Legal

Privacy Policy

Last updated: 20 June 2026

This policy explains what data Desk FT ("we", "us") collects when you use the Desk FT mobile or web application, why we collect it, and what choices you have. Plain English first — if anything here is unclear, write to [email protected] and we'll explain.

01

Who runs Desk FT — and who controls what

Desk FT is operated as a sole-trader product, reachable at [email protected]. Desk FT works on a two-tier model, and that determines who is the GDPR "data controller" for which data:

So if you're a client invited into someone's workspace, the business you're working with — not Desk FT — decides what's collected in that desk, how long it's kept, and when it's deleted. Sections 07 and 08 explain how that affects retention and your rights.

02

What we collect

03

What we don't collect

04

Why we collect it

05

Who processes the data

We use the standard production tiers of these services. None of them are used for marketing or profiling.

06

Where the data lives

Supabase hosts the database and file storage in the us-west-2 (Oregon, USA) region. Push-notification routing flows through Google's global infrastructure; in-app purchase events flow through Apple or Google's servers (depending on the store) before reaching RevenueCat in the United States. Data is stored encrypted at rest and transmitted over HTTPS / TLS.

International transfers. If you're in the EU, the UK, Canada, or another jurisdiction with cross-border data-transfer rules, accessing Desk FT means your data is transferred to and stored in the United States. We rely on the Standard Contractual Clauses (and the UK Addendum where applicable) that Supabase, Google, Apple, and RevenueCat maintain with their customers as the legal basis for these transfers. We do not move your data between regions on our end.

07

How long we keep it

08

Your rights

If GDPR, UK GDPR, CCPA, PIPEDA or a similar regime applies to you, you have the right to:

Where you send the request depends on who controls the data:

09

Children

Desk FT is intended for adults running a business. We don't knowingly collect data from anyone under 16. If you believe a child has signed up, write to us and we'll delete the account.

10

Cookies

The mobile apps don't use cookies. The web admin at app.deskft.com uses Supabase's session cookie to keep you signed in. The marketing site at deskft.com sets no cookies of its own.

11

Changes to this policy

If we change anything material we'll update the "Last updated" date at the top and, where reasonable, notify active accounts in-app or by email.

Questions, requests, or complaints?

[email protected]