Privacy Policy
Effective date: April 14, 2026 · Last updated: April 14, 2026
Summary: Quant Desk ("we", "our", or "us") operates an omnichannel customer support SaaS platform. This Privacy Policy explains what information we collect through our website (quant-desk.app), our web application, and our mobile applications published on Google Play and the Apple App Store (collectively, the "Service"), how we use it, and the choices you have. By using the Service you agree to the practices described here.
1. Who We Are
Quant Desk is a Software-as-a-Service (SaaS) customer engagement platform that lets businesses ("Workspace Owners" or "Customers") manage support tickets, live chat, WhatsApp, SMS, and email conversations in one unified inbox. If you are a business using Quant Desk, you are our Customer. The people whose data passes through your workspace (your end-customers and contacts) are End Users.
For the purpose of applicable data-protection law, Quant Desk is the data controller for account and billing information we collect about our Customers. For End User data processed inside a workspace, the Customer acts as the data controller and Quant Desk acts as the data processor.
2. Information We Collect
2.1 Information You Provide to Us
- Account registration: name, work email address, password (hashed), company name, workspace subdomain.
- Billing & payment: billing name, address, and payment card details (processed and stored by our payment processor; we only store the last four digits and expiry date).
- Profile information: profile photo, job title, phone number (optional).
- Support & communications: any information you include in emails, chat messages, or support requests sent to us.
- Integration credentials: API keys, OAuth tokens, and SMTP/IMAP credentials you provide in order to connect third-party services (e.g., WhatsApp Business, Twilio, Gmail).
2.2 Information We Collect Automatically
- Log data: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
- Device data: device identifiers (for the mobile app), device model, OS version, language and timezone settings.
- Usage data: feature interactions, ticket counts, message counts, and performance telemetry used to detect errors and improve the platform.
- Session data: session cookies, authentication tokens stored in secure HTTP-only cookies or device secure storage.
- Push notification tokens: Firebase Cloud Messaging (FCM) tokens obtained when you grant notification permission on a mobile device or browser, used solely to deliver in-app and push notifications.
2.3 End-User Data Processed on Your Behalf
When your business uses Quant Desk, messages, contact records, conversation histories, and any attachments flowing through your workspace are processed by us on your behalf. This may include your customers' names, email addresses, phone numbers, WhatsApp numbers, and chat transcripts. You are responsible for having an adequate legal basis to process this data under applicable law.
3. How We Use Your Information
We use the information collected for the following purposes:
- Providing the Service: creating and managing your workspace, routing messages across channels, delivering notifications, and generating reports.
- Authentication & security: verifying your identity, detecting fraud, preventing unauthorised access, and enforcing our Terms of Service.
- Billing & subscriptions: processing payments, sending invoices, managing plan upgrades, downgrades, and cancellations.
- Customer support: responding to your enquiries, diagnosing technical issues, and providing account assistance.
- Product improvement: analysing aggregated, anonymised usage patterns to improve performance, reliability, and new features. We do not sell individual usage data.
- Communications: sending transactional emails (e.g., password reset, invoice receipts), product update announcements, and—where you have opted in—marketing newsletters. You can unsubscribe at any time.
- Legal compliance: complying with applicable laws, responding to lawful government requests, and enforcing our policies.
4. How We Share Your Information
We do not sell your personal data. We share data only in the following limited circumstances:
- Service providers (sub-processors): companies that process data on our behalf, such as cloud hosting (AWS / other providers), email delivery, payment processing (Stripe or equivalent), error monitoring (e.g., Sentry), and analytics. These sub-processors are bound by data-processing agreements and may only use data as directed by us.
- Third-party integrations you connect: when you activate an integration (e.g., WhatsApp Business API, Twilio, Termii, Google Workspace, Microsoft 365, Slack), data relevant to that integration is transmitted to the respective third party. See Section 5 for details.
- Workspace members: agents, supervisors, and admins within your workspace can view conversations and contact data according to the permissions you configure.
- Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice before such transfer and before personal data becomes subject to a different privacy policy.
- Legal requirements: we may disclose information when required by law, court order, or to enforce our legal rights.
5. Third-Party Integrations
Quant Desk connects with third-party services at your direction. Each third-party service has its own privacy policy that governs how they process data. Key integrations include:
| Integration | Purpose | Data Shared |
|---|---|---|
| WhatsApp Business API (Meta) | Sending & receiving WhatsApp messages | Phone numbers, message content, media |
| Twilio | SMS and voice communication | Phone numbers, message content |
| Termii | SMS & messaging (Africa region) | Phone numbers, message content |
| Google Workspace / Gmail | Email sync & Google SSO | Email address, OAuth token, email content |
| Microsoft 365 / Outlook | Email sync & Microsoft SSO | Email address, OAuth token, email content |
| Slack | Ticket & conversation notifications | Notification text, ticket IDs |
| Firebase (Google) | Push notifications & analytics | Device FCM token, notification payload |
| Stripe (or equivalent) | Payment processing | Billing name, card details, address |
You control which integrations are active. Disconnecting an integration stops further data sharing with that third party from your workspace.
6. Cookies & Tracking Technologies
We use cookies and similar technologies on our website and web application:
- Essential cookies: session management, CSRF protection, and authentication. These are strictly necessary and cannot be disabled.
- Preference cookies: remember your UI preferences such as dark/light mode and language.
- Analytics cookies: aggregate, anonymised usage statistics to understand how features are used. No cross-site tracking.
You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in. The mobile application uses device-local storage instead of browser cookies; no third-party advertising SDKs are embedded in the app.
7. Data Retention
- Account data: retained while your subscription is active. After cancellation or account deletion, account data is deleted within 90 days, unless we are required by law to retain it longer.
- Workspace conversation data: retained according to the plan you are subscribed to. You may export or delete conversation data at any time from your workspace settings.
- Billing records: retained for 7 years to comply with tax and accounting regulations.
- System logs: retained for up to 90 days for security and diagnostic purposes.
- Backups: encrypted backups may retain data for up to 30 additional days after deletion.
8. Data Security
We implement industry-standard technical and organisational measures to protect your data:
- All data is encrypted in transit using TLS 1.2 or higher.
- Passwords are stored using secure one-way hashing algorithms (bcrypt).
- Each workspace is logically isolated; agents can only access data within their own workspace.
- Role-based access controls (RBAC) allow workspace owners to restrict access to sensitive information.
- Regular security audits and vulnerability assessments are performed.
- Integration credentials (API keys, OAuth tokens) are encrypted at rest.
No method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@quant-desk.app.
9. International Data Transfers
Quant Desk may process and store data in countries outside your country of residence, including countries in which our cloud infrastructure partners operate. Where personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission. By using the Service you acknowledge this international transfer.
10. Children's Privacy
The Service is intended exclusively for business use and is directed to individuals who are at least 16 years of age (or 13 in jurisdictions where 13 is the minimum age for digital consent). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@quant-desk.app and we will delete it.
11. Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: request correction of inaccurate or incomplete data.
- Deletion: request deletion of your personal data ("right to be forgotten"). You may also delete your account directly from workspace settings.
- Portability: receive a machine-readable copy of your data.
- Objection / restriction: object to or restrict certain processing activities.
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
- Marketing opt-out: unsubscribe from marketing emails at any time via the unsubscribe link in each email or by contacting us.
- Push notifications: disable push notifications at any time in your device or browser settings.
To exercise any of these rights, email privacy@quant-desk.app. We will respond within 30 days. We may need to verify your identity before fulfilling the request.
California residents (CCPA): you have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. To submit a verifiable consumer request, contact us at privacy@quant-desk.app.
12. Push Notifications & App Permissions
The Quant Desk mobile app may request the following device permissions. Each permission is optional and you can revoke it in your device settings at any time:
- Push notifications: used to deliver real-time alerts for new messages, assigned tickets, and SLA warnings. Requires notification permission.
- Camera / photo library: used to let agents attach photos or documents to conversations. Images are uploaded to your workspace only with your explicit action; they are not accessed in the background.
- Microphone: used only if voice messaging is enabled and you initiate a voice message. Not accessed passively.
- Network access: required to communicate with Quant Desk servers.
- Biometric authentication: used as an optional unlock method for the app; biometric data is processed locally on your device by the OS and is never transmitted to our servers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting a notice on our website and, where required by law, by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: