Cookie Policy
Last Update: 03 Dec, 2025
Version: Cookie Policy v1.0
Cookie Policy
This Cookie Policy explains how Desku.io (“Desku,” “we,” “us,” or “our”) uses Cookies and similar tracking technologies across our marketing website, web application, and Customer-facing chat tools. It applies to anyone who visits the Desku.io website, signs in to the Desku platform, or interacts with the Desku Chat Widget on a Customer’s site.
If you use the Desku Chat Widget on your own website, this policy also describes the Cookies and storage items the Chat Widget may place in your Users’ browsers. You may link to this page from your own Cookie Policy to support your compliance requirements.
Definitions
Desku uses several browser-based technologies to support essential platform functions, enhance security, improve performance, and enable integrations. These technologies may operate on the Desku marketing website, within the logged-in web application, and inside the Desku Chat Widget installed on Customers’ websites.
“Cookies”
Small text files stored in the browser to support core functionality such as login persistence, security validation, and remembering basic settings.
“Local Storage”
Browser storage used to save items such as encrypted session tokens, authentication identifiers (e.g. JWTs), Chat Widget configuration settings, and performance-related values that persist after the browser is closed.
“Script Tags”
Code snippets required for Chat Widget rendering, integration functionality, and operation of the Desku web application. Some scripts may load third-party tools only after the User has granted consent.
“Session Storage”
Similar to Local Storage, but automatically cleared when the browser tab is closed. Used for temporary identifiers or short-lived session context.
“Web Beacons & Pixel Tags”
Lightweight tracking tools that collect technical metadata to measure performance, verify integrations (e.g. Meta Pixel, GA4), and understand product usage patterns. These do not store personal conversation content.
Important:
Clearing Cookies in your browser does not automatically clear Local Storage or Session Storage. To fully remove all identifiers stored by Desku (including Chat Widget or authentication data), Users must manually clear their browser’s site data, Local Storage, and Session Storage through browser privacy or developer settings.
Why We Use Cookies & Tracking Technologies
Desku uses Cookies and similar tracking technologies to keep the platform secure, reliable, and easy to use. These tools support essential SaaS functions such as authentication, security, analytics, AI optimization, and third-party integrations. Each category below outlines how these technologies help deliver a stable and compliant user experience.
Authentication
Cookies, Local Storage, and Session Storage items are used to maintain and verify your login session. They help to:
Keep sessions active in a secure manner
Validate JWTs and other authentication tokens
Ensure only authorized Users can access the correct workspace
Prevent credential misuse or session hijacking
These identifiers are required for the Desku dashboard and cannot be disabled.
Security & Fraud Prevention
Security-focused Cookies and identifiers allow Desku to:
Detect unusual or suspicious activity
Block automated or malicious behavior (e.g. bots, scraping tools)
Prevent brute-force attempts or repeated failed logins
Maintain compliance with standard security frameworks
These protections help safeguard both User accounts and platform infrastructure.
Performance Monitoring
Desku relies on performance-related trackers to understand how the platform is behaving. These technologies help measure:
Page load times and response speeds
Web app rendering performance
Regional differences in system load or latency
Whether balancing or scaling is required
This ensures consistent and reliable performance across all environments.
Error Tracking
When errors occur, certain identifiers allow Desku to:
Detect and diagnose faults
Understand what caused an issue
Identify patterns that may affect stability
Improve long-term reliability
No personal conversation content or sensitive data is stored in these values.
Analytics
Analytics technologies are used to understand usage patterns and improve usability. They help to:
Measure traffic on the marketing site
Analyze how Users interact with Desku features
Improve workflows and overall User experience
No personal conversation content or sensitive data is stored in these values.
Personalization
Certain functional Cookies help personalize the experience by remembering:
Language and locale preferences
UI layout choices
Display or theme settings
These do not track Users across other websites.
AI Optimization
Desku uses limited technical signals to support AI performance. These may include:
Metadata used to improve response speed
Temporary identifiers used for workflow continuity
System-level indicators that guide AI behavior
AI models are never trained using Cookie data, Local Storage, Session Storage, or chat content. All AI-related signals comply with strict data minimization requirements.
Integration Performance
Some integrations require additional Cookies or Script Tags for authentication and functionality. These include tools such as:
Meta / Facebook
Shopify
Slack
Telegram
GA4
These technologies:
Confirm integration health
Validate secure authentication flows
Enable required features
Cookie Categories & Tables
Cookie Categories Explained
1. Strictly Necessary
Required for core website and application functionality. These include authentication, session management, and security-related Cookies. They cannot be disabled.
Remember your settings; such as language, theme, and interface preferences; to enhance your experience.
4. Advertising / Retargeting (if applicable)
5. Third-Party Integrations
6. AI Feature Optimization (Non-content tracking only)
Cookies Used on Desku.io (Marketing Site + Web App)
Cookies & Storage Used Inside the Desku Web Application
Important:
Deleting browser Cookies does not clear Local Storage or Session Storage. To fully remove identifiers created by Desku’s web app or Chat Widget, you must clear your browser’s site data, Local Storage, and Session Storage.
Cookies Used by Third-Party Integrations
Some Desku integrations rely on third-party technologies that may place their own Cookies, scripts, pixels, or tracking identifiers in the User’s browser. These third-party tools support authentication flows, analytics, storefront behavior, messaging channel performance, and integration reliability.
Each third-party Cookie or tracking tool is governed by the provider’s own Privacy Policy and Terms. These tools will only operate when required for integration functionality and will run only after appropriate consent is granted, in accordance with GDPR, CPRA, and global privacy regulations.
Desku does not control how third-party providers handle or store data collected through their technologies. Users connecting these integrations are responsible for reviewing each provider’s privacy documentation.
Facebook / Meta Pixel tracking
The Meta Pixel may be used when a Customer enables Meta-related features within Desku, such as advertising tools, conversion tracking, or analytics integrations.
Measure ad performance, conversions, and visitor actions.
Improve campaign optimization across Meta platforms.
Attribute events to the correct advertising campaigns.
This tracking technology only loads after the visitor has granted the required consent in accordance with GDPR, CPRA, and other applicable privacy regulations. If consent is declined, Meta Pixel scripts remain blocked and will not run.
Shopify Storefront Tracking
Shopify-related tracking technologies may be used when a Customer connects their Shopify store to Desku. These Cookies and storage items are placed by Shopify and are required for secure, reliable integration performance. They support essential storefront and API behavior, including:
Enabling authentication between Shopify and Desku
Supporting storefront analytics required for integration verification
Maintaining the connection between your Shopify store and Desku systems
Ensuring that order, product, and Customer event data sync correctly
Verifying webhook delivery, integration health, and feature performance
These Shopify Cookies operate solely within the context of the integration and are not used for behavioral tracking outside of Shopify-connected functionality. They only run after the User has granted consent where required under GDPR, ePrivacy, or CPRA.
Slack / Telegram Auth Cookies
These Cookies are used only during the setup or authentication flow for messaging integrations. They are temporary, integration-specific, and not used for broader tracking or analytics.
They help:
Complete OAuth or token-based authentication with Slack or Telegram
Validate and secure the authorization process
Ensure the correct account and workspace are linked to Desku
Key notes:
These Cookies expire automatically within a short period.
They are not used to track User behavior outside the integration setup flow.
They only run when a User initiates the integration and, where applicable, after the required consent is granted.
Google Analytics (GA4) Enhanced Measurements
Google Analytics 4 (GA4) is used on the Desku Marketing Website to help us understand visitor behavior, improve usability, and ensure the performance of our content. GA4 may collect the following types of anonymized interaction data:
Page views and navigation patterns
Scroll depth
Click events and engagement patterns
Referral sources and traffic origins
Technical metrics such as device, browser type, and load times
Enhanced measurement events may run automatically once consent is granted. These include interactions such as:
Page interaction tracking
On-page engagement signals
Outbound link clicks
Form interaction events
GA4 only runs after the visitor provides consent via the Cookie Preferences Center. When consent is not granted, GA4 operates in restricted mode under Consent Mode v2, limiting data collection in accordance with GDPR and CPRA requirements.
Cookies & Storage Placed by the Desku Chat Widget
When the Desku Chat Widget is added to your website, it may store certain technical identifiers in the visitor’s browser to ensure that the Chat Widget operates correctly, maintains conversation continuity, and performs reliably across sessions. This section outlines exactly what the Chat Widget stores, why it stores it, and what it does not store.
A. What the Chat Widget Drops
The Desku Chat Widget may place the following non-personal, technical identifiers in a visitor’s browser:
Session IDs and conversation continuity IDs
Used to maintain the same chat session as visitors navigate between pages.
Anonymous visitor identifiers
Allow the Chat Widget to recognize returning visitors without capturing personal details.
Local Storage items
Used for Chat Widget display settings, load optimization, and performance behavior.
Load and error metrics
These identifiers are required for core Chat Widget functionality and do not contain or reveal personal identity information.
Integration tokens (if enabled)
Required only when Customers connect specific third-party integrations.
B. What the Chat Widget Does NOT Drop
The Desku Chat Widget is designed to avoid storing sensitive or user-specific information in Cookies or storage. It does not store:
Cross-site tracking identifiers, unless the visitor has explicitly consented to such tracking through the Cookie banner.
No personal or message content is ever written to Cookies, Local Storage, Session Storage, or browser-based identifiers.
C. Instructions for Customers Using the Chat Widget
Request the Chat Widget Cookie Summary from Desku and include it in your own privacy and Cookie documentation.
To comply with GDPR and other privacy laws, you must either:
or
AI & Machine Learning Tracking Technologies
Desku uses Artificial Intelligence to enhance Customer service workflows, automate processes, and improve product functionality. We apply strict technical and privacy safeguards to ensure that tracking technologies interact with AI systems in a safe, compliant, and privacy-protective manner.
AI feature activation and usage patterns
Load times and latency
System-level performance signals
Error detection and recovery metrics
Workflow execution speeds
Importantly:
Cookies, Local Storage, and Session Storage are not used to train AI or machine learning models.
No messages, chat transcripts, or Customer-submitted content are stored in browser-based technologies.
AI models are not trained on any Cookie-derived or browser-stored data.
All AI-related tracking adheres to:
GDPR data minimization requirements
CPRA/CCPA privacy and opt-out rules
ePrivacy Directive standards
These safeguards ensure that Desku’s AI capabilities remain transparent, predictable, and privacy-first, aligning with modern compliance expectations for AI-driven Customer service platforms.
Google Analytics & Consent Mode v2
Desku uses Google Analytics 4 (GA4) in a manner that complies fully with Google’s Consent Mode v2 framework and all applicable privacy laws, including GDPR and CPRA. Consent Mode v2 ensures that GA4 adapts its behavior based on the consent choices Users provide through our Cookie Preferences Center.
When a visitor grants consent, GA4 operates in its standard analytics mode, which allows us to measure website traffic patterns, analyze feature usage, and understand how visitors engage with our Marketing Site.
When consent is declined, GA4 automatically switches to a restricted mode. In this mode:
Cross-site tracking is disabled.
Events may be logged in a privacy-preserving format, but cannot be used for behavioral tracking or advertising-related purposes.
Measurement signals respect the User’s denied consent across all Google services.
These Consent Mode v2 controls apply even if Desku does not run Google Ads campaigns, because GA4 relies on consent signaling to remain compliant with regional privacy requirements.
Users may update their GA4-related consent settings at any time through the Cookie Preferences Center.
How Users Can Manage Cookies
Browser Controls
Most browsers provide built-in tools that allow you to view, delete, or block Cookies and adjust Privacy Settings. Instructions are available for:
Chrome
Firefox
Safari
Edge
Browsers also allow you to clear Local Storage and Session Storage. This step may be required to fully remove identifiers used by the Desku web app or Chat Widget. Adjusting these settings may affect certain platform features, including login persistence and interface preferences.
Clearing Cookies vs. Local Storage
Deleting Cookies does not automatically clear items stored in Local Storage or Session Storage. To completely remove session identifiers or Chat Widget-related storage items, you must manually clear:
Local Storage
Session Storage
These can be cleared through your browser’s site-data or Privacy Settings.
Third-Party Vendor Opt-Outs
Some third-party integrations provide additional options for managing tracking technologies. Examples include:
These opt-out tools work together with your selections in the Cookie Preferences Center.
Legal Basis for Cookies (GDPR)
Desku processes Cookies and similar tracking technologies in accordance with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
We rely on two legal bases when placing or accessing Cookies:
1. Consent (Article 6(1)(a) GDPR)
Non-essential Cookies, such as analytics, advertising, and certain integration-related tools; are only used after a User provides explicit, informed consent through our Consent Management Platform (CMP). These include, for example:
Performance and analytics Cookies
Advertising or retargeting Cookies
Third-party integration Cookies that are not required for core functionality
Users may withdraw or modify their consent at any time through the Cookie Preferences Center.
2. Legitimate Interest (Article 6(1)(f) GDPR)
These Cookies are required for the Service to function correctly and cannot be disabled.
Authentication and login
Security and fraud prevention
Load balancing and platform stability
Session management
Essential Chat Widget and dashboard functionality
Consent Management Platform (CMP)
Desku’s CMP:
Records each User’s consent choices
Ensures those choices are respected across sessions
Applies granular consent settings to analytics, advertising, and integration-related Cookies
Allows Users to update preferences at any time through the Cookie Preferences Center
Supports GDPR, CPRA, and ePrivacy transparency requirements
The CMP ensures that non-essential Cookies are blocked until consent has been obtained and that all consent settings are fully honoured.
California Privacy Rights (CPRA)
This section applies to California residents under the California Privacy Rights Act (CPRA). CPRA establishes specific rights related to how businesses collect, use, and share personal information. While Desku does not sell personal data, certain analytics or advertising Cookies used by integrations may qualify as “sharing” for cross-context behavioral advertising under CPRA.
California residents have the right to:
Changes to This Cookie Policy
Desku may update this Cookie Policy from time to time to reflect changes to our Services, updates in legal or regulatory requirements, or modifications in how we use Cookies and similar tracking technologies.
When updates occur:
For material updates, Desku may provide additional notice through the web app, email, the Cookie banner, or other appropriate communication channels.
Updated versions of this Cookie Policy will replace all previous versions, which are archived for version-control and reference purposes.
We encourage all users to review this page periodically so they remain informed about how Desku uses Cookies, Local Storage, and related technologies across our platform.
Contact Information
If you have any questions about this Cookie Policy, your consent preferences, or how Desku uses tracking technologies, you may contact us using the details below:
You can also learn more about our Privacy and Compliance practices by visiting: