Privacy Policy
CallDesk (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
By using CallDesk you agree to the practices described in this policy. If you have any questions, please contact us at support@calldesk.ie.
1. Who We Are
CallDesk is a voicemail-to-text service for Irish businesses and tradespeople, operated from Ireland. We are the data controller for personal data processed through our website (calldesk.ie) and service.
Contact: support@calldesk.ie
2. What Data We Collect
2.1 Account data
When you sign up we collect your:
- Full name
- Email address
- Irish mobile number (used to deliver voicemail transcripts)
- Password (stored as a one-way hash — we cannot read it)
- GDPR consent record (date and time of acceptance)
2.2 Voicemail data
When a caller leaves a voicemail on your dedicated CallDesk number we process:
- Audio recording — downloaded from Twilio, transcribed, and then permanently deleted from our servers immediately. We do not store audio.
- Transcript text — the text version of the voicemail, stored on our servers and shown in your dashboard.
- Caller number — the phone number of the person who left the voicemail.
- Call duration and timestamp
2.3 Billing data
Payment card details are handled entirely by Stripe and are never stored on CallDesk servers. We store only your Stripe customer ID and subscription ID so we can manage your account status.
2.4 Usage data
We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and performance monitoring. These are not linked to your personal profile.
3. Why We Collect Your Data (Legal Basis)
| Purpose | Legal basis |
|---|---|
| Delivering voicemail transcripts to you via SMS or email | Performance of contract |
| Managing your account and subscription | Performance of contract |
| Processing payments via Stripe | Performance of contract |
| Sending welcome, billing and service emails | Performance of contract |
| GDPR consent record | Legal obligation |
| Fraud prevention and security | Legitimate interests |
| Improving the service | Legitimate interests |
4. How We Share Your Data
We do not sell your personal data. We share data only with the following trusted third-party processors:
| Provider | Purpose | Data shared |
|---|---|---|
| Twilio (twilio.com) | Receiving voicemail recordings; sending SMS messages | Your CallDesk number, your mobile number, voicemail audio (deleted immediately) |
| OpenAI (openai.com) | Transcribing voicemail audio to text | Voicemail audio (sent for transcription, not stored by us) |
| Stripe (stripe.com) | Processing subscription payments | Name, email, payment card details |
| Resend (resend.com) | Sending transactional emails | Your email address and email content |
| Render (render.com) | Hosting the application and database | All data stored on our platform |
All third-party processors are GDPR-compliant and process data only on our instructions. Data may be transferred outside the EEA (e.g. to US-based providers) under appropriate safeguards including Standard Contractual Clauses.
5. Data Retention
| Data type | How long we keep it |
|---|---|
| Voicemail audio | Deleted immediately after transcription (within seconds) |
| Voicemail transcripts | Until you delete them or close your account |
| Account data (name, email, phone) | Until you delete your account |
| Billing records | 7 years (Irish tax law requirement) |
| Server logs | 90 days |
6. Your Rights Under GDPR
As a data subject under GDPR you have the following rights:
- Right of access — request a copy of all personal data we hold about you.
- Right to rectification — ask us to correct inaccurate data.
- Right to erasure — ask us to delete your personal data. You can delete your account and all transcripts directly from your dashboard at any time.
- Right to restriction — ask us to stop processing your data while a dispute is resolved.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email us at support@calldesk.ie. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (DPC) at dataprotection.ie.
7. Cookies
CallDesk uses only a single session cookie to keep you logged in. We do not use any advertising, analytics or tracking cookies. No third-party cookies are set by our website.
8. Security
We take appropriate technical and organisational measures to protect your data, including:
- All data transmitted over HTTPS (TLS encryption)
- Passwords stored as bcrypt hashes
- Voicemail audio deleted from our servers immediately after transcription
- Access to production systems restricted to authorised personnel only
9. Children’s Privacy
CallDesk is intended for use by businesses and adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on your dashboard. The “Last updated” date at the top of this page will always reflect the most recent version.
11. Google API Services — Limited Use Disclosure
CallDesk’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What we access: CallDesk requests access to the
calendar.events scope only. This allows us to create and delete
calendar events in your primary Google Calendar on your behalf — for example,
automatically adding a scheduled job or removing it when a lead is deleted.
We do not read, store, or process any existing calendar events that were not
created by CallDesk.
How we use it: Google Calendar data (event title, date, and time) is used solely to provide the CallDesk calendar integration feature. It is never used for advertising, never sold or transferred to third parties, and never used for any purpose unrelated to the feature you explicitly enabled.
Retention: Calendar event data is not stored on our servers beyond the event ID required to delete the event later. When you disconnect Google Calendar or delete a lead, the associated event is removed from your calendar and the event ID is deleted from our database.
Revoking access: You can disconnect Google Calendar at any time from your CallDesk account settings. You can also revoke access directly via your Google Account permissions page.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
CallDesk
Email: support@calldesk.ie
Website: calldesk.ie