Privacy Policy

This Privacy Policy explains how DeskCrew (“DeskCrew,” “we,” “us”) handles information when you use our hosted support-helpdesk service (the “Service”) at deskcrew.io. DeskCrew is a multi-tenant SaaS platform: businesses (“Customers” or “tenants”) use it to run support for their own end-customers.

Our role: processor vs. controller

For the support data that flows through the Service — tickets, messages, attachments, knowledge-base content, and the end-customer details inside them — DeskCrew acts as a data processor. The tenant business that operates the workspace is the data controller: they decide what to collect and why, and they are responsible for having a lawful basis and an appropriate notice to their own end-customers. DeskCrew processes that data only to provide the Service and on the tenant’s instructions.

For the small amount of data we collect about our direct account holders (the people who sign up to operate a DeskCrew workspace) and our public website visitors, DeskCrew acts as a controller.

What we collect and process

• Account & workspace data — the name, email, and authentication credentials of agents/operators who sign in, plus workspace settings and configuration.
• Support content (processed on behalf of tenants) — tickets and conversation history, the email address or identifier of an end-customer who contacts a tenant, knowledge-base articles, feedback-board posts, and any attachments submitted through the widget, public board, email, Slack, or Discord.
• Usage & technical data — logs, IP address, browser/user-agent, and basic analytics needed to operate, secure, and debug the Service.
• Waitlist data — if you join the early-access waitlist, the email address (and optional details) you submit.

We do not sell personal data, and we do not use end-customer support content to train third-party AI models.

Where data is stored

DeskCrew runs on Vercel’s infrastructure, with the primary database hosted on Supabase (managed PostgreSQL). Data is stored in the region(s) provisioned for the Service.

Sub-processors

We rely on the following sub-processors to deliver the Service:

• Vercel — application hosting, serverless compute, and CDN.
• Supabase — managed PostgreSQL database and storage.
• Mailgun — transactional and inbound email (ticket notifications, reply emails, and email-to-ticket).
• AI provider via Vercel AI Gateway — only when a tenant explicitly enables the AI auto-responder; relevant ticket/knowledge-base context is sent to generate a draft reply for human review. This is off by default per workspace.

The x402 agent door

DeskCrew offers an optional keyless “agent door” where autonomous AI agents can call tools and pay per action in USDC on supported public chains (Base, Polygon, Avalanche, Sei, and Solana). These agent interactions are anonymous: we do not collect names, emails, or other personal identifiers from agents — only the on-chain payment and the request payload required to perform the requested action. The agent layer is off by default and gated behind human approval before anything reaches an end-customer.

Cookies & sessions

We use strictly-necessary cookies to keep operators signed in and to keep the Service secure. We do not use third-party advertising or cross-site tracking cookies on the application.

Data retention

We retain support content for as long as the tenant’s workspace is active, and then for a limited wind-down period after termination, unless the tenant instructs us to delete it sooner. Account and waitlist data is kept while the relationship is active. Backups and logs are retained for a limited period for security and recovery.

Your rights (GDPR / CCPA)

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to opt out of the sale or sharing of personal data (we do not sell it). End-customers of a tenant should direct these requests to that tenant (the controller); we will assist the tenant in responding. For data DeskCrew controls directly, contact us using the details below. End-customers who receive a DeskCrew email can also use the one-click unsubscribe link in that email.

Security

We protect data in transit with HTTPS, isolate each workspace’s data, encrypt sensitive secrets at rest, and verify inbound-email webhooks cryptographically. See our Security page for details.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.

Contact

Questions or privacy requests: hello@deskcrew.io.

This policy is provided for transparency and is not legal advice. Please review it with qualified counsel before relying on it.