ClientDesk

Privacy Policy

Last updated: February 2026

1. Introduction

ClientDesk ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

2. Data We Collect

We collect the following types of data:

  • Account information: Name, email address, and password (hashed) when you register.
  • OAuth data: Email and profile information from Google if you use Google Sign-In.
  • Project data: Client names, project details, files, and portal settings you create.
  • Payment information: Billing details processed securely by Stripe. We do not store card numbers.
  • Usage data: Browser type, pages visited, and feature usage for improving the service.

3. How We Use Your Data

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To send transactional emails (welcome, password reset, portal links)
  • To enforce storage and client limits per your plan
  • To improve the Service based on usage patterns
  • To respond to support requests

4. Third-Party Services

We use the following third-party services to operate ClientDesk:

  • Supabase: File storage and database hosting
  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • Google: OAuth authentication (optional)
  • Vercel: Application hosting
  • Sentry: Error monitoring and performance tracking

Each third-party service has its own privacy policy governing their use of your data.

5. Security Measures

  • Passwords are hashed using bcrypt with a cost factor of 12
  • Authentication tokens are hashed with SHA-256
  • Files are accessed via time-limited presigned URLs
  • All data is transmitted over HTTPS/TLS
  • Database access is protected with row-level security policies

6. Your Rights

Under GDPR, CCPA, and similar regulations, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of non-essential communications

To exercise any of these rights, contact us at support@client-desk.io.

7. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use tracking cookies or third-party advertising cookies.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data is retained for 30 days (for recovery purposes) and then permanently deleted. Payment records may be retained longer as required by law.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the Service. Your continued use after changes take effect constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact us at support@client-desk.io.