Legal
Privacy Policy
Last updated: July 14, 2026 · Open beta
The short version
Quietdesk is a workspace for your team's product work. The data in it is yours: we collect what we need to run the service, we don't sell it, we don't run advertising, and you can delete your account — and everything in it — at any time.
What we collect
- Account information. Your name, email address, and avatar — provided by you or by the sign-in provider you choose (Google or GitHub). If you enable a passkey or two-factor authentication, we store the credential's public key or the TOTP secret needed to verify you; we never see your device biometrics.
- Workspace content. The cards, todos, snippets, acceptance criteria, comments, worklogs, and settings you and your team create. This is the product; we store it so we can show it back to you.
- Integration data. If you connect GitHub, we receive repository metadata, pull-request and branch references, and commit statuses for the repositories you choose — enough to link development activity to cards. We do not read or store your source code. If you connect Slack, we store the routing configuration and send the messages you configure.
- Operational records. Audit log entries (who did what, when), security context on sign-in events (IP address, browser type), and server logs kept for reliability and abuse prevention. Our logging policy explicitly excludes email addresses from server logs.
What we use it for
To provide the service, keep your account secure (sign-in links, security notices when credentials change), link your development activity to your work, and fix problems. We send transactional email only — sign-in, security, and membership messages. Any summary or digest email is off by default and only ever sent if you opt in.
What we share, and with whom
We do not sell personal data and we do not share it with advertisers. Data is processed by the infrastructure providers the service runs on: Cloudflare (website and DNS), Amazon Web Services (transactional email via SES), and our hosting provider (application and database servers). Members of an organization you join can see the content and profile information you contribute there — that's what a shared workspace is.
Cookies
The app uses a single first-party session cookie to keep you signed in. No third-party advertising or cross-site tracking cookies.
Retention and deletion
Your data is kept while your account is active. You can delete your account from Settings; deletion is confirmed by email, held for a short grace period so you can change your mind, and then your personal data and workspace content are permanently erased. Backups age out on a fixed schedule after that.
Security
Traffic is encrypted in transit (TLS). Sign-in is passwordless-first (single-use magic links, passkeys, OAuth) with optional two-factor authentication, and we notify you by email whenever a credential on your account changes. No system is perfectly secure; if we learn of a breach affecting your data we will tell you promptly.
Your rights
You can access, correct, export, or delete your data. Most of this is self-serve in Settings; for anything else, email us and we'll handle it. Depending on where you live (e.g. the EU/EEA, UK, or India), you may have specific statutory rights — we honor reasonable requests regardless of jurisdiction.
Children
Quietdesk is a work tool, not directed at children, and not intended for anyone under 16.
Changes
If this policy changes in a way that matters, we'll note it here and — for significant changes — tell you in the product or by email.
Contact
Privacy questions: [email protected].