Last updated: May 9, 2026 · Version v1 · Archived v1

EclipseDesk Privacy Policy

Last updated: May 9, 2026

Version: v1

This Privacy Policy explains what EclipseDesk collects, how we use it, who we share it with, and what rights customers have.

1. What We Collect

We collect account information, such as name, email address, business name, plan, and account settings.

Stripe processes payment details. We receive payment status, customer IDs, receipt details, plan data, and limited billing metadata. We do not store full card numbers.

We collect service data needed to run EclipseDesk, such as emails processed, invoices extracted, receipts scanned, lead records, support tickets, setup status, daily summaries, exports, and audit logs.

If you connect Gmail, Outlook, QuickBooks, HubSpot, Salesforce, or another tool, we process the data needed to provide the connected service.

We collect technical data such as IP address, browser type, device data, request logs, error logs, security logs, and usage events.

We collect communications, including support emails, ticket messages, setup emails, sales replies, and feedback.

2. How We Use It

We use data to:

• provide and operate EclipseDesk;
• process payments through Stripe;
• send service emails, setup emails, receipts, support replies, and account notices;
• troubleshoot, secure, and monitor the service;
• improve the service using aggregate or anonymized patterns;
• comply with law;
• enforce the Terms of Service;
• prevent fraud, abuse, and security incidents.

We do not sell customer data. We do not share customer data for third-party advertising.

3. Who We Share With

We share data only as needed with service providers and sub-processors, including:

• Stripe for payments, billing, and checkout.
• Resend for email delivery.
• Vercel for hosting and serverless infrastructure.
• Postgres or database providers for storage.
• Cloudflare or DNS/security providers if configured.
• Anthropic, Google/Gemini, Groq, and similar AI providers for AI processing when used.
• Google, Microsoft, Intuit QuickBooks, HubSpot, and Salesforce when you connect those accounts.

We may share data when required by law, court order, subpoena, regulator request, or to protect rights, safety, and security.

If EclipseDesk is involved in a merger, acquisition, financing, or sale of assets, customer data may transfer to the successor with notice where required.

We never sell customer data to third parties for marketing and never share it for advertising.

4. AI Processing

EclipseDesk uses AI providers to generate outputs such as triage results, draft replies, extracted invoice fields, receipt categories, lead scores, summaries, and support responses.

Customer data is not used to train AI provider foundation models under paid commercial/API terms unless a customer separately opts in through that provider or asks otherwise. Provider policies can change, so EclipseDesk reviews vendor terms during security review.

Customer-specific data is not used to train EclipseDesk systems for other customers. Aggregate, anonymized patterns may be used to improve reliability and product quality. You can opt out of aggregate analysis by emailing privacy@eclipsedesk.com.

5. Data Security

We use reasonable administrative, technical, and physical safeguards for the size and nature of the business, including:

• TLS encryption in transit.
• Encryption at rest for sensitive fields where supported.
• Access controls and need-to-know access.
• Audit logs for important account actions.
• Vendor review for key sub-processors.
• Security monitoring and incident response.
• Periodic security review.

No system is perfectly secure. We use industry-standard practices but cannot guarantee absolute security.

If we confirm a data breach affecting customer data, we will notify affected customers without unreasonable delay and within 72 hours where legally required or where we determine that standard is appropriate.

6. Data Retention

Active accounts retain data as needed to operate the service.

Closed accounts are retained for 90 days, then deleted unless retention is required for law, taxes, security, backups, disputes, or fraud prevention.

Backups may retain deleted data for up to 180 days before normal backup rotation removes it.

Legal holds may require longer retention.

7. Customer Rights

You may request access, correction, export, deletion, or portability of your data by emailing privacy@eclipsedesk.com.

We respond within 30 days unless law allows more time. We may need to verify your identity before completing a request.

EU/UK customers may have GDPR rights, including access, correction, deletion, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.

California customers may have CCPA/CPRA rights, including the right to know, delete, correct, limit certain sensitive data use, opt out of sale or sharing, and non-discrimination. EclipseDesk does not sell personal information or share it for cross-context behavioral advertising.

Virginia, Colorado, Connecticut, Utah, and other state residents may have rights under state privacy laws. We will honor applicable requests.

8. Children's Privacy

EclipseDesk is for business users age 18 or older. It is not intended for children. We do not knowingly collect data from minors. If we learn that we collected a minor's data by mistake, we will delete it.

9. International Transfers

Data is primarily stored and processed in the United States. If you are outside the United States, your data may be transferred to and processed in the United States or other countries where our providers operate.

For EU/UK transfers where required, we use appropriate safeguards such as standard contractual clauses or provider data processing terms.

10. Cookies and Tracking

We use essential cookies or local storage needed for login, security, checkout, preferences, and service operation.

We may use privacy-friendly analytics to understand site and product usage. We do not use advertising cookies or third-party ad trackers.

If EU/UK traffic or non-essential analytics require consent, EclipseDesk will show a cookie consent banner before setting non-essential cookies.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will receive 30 days' email notice where practical or required. Continued use after the notice period means you accept the updated policy.

12. Contact

Privacy: privacy@eclipsedesk.com

Support: support@eclipsedesk.com

Business location: Buffalo, NY

Data Protection Officer: Not designated at current scale. We will designate one if required by law.