LEGAL

Privacy Policy - How KnowDesk Protects Your Data

Last updated: 4 June 2026KnowDesk, Lda · Amadora, Portugal
Summary: We collect only what we need to run KnowDesk. We never sell your data. We use Supabase for storage, Stripe for payments, and Cloudflare for delivery. You can request deletion of your data at any time.

1. Who We Are

KnowDesk is operated by KnowDesk Inc., a corporation incorporated in the State of Delaware, United States, with its registered office at 131 Continental Dr, Suite 305, Newark, County of New Castle, Delaware 19713, and its principal mailing address at 1908 Thomes Avenue, Cheyenne, WY 82001, United States. References to "KnowDesk", "we", "us", or "our" in this policy refer to KnowDesk Inc.

We are the data controller for personal data collected through our website (knowdesk.io) and platform. For questions about this policy, contact us at hello@knowdesk.io.

2. What Data We Collect

2.1 Account data

  • Email address and password (hashed, never stored in plain text)
  • Company name and website URL
  • Billing name and address (via Stripe - we never store card numbers)

2.2 Usage data

  • Conversation logs - messages sent to and received from your AI widget
  • Knowledge source metadata (file names, sync status, character count)
  • Widget configuration settings (brand name, colour, tone)
  • Dashboard activity (pages visited, features used)
  • Message counts used against your monthly plan limit

2.3 Technical data

  • IP address (collected by Cloudflare for security and rate limiting)
  • Browser type and version
  • Device type and operating system
  • Referring URL and pages visited on knowdesk.io
  • Cookie identifiers (see our Cookie Policy for details)

2.4 Data you upload

When you connect knowledge sources, the content of those documents (Google Docs, PDFs, pasted text) is stored encrypted in our database and used solely to generate responses in your AI widget. We do not read, analyse, or use this content for any other purpose.

3. How We Use Your Data

PURPOSELEGAL BASISDATA USED
Providing and operating the KnowDesk serviceContractual necessityAccount data, usage data
Processing payments and managing subscriptionsContractual necessityBilling data via Stripe
Sending service emails (invoices, alerts, password resets)Contractual necessityEmail address
Improving the platform and fixing bugsLegitimate interestUsage data, technical data
Preventing fraud and abuseLegitimate interestTechnical data, IP address
Sending product update emails (if opted in)ConsentEmail address
Complying with legal obligationsLegal obligationAll relevant data

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following trusted sub-processors, each operating under GDPR-compliant data processing agreements:

SUB-PROCESSORPURPOSELOCATION
Cloud ServerDatabase, authentication, file storageEU - Central
StripePayment processing and billingUSA (Standard Contractual Clauses)
CloudflareCDN, DDoS protection, edge computingGlobal (SCC-protected)

5. Data Retention

  • Account data: retained for the lifetime of your account, plus 30 days after deletion
  • Conversation logs: retained for 12 months, then automatically deleted
  • Knowledge source content: deleted immediately when you remove a source
  • Billing records: retained for 7 years (legal requirement under Portuguese/EU tax law)
  • Technical logs: retained for 90 days

6. Your Privacy Rights

KnowDesk Inc. is incorporated in Delaware, United States, and complies with applicable US federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable. Regardless of your location, we extend the following rights to all users of our platform:

  • Right of access - request a copy of all personal data we hold about you
  • Right to rectification - correct inaccurate or incomplete data
  • Right to erasure - request deletion of your account and all associated data
  • Right to restriction - ask us to limit how we process your data
  • Right to data portability - receive your data in a machine-readable format
  • Right to object - object to processing based on legitimate interest
  • Right to withdraw consent - for any processing based on consent (e.g. marketing emails)
  • Right to non-discrimination - we will not discriminate against you for exercising any of these rights

California residents may also have additional rights under the CCPA, including the right to know about the sale of personal data (we do not sell personal data) and the right to opt out of any future sale.

If you are a resident of the EU/EEA, we acknowledge your rights under GDPR as a matter of good practice. You may also lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@knowdesk.io or contact us via WhatsApp. We will respond within 45 days as permitted under US law, with a possible 45-day extension where reasonably necessary.

7. Security

We implement industry-standard security measures including: encrypted data at rest (AES-256), encrypted data in transit (TLS 1.3), API key authentication for all widget requests, row-level security policies on all database tables, and regular security reviews. No system is 100% secure - if you discover a vulnerability, please report it to hello@knowdesk.io.

8. International Transfers

KnowDesk Inc. is incorporated and primarily operates in the United States. Your data is stored and processed in the USA and, where applicable, in the EU (via our cloud infrastructure in EU - Central). Our sub-processors - including Stripe, Cloudflare, and our cloud hosting provider - are US-based companies that operate globally under their own privacy and security standards.

If you are located in the EU/EEA, please be aware that your data may be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction. We take reasonable steps to ensure your data remains protected in accordance with this policy, regardless of where it is processed.

9. Children

KnowDesk is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact hello@knowdesk.io and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We'll notify registered users by email for material changes. The "Last updated" date at the top of this page always reflects the current version. Continued use of KnowDesk after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights:

  • Email: hello@knowdesk.io
  • Contact: +1 (307) 316-8960
  • Post: KnowDesk Inc. · 1908 Thomes Avenue, Cheyenne, WY 82001, United States
© 2026 KnowDesk. All rights reserved.
Privacy PolicyTerms of ServiceCookie PolicyGDPR