GudDesk

Privacy Policy

Privacy Policy for GudDesk.

Last updated: February 20, 2026

This Privacy Policy explains how GudDesk ("we", "us", or "our") collects, uses, and protects your information when you use our customer messaging platform ("Service").

1. Information We Collect

Information You Provide

  • Account information: Name, email address, and password when you create an account.
  • Billing information: Payment details are processed by our payment provider (Stripe). We do not store full credit card numbers.
  • Conversation data: Messages, attachments, and other content sent through the GudDesk platform.
  • Knowledge base content: Articles, categories, and other content you create.

Information Collected Automatically

  • Usage data: Pages visited, features used, and interactions with the Service.
  • Device information: Browser type, operating system, and screen resolution.
  • Analytics data: We use Microsoft Clarity to understand how users interact with our website. Clarity may capture session recordings, heatmaps, and click data. Clarity uses cookies and similar technologies to collect this data. For more information, see Microsoft's Privacy Statement.
  • Log data: IP addresses, access times, and referring URLs stored in server logs.

Cookies

We use the following types of cookies:

  • Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
  • Analytics cookies: Used by Microsoft Clarity to understand usage patterns. You can opt out of these via your browser settings or cookie preferences.

We do not use advertising or tracking cookies.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send billing-related communications
  • Send important notices about the Service (security alerts, policy changes)
  • Analyze usage patterns to improve the user experience
  • Respond to support requests
  • Detect and prevent fraud or abuse

We do not use your data to train AI models. AI features in GudDesk process your data in real-time to provide responses but do not retain conversation data for model training.

3. Data Storage

Your data is stored in PostgreSQL databases hosted on secure infrastructure. For our hosted cloud service, data is stored in data centers located in the United States and the European Union.

For self-hosted installations, all data remains on your own infrastructure and is not transmitted to us unless you explicitly configure integrations that do so.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Companies that help us operate the Service (hosting, email delivery, payment processing, analytics).
    • Vercel: Hosting and deployment
    • Stripe: Payment processing
    • Resend: Transactional email delivery
    • Microsoft Clarity: Website analytics
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets (you would be notified in advance).

5. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Account data is deleted within 30 days.
  • Conversation data is deleted within 30 days.
  • Server logs are retained for up to 90 days for security purposes.
  • Billing records are retained as required by applicable tax and financial regulations.

6. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a machine-readable format
  • Restrict processing of your data
  • Object to processing of your data
  • Withdraw consent for non-essential data processing

To exercise any of these rights, contact us at privacy@guddesk.com. We will respond within 30 days.

GDPR (European Economic Area)

If you are in the EEA, our legal bases for processing personal data are:

  • Contract performance: To provide the Service you signed up for.
  • Legitimate interests: To improve the Service and ensure security.
  • Consent: For analytics cookies (Microsoft Clarity).

CCPA (California)

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

7. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Regular security audits
  • Access controls and authentication
  • Secure development practices

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify you in accordance with applicable law.

8. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will delete it.

9. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: