DeskDirector Privacy Policy

Effective date: 12 January 2026

About DeskDirector

DeskDirector (“DeskDirector”, “we”, “us”, or “our”) provides a business-to-business software platform used by Managed Service Providers (“Subscribers”) to manage and present service desk and ticketing information to their own users (“End users”). This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our services.

This Privacy Policy applies to the DeskDirector web application and optional integrations, including Microsoft Teams and Outlook connectors (collectively, the “Service”).

Who this policy applies to

  • Subscribers who use the Service on behalf of their organization

  • End users who interact with the Service through a Subscriber

  • Visitors and prospective subscribers who contact DeskDirector directly

Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on our website with an updated effective date.

How we collect, use and share personal information

Types of data we process

The types of personal data processed through the Service may include the following:

  • Subscriber account data - Name / company name, email address, tenant or account identifiers, phone number, job title

  • End-user data* (provided by Subscribers or end users) - Ticket content, including free-text descriptions, attachments uploaded to tickets, avatars or profile images

  • Usage and technical data - Authentication identifiers, configuration and integration metadata, service usage data, application logs and audit records (may include end user IP addresses)

*End users may choose to include sensitive or confidential information in ticket content. DeskDirector does not require or request sensitive personal data, and Subscribers are responsible for managing the content submitted by their end users.

Our role and subscriber responsibilities

DeskDirector's roles in relation to personal data are as follows:

  • Data Controller - Subscriber account data, Security & Audit logs

  • Data Processor - End user data, data synchronized with PSA, Usage & Operational data

Subscribers act as the data controller for personal data relating to their end users and are responsible for ensuring they have appropriate authority to collect and use that data. Subscribers are also the primary point of contact for end users exercising privacy rights.

Sources of personal data

Personal data processed by DeskDirector may be obtained from:

  • Subscribers and their authorized users

  • End users submitting tickets through the Service

  • Synchronization with subscriber-managed PSA platforms (such as ConnectWise or Autotask)

  • Microsoft services used for authentication or integrations

  • System-generated logs, imports, and operational processes

How we use personal data

DeskDirector processes personal data for the following purposes:

  • Providing, operating, and maintaining the Service

  • Synchronizing ticket data with Subscriber PSA platforms

  • Authenticating users and managing access

  • Responding to support requests and enquiries

  • Monitoring, securing, and improving the Service

  • Meeting legal, regulatory, and contractual obligations

  • DeskDirector does not sell personal data and does not use personal data for advertising purposes

Legal bases for processing

DeskDirector processes personal data in accordance with applicable data protection laws and relies on the following legal bases, depending on the context:

  • Contract – to provide and operate the Service for Subscribers, including user authentication and ticket synchronization

  • Legitimate interests – to secure, maintain, and improve the Service, prevent abuse, and provide customer support, where such interests are not overridden by individual rights

  • Legal obligation – to comply with applicable laws and regulatory requirements

System of record and data ownership

Subscriber PSA platforms remain the authoritative system of record for ticket data. DeskDirector stores copies of data as necessary to operate the Service and synchronize changes back to the PSA via API.

DeskDirector does not enrich, aggregate, or resell Subscriber or End user data.

Data sharing and Sub processors

DeskDirector shares data only as necessary to provide the Service, including with:

  • Cloud infrastructure providers

  • Billing and payment providers

  • Operational service providers supporting the Service

DeskDirector does not permit cross-subscriber data access and does not sell personal data.

A list of data sub processors can be found in our Trust Center.

Data storage, location, and retention

Hosting and location

The Service is hosted on Microsoft Azure. Subscribers are assigned to a specific data region upon provisioning. Personal data may be stored and processed in Australia, Canada, United Kingdom or the United States.

Backups & Retention

  • Subscriber account data is retained for the duration of the Subscriber’s use of the Service

  • Production databases are backed up for business continuity and disaster recovery

  • Production databases backups are created daily and retained for up to 30 days

  • Backups are encrypted at rest and access restricted

  • When data is deleted from the Service, it may persist in backups until the backup retention period expires

Security

DeskDirector maintains administrative, technical, and organizational safeguards designed to protect personal data, including:

  • Encryption of data in transit and at rest

  • Role-based access controls and least-privilege access

  • Multi-factor authentication for internal access

  • Logging and monitoring of system activity

  • Incident response and recovery procedures

No method of transmission or storage is completely secure, but we take reasonable steps to protect personal data. Further detail is available in our Security & Architecture statement, accessible via the resources page of our Trust Center.

In the event of a confirmed data breach affecting personal data, DeskDirector will notify affected Subscribers without undue delay, consistent with GDPR (72-hour window) and applicable local laws.

Data subject rights

Depending on applicable law, individuals or data subjects may have rights to access, correct, delete, object, withdraw consent of, or restrict the processing of their personal data. Individuals also have the right to lodge a complaint with a supervisory authority.

Where DeskDirector acts as a data controller, such as for Subscriber account information or business contact data, requests may be submitted directly to DeskDirector using the contact details provided below.

Where DeskDirector acts as a data processor on behalf of a Subscriber, such as for end-user data contained in tickets, requests should be directed to the relevant Subscriber, who is responsible for responding to the request. DeskDirector will assist Subscribers in fulfilling valid requests in accordance with applicable law and our contractual obligations.

Please note that deletions and modifications may be reflected through synchronization with Subscriber systems and that personal data may remain in backups for a limited period following deletion, as described in this Privacy Policy.

Children's Data

The Service is not intended for children and DeskDirector does not knowingly collect personal data from individuals under the age of 16. DeskDirector does not perform age verification. Any age-related information included in ticket content is provided at the discretion of the user submitting it. If you have concerns that a child has disclosed personal data to us, please contact us using the details provided in the Contact Us section of this policy.

International data transfers

DeskDirector operates a globally distributed service. Personal data may be stored or processed in countries other than the country in which an individual resides, including the United States, the United Kingdom, Canada, Australia, and New Zealand.

Where personal data is transferred internationally, DeskDirector relies on appropriate safeguards designed to protect the data, including:

  • Transfers to countries recognized by the European Commission or relevant authorities as providing an adequate level of data protection (such as the United Kingdom and New Zealand); and

  • Where adequacy does not apply, the use of approved contractual safeguards, such as Standard Contractual Clauses and equivalent mechanisms, together with appropriate technical and organizational measures.

Personal data may also be accessed across borders for operational purposes such as service delivery, technical support, security, and backup and disaster recovery.

Contact us

Should you have questions about this Privacy Policy or DeskDirector’s privacy practices, or wish to exercise your data protection rights, please contact privacy@deskdirector.com or log in to the support portal at support.deskdirector.com

Solutions

ITSM software

Helpdesk software

SOP management

HR automation

MSP client portal

Resources

Academy

Blog

Knowledge base

Webinars

About Us

Our story

Contact us

Legal

Terms of service

Privacy policy

© DeskDirector, 2026

Solutions

ITSM software

Helpdesk software

SOP management

HR automation

MSP client portal

Resources

Academy

Blog

Knowledge base

Webinars

About Us

Our story

Contact us

Legal

Terms of service

Privacy policy

© DeskDirector, 2026

Solutions

ITSM software

Helpdesk software

SOP management

HR automation

MSP client portal

Resources

Academy

Blog

Knowledge base

Webinars

About Us

Our story

Contact us

Legal

Terms of service

Privacy policy

© DeskDirector, 2026