Privacy Policy
This Privacy Policy explains what information Deskorders ("we", "us") collects through the Deskorders platform (the "Service"), how it is used, and the choices available to companies ("Customers") and their employees ("Users").
1. Information We Collect
| Category | Examples |
|---|---|
| Account & workspace data | Company name, admin name/email, employee names, emails, roles, departments |
| Billing data | Subscription plan, billing history; card details are collected and processed directly by Tap Payments, not stored on our servers |
| Usage content | Orders, chat messages, task comments, expense claims, attachments you upload |
| Technical data | IP address, browser/device information, login timestamps, audit logs |
2. How We Use Information
- To provide and operate the Service (accounts, orders, chat, tasks, approvals, billing);
- To process subscription payments and send billing-related notifications (e.g. renewal failures);
- To maintain security, prevent abuse, and keep audit logs of account activity;
- To communicate service updates, and, where permitted, product announcements;
- To comply with legal obligations.
3. Payment Processing
Subscription payments are handled by Tap Payments, a third-party PCI-compliant payment processor. When you enter card details, they are submitted directly to Tap through their secure hosted payment form — Deskorders' servers never receive or store your full card number or CVV. We retain only the last four digits, card brand, and transaction identifiers needed for invoicing and support.
4. Infrastructure & Sub-processors
We rely on the following infrastructure providers to operate the Service:
| Provider | Purpose |
|---|---|
| Railway | Application server and database hosting |
| Cloudflare (Pages & R2) | Frontend hosting and file/attachment storage |
| Tap Payments | Subscription payment processing |
| Sentry | Server error monitoring (technical diagnostics only) |
5. Data Sharing
We do not sell personal data. Information is shared only with the sub-processors above as necessary to operate the Service, or when required by law, legal process, or to protect the rights and safety of Deskorders, our Customers, or others.
6. Data Retention
We retain workspace data for as long as the company's subscription is active, plus a reasonable period afterward to allow reactivation or as required for legal/accounting purposes. A Customer may request deletion of their workspace data after account closure, subject to any retention obligations we are required to observe.
7. Your Rights
Depending on your location, you may have rights to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request deletion of your data, subject to legal/contractual retention requirements;
- Withdraw consent where processing is based on consent (e.g. the in-app consent log).
Requests should be directed to your company's workspace administrator first, since most personal data is controlled by the Customer (your employer) rather than Deskorders directly. Deskorders acts as a data processor on behalf of the Customer for employee/workspace data.
8. Security
We use industry-standard measures to protect data in transit and at rest, including hashed passwords, access-controlled storage, and encrypted connections. No system is completely secure, and we cannot guarantee absolute security of information transmitted to the Service.
9. Children's Privacy
The Service is intended for business use by adult employees of Customer companies and is not directed at children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by an updated version number and date above, and active users may be asked to re-acknowledge the policy before continuing to use the Service.
11. Contact
Questions about this Privacy Policy can be directed to the Deskorders team through the contact details provided on your company's account or via the Service.