Privacy Policy

This Privacy Policy explains how Seven Technologies ('Company', 'we', 'us', or 'our') collects, uses, and protects personal data when you use DeskOS (the 'Service') and when you interact with our public website.

This Policy is designed to be clear and globally applicable. If local laws require additional disclosures, those disclosures are included in the sections below.

By using the Service, you acknowledge that you have read and understood this Policy. If you do not agree, you should not use the Service.

For the purposes of applicable data protection laws (including the GDPR, UK GDPR, and Brazil's LGPD), the data controller is:

• Seven Technologies
• Email: social@seventechnologies.com

If you are using DeskOS through an organization workspace (for example, your employer), that organization may control certain settings and processing. See 'Account owners and roles' below.

DeskOS may be used by individuals and organizations. The way personal data is handled can vary based on who is acting as the account owner.

• Individual accounts: We typically act as the data controller for account data and Service usage data.
• Organization workspaces: The organization that owns the workspace is typically the data controller for workspace content and member data, and we act as a processor or service provider processing that data on the organization's instructions.

If you are an organization customer and need a Data Processing Addendum (DPA) or additional contractual terms, contact us at the email above.

We collect personal data to provide and improve the Service. This may include:

• Account data: name, email address, authentication information, profile details, and workspace membership.
• Workspace content: content you create or upload in the Service (for example, notes, tasks, goals, time entries, files, and messages), as configured by you or your organization.
• Integrations data: when you connect third-party services (such as calendar providers), we may process data required to perform the integration.
• Usage and device data: IP address, browser type, operating system, pages viewed, feature interactions, and timestamps.
• Logs and security data: diagnostic logs, audit events, and signals used to protect accounts and prevent abuse.
• Support communications: information you provide when contacting support or sending feedback.

We do not intentionally collect special categories of data (such as health data) and we ask you not to enter sensitive information into the Service unless necessary and authorized.

We process personal data for the following purposes:

• Provide and operate the Service, including account creation, authentication, and feature delivery.
• Maintain safety and security, detect fraud, prevent abuse, and protect our users and infrastructure.
• Customer support, respond to requests, and troubleshoot issues.
• Improve the Service, including analytics, performance monitoring, and product development.
• Communications, such as service notices, security alerts, and product updates.
• Legal and compliance, including meeting applicable legal obligations and enforcing our terms.

Where we use personal data for marketing, we do so in accordance with applicable law and your preferences. You can opt out of marketing communications at any time.

If you are in a jurisdiction that requires a legal basis (such as the EEA/UK under the GDPR/UK GDPR, or Brazil under the LGPD), we rely on one or more of the following:

• Contract: to provide the Service you request.
• Legitimate interests: to secure, maintain, and improve the Service (balanced against your rights).
• Consent: where required, such as for certain cookies or marketing communications.
• Legal obligation: to comply with laws and lawful requests.

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect processing that occurred before the withdrawal.

We may share personal data in the following situations:

• Service providers: with vendors that help us run the Service (hosting, infrastructure, analytics, support tooling, email delivery, and payment processors). They process data on our instructions under appropriate agreements.
• At your direction: when you connect integrations or share content with other users within your workspace.
• Legal requirements: to comply with applicable law, respond to lawful requests, and protect rights and safety.
• Business transfers: in connection with mergers, acquisitions, financing, or sale of assets.

We do not sell personal data.

Your personal data may be transferred to, and processed in, countries other than your country of residence. When we do this, we use safeguards intended to protect your data, such as contractual protections recognized under applicable law.

We retain personal data only for as long as necessary for the purposes described in this Policy, including:

• While your account is active and you use the Service.
• To comply with legal, accounting, or reporting obligations.
• To resolve disputes and enforce our agreements.

When data is no longer needed, we delete it or anonymize it, unless we are legally required to keep it.

Use the links below to jump to the remaining sections of this document.

• Security
• Your rights
• Cookies
• Children
• Changes
• Contact

We maintain technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, and disclosure. Measures may include access controls, encryption in transit, and monitoring.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work continuously to reduce risk.

For more details, see our Security page.

Depending on your location and applicable law, you may have rights regarding your personal data. These may include the right to access, correct, delete, and port your data, as well as to object to or restrict certain processing.

If you are a California resident, you may have additional rights under the CCPA/CPRA (such as the right to know, delete, correct, and opt out of certain sharing). We do not sell personal data.

To exercise your rights, contact us at social@seventechnologies.com. We may ask for information to verify your identity.

We use cookies and similar technologies (such as local storage) to operate the Service, remember preferences, and understand usage. Where required by law, we request consent before using non-essential cookies.

For details, see our Cookie Policy.

The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the 'Last updated' date and, where appropriate, provide additional notice within the Service.

Your continued use of the Service after the effective date means you accept the updated Policy.

If you have questions, requests, or complaints about privacy, contact:

• Seven Technologies
• Email: social@seventechnologies.com