DeskPilot ← Back to home

Privacy Policy

Last updated: March 29, 2026

DeskPilot ("we", "our", or "us") is committed to protecting the privacy of the Slack workspaces and users that use our service. This Privacy Policy explains what data we collect, why we collect it, how it is stored, and your rights regarding that data.

By installing DeskPilot in your Slack workspace, you agree to the terms of this Privacy Policy.

1. Data We Collect

Slack Workspace Data

  • Message history — We read historical messages from selected public channels (up to 6 months) to automatically build a knowledge base. We do not store raw messages permanently; we extract question-and-answer patterns from them.
  • User IDs — Slack user identifiers are used to attribute tickets and route escalations. We do not collect or store names, email addresses, or profile information unless voluntarily submitted in a support request.
  • Channel names and IDs — Used to identify support channels and route queries to the correct knowledge base.
  • Bot mentions and direct messages — Messages directed at the DeskPilot bot are processed to generate responses and logged as support tickets.

Account and Billing Data

  • Email address of the workspace administrator who installs the app (collected at signup).
  • Company name and team size (provided during onboarding).
  • Payment information is processed by Stripe and is never stored on our servers.

Usage and Analytics Data

  • Ticket resolution rates, response confidence scores, and escalation counts — used to improve auto-resolution accuracy and surface insights to workspace admins.
  • Page views and feature interaction events on deskpilot.online (no third-party analytics trackers; collected on our own servers).

2. How We Use Your Data

  • Knowledge base construction — Slack message history is analyzed by AI to extract Q&A patterns that populate the knowledge base used for auto-resolution. Raw messages are not retained after pattern extraction.
  • Ticket auto-resolution — Incoming support messages are matched against the knowledge base to generate responses. This is the core function of the service.
  • Service improvement — Aggregated, anonymized ticket metrics help us improve model accuracy.
  • Communications — Transactional emails (onboarding, billing, important product updates). We do not send marketing email without your explicit opt-in.

We never sell, rent, or share your workspace data with third parties for advertising or marketing purposes.

3. Data Storage and Security

  • Database — Data is stored in PostgreSQL hosted on Neon (neon.tech), a SOC 2 Type II certified cloud database provider.
  • Token encryption — All Slack OAuth access tokens and bot tokens are encrypted at rest using AES-256-GCM with a securely managed encryption key. Tokens are decrypted only in memory at time of use.
  • Transport security — All data in transit is encrypted via TLS 1.2 or higher (HTTPS enforced).
  • Slack signature verification — All incoming Slack event payloads are verified using HMAC-SHA256 x-slack-signature validation with replay-attack protection (5-minute window).
  • Minimal data retention — Raw Slack message content is processed and discarded. Knowledge base entries (Q&A patterns) are retained only while the workspace subscription is active.
  • Access controls — Database access is restricted to application infrastructure. No human employee accesses workspace data unless explicitly required to investigate a reported incident.

4. Data Retention and Deletion

When you uninstall DeskPilot from your Slack workspace or cancel your subscription:

  • All workspace data (knowledge base entries, ticket records, Slack tokens) is permanently deleted within 30 days.
  • You may request immediate deletion at any time by emailing deskpilot-8@polsia.app.
  • Aggregated, anonymized usage statistics (e.g., total tickets processed) may be retained for internal benchmarking.

5. Third-Party Services

DeskPilot uses the following third-party services to operate:

  • Slack — Our integration platform. Subject to Slack's Privacy Policy.
  • Neon — PostgreSQL database hosting. Neon Privacy Policy.
  • Anthropic / OpenAI — AI model inference for generating support responses. Message content is sent to AI providers for processing and is subject to their data handling policies. We use transient processing (content is not used to train models).
  • Stripe — Payment processing. We share only the minimum billing information required. Stripe Privacy Policy.
  • Render — Application hosting. Render Privacy Policy.

6. Your Rights (GDPR / CCPA)

If you are located in the European Economic Area, United Kingdom, or California, you have the following rights regarding your personal data:

  • Right to access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate data.
  • Right to erasure — Request deletion of your personal data ("right to be forgotten").
  • Right to data portability — Request a machine-readable export of your data.
  • Right to object — Object to processing of your data for certain purposes.
  • Right to restrict processing — Request we limit processing of your data under certain circumstances.

To exercise any of these rights, email us at deskpilot-8@polsia.app. We will respond within 30 days.

7. Children's Privacy

DeskPilot is a B2B service intended for use by businesses. We do not knowingly collect personal data from individuals under 16 years of age.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify the workspace administrator via email and update the "Last updated" date at the top of this page. Continued use of DeskPilot after such changes constitutes acceptance of the updated policy.

9. Contact Us

Questions, concerns, or requests regarding this Privacy Policy should be directed to:

Home · Terms of Service · Contact