Privacy Policy

Effective Date: 14 June 2025
Last Updated: 14 June 2025

1. Introduction

Ferndesk, Inc. ("Ferndesk," "we," "us") provides a help‑center and knowledge‑base platform aimed at business customers. This Privacy Policy explains how we collect, use, disclose, and protect information when you ("Customer") or your end‑users interact with our websites, applications, and related services (collectively, the "Service"). Capitalized terms not defined here have the meanings given in our [Terms of Service].

2. Information We Collect

Category

Examples

Collected from

Account Data

Name, business email, billing address, phone, authentication credentials

Customer administrators

Customer Content

Help‑center articles, ticket conversations, file attachments, AI‑generated drafts

Customer, API integrations

Usage & Log Data

IP address, browser type, timestamps, error logs, feature use, referral URLs

Automatic collection

Analytics & Cookies

Page views, session duration, in‑app events, cookie identifiers, pixels

Cookies/SDKs

Payment Data

Last four digits of card, billing country, transaction IDs

Stripe (sub‑processor)

Sensitive Data

Ferndesk does not intentionally collect special categories of personal data (e.g., health, biometric, or criminal‑record data). Customers are responsible for ensuring they do not upload such data unless they have a lawful basis and a signed Data Processing Addendum ("DPA").

3. How We Use Information

We process information to:

  1. Provide & maintain the Service, including hosting, back‑ups, and support;

  2. Secure the Service, detect fraud, and enforce the Terms;

  3. Improve & develop features (e.g., train and evaluate AI models, run usage analytics);

  4. Bill & collect fees and manage subscriptions;

  5. Communicate with you about updates, security alerts, and marketing (opt‑out available);

  6. Comply with legal obligations.

4. Legal Bases (EEA/UK/GDPR)

We rely on the following legal bases to process personal data:

  • Contract: Processing necessary to perform our obligations under the Terms;

  • Legitimate interests: Product improvement, security, and fraud prevention;

  • Consent: Marketing emails and non‑essential cookies;

  • Legal obligation: Tax, accounting, and regulatory compliance.

5. Sharing & Disclosure

We never sell personal data. We disclose information only:

  • To Service Providers/Sub‑processors (e.g., Cloudflare, AWS, Railway, Stripe, OpenAI) under written contracts requiring confidentiality and data protection;

  • To Integrations that you enable (e.g., Zendesk, Gmail). Data shared via integrations is governed by the third‑party’s terms;

  • For Legal Reasons (court order, subpoena, national‑security request) where we believe disclosure is required;

  • Business Transfers: In a merger, acquisition, or asset sale, subject to continued confidentiality obligations.

A current list of sub‑processors is available at https://ferndesk.com/subprocessors and updated at least 30 days before changes.

6. International Data Transfers

We are headquartered in the United States and may process data in the U.S. and other countries. Where required, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to legitimize transfers from the EEA/UK/Switzerland.

7. Security

We maintain administrative, technical, and physical safeguards aligned with industry standards (e.g., encryption in transit & at rest, strict access controls, annual penetration testing). No method of transmission over the Internet is 100% secure, so we cannot guarantee absolute security.

8. Data Retention

We retain Customer Content for the duration of the subscription plus up to 30 days (or deleted sooner on request). Backup copies are overwritten within 60 days. Billing, audit, and security logs may be kept as required by law (up to 7 years).

9. Your Rights

Depending on where you reside, you may have rights to:

  • Access personal data we hold about you;

  • Correct inaccurate or incomplete data;

  • Delete data (right to be forgotten);

  • Restrict or object to processing;

  • Port data to another provider;

  • Opt out of marketing communications.

To exercise any rights, email hey@ferndesk.com. We will respond within one month (or 45 days for CCPA requests).

10. Children’s Privacy

Ferndesk is intended for business use and does not knowingly collect personal data from children under 16. If we learn we have received such data, we will delete it promptly.

11. Cookies & Tracking Technologies

We use first‑party cookies and third‑party analytics (e.g., PostHog, Plausible) to remember session preferences, measure usage, and improve the Service. You may disable non‑essential cookies via our cookie consent banner.

12. Changes to This Policy

We may update this Policy occasionally. If changes are material, we will provide at least 30 days’ notice via email or the dashboard. Continued use after the effective date constitutes acceptance.

13. Contact Us

Work Paragon LLC. 1111b South Governors Ave STE 34230 Dover, DE, 19904 US
hey@ferndesk.com

If you have unresolved concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, NITDA in Nigeria, or relevant EU authority).

By using the Service, you acknowledge that you have read and understood this Privacy Policy.