Privacy Policy

This Privacy Policy explains how nabudesk collects, uses, stores, and shares personal data when providing our customer support software to business customers and their authorized users.

1. Roles and scope

nabudesk is a business-to-business help desk platform. For account, billing, and product usage data about our customers and their agents, nabudesk acts as an independent controller. For ticket content, contacts, and other customer-submitted support records, the customer workspace generally acts as the controller and nabudesk processes that data as a processor on the customer’s documented instructions.

This policy applies to the nabudesk website, application, and related support communications. It does not replace a customer’s own privacy notice to its end customers.

2. Information we collect

We collect information needed to operate, secure, and improve the service. Categories include:

  • Account and identity data: names, work email addresses, role, authentication credentials, MFA and passkey metadata, and session records.
  • Workspace and configuration data: company profile, groups, ticket types, templates, notification rules, integrations, and admin settings.
  • Support content: tickets, messages, attachments metadata, contacts, organizations, internal notes, and related activity history submitted by the customer.
  • Usage and diagnostics: product telemetry, device and browser metadata, IP address, approximate location derived from IP, logs, and security events.
  • Billing and commercial data: plan selection, seat counts, invoices, and payment-provider references. Card details are handled by our payment processor where enabled.

3. How we use information

We use personal data to provide the product, authenticate users, deliver notifications, process tickets and inbound email, enforce permissions, detect abuse, investigate incidents, comply with law, and communicate service or security notices.

We do not sell personal information and do not use customer ticket content to train public generative AI models.

5. Sharing and subprocessors

We share data with infrastructure and service providers that help us host, deliver, monitor, authenticate, or bill for the service. Those providers are bound by confidentiality and data-processing terms appropriate to their role.

We may disclose information if required by law, legal process, or to protect the rights, safety, or integrity of nabudesk, our customers, or others. We may also transfer data in connection with a merger, acquisition, or corporate reorganization, subject to continued confidentiality protections.

6. International transfers

nabudesk may process data in the United States and other countries where we or our subprocessors operate. Where required, we use appropriate transfer mechanisms such as standard contractual clauses and complementary safeguards.

7. Retention

We retain personal data for as long as needed to provide the service, meet contractual obligations, resolve disputes, enforce agreements, and satisfy legal, tax, or audit requirements. Customers may request deletion or export of workspace data subject to applicable law and residual backup cycles.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, access controls, authentication safeguards, audit logging, and monitoring. No method of transmission or storage is perfectly secure. Additional detail is available on our Security page.

9. Your rights and choices

Depending on your location and role, you may have rights to access, correct, delete, restrict, or export personal data, or to object to certain processing. Agents can update many profile settings in-product. End-customer requests about ticket or contact data should generally be directed to the customer workspace that controls those records.

California and similar U.S. state privacy laws may provide additional rights. We do not sell personal information or share it for cross-context behavioral advertising as those terms are commonly defined.

10. Children’s data

nabudesk is designed for business use and is not directed to children under 16. We do not knowingly collect personal data from children for the purpose of offering the service to them.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the “Last updated” date and, where appropriate, by additional notice through the product or email.

12. Contact

For privacy inquiries, data subject requests, or regulator correspondence related to nabudesk as a controller, contact [email protected]. Customers acting as controllers remain responsible for responding to their own end-customer requests unless otherwise agreed in writing.