1) Who we are & how to contact us

If you have questions or want to exercise your privacy rights, contact us at Deardeskai@gmail.com. We act as the controller of your personal data when you use the Deardesk services.

2) Data we collect

• Account data: name, email address, profile image, organization/workspace details.
• Email data: email content (subject, body, attachments metadata), sender/recipient information, labels/folders, timestamps, and message state (read, starred) to organize mail, generate drafts, and provide AI assistance.
• Calendar data: event title, description, participants, time and duration, status, and meeting links to help schedule and manage meetings.
• Usage data: feature usage, token consumption, in-product actions, and diagnostics to improve reliability and measure performance.
• Device & log data: IP address, device/browser information, and logs for security, debugging, and abuse prevention.
• Cookies: essential cookies for auth and session; optional analytics cookies where permitted.

3) How we use data

• Provide and operate the service (email sync, search, drafting).
• Generate and suggest AI-assisted email replies/drafts.
• Connect to and manage your calendar for scheduling and updates.
• Personalize features, measure token usage, and improve quality.
• Detect, prevent, and respond to security incidents.
• Comply with legal obligations and enforce our terms.

4) Email & calendar access

We use OAuth-based connections (e.g., Google/Microsoft) and request only the scopes needed for the features you enable. You can revoke access at any time via your email/calendar provider settings or in Deardesk. When disconnected, we stop syncing and delete access tokens. You may also request deletion of synced data as described below.

5) AI processing & third parties

With your instructions, we may process snippets of your content with trusted AI providers (e.g., OpenAI, Anthropic, Google) to generate drafts and summaries. We apply data minimization and send only what is necessary. By default, we do not allow these providers to use your data to train their models. Where a provider offers an enterprise policy preventing training on your data, we opt into that policy.

We have agreements in place with vendors that process data on our behalf. They may only process your data to provide the contracted services and must protect it appropriately.

6) Sharing

• Service providers (hosting, analytics, support, AI processing).
• Compliance with laws, subpoenas, or to protect rights/safety.
• Business transfers (merger, acquisition, financing, sale).

We do not sell your personal data.

7) Retention & deletion

We retain personal data only as long as necessary for the purposes above or as required by law. You can request deletion of your synced email content and calendar data, and you can disconnect providers at any time. After disconnection and deletion requests, residual backup copies may persist for a limited period as part of routine backups, after which they are overwritten.

8) Security

We use technical and organizational safeguards (encryption in transit, access controls, monitoring). No system can be 100% secure; we continuously improve our protections and investigate incidents.

9) International transfers

Where data is transferred internationally, we use appropriate safeguards (such as Standard Contractual Clauses) as required by applicable law.

10) Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your data, and to object or withdraw consent where applicable.

To make a request, email us at Deardeskai@gmail.com. We may need to verify your identity before responding.

11) Children

Our services are not directed to children. If we learn we have collected personal data from a child without appropriate consent, we will delete it.