Privacy Policy
Effective Date: 14 June 2025
Last Updated: 14 June 2025
1. Introduction
Ferndesk, Inc. ("Ferndesk," "we," "us") provides a help‑center and knowledge‑base platform aimed at business customers. This Privacy Policy explains how we collect, use, disclose, and protect information when you ("Customer") or your end‑users interact with our websites, applications, and related services (collectively, the "Service"). Capitalized terms not defined here have the meanings given in our [Terms of Service].
2. Information We Collect
Category | Examples | Collected from |
---|---|---|
Account Data | Name, business email, billing address, phone, authentication credentials | Customer administrators |
Customer Content | Help‑center articles, ticket conversations, file attachments, AI‑generated drafts | Customer, API integrations |
Usage & Log Data | IP address, browser type, timestamps, error logs, feature use, referral URLs | Automatic collection |
Analytics & Cookies | Page views, session duration, in‑app events, cookie identifiers, pixels | Cookies/SDKs |
Payment Data | Last four digits of card, billing country, transaction IDs | Stripe (sub‑processor) |
Sensitive Data
Ferndesk does not intentionally collect special categories of personal data (e.g., health, biometric, or criminal‑record data). Customers are responsible for ensuring they do not upload such data unless they have a lawful basis and a signed Data Processing Addendum ("DPA").
3. How We Use Information
We process information to:
Provide & maintain the Service, including hosting, back‑ups, and support;
Secure the Service, detect fraud, and enforce the Terms;
Improve & develop features (e.g., train and evaluate AI models, run usage analytics);
Bill & collect fees and manage subscriptions;
Communicate with you about updates, security alerts, and marketing (opt‑out available);
Comply with legal obligations.
4. Legal Bases (EEA/UK/GDPR)
We rely on the following legal bases to process personal data:
Contract: Processing necessary to perform our obligations under the Terms;
Legitimate interests: Product improvement, security, and fraud prevention;
Consent: Marketing emails and non‑essential cookies;
Legal obligation: Tax, accounting, and regulatory compliance.
5. Sharing & Disclosure
We never sell personal data. We disclose information only:
To Service Providers/Sub‑processors (e.g., Cloudflare, AWS, Railway, Stripe, OpenAI) under written contracts requiring confidentiality and data protection;
To Integrations that you enable (e.g., Zendesk, Gmail). Data shared via integrations is governed by the third‑party’s terms;
For Legal Reasons (court order, subpoena, national‑security request) where we believe disclosure is required;
Business Transfers: In a merger, acquisition, or asset sale, subject to continued confidentiality obligations.
A current list of sub‑processors is available at https://ferndesk.com/subprocessors and updated at least 30 days before changes.
6. International Data Transfers
We are headquartered in the United States and may process data in the U.S. and other countries. Where required, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to legitimize transfers from the EEA/UK/Switzerland.
7. Security
We maintain administrative, technical, and physical safeguards aligned with industry standards (e.g., encryption in transit & at rest, strict access controls, annual penetration testing). No method of transmission over the Internet is 100% secure, so we cannot guarantee absolute security.
8. Data Retention
We retain Customer Content for the duration of the subscription plus up to 30 days (or deleted sooner on request). Backup copies are overwritten within 60 days. Billing, audit, and security logs may be kept as required by law (up to 7 years).
9. Your Rights
Depending on where you reside, you may have rights to:
Access personal data we hold about you;
Correct inaccurate or incomplete data;
Delete data (right to be forgotten);
Restrict or object to processing;
Port data to another provider;
Opt out of marketing communications.
To exercise any rights, email hey@ferndesk.com. We will respond within one month (or 45 days for CCPA requests).
10. Children’s Privacy
Ferndesk is intended for business use and does not knowingly collect personal data from children under 16. If we learn we have received such data, we will delete it promptly.
11. Cookies & Tracking Technologies
We use first‑party cookies and third‑party analytics (e.g., PostHog, Plausible) to remember session preferences, measure usage, and improve the Service. You may disable non‑essential cookies via our cookie consent banner.
12. Changes to This Policy
We may update this Policy occasionally. If changes are material, we will provide at least 30 days’ notice via email or the dashboard. Continued use after the effective date constitutes acceptance.
13. Contact Us
Work Paragon LLC. 1111b South Governors Ave STE 34230 Dover, DE, 19904 US
hey@ferndesk.com
If you have unresolved concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, NITDA in Nigeria, or relevant EU authority).
By using the Service, you acknowledge that you have read and understood this Privacy Policy.