Privacy Policy
Calldesk (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
By using Calldesk you agree to the practices described in this policy. If you have any questions, please contact us at support@calldesk.ie.
1. Who We Are
Calldesk is a calendar-to-WhatsApp booking assistant for Irish businesses and appointment-based services, operated from Ireland. We are the data controller for personal data processed through our website and service.
Contact: support@calldesk.ie
2. What Data We Collect
2.1 Account data
When you sign up we collect your:
- Full name or business name
- Email address
- Irish mobile number (used to keep you posted about your account)
- Password (stored as a one-way hash — we cannot read it)
- GDPR consent record (date and time of acceptance)
2.2 Calendar and booking data
Once you connect a calendar (Google, Apple/iCloud, or Outlook), we process:
- Booking events you create — the title, date and time of appointments, used to detect new bookings and extract a client’s name and mobile number where included. We do not read, store, or otherwise process calendar events beyond what is needed to provide this feature.
- Client contact details — the name and mobile number you include in a booking, so we can message that client on your behalf.
- Message history — the WhatsApp confirmations, reminders and any replies sent between you (via us) and your client, so you can see the conversation on your bookings page.
2.3 Billing data
Payment card details are handled entirely by Stripe and are never stored on Calldesk servers. We store only your Stripe customer ID and subscription ID so we can manage your account status.
2.4 Usage data
We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and performance monitoring. These are not linked to your personal profile.
3. Why We Collect Your Data (Legal Basis)
| Purpose | Legal basis |
|---|---|
| Sending WhatsApp booking confirmations, reminders and reschedule handling | Performance of contract |
| Managing your account and subscription | Performance of contract |
| Processing payments via Stripe | Performance of contract |
| Sending welcome, billing and service emails | Performance of contract |
| GDPR consent record | Legal obligation |
| Fraud prevention and security | Legitimate interests |
| Improving the service | Legitimate interests |
4. How We Share Your Data
We do not sell your personal data. We share data only with the following trusted third-party processors:
| Provider | Purpose | Data shared |
|---|---|---|
| Vonage (vonage.com) | Sending and receiving WhatsApp messages | Your business name, your client’s mobile number, message content |
| Google, Apple & Microsoft | Calendar sync (whichever provider you connect) | Access to the booking events on the calendar you connect — see section 11 for Google specifically |
| Stripe (stripe.com) | Processing subscription payments | Name, email, payment card details |
| Resend (resend.com) | Sending transactional emails | Your email address and email content |
| Render (render.com) | Hosting the application and database | All data stored on our platform |
All third-party processors are GDPR-compliant and process data only on our instructions. Data may be transferred outside the EEA (e.g. to US-based providers) under appropriate safeguards including Standard Contractual Clauses.
5. Data Retention
| Data type | How long we keep it |
|---|---|
| Booking and message data | Until you delete the booking or close your account |
| Calendar event data (see section 11) | Not stored beyond the event ID needed to update or remove it later |
| Account data (name, email, phone) | Until you delete your account |
| Billing records | 7 years (Irish tax law requirement) |
| Server logs | 90 days |
6. Your Rights Under GDPR
As a data subject under GDPR you have the following rights:
- Right of access — request a copy of all personal data we hold about you.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure — ask us to delete your personal data. You can delete your account directly from your account page at any time.
- Right to restriction — ask us to stop processing your data while a dispute is resolved.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email us at support@calldesk.ie. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (DPC) at dataprotection.ie.
7. Cookies
Calldesk uses only a single session cookie to keep you logged in. We do not use any advertising, analytics or tracking cookies. No third-party cookies are set by our website.
8. Security
We take appropriate technical and organisational measures to protect your data, including:
- All data transmitted over HTTPS (TLS encryption)
- Passwords stored as bcrypt hashes
- Calendar access limited to the minimum scope needed to detect and manage bookings
- Access to production systems restricted to authorised personnel only
9. Children’s Privacy
Calldesk is intended for use by businesses and adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on your account. The “Last updated” date at the top of this page will always reflect the most recent version.
11. Google API Services — Limited Use Disclosure
Calldesk’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What we access: Calldesk requests access to the
calendar.events scope only. This allows us to create and delete
calendar events in your primary Google Calendar on your behalf — for example,
automatically adding a scheduled job or removing it when a lead is deleted.
We do not read, store, or process any existing calendar events that were not
created by Calldesk.
How we use it: Google Calendar data (event title, date, and time) is used solely to provide the Calldesk calendar integration feature. It is never used for advertising, never sold or transferred to third parties, and never used for any purpose unrelated to the feature you explicitly enabled.
Retention: Calendar event data is not stored on our servers beyond the event ID required to delete the event later. When you disconnect Google Calendar or delete a lead, the associated event is removed from your calendar and the event ID is deleted from our database.
Revoking access: You can disconnect Google Calendar at any time from your Calldesk account settings. You can also revoke access directly via your Google Account permissions page.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Calldesk
Email: support@calldesk.ie
Website: calldesk.ie