The Desk ("we", "us") is operated by [Company legal name], [address / jurisdiction]. Questions about this policy or your data: [privacy@thedesk.app].
We use a single essential session cookie to keep you logged in, and your browser's local storage to remember preferences (light/dark theme). We do not use third-party advertising or cross-site tracking cookies.
To provide and secure the service, process subscriptions, send transactional email (verification, password reset, receipts), run the analytics you request, and improve the product. We do not sell your personal data, and we do not use your logged trades for anything other than showing you your own analytics.
We keep account and journal data for as long as your account is active, and for [period, e.g. 30 days] after you delete it, unless a longer period is required by law. Analytics event logs are retained for [period, e.g. 12 months] and then deleted or further anonymised.
Depending on where you live (e.g. under GDPR or the CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these — including deleting your account and its journal data — email [privacy@thedesk.app]. Subscription and payment details can be managed any time via the Billing portal (the "Billing" link in the top navigation once you're subscribed).
Passwords are hashed with argon2, traffic is encrypted in transit (HTTPS), and access controls are enforced server-side. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
The Desk is not directed to, and may not be used by, anyone under 18.
We may update this policy; material changes will be posted here with a new "last updated" date. Questions: [privacy@thedesk.app].