Privacy Policy
Last updated: March 14, 2026
1. Introduction
247 HelpDesk ("we," "us," or "our") operates the website 247helpdesk.co and associated platform services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.
Effective Date: March 14, 2026 · Last Updated: March 14, 2026
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, username, password
- Profile information: company name, phone number, billing address
- Support data: ticket descriptions, attachments, chat messages
- Payment information: processed securely by Stripe — we never store full card numbers
2.2 Information Collected Automatically
- Usage data: pages visited, features used, timestamps
- Device data: browser type, operating system, IP address
- Cookies: session cookies for authentication, no third-party tracking cookies
2.3 AI Processing
We use AI (powered by Anthropic Claude) to triage support tickets, classify issues, and suggest solutions. Your ticket content is sent to the AI provider for processing but is not used to train their models. AI-generated classifications are always subject to human review.
3. How We Use Your Information & Lawful Basis
Under GDPR, we process personal data only with a valid lawful basis:
| Purpose | Lawful Basis |
|---|---|
| Provide and maintain IT support services | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send ticket updates and security alerts | Contract performance |
| Triage and classify support requests using AI | Legitimate interest (efficient service delivery) |
| Send product tips and feature announcements | Legitimate interest (with opt-out) |
| Improve platform and user experience | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. Automated Decision-Making & AI
We use automated processing (AI-powered ticket triage) to classify and route support requests. This may affect the priority and response time of your ticket.
Under GDPR Article 22, you have the right to:
- Request human review of any AI-generated classification
- Contest an automated decision by contacting support
- Receive an explanation of how the AI classification was made
No automated decision produces legal effects or similarly significant effects on you. AI classifications are advisory and are reviewed by our support team.
5. Data Sharing
We do not sell, rent, or trade your personal information. We share data only with:
- Stripe, Inc. (USA) — payment processing (Stripe Privacy Policy)
- Resend, Inc. (USA) — transactional email delivery
- Anthropic, PBC (USA) — AI ticket triage (ticket content only; not used for model training per their data policy)
- Railway Corp. (USA) — infrastructure hosting
- Law enforcement: only when required by valid legal process (subpoena, court order)
6. International Data Transfers
Our servers and sub-processors are located in the United States. If you access our services from the EU, EEA, UK, or other regions with data protection laws, your personal data will be transferred to the US.
We safeguard these transfers through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework certification where available from our sub-processors
- Technical safeguards including encryption in transit and at rest
You may request a copy of the applicable SCCs by contacting privacy@247helpdesk.co.
7. Data Security
We protect your data with industry-standard measures:
- HTTPS/TLS encryption for all data in transit
- Encrypted database connections with tenant isolation
- bcrypt password hashing (never stored in plaintext)
- JWT tokens with expiration for API authentication
- Rate limiting on authentication endpoints
- Role-based access control (RBAC) with per-tenant data boundaries
8. Data Breach Notification
In the event of a personal data breach that is likely to result in risk to your rights and freedoms:
- We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33)
- We will notify affected individuals without undue delay if the breach is likely to result in high risk (GDPR Art. 34)
- California residents will be notified in the most expedient time possible and without unreasonable delay (Cal. Civ. Code §1798.82)
Notifications will include the nature of the breach, data affected, likely consequences, and measures taken or proposed to address it.
9. Data Retention
We retain personal data only as long as necessary:
- Account data: retained while your account is active and for 30 days after deletion request
- Support tickets: retained for 3 years after closure for quality assurance and audit
- Billing records: retained for 7 years per tax/accounting requirements
- Server logs: retained for 90 days, then automatically purged
You may request earlier deletion at any time (see Section 11).
10. Cookies
We use only strictly necessary cookies that do not require consent under the ePrivacy Directive:
- Session cookie: maintains your login state (expires on browser close or after 7 days)
- CSRF token: prevents cross-site request forgery
We do not use advertising, analytics, or third-party tracking cookies. Because we use only essential cookies, no cookie consent banner is required. If we ever introduce non-essential cookies, we will obtain your consent first.
11. Your Rights
GDPR (EU/EEA/UK)
If you are in the EU, EEA, or UK, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict or object to processing
- Data portability (receive your data in a structured, machine-readable format)
- Withdraw consent at any time
- Lodge a complaint with your local supervisory authority
CCPA / CPRA (California)
California residents have the right to:
- Know what personal information is collected, used, and shared
- Request deletion of personal information
- Opt out of sale or sharing — we do not sell or share personal information
- Correct inaccurate personal information
- Limit use of sensitive personal information
- Non-discrimination for exercising your rights
To exercise any of these rights, contact us at privacy@247helpdesk.co or submit a data request through your portal settings. We will respond within 30 days (GDPR) or 45 days (CCPA).
12. Children's Privacy
Our services are not directed to children under 16 (or under 13 where COPPA applies). We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it within 30 days. If you believe a child has provided us data, please contact privacy@247helpdesk.co.
13. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you at least 30 days in advance by email or prominent notice in the platform. Your continued use after the updated effective date constitutes acceptance. Prior versions are available upon request.
14. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles. For EU/EEA/UK users, nothing in this policy limits your rights under applicable local data protection law, including the GDPR.
15. Contact Us
For privacy-related inquiries:
- Privacy Team: privacy@247helpdesk.co
- General Support: support@247helpdesk.co
- Website: 247helpdesk.co/contact
If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.