Privacy Policy

Last updated: July 2026 · Version 1
⚠ This is a draft template covering standard data-protection practices. It has not been reviewed by a lawyer or privacy specialist. Before relying on this for real customers, have it reviewed against the specific data-protection laws that apply to you (e.g. Qatar's PDPPL, GDPR if you have EU users).

This Privacy Policy explains what information Deskorders ("we", "us") collects through the Deskorders platform (the "Service"), how it is used, and the choices available to companies ("Customers") and their employees ("Users").

1. Information We Collect

CategoryExamples
Account & workspace dataCompany name, admin name/email, employee names, emails, roles, departments
Billing dataSubscription plan, billing history; card details are collected and processed directly by Tap Payments, not stored on our servers
Usage contentOrders, chat messages, task comments, expense claims, attachments you upload
Technical dataIP address, browser/device information, login timestamps, audit logs

2. How We Use Information

3. Payment Processing

Subscription payments are handled by Tap Payments, a third-party PCI-compliant payment processor. When you enter card details, they are submitted directly to Tap through their secure hosted payment form — Deskorders' servers never receive or store your full card number or CVV. We retain only the last four digits, card brand, and transaction identifiers needed for invoicing and support.

4. Infrastructure & Sub-processors

We rely on the following infrastructure providers to operate the Service:

ProviderPurpose
RailwayApplication server and database hosting
Cloudflare (Pages & R2)Frontend hosting and file/attachment storage
Tap PaymentsSubscription payment processing
SentryServer error monitoring (technical diagnostics only)

5. Data Sharing

We do not sell personal data. Information is shared only with the sub-processors above as necessary to operate the Service, or when required by law, legal process, or to protect the rights and safety of Deskorders, our Customers, or others.

6. Data Retention

We retain workspace data for as long as the company's subscription is active, plus a reasonable period afterward to allow reactivation or as required for legal/accounting purposes. A Customer may request deletion of their workspace data after account closure, subject to any retention obligations we are required to observe.

7. Your Rights

Depending on your location, you may have rights to:

Requests should be directed to your company's workspace administrator first, since most personal data is controlled by the Customer (your employer) rather than Deskorders directly. Deskorders acts as a data processor on behalf of the Customer for employee/workspace data.

8. Security

We use industry-standard measures to protect data in transit and at rest, including hashed passwords, access-controlled storage, and encrypted connections. No system is completely secure, and we cannot guarantee absolute security of information transmitted to the Service.

9. Children's Privacy

The Service is intended for business use by adult employees of Customer companies and is not directed at children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated version number and date above, and active users may be asked to re-acknowledge the policy before continuing to use the Service.

11. Contact

Questions about this Privacy Policy can be directed to the Deskorders team through the contact details provided on your company's account or via the Service.