lawful bases set out in Article 6 of the Regulation. The specific legal bases relied upon include:
Consent
Used for Processing activities that are optional and require explicit permission, such as the use of non-essential cookies or the receipt of marketing communications. Individuals may withdraw consent at any time.
Contractual Necessity
Applied when the Processing of Personal Data is required to enter into or perform a contract with the individual or the organization they represent. This includes providing access to, and functionality within, the Service.
Legitimate Interests
Used for Processing necessary to support Desku.io’s legitimate business interests, provided such interests are not overridden by the rights and freedoms of the individual. Examples include platform security, fraud prevention, Service improvement, analytics, and internal administrative purposes.
Legal Obligations
Applied when Processing is required to comply with applicable laws, including obligations related to taxation, financial reporting, security, or requests from competent authorities.
Desku.io ensures that all Processing activities are grounded on a valid legal basis and carried out in accordance with the requirements of the GDPR.
AI & Machine Learning Data Usage
Desku.io uses AI and machine learning (“AI/ML Models”) to support and automate certain functions within the Service. These features are designed to enhance User workflows, improve efficiency, and reduce manual workload. This section sets out how Personal Data may be processed in connection with AI-driven functionality.
AI Processing Activities
AI/ML Models within the Service may perform Processing activities such as:
Classifying messages or tickets into categories (e.g. “refund request,” “order issue”).
Generating summaries of conversations, tickets, or support threads.
Suggesting replies based on Customer-defined workflows, historical interactions, or workspace configurations.
Routing messages to appropriate agents, teams, or departments.
Identifying sentiment, urgency, or intent to assist with prioritization and workflow management.
Types of Data Used by AI
To support these features, AI/ML Models may process:
Message content and conversation text.
Metadata such as timestamps, channel identifiers, and tags.
Customer-defined fields, forms, or classifications.
Relevant portions of conversation history necessary to provide contextual outputs.
Transparency and Safeguards
Desku.io applies the following commitments to ensure responsible and compliant use of AI technologies:
Anonymized or pseudonymized data is used wherever feasible, consistent with operational requirements.
Personal Data is not used to train public, shared, or third-party foundation models.
AI outputs are generated solely based on Customer-specific data and context; models do not rely on training data from other Customers.
Customers may enable, disable, or configure AI features through workspace settings, subject to the capabilities of their plan.
All Processing associated with AI functionality occurs within secure environments that follow the technical and organizational measures described in this Privacy Policy and the Desku.io Security Page.
Desku.io’s use of AI/ML Models is designed to remain consistent with applicable data protection laws, including requirements relating to transparency, purpose limitation, and data minimization.
Cookies & Tracking Technologies
Desku.io uses cookies and similar tracking technologies (“Cookies & Trackers”) to operate the website and platform, enable core functionality, enhance performance, and analyze usage. These technologies may collect certain information automatically when individuals interact with the Service.
The categories of Cookies & Trackers used include:
Essential Cookies
Required to operate the website and platform, enable session management, maintain security, and ensure the proper functioning of login and authentication workflows. These cookies cannot be disabled through cookie preferences.
Performance and Analytics Cookies
Used to collect aggregated usage statistics, monitor platform performance, identify errors, and help improve functionality.
Marketing and Retargeting Cookies
Used on the marketing website to measure campaign effectiveness, personalize content, and deliver relevant advertising. These cookies are not used within the operational Desku.io platform.
For detailed information on the specific cookies used, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy
Third-Party Integrations
Desku.io provides optional integrations with various third-party platforms to support Customer workflows and communication channels. These integrations may include, but are not limited to:
Shopify
WooCommerce
Slack
Facebook Messenger
Telegram
HubSpot
When a Customer enables one or more of these integrations, Personal Data may be transferred between Desku.io and the connected third-party systems as required to operate the integration. Depending on the integration and Customer configuration, the categories of data exchanged may include:
Contact and profile information
Email logs or communication history (as configured by the Customer)
Order or transaction details
Customer or End-User profiles
Conversation logs and message content
Channel-specific identifiers and metadata
Desku.io only requests the permissions necessary to operate each integration, and the required access scope is disclosed to the Customer during the connection or authorization process. Customers remain responsible for ensuring that any third-party integrations they activate comply with applicable laws and their own privacy obligations.
Subprocessors & Who We Share Data With
Desku.io engages certain third-party service providers (Subprocessors) to support the delivery, operation, and security of the Service. These Subprocessors may process Personal Data on Desku.io’s behalf and strictly in accordance with Desku.io’s documented instructions and contractual obligations.
Types of Subprocessors used may include:
Cloud hosting and infrastructure providers
Email and notification delivery services
Payment processors and billing service providers
Customer communication and messaging channel providers
Analytics, monitoring, and logging tools
All Subprocessors engaged by Desku.io are required to:
Comply with all applicable data protection and privacy laws.
Process Personal Data only for the specific purposes required to deliver the contracted Service.
A current list of approved Subprocessors is available upon request. Customers may contact Desku.io through the designated privacy email address to obtain the most recent version of the Subprocessor List.
Payment Information Handling
Payments for Desku.io Subscriptions are processed exclusively through trusted third-party payment service providers such as Stripe, PayPal, or comparable entities. These providers are independently certified as PCI-DSS compliant, meaning that they meet the security standards required for handling payment card information.
Desku.io does not store or process full Credit Card numbers, CVV codes, or other sensitive payment credentials. All payment details are transmitted directly to the relevant payment provider using secure, encrypted channels.
Desku.io may retain limited billing-related metadata necessary for:
Tax, audit, and legal compliance obligations
No sensitive payment information is stored on Desku.io’s systems at any time.
Data Security Measures
Desku.io implements robust technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures are designed to ensure a level of security appropriate to the nature of the data processed and the risks associated with the Service.
Technical Measures
Desku.io applies a layered security approach that includes:
Organizational Measures
To support technical safeguards, Desku.io maintains internal controls that include:
Access restrictions limiting Personal Data access to authorized personnel on a need-to-know basis.
Employee confidentiality obligations and secure handling protocols.
Security and privacy training for staff involved in Processing Personal Data.
Logging and audit trails to track access and system activity.
Documented incident response procedures for identifying, containing, and responding to security events.
International Data Transfers
When Personal Data is transferred outside the region from where it was originally collected (including transfers from the EU, EEA, or UK), Desku.io implements safeguards designed to ensure an equivalent level of protection in line with applicable data protection laws.
Desku.io relies on the following mechanisms and controls:
Standard Contractual Clauses (SCCs):
Transfers to third countries are governed by the European Commission-approved SCCs or UK IDTA/Addendum, as applicable.
Data Minimization:
Only the minimum amount of Personal Data necessary for the intended purpose is transferred.
Regional Data Hosting (where available):
Certain data may be stored or processed in regional data centres to support residency preferences.
Additional Technical and Organizational Measures:
These may include encryption, access controls, network restrictions, and audit logging to strengthen protection during and after transfer.
Transfer Risk Assessments (TRAs):
Desku.io conducts assessments where required to verify that transfer arrangements maintain an adequate level of protection.
Restricted Access:
Access to Personal Data is limited strictly to authorized personnel with a documented business need.
Desku.io ensures that all international transfers are subject to appropriate safeguards and remain consistent with GDPR, UK GDPR, and other applicable data protection laws.
Data Retention
Personal Data associated with an active Subscription is retained for as long as the Customer continues to use the Service. This includes data required to operate work-spaces, support communication channels, maintain account history, and provide Customer Support.
Deleted Accounts
When an account is deleted by the Customer or terminated:
Most Personal Data is removed from active systems within [insert retention timeframe].
Residual data may remain in encrypted backups for a limited period as part of disaster recovery and business continuity protocols.
Certain information (such as billing records or payment metadata) may be retained where required by tax, accounting, anti-fraud, or regulatory obligations.
Legal & Compliance Requirements
Desku.io may retain specific categories of Personal Data for longer where necessary to:
Meet statutory retention periods under applicable laws
Detect or prevent fraud or abuse
Maintain security, audit, and access logs
Comply with accounting or financial reporting obligations
Once retention periods expire, Desku.io securely deletes or anonymizes the data in line with industry standards.
Data Subject Rights (GDPR + CCPA)
Depending on your location and the privacy laws that apply to you, you may have specific rights regarding the Personal Data we process. These may include:
Desku.io will honour these rights in accordance with applicable laws and will not discriminate against individuals for exercising them.
Exercising Your Rights
Email: support@desku.io
To protect the security of Personal Data, we may require reasonable steps to verify your identity before Processing your request.
Data Breach Notification Policy
If Desku.io becomes aware of a Personal Data breach, we will respond in accordance with applicable data protection laws, including GDPR where relevant. Our commitments include:
Desku.io maintains internal procedures to detect, investigate, contain, and remediate security incidents promptly and thoroughly.
Children’s Privacy
The Desku.io Service is not directed to, or intended for use by, individuals under:
Desku.io does not knowingly collect, process, or store Personal Data from children who fall below these age thresholds. If we become aware that Personal Data has been collected from a child in violation of this policy, we will take steps to promptly delete that information.
Parents or guardians who believe that a child has provided Personal Data to Desku.io may contact us so that appropriate action can be taken.
Changes to This Policy
Desku.io may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service improvements.
When updates occur:
Prior versions may be archived and made available upon request for reference.
Your continued use of the Service after any updates take effect will constitute your acceptance of the revised Privacy Policy and will be governed by this Policy and our Terms of Service.