Security

Security is a core requirement for DeskOS. This page describes the security practices we use to reduce risk and protect customer data. It is not a guarantee, and it does not replace your own internal risk assessment.

If you have questions about security, contact social@seventechnologies.com.

We aim to follow secure engineering practices throughout the development lifecycle, including:

• Code reviews for changes that impact security-sensitive areas.
• Dependency management and regular updates to address known vulnerabilities.
• Separation of environments (development, staging, production) where practical.
• Least privilege principles when granting access to systems and data.

We use industry-standard encryption in transit (for example, TLS) to protect data as it moves between your device, our services, and integrated providers.

We also rely on encryption at rest where available for managed storage services and databases. The specific mechanisms can vary by environment and infrastructure provider.

We use access controls intended to limit who can access production systems and customer data. This may include role-based access, multi-factor authentication for internal tooling, and audit logging for sensitive operations.

Customer access is governed by the permissions and membership model inside the Service. Organization workspace owners can manage members and permissions according to their needs.

DeskOS is designed for multi-tenant usage. We apply logical access controls intended to keep one workspace's data separated from another workspace's data. Authorization checks are enforced on requests that read or modify customer content.

If you use integrations (such as calendar connections), we process only the integration data needed to provide the connected functionality.

We maintain monitoring and logs to help detect service issues and security events. Logs may include technical telemetry, error traces, and security-related audit signals.

We use this data to troubleshoot problems, protect the Service, and improve reliability. We do not use logging as a way to read customer content for non-support purposes.

We maintain an incident response process to investigate, contain, and remediate security incidents. In the event of a confirmed data breach, we aim to notify affected customers and users in accordance with applicable law and the information available at the time.

If you believe you have found a security issue, contact us as soon as possible at social@seventechnologies.com.

We use backups and recovery processes intended to restore service in the event of data loss or infrastructure failure. Backup schedules and retention can vary by environment and data type.

Backups are not a substitute for your own exports and internal retention requirements. If your organization has specific retention needs, contact us to discuss options.

Security is shared. You can reduce risk by:

• Using strong passwords and keeping account credentials private.
• Managing workspace membership and permissions carefully.
• Reviewing integrations and revoking access when no longer needed.
• Keeping your devices and browsers up to date.

Use the links below to jump to the remaining sections of this document.

• Privacy
• Changes
• Contact

This page describes security practices. How we collect and use personal data is described in our Privacy Policy.

We may update this Security page as our practices evolve. When we do, we will update the 'Last updated' date.

For security questions or vulnerability reports, contact social@seventechnologies.com.