AgentDesk Privacy Policy

Last updated: 08/10/2025

1. Who We Are

AgentDesk Ltd (“AgentDesk”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data transparently and securely. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use agentdesk.io and our software and services, including our agentic AI platform for sales and recruitment teams.

We comply with the UK Data Protection Act, the General Data Protection Regulation (GDPR), and other applicable data and cybersecurity regulations, including the EU AI Act, EU Data Act, and Digital Services Act (DSA).

2. Information We Collect
A. Information You Provide Directly

When you create an account or are added as a user by your organization’s admin, we collect:

First name

Surname

Work email address

Secure password (encrypted)

We do not collect any other personal information such as phone numbers, addresses, or payment details.

B. Information from Integrated Platforms

Our platform connects to recruitment CRM systems and third-party tools (e.g., Google Mail, Microsoft Outlook, ChatGPT) to enable communication and data synchronization.

CRM Data: We access CRM data through secure integrations to create and update contextualized communication content. However, no CRM data is stored on our servers.

Google User Data: When you connect your Google account, we access data through the Google OAuth 2.0 process. The only information we store is:

Access token and refresh token for authentication purposes.

No Gmail message content, contacts, or calendar data are stored or retained on our servers.

Microsoft Data: When you connect Microsoft Outlook, similar authentication tokens are stored securely; no email content or personal data is retained.

C. Automatically Collected Information

When you visit our website, we may collect limited technical data (e.g., IP address, browser type, and cookie preferences) to ensure the site functions correctly.
We do not use analytics tools or behavioral tracking cookies.

3. How We Use Information

We use the data we collect for the following purposes:

To create and manage user accounts within the AgentDesk platform.

To authenticate users and maintain secure access to integrated services (e.g., Gmail, Outlook, CRM).

To enable our AI-powered tools to generate and send contextually relevant communications via connected platforms.

To update recruitment CRM systems with relevant candidate or contact interactions.

To provide support and communicate important service updates.

To comply with legal or regulatory requirements.

We do not use personal or OAuth data for advertising, profiling, or unrelated purposes.

4. Data Storage and Security

Storage Location: All data is securely hosted on Amazon Web Services (AWS) in data centers that meet international security standards (ISO 27001, SOC 2).

Encryption: Tokens, passwords, and any sensitive information are encrypted at rest and in transit.

Retention: OAuth tokens are retained only for as long as your account remains active or until you revoke access.

Deletion: User accounts can be deleted by the user or by an organization’s admin at any time. Upon deletion, all associated tokens and credentials are permanently removed.

5. Data Sharing and Disclosure

We do not sell, trade, or rent personal data to third parties.
We only share data in the following limited cases:

Service Providers: With AWS for secure hosting and infrastructure.

Legal Requirements: When required by law, regulation, or valid governmental request.

User Direction: When users explicitly authorize sharing through the connected CRM or email integrations.

6. User Rights and Control

You have the right to:

Access the personal data we hold about you.

Request correction or deletion of your data.

Withdraw consent and revoke connected app permissions (e.g., by removing AgentDesk’s access in your Google Account Permissions).

Request an export of your data in a portable format.

For assistance with any of these rights, contact us at privacy@agentdesk.io.

7. Cookies

We use only essential cookies required for login, authentication, and session management. We do not use analytics or advertising cookies.
Details of these cookies are outlined in our cookie notice.

8. Data Retention

We retain personal data only for as long as necessary to:

Provide services to users,

Comply with our legal obligations, or

Resolve disputes.

Once your account is deleted, all associated OAuth tokens and personal data are purged from our systems within 30 days.

9. Security

We employ technical and organizational measures to safeguard your data against loss, unauthorized access, or disclosure. This includes:

TLS encryption for all network communications.

Role-based access controls.

Regular security audits and penetration testing.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

AgentDesk Ltd
Email: mark@agentdesk.io

Website: https://agentdesk.io

 

Use of Google User Data

AgentDesk uses Google APIs to allow users to connect their Google accounts securely for email and communication purposes within the AgentDesk platform.
We are committed to handling all Google user data in compliance with the Google API Services User Data Policy
, including the Limited Use requirements.

1. Data Accessed

Our application accesses the following Google user data, through OAuth 2.0 authorization:

Access tokens and refresh tokens to authenticate the user and maintain a secure connection to their Google account.

Basic Google Account information (user’s email address) as returned by Google’s OAuth API for identification purposes.

AgentDesk does not access, read, or store Gmail message content, attachments, contacts, or calendar data.

2. Data Usage

The Google user data accessed by AgentDesk is used solely for the purpose of enabling user authentication and account connectivity.
Specifically:

Access and refresh tokens are used to allow the user to send emails and perform authorized actions on their own behalf.

The Google account email address is used to identify the user’s connected account within AgentDesk.

We do not use Google user data for advertising, profiling, analytics, or any purpose unrelated to providing the requested functionality.

3. Data Sharing

AgentDesk does not share Google user data with any third parties except:

Service providers that host our infrastructure (Amazon Web Services), which have no access to decrypted data.

Legal authorities, only when required by law or valid legal process.

No Google user data is ever sold, rented, or used for marketing purposes.

4. Data Storage & Protection

Access and refresh tokens are encrypted at rest and in transit using industry-standard encryption protocols (TLS 1.2+, AES-256).

Data is stored securely on Amazon Web Services (AWS) infrastructure that meets ISO 27001 and SOC 2 compliance standards.

Access to user data is restricted to authorized system components only; no human operators have access to decrypted tokens.

We maintain strict internal security policies and monitor for unauthorized access.

5. Data Retention & Deletion

Google access and refresh tokens are retained only while the user’s account remains active in AgentDesk.

If a user deletes their account, or revokes AgentDesk’s access in their Google Account Permissions, all associated Google OAuth tokens are automatically and permanently deleted from our systems.

Users or administrators can also request deletion of their data by contacting mark@agentdesk.io