Privacy Policy

Effective Date: February 22, 2026

Last Updated: February 22, 2026

Welcome to AI HelpDesk. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our helpdesk platform.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, organization name
• Profile Data: Profile picture, job title, contact preferences
• Support Tickets: Ticket content, attachments, communications
• Payment Information: Processed securely through Stripe (we don't store card details)

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent
• Device Information: Browser type, IP address, operating system
• Cookies: Session cookies for authentication and preferences

1.3 Gmail API Data

2. How We Use Your Information

2.1 Service Delivery

• Provide and maintain helpdesk services
• Process and respond to support tickets
• Send email notifications about ticket updates
• Enable team collaboration features

2.2 AI-Powered Features

• Automatically categorize and prioritize tickets
• Generate response suggestions
• Analyze sentiment and urgency
• Improve AI accuracy over time

Note: AI processing uses anonymized data. Personal identifiers are removed before analysis.

2.3 Service Improvement

• Analyze usage patterns to optimize performance
• Develop new features based on user needs
• Fix bugs and technical issues
• Conduct security monitoring

2.4 Communication

• Send service updates and announcements
• Respond to support requests
• Send billing and subscription notifications
• Share product updates (you can opt-out)

3. Data Storage and Security

3.1 Where We Store Data

• Primary Database: MongoDB Atlas (encrypted at rest)
• Cache: Redis (temporary data only)
• File Storage: Google Cloud Storage (encrypted)
• Backups: Automated daily backups (encrypted)

3.2 Security Measures

• HTTPS/TLS encryption for all data transmission
• AES-256 encryption for data at rest
• Multi-tenant data isolation (your data is separate from other organizations)
• Regular security audits and penetration testing
• Two-factor authentication (2FA) support
• Role-based access control (RBAC)
• Automated threat detection and monitoring

3.3 Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Data permanently deleted within 30 days
• Backups: Backup data retained for 90 days
• Legal Requirements: Some data may be retained longer if required by law

4. Third-Party Services

4.1 Google OAuth & Gmail API

Purpose: Secure authentication and email integration

Data Shared: Email address, name, profile picture

Privacy Policy: Google Privacy Policy

4.2 OpenAI

Purpose: AI-powered ticket analysis and suggestions

Data Shared: Anonymized ticket content (no personal identifiers)

Privacy Policy: OpenAI Privacy Policy

4.3 Stripe

Purpose: Payment processing

Data Shared: Billing information (we don't store card details)

Privacy Policy: Stripe Privacy Policy

4.4 Google Cloud Platform

Purpose: Application hosting and infrastructure

Data Shared: All application data (encrypted)

Privacy Policy: GCP Privacy Policy

5. Your Rights and Choices

5.1 Access and Control

• Access: View all your personal data in account settings
• Update: Modify your profile and preferences anytime
• Export: Download your data in JSON format
• Delete: Request account deletion (permanent within 30 days)

5.2 Gmail API Permissions

• Revoke Access: Disconnect Gmail at any time in settings
• Google Account: Manage permissions at myaccount.google.com/permissions
• Effect: Email integration stops immediately (existing tickets remain)

5.3 Communication Preferences

• Ticket Notifications: Configure in notification settings
• Marketing Emails: Opt-out via unsubscribe link
• Service Updates: Cannot opt-out (critical for service)

5.4 Data Portability

You can export your data including:

• All tickets and conversations
• Team member information
• Organization settings
• Usage statistics

6. Compliance and Legal

6.1 GDPR Compliance (EU Users)

• Right to access your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing

6.2 CCPA Compliance (California Users)

• Right to know what data we collect
• Right to delete your data
• Right to opt-out of data sales (we don't sell data)
• Right to non-discrimination

6.3 Legal Disclosure

We may disclose your information if required by law or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

7. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Data processing agreements
• Encryption during transfer

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

11. Gmail API Disclosure