Privacy Policy
This Policy describes how the Deskhund service processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Act No. 110/2019 Coll., on personal data processing.
1. Data controller
2. Categories of processed data
2.1 User data (e-shop operator)
- e-mail address,
- first and last name (if provided by the User),
- e-shop identification (URL, domain, platform),
- IP address, user-agent and login times (audit log),
- billing data (if the User upgrades to a paid plan).
2.2 Data about User’s end customers
As part of customer-support automation, the Service processes e-mail communication between the User and their customers. This includes:
- e-mail addresses of senders and recipients,
- message content and subjects,
- metadata (date, time, thread ID).
With respect to the User’s end customers, the Operator acts as a data processor; the User is the controller. A data processing agreement is incorporated into the Terms of Service.
3. Purposes and legal basis
| Purpose | Legal basis | Retention period |
|---|---|---|
| Operating the account and Service | contract performance (Art. 6(1)(b) GDPR) | duration of the contract + 30 days |
| AI classification and reply drafting | contract performance | 90 days (rolling) + aggregated metrics |
| Security (audit log, anti-fraud) | legitimate interest | 12 months |
| Invoicing | legal obligation | 10 years (accounting law) |
| Marketing communications | consent (revocable at any time) | until consent is withdrawn |
4. Recipients of personal data
The following categories of recipients may access your data to the extent necessary:
- AI processors — Anthropic PBC (USA), OpenAI L.L.C. (USA), Google LLC (USA). Transfers outside the EU rely on Standard Contractual Clauses (SCC) under Commission Implementing Decision (EU) 2021/914.
- Cloud providers — Hetzner Online GmbH (DE), Cloudflare Inc. (USA — DNS/CDN only, does not store content).
- E-mail infrastructure — Resend, Inc. (USA) for transactional e-mails (login codes).
- Accountants and tax advisors — only to the extent necessary to meet legal obligations.
- Public authorities where required by law.
We do not sell, rent or otherwise pass on your data to third parties for their own marketing purposes.
5. Transfers outside the EU
Some processors (Anthropic, OpenAI, Google, Resend) are based in the USA. These providers are certified under the EU–US Data Privacy Framework or are bound by Standard Contractual Clauses (SCC), ensuring an adequate level of protection.
6. Your rights
Under GDPR you have the following rights:
- access — to a copy of the data we hold about you,
- rectification of inaccurate data,
- erasure (“right to be forgotten”) — if we no longer need the data,
- restriction of processing,
- data portability in a structured format,
- objection to processing based on legitimate interest,
- withdrawal of consent (for processing based on consent),
- lodge a complaint with the Czech Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7).
To exercise these rights, contact us at privacy@deskhund.com. We respond within 30 days.
7. Cookies and similar technologies
Our site uses only technical and functional cookies necessary to operate the Service (session, CSRF, language preferences). We do not use third-party marketing or analytics cookies.
8. Data security
- All communication is via HTTPS (TLS 1.2/1.3).
- IMAP passwords and Microsoft 365 tokens are stored encrypted (Fernet / AES-128).
- Access to production systems is restricted to authorised personnel (Maxmilián Halaj and a small number of authorised staff), always with 2FA.
- We maintain an audit log of logins and critical operations.
- We perform regular security updates and database backups.
9. Incidents and breach notification
In case of a security incident that poses a risk to data subject rights and freedoms, we are obliged to notify the Office for Personal Data Protection within 72 hours and to inform affected data subjects without undue delay.
10. Changes to this Policy
We may update this Policy. We will notify Users of any change by e-mail and by publishing the new version at www.deskhund.com/privacy/ at least 14 days before it takes effect.
Questions about data protection: privacy@deskhund.com
Data protection officer: Maxmilián Halaj