1. About Desko

Desko is an AI sales assistant that operates as an email agent. Users interact through a conversational interface to instruct Desko to draft emails, follow-ups, post-meeting messages, and supporting documents. Desko can read email threads, access meeting transcripts from third-party services (e.g., Outreach, Salesloft, HubSpot), and attach generated documents to drafts.

2. Controller

Desko is the data controller for Personal Data collected through the Service unless otherwise disclosed. If you need to contact our data protection representative, email: privacy@desko.ai.

3. Information We Collect

We collect information you provide and information we obtain automatically or from third-party services when you enable integrations.

3.1. Information you provide

• Account and profile data (name, email address, company, role).
• Conversation inputs and commands you give to the AI (prompts, instructions, tone preferences).
• Optional profile preferences and saved writing style settings.

3.2. Content we access to perform the Service

To draft context-aware emails, with your authorization we access:

• Your email threads and message metadata (senders, recipients, timestamps).
• Attachments you allow Desko to read or summarize (documents, slide decks).
• Meeting or call transcripts provided by integrated services (Outreach, Salesloft, HubSpot, etc.).

3.3. Automatically collected information

• Usage data (features used, timestamps, errors) and analytics.
• Device and connection information (IP address, browser/user agent, approximate location).

We follow guidance on what to disclose in privacy notices under applicable data protection laws.

4. How We Use Personal Data

We use Personal Data to deliver and improve Desko, including to:

• Draft and propose email subjects and message contents based on threads, transcripts and your instructions.
• Generate post-meeting emails and create supporting documents (summaries, slides).
• Personalize tone and remember your writing style preferences.
• Provide, maintain, and secure the Service, and analyze usage to improve features.
• Comply with legal obligations and respond to user requests (support, legal processes).

5. Legal Basis for Processing (EEA/UK users)

If you are in the EEA/UK, our legal bases for processing Personal Data include:

• Performance of contract: to provide the Service you requested (e.g., reading your email threads to produce drafts).
• Consent: where we ask for and obtain your consent for specific processing activities (for example, optional sharing for model improvement — see Section 8).
• Legitimate interests: for system security, fraud prevention, improving our Service, and basic personalization — balanced against individual rights.

See ICO guidance for details on required transparency and lawful bases.

6. Integrations and Third-Party Services

Desko works with third-party services to access meeting transcripts, contact records, or email systems when you explicitly authorize them. Examples include Outreach, Salesloft, HubSpot, and similar platforms. When you connect these services, you are granting Desko access to data stored there so we can build context-aware drafts for you.

We recommend reviewing the privacy notices of those providers to understand their processing. For example, HubSpot and Salesloft publish privacy notices describing how they handle transcripts and customer data.

7. Sharing & Disclosure

We do not sell personal information. We may disclose Personal Data to:

• Service providers and processors who operate infrastructure, analytics, and support tools on our behalf.
• Third-party integrations when you instruct or authorize us to connect (e.g., to read a call transcript from a CRM).
• Legal and safety when required by law or to protect our rights.
• Business transfers (e.g., in connection with a merger or sale); we will notify users as required by law.

8. AI, Model Training & Use of Inputs

Desko uses AI models to draft email content and create documents. We treat the content you provide (emails, transcripts, prompts) as necessary to deliver the Service. We do not use your email content, transcripts, or other Personal Data to train our underlying models for broader product development or improvement unless you explicitly opt in. If you opt in to model improvement, your data will be processed in accordance with the opt-in terms disclosed at the time and you may withdraw consent at any time.

We take inspiration from AI vendors' practices and industry guidance when describing model-data relationships; see vendor privacy examples for reference.

9. Data Retention

We retain Personal Data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods (for account data, logs, transcripts, drafts, backups) are described in our internal retention schedule and may be displayed in your account settings.

10. Your Rights

European / UK residents (GDPR/UK-GDPR): you have rights including access, correction, erasure, restriction, portability, objection to processing, and the right to withdraw consent.

California residents (CCPA/CPRA): you have rights to know, access, delete, and opt-out of sale/sharing of personal information, and the right to non-discrimination when you exercise your rights. Our approach to California consumer rights and how to submit requests follows applicable California guidance.

To exercise your rights, contact us at: privacy@desko.ai. We may require information to verify your identity before fulfilling a request.

11. Security

We implement administrative, technical, and physical safeguards designed to protect Personal Data. These include encryption in transit (TLS), access controls, and monitoring. While we strive to protect user data, no system is completely secure — in the event of a data breach we will follow applicable law and notify affected users where required.

12. International Transfers

Desko may transfer and store Personal Data in countries outside your home jurisdiction. When transfers occur from the EEA/UK, we will rely on appropriate safeguards (e.g., SCCs or other mechanisms) where required by law.

13. Children

Our Service is not intended for children under the age of 16 (or higher age if required by local law). We do not knowingly collect Personal Data from children. If you believe we have collected such data, contact us and we will take steps to delete it.

14. Changes to this Policy

We may revise this Privacy Policy. When we make changes, we will update the “Last updated” date and, where required, provide notice to users (for example via email or in-app notification).

15. How to Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our practices, please contact:

Desko
Email: privacy@desko.ai
Address: Delaware, USA