NightDesk

Privacy Policy

1. Introduction

NightDesk ("we", "our", "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our after-hours call handling service.

This policy applies to all users of NightDesk services and is compliant with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

2. Data Controller

NightDesk is the data controller responsible for your personal data. For any privacy-related inquiries, you can contact us at hello@nightdesk.co.uk.

3. What Data We Collect

We collect and process the following types of information:

Customer Account Information

  • Name and business name
  • Email address
  • Phone numbers (your business line and engineer contact numbers)
  • Billing and payment information

Caller Information

  • Caller phone numbers
  • Caller names (when provided)
  • Call recordings and transcriptions
  • Job details and customer requirements shared during calls
  • Date, time, and duration of calls

Technical Data

  • IP addresses and device information
  • Usage data and service interactions
  • Error logs and diagnostic information

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Service Delivery: To handle after-hours calls, transcribe messages, and deliver job notifications to your designated engineers
  • Account Management: To create and manage your NightDesk account, process payments, and provide customer support
  • Service Improvement: To analyze usage patterns, identify technical issues, and improve our service functionality
  • Communication: To send service updates, billing notifications, and important account information
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our terms of service

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: Processing is necessary to provide the NightDesk service as agreed in our Terms of Service
  • Legitimate Interests: We have a legitimate interest in improving our service, preventing fraud, and ensuring security
  • Legal Obligations: We must process certain data to comply with UK tax, accounting, and regulatory requirements

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. These measures include:

  • Encrypted data transmission and storage
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure backup and disaster recovery procedures

Your data is stored on secure servers located within the UK and European Economic Area (EEA). We retain data only for as long as necessary to provide our services and comply with legal obligations.

7. Data Retention

We retain different types of data for varying periods:

  • Call recordings and transcriptions: Stored for 90 days, then automatically deleted
  • Account information: Retained for the duration of your subscription plus 6 years for tax and accounting purposes
  • Technical logs: Stored for up to 12 months for security and diagnostic purposes

You may request earlier deletion of your data by contacting us, subject to our legal obligations.

8. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. However, we may share data with trusted service providers who help us deliver the NightDesk service:

  • Telephony Providers: To handle incoming calls and route notifications
  • Messaging Services: To deliver WhatsApp and SMS notifications to your engineers
  • Cloud Hosting Providers: To store data and host our service infrastructure
  • Payment Processors: To securely process subscription payments
  • AI Transcription Services: To convert call audio into structured text

All third-party providers are required to comply with GDPR and maintain appropriate data protection standards. We only share the minimum data necessary for them to perform their services.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests

To exercise any of these rights, please contact us at hello@nightdesk.co.uk. We will respond to your request within one month.

10. Cookies and Tracking

NightDesk uses essential cookies to maintain your session and provide basic functionality. We do not use advertising or tracking cookies. You can control cookie settings through your browser preferences.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated via email. Your continued use of NightDesk after changes take effect constitutes acceptance of the updated policy.

12. Contact and Complaints

For any questions, concerns, or data protection requests, please contact us at:

Email: hello@nightdesk.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: https://ico.org.uk

Last Updated: December 31, 2025