Legal

Privacy Policy

Last updated: February 23, 2026

1. Introduction

Twenty Nine Eleven Limited ("we", "us", "our", or "SDESK") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SDESK customer support platform for Shopify stores.

By using SDESK, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Information from Shopify Merchants

When you install SDESK on your Shopify store, we collect:

  • Store information (name, domain, email address)
  • Staff member details (names, email addresses, roles)
  • Store settings and preferences
  • Subscription and billing information

2.2 Customer Support Data

To provide our customer support services, we process:

  • Customer names and email addresses
  • Support ticket contents and attachments
  • Order information related to support requests
  • Communication history between merchants and customers

2.3 Technical Information

We automatically collect:

  • IP addresses and browser information
  • Device identifiers and operating system
  • Usage data and interaction logs
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain our services
  • Process support tickets and facilitate communication
  • Send transactional emails and notifications
  • Improve and personalise your experience
  • Analyse usage patterns and optimise performance
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. AI-Powered Features

SDESK offers optional AI-powered features including draft suggestions, text improvement, and ticket summarisation. When you use these features:

  • Ticket content may be processed by our AI service providers (Anthropic)
  • We strip personally identifiable information (PII) before processing where possible
  • AI features can be disabled in your settings
  • We do not use your data to train AI models

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third-party vendors who assist in operating our services (email delivery, hosting, analytics)
  • Shopify: As required by the Shopify App Store and API terms
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion or app uninstallation:

  • Active ticket data is retained for 30 days, then permanently deleted
  • Billing records are retained as required by law (typically 7 years)
  • You may request immediate deletion by contacting us

7. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure cloud infrastructure with leading providers

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

8. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

8.1 Legal Basis for Processing

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Improving services and preventing fraud
  • Consent: For optional features like AI processing and marketing
  • Legal Obligation: When required by applicable laws

8.2 Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

8.3 Data Processing Agreement

Merchants processing customer data through SDESK may require a Data Processing Agreement (DPA). Contact us at privacy@sdesk.app to request a DPA.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States and United Kingdom. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Compliance with local data protection requirements

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyse usage patterns
  • Improve our services

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our services.

11. Children's Privacy

SDESK is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of SDESK after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Twenty Nine Eleven Limited

Email: privacy@sdesk.app

For data protection enquiries: dpo@sdesk.app