Legal

Privacy Policy

Effective date: April 2, 2026

ResolveDesk Ltd. (“ResolveDesk”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you visit resolvedesk.com or use our services.

1. Overview

ResolveDesk is an AI-powered customer-support automation platform. We connect to your existing email, ticketing, and e-commerce tools—such as Gmail, Shopify, Zendesk, and Slack—to read, draft, and send support responses on your behalf. As a result, we necessarily handle data about you, your organisation, and your customers.

This policy applies to all visitors to our marketing website, registered users, and any organisation that connects an integration through the ResolveDesk dashboard.

2. Information We Collect

2.1 Account & Profile Data

When you sign up via Google OAuth or email/password, we collect your name, email address, and (where applicable) your profile picture. We store this in our profiles table hosted on Supabase (EU region by default).

2.2 Organisation Data

During onboarding we ask for your organisation name, team size, and how you heard about us. This helps us personalise your AI agent and improve our product.

2.3 Integration OAuth Tokens

When you connect a third-party provider (Gmail, Shopify, Zendesk, Slack), we receive and store the access token and refresh token issued by that provider. These tokens are used solely to act on your behalf within the connected service. They are stored encrypted at rest in our database.

2.4 Customer Email & Support Data

Our Gmail integration reads incoming emails to your support inbox in order to compose AI-generated draft replies. Email content—including sender details, subject lines, and message bodies—is sent to our AI pipeline (powered by OpenAI) to generate a response. We do not permanently store the raw content of your customers’ emails; they are processed in-transit.

2.5 Usage & Technical Data

We automatically collect standard server logs including IP addresses, browser type, referring URLs, and pages visited. We use this data to maintain service reliability, debug errors, and understand aggregate usage patterns.

2.6 Cookies

We use session cookies required for authentication (via NextAuth.js) and optionally analytics cookies. See Section 10 for details.

3. How We Use Your Information

  • Provide and improve the service — authenticate you, run your automated AI workflows, and ensure the platform operates correctly.
  • Personalise your AI agent — use your organisation name, custom system prompt, and connected tools to generate contextually accurate replies.
  • Communicate with you — send transactional emails (e.g., welcome, error alerts) and, with your consent, product updates.
  • Security & fraud prevention — monitor for suspicious activity and enforce our Terms of Service.
  • Legal obligations — comply with applicable laws, regulations, and lawful government requests.
  • Aggregate analytics — analyse anonymised usage trends to inform product decisions. We never sell individual-level data.

We will never sell your personal data or use it to train third-party AI models without your explicit consent.

5. Data Sharing & Disclosure

We share your data only in the following circumstances:

  • Service providers — We use sub-processors (listed in Section 6) that are contractually bound to process data only on our instructions and to the same privacy standards.
  • Business transfers — If ResolveDesk is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • Legal requirements — We may disclose data where required by law, court order, or to protect the safety of our users and the public.
  • With your consent — We will share data in any other circumstance only with your explicit consent.

We do not sell, rent, or trade your personal information to third parties for advertising purposes.

6. Third-Party Services

ProviderPurposePrivacy policy
SupabaseDatabase & authenticationView policy
OpenAIAI email generationView policy
n8nWorkflow automationView policy
Google (Gmail)Email integrationView policy
ShopifyE-commerce integrationView policy
ZendeskHelpdesk integrationView policy
SlackTeam notification integrationView policy
VercelHosting & edge networkView policy

When you connect a provider integration, you are also subject to that provider’s own terms and privacy policy.

7. Data Retention

  • Account data is retained for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.
  • Integration tokens are deleted immediately when you disconnect an integration from the dashboard.
  • Server logs are retained for up to 90 days for security and debugging purposes, then automatically purged.
  • Email content processed by the AI pipeline is not persisted beyond the duration of the API call; no customer email messages are stored in our databases.

8. Security

We implement industry-standard safeguards to protect your data:

  • All data is transmitted over TLS 1.2+.
  • OAuth tokens are stored encrypted at rest in Supabase with AES-256.
  • Access to production systems is restricted to authorised personnel with multi-factor authentication enforced.
  • We use Supabase Row Level Security (RLS) policies to ensure each organisation can only access its own data.
  • Regular dependency audits and automated security scanning are performed on our codebase.

No method of transmission or storage is 100% secure. If you discover a vulnerability, please report it to security@resolvedesk.com.

9. Your Rights

Depending on where you live, you may have some or all of the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Ask us to correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — Request deletion of your personal data, subject to legal retention obligations.
  • Portability — Receive your data in a structured, machine-readable format.
  • Restriction — Ask us to restrict processing of your data in certain circumstances.
  • Objection — Object to processing based on legitimate interests.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
  • California (CCPA) — California residents have the right to know, delete, and opt out of the “sale” of personal information. We do not sell personal information.

To exercise any of these rights, email us at privacy@resolvedesk.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies & Tracking

Essential cookies

We use a single session cookie (next-auth.session-token) that is strictly necessary to keep you logged in. This cookie is HttpOnly, Secure, and SameSite=Lax. It cannot be disabled without breaking authentication.

Analytics cookies

We may use privacy-respecting analytics (e.g., Plausible or Fathom) that do not use cross-site tracking and do not require a cookie consent banner under GDPR. No advertising or tracking pixels are deployed.

Third-party cookies

Embedded content from third parties (e.g., YouTube demo videos) may set their own cookies subject to those providers’ policies. We use privacy-enhanced embeds where possible.

11. Children’s Privacy

ResolveDesk is a business-to-business service intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately at privacy@resolvedesk.com and we will delete it promptly.

12. International Data Transfers

Our infrastructure is primarily hosted in the European Union. Where data is transferred outside the EEA (for example to OpenAI in the United States), we rely on one or more of the following safeguards:

  • Adequacy decisions — Transfers to countries deemed adequate by the European Commission.
  • Standard Contractual Clauses (SCCs) — We have Data Processing Agreements incorporating EU SCCs with all sub-processors.
  • UK IDTA — For transfers from the UK, we use the UK International Data Transfer Addendum where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Updating the “Effective date” at the top of this page.
  • Sending an email to the address associated with your account.
  • Displaying an in-app notification on your next login.

Your continued use of ResolveDesk after the effective date constitutes acceptance of the revised policy. If you disagree, you may close your account at any time.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Data Protection team:

ResolveDesk Ltd.

Email: privacy@resolvedesk.com

We aim to respond to all privacy-related enquiries within 5 business days.