Your data, handled with care.

Information you provide

When you contact us, book a discovery call, or become a client, you provide information directly. This may include your name, business name, email address, phone number, role, calendar availability, and details about your business operations that you share with us in order to receive services.

Information collected automatically

When you visit our website, we automatically collect limited technical information — including approximate location (derived from IP, not stored), browser type, pages viewed, referring source, and timestamps. We use a privacy-respecting analytics provider (Plausible) that does not use cookies and does not collect personally identifying data.

Information from third parties

If you connect a calendar to DeskFlow for scheduling (for example, Google Calendar or Apple Calendar), we receive limited event metadata strictly for the purpose of detecting conflicts and reserving time slots. We do not read, store, or share the content of your calendar events.

• Schedule, confirm, reschedule, and remind you about discovery calls.
• Provide, operate, and improve our back-office services.
• Communicate with you about your engagement, billing, and updates.
• Respond to questions, requests, and support needs.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information. We share information only with:

• Service providers we use to operate the business (for example, our hosting provider, payment processor, email delivery, and error monitoring). These providers are contractually bound to handle your information only as needed to deliver services to us.
• Legal and safety reasons if required by law, subpoena, or to protect the rights, safety, and property of DeskFlow, our clients, or others.
• Business transfers if DeskFlow is involved in a merger, acquisition, or sale of assets, in which case your information may be transferred subject to this policy.

Our website uses a small number of strictly necessary cookies (for example, to remember authentication state for any future client portal). We do not use advertising cookies or cross-site tracking. Our analytics provider is cookieless.

We retain information for as long as needed to provide our services and to comply with our legal obligations. Booking records are retained for up to twelve months after the last interaction. Client engagement records are retained for the duration of the engagement plus seven years to meet tax and accounting requirements.

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. California residents have specific rights under the CCPA/CPRA, and residents of the EEA, UK, and Switzerland have rights under GDPR. To exercise any of these rights, contact us at hello@deskflowhq.com.

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit, encrypted storage for sensitive fields, role-based access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

DeskFlow does not provide services to or knowingly collect information from children under 16. If you believe a child has provided information to us, please contact us so we can delete it.

DeskFlow operates from the United States. If you access our services from outside the U.S., your information will be transferred to and processed in the U.S. By using our services, you consent to this transfer.

We may update this Privacy Policy from time to time. Material changes will be noted by updating the effective date above. We encourage you to review this page periodically.

Questions about this policy or your information? Email hello@deskflowhq.com.