Privacy Policy

Last Updated: January 2025

At AssistDesk, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered IT support services.

1. Information We Collect

1.1 Account Information

When you create an AssistDesk account, we collect:

• Name and email address
• Company domain (for Enterprise users)
• Session tokens and OAuth tokens (for Microsoft/Google sign-in)
• Temporary magic link verification tokens (expire after use)
• Subscription and billing information (processed through Stripe)

Note: AssistDesk uses passwordless authentication. We do not collect or store passwords.

1.2 Ticket and Support Data

We collect and retain ticket information for 30 days to aid in the resolution of IT issues and to improve our services. This includes:

• Ticket descriptions and problem reports
• Communications between you and Cait (our AI technician)
• Email correspondence related to support tickets
• System information you provide (operating system, software versions, error messages)
• Ticket status, priority, and resolution history

1.3 Image and Screenshot Handling

Screenshots and images are processed but not permanently stored:

• When you upload screenshots or images, they are analyzed by our AI vision system to extract relevant information
• Original image files are NOT retained after processing
• Text descriptions of the images ARE retained as part of the ticket record to aid in troubleshooting
• Image descriptions help our AI understand your issue without storing potentially sensitive visual information

1.4 Usage and Analytics Data

We automatically collect certain information about how you use AssistDesk:

• Login timestamps and activity logs
• Feature usage and interaction patterns
• Performance metrics and error logs
• IP address and browser information

1.5 Enterprise Integration Data

For Enterprise customers with third-party integrations, we may access:

• User directory information (from Microsoft 365, Google Workspace, etc.)
• Device and asset information (from MDM platforms)
• Service status and health data (from integrated platforms)

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

• Provide AI-powered IT support through Cait
• Process and respond to support tickets
• Manage your account and subscriptions
• Enable email communications and notifications
• Facilitate enterprise integrations (with your authorization)

2.2 Service Improvement

We analyze ticket data to:

• Improve AI response accuracy and effectiveness
• Identify common issues and develop better troubleshooting workflows
• Train and optimize our AI models (using anonymized data)
• Enhance product features and user experience

2.3 Analytics and Reporting

We use your data to:

• Generate aggregate usage statistics and insights
• Provide analytics dashboards for Enterprise customers
• Monitor service performance and reliability
• Detect and prevent fraud or abuse

3. Data Retention

3.1 Ticket Data Retention Period

3.2 Account Data

Account information is retained for the duration of your active subscription. If you cancel your account, we may retain certain data as required for:

• Legal compliance (tax records, audit logs)
• Dispute resolution (up to 90 days after cancellation)
• Fraud prevention and security purposes

3.3 Image Processing

As stated above:

• Original screenshots and images: NOT retained (deleted after AI analysis)
• Image descriptions: Retained as part of ticket data (30-day retention period)

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest
• Access Controls: Role-based access with principle of least privilege
• Authentication: Secure authentication via magic links and OAuth 2.0
• Multi-Tenancy: Enterprise data is isolated using secure multi-tenant architecture
• Regular Audits: Security assessments and vulnerability scanning
• Monitoring: 24/7 security monitoring and incident response

5. Data Sharing and Third Parties

5.1 Service Providers

We share data with trusted third-party service providers who help us operate AssistDesk:

• Cloudflare: Infrastructure, hosting, and edge computing
• Stripe: Payment processing and billing
• AI Service Providers: AI model services for Cait's intelligent responses
• Email Services: Transactional email delivery

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Enterprise Integrations

If you authorize enterprise integrations (Microsoft 365, Google Workspace, ServiceNow, etc.), we access only the data necessary to provide integrated support services. You control which integrations are enabled.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Respond to emergencies involving danger to persons

5.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Request a copy of your personal data
• Export your ticket history and account information
• Access your data through your AssistDesk dashboard

6.2 Correction and Deletion

You may:

• Update your account information at any time through settings
• Request correction of inaccurate data
• Request deletion of your account and associated data (subject to legal retention requirements)

6.3 Marketing Communications

You can opt out of promotional emails by clicking the unsubscribe link in any marketing email. Transactional emails (account notifications, password resets, ticket updates) cannot be disabled as they are essential to the service.

6.4 Do Not Track

We respect Do Not Track (DNT) browser signals for analytics tracking, though some functional cookies are necessary for service operation.

7. Cookies and Tracking

AssistDesk uses cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences and settings
• Analyze usage patterns and improve performance
• Prevent fraud and enhance security

You can control cookie settings through your browser, though disabling essential cookies may limit service functionality.

8. International Data Transfers

AssistDesk operates on Cloudflare's global network. Your data may be processed in various countries where Cloudflare maintains infrastructure. We ensure appropriate safeguards are in place for international data transfers.

9. Children's Privacy

AssistDesk is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we discover we have inadvertently collected data from a child, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via:

• Email notification to your registered address
• Prominent notice on the AssistDesk dashboard
• Updated "Last Updated" date at the top of this policy

Your continued use of AssistDesk after changes indicates acceptance of the updated policy.

11. Data Protection Officer

For privacy-related questions, concerns, or data subject requests, please contact our Data Protection Officer:

Email: privacy@assistdesk.ai
Response Time: We aim to respond within 30 days

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt out of sale of personal information (Note: We do not sell personal information)
• Right to request deletion of personal information
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@assistdesk.ai.

13. EU/UK Privacy Rights (GDPR)

Users in the European Union and United Kingdom have additional rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with supervisory authorities

Our legal basis for processing includes: contract performance, legitimate interests, and consent where required.

14. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

AssistDesk Privacy Team
Email: privacy@assistdesk.ai
General Support: service@assistdesk.ai
Website: https://assistdesk.ai