Privacy Policy

Last updated: April 15, 2026

1. Introduction

DesksFlow ("we," "our," or "us") operates the desksflow.com website and the DesksFlow platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using DesksFlow, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Agency name and contact details
  • Password (stored securely using industry-standard hashing)
  • Role within your agency (admin or staff)

2.2 Client Data

Agency users enter client information through our query form. This may include names, contact details, education history, visa details, passport numbers, and financial information (sponsor details, income declarations). This data is entered by agency users and belongs to the agency.

2.3 Documents

Documents uploaded through the platform (client documents, identity proofs, academic records) are stored securely in encrypted cloud storage. We do not access, read, or analyze the contents of uploaded documents.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, device information, and IP address. This data is used solely to improve the Service.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate users and manage access permissions
  • To send transactional emails (password resets, team invitations, account notifications)
  • To provide customer support
  • To monitor usage patterns and optimize performance
  • To detect, prevent, and address technical issues or security threats

We do notsell, rent, or share your personal information or your clients' data with third parties for marketing purposes.

4. Data Isolation & Security

DesksFlow is a multi-tenant platform. Each agency's data is completely isolated using Row Level Security (RLS) at the database level. This means:

  • No agency can access another agency's data — ever
  • Staff members can only access data within their own agency
  • All data is encrypted in transit (TLS/SSL) and at rest
  • Database backups are performed daily
  • Documents are stored in isolated, authenticated cloud storage buckets

5. Third-Party Services

We use the following third-party services to operate DesksFlow:

  • Supabase — Database hosting, authentication, and file storage (servers in AWS)
  • Vercel — Application hosting and deployment
  • Resend — Transactional email delivery

Each provider has their own privacy policy and maintains enterprise-grade security standards. We do not share your data with any other third parties.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account or request data deletion, we will remove your data within 30 days, except where we are legally required to retain it.

Client query data and documents are retained as long as the agency account is active. Agencies can delete individual client records at any time.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a machine-readable format
  • Withdraw consent for data processing at any time

To exercise any of these rights, contact us at privacy@desksflow.com.

8. Cookies

DesksFlow uses essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. No cookie consent banner is needed as we only use strictly necessary cookies.

9. Children's Privacy

DesksFlow is a business tool designed for use by agencies. We do not knowingly collect information from children under 18. If we learn that we have collected data from a child under 18 without parental consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us: