About this Policy. MyDesk 5.0 is owned and operated by Astro Arpanet LLC, a Florida limited liability company ("Astro Arpanet," "we," "us," "our"). This Policy explains how we collect, use, share, and protect personal information when you access or use our online personal assistant service (the "Service"). By using the Service, you agree to the practices described here and acknowledge that liability for the Service — including processing errors, inaccurate AI output, and data incidents — is limited to zero or the minimum permitted by law, as set forth in our Terms and Conditions.
1. Information we collect
- Account and contact information. Name, email address, profile details, billing information, and other information you provide when registering, subscribing, or contacting us.
- Subscription and billing information. Plan tier (for example Essential or Professional), assistant slot count, subscription status, Stripe customer identifiers, and payment-related metadata processed by our payment provider.
- Personal assistant configuration. Desk names and types (public profile, career, team, collaborators), knowledge sources (URLs, pasted text), training content, public or invite-only link settings, contact URLs, contact details, greetings, and related configuration for each personal assistant you set up.
- Chat, leads, and inbox data. When visitors use your assistant links, we may collect intake details, message content, session identifiers, page URL, referrer, timestamps, escalation flags, and related metadata. On Professional plans, this data may be shown to you in Leads, Inbox, dashboard metrics, and exports. On Essential plans, similar data may still be processed to operate chat but contact-tracking features may not be available in your account interface.
- Service usage information. Information about how you and your visitors use the Service, such as messages, inquiries, preferences, crawl/training status, and activity logs needed to operate and secure the Service.
- Technical information. IP address, browser type, device type, and similar data collected automatically for security, operations, and performance.
2. How we use information
- To provide, maintain, secure, and improve the Service, including personal assistants and share links.
- To train, index, and retrieve knowledge you provide so assistants can generate replies to visitors.
- To operate chat intake, store conversation history, create lead records, queue escalations for human follow-up, and display metrics or exports where your plan includes those features.
- To process messages through automated and AI-assisted systems (which may produce errors or inaccurate output).
- To process subscriptions, plan upgrades, support requests, and communications with you.
- To monitor performance, prevent abuse, enforce tier limits, and comply with legal obligations.
- To protect our rights, users, and the integrity of the Service.
We use information only as described in this Policy and as needed to deliver the features included in your plan. We do not guarantee that processed data, AI-generated replies, lead records, or metrics are accurate, complete, or error-free.
3. Account holders, end users, and plan tiers
If you are an account holder ("Customer"), you are responsible for providing appropriate notices and obtaining any required consents from people who interact with your personal assistants ("End Users"), for example visitors who use a share link you publish. As between you and MyDesk 5.0, you are generally responsible for deciding why and how End User personal information is collected and used in your deployment, and we process that information on your behalf to provide the Service.
Essential vs Professional. Your subscription tier determines which contact-management features you can access (such as Leads, Inbox, and dashboard metrics). End User data may still be collected and stored to operate chat on any tier. You are responsible for understanding your plan, upgrading if you need contact-tracking tools, and responding to End Users even when the Service does not surface data to you.
End Users should contact you for questions about how you use their information. MyDesk 5.0's Terms and Conditions describe allocation of responsibility between Customers and MyDesk 5.0.
4. Third-party websites and crawled content
When you provide website URLs, CMS webhooks, FAQ text, or similar sources, we may retrieve, store, and process content from those sources to build a knowledge base for your chat experience. That content originates from third parties and may include publicly available business information.
You are responsible for ensuring you have the right to provide those sources to us and for the accuracy and legality of the content you direct us to process. We do not independently verify third-party website content and are not responsible for how third-party sites collect or handle personal information.
5. Chat messages, AI processing, and lead information
When End Users use assistant links you enable, we may collect and store information they submit, such as display name, email address, phone number, marketing opt-in preferences, page URL, referrer, session identifiers, and message content. We use this information to operate chat, deliver automated replies, maintain conversation history, create or update lead records, flag items for human follow-up (Inbox), show dashboard metrics, support exports, and improve Service performance and security — subject to your plan tier and feature availability.
Message content and knowledge you provide may be processed by automated and AI-assisted systems (including third-party LLM providers) to generate replies. That processing may produce errors — including wrong facts about you, wrong answers to visitors, missed escalations, or incorrect summaries. Automated replies are not verified by MyDesk 5.0. Customers are responsible for supervising chat use, keeping training content accurate, and communicating with End Users directly when needed.
TO THE FULLEST EXTENT PERMITTED BY LAW, WE ASSUME NO LIABILITY FOR INACCURATE AI PROCESSING, LOST OR DELAYED MESSAGES, MISSED LEADS, INCORRECT METRICS, OR HARM ARISING FROM RELIANCE ON CHAT OR CONTACT DATA IN THE SERVICE.
6. Legal basis (EEA, UK, and Switzerland)
Where GDPR or similar laws apply, we process personal information on these bases: (a) Contract — to provide the Service you request; (b) Legitimate interests — to secure, operate, and improve the Service, prevent abuse, and support customers, balanced against your rights; (c) Consent — where required, such as optional marketing emails or non-essential cookies; (d) Legal obligation — where we must comply with law.
7. How we share information
- Service providers. We may share information with vendors that help us host, operate, bill, or support the Service. They may use information only as needed to perform services for us.
- Legal requirements. We may disclose information if required by law, legal process, or to protect rights, safety, or security.
- Business transfers. Information may transfer in connection with a merger, acquisition, or sale of assets.
- Aggregated data. We may share aggregated or de-identified information that does not identify individuals.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents: we do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA. You may still submit a request using the contact options in Section 14.
8. Service providers (subprocessors)
We use trusted vendors to host and operate the Service, including (as applicable): authentication (Clerk), payments (Stripe), email (Brevo), database hosting (Neon), cloud hosting (Vercel), and AI/LLM providers for automated replies. They process data only on our instructions and under contractual safeguards. We may update this list as vendors change.
9. Data retention, accuracy, and security
We retain information only as long as needed for the purposes described in this Policy or as required by law. Typical periods: account and billing data while your subscription is active and for a reasonable period after closure; assistant configuration and knowledge while your account is active; chat messages, leads, inbox items, and related visitor data while your account is active (and for a limited backup period thereafter unless you delete them or close your account); contact form submissions as needed to respond and maintain business records; billing records as required for tax and accounting. Retention may vary by plan, feature, and legal requirements.
No guarantee of accuracy. Data displayed in Leads, Inbox, metrics, or exports may be incomplete, duplicated, delayed, or incorrect. You should not rely on the Service as your only record of visitor communications.
You use the Service at your own risk. We are not responsible for unauthorized access caused by factors outside our reasonable control, including third-party systems, networks, or devices, Customer misconfiguration, weak credentials, or content and information submitted by End Users through chat. Third-party websites and services linked from the Service are governed by their own policies.
We use reasonable administrative, technical, and organizational safeguards. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, to port your data, and to withdraw consent where processing is consent-based. California residents may have additional rights under the CCPA/CPRA, including the right to know categories of information collected and to non-discrimination for exercising privacy rights.
Account holders: submit a request via Contact us (topic: Privacy / data request) or through your account administrator. We may verify your identity before responding.
Chat visitors (End Users): contact the person or organization whose assistant link you used — they control your conversation data in their account. You may also contact us if you need help reaching the account holder.
We aim to respond within the timeframes required by applicable law (for example, 30 days under GDPR, 45 days under CCPA, subject to permitted extensions).
11. International transfers
Personal information may be processed in the United States and other countries where we or our service providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms for transfers from the EEA, UK, or Switzerland.
12. Cookies and local storage
Essential: authentication cookies (Clerk), security, and session operation. Functional: theme preference (local storage). Chat: optional local storage on your device to remember contact details for return visits. You can clear cookies and local storage in your browser. Our cookie banner lets you accept or limit to essential technologies where shown.
13. Children
The Service is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe a child has provided information.
14. Updates
We may update this Privacy Policy from time to time. Changes take effect when posted. Please review this page periodically.
15. Limitation of liability
TO THE FULLEST EXTENT PERMITTED BY LAW, ASTRO ARPANET LLC AND MYDESK DISCLAIM ALL LIABILITY — AND WHERE PERMITTED, ASSUME ZERO LIABILITY — FOR ANY CLAIM, LOSS, OR DAMAGE ARISING FROM OR RELATED TO PERSONAL INFORMATION WE COLLECT, STORE, PROCESS, DISPLAY, OR FAIL TO DISPLAY, INCLUDING UNAUTHORIZED ACCESS, DATA BREACH, PROCESSING ERRORS, INACCURATE OR INCOMPLETE AI OUTPUT, MISSED ESCALATIONS, LOST LEADS, INCORRECT METRICS, TIER FEATURE LIMITATIONS, OR CUSTOMER MISUSE OF LEADS AND CHAT DATA, EXCEPT WHERE LIABILITY CANNOT BE EXCLUDED BY APPLICABLE LAW.
Where liability cannot be fully excluded, our total aggregate liability for privacy-related claims is subject to the same cap as in our Terms and Conditions (the greater of fees paid in the prior twelve months or US $100). To the fullest extent permitted by law, Astro Arpanet LLC's liability related to personal information handled under this Policy is subject to the disclaimers, limitations, release, and indemnification provisions in our Terms.
We are not responsible for how Customers use leads, feedback, chat transcripts, or other information obtained through the Service, or for disputes between Customers and End Users. Customers are solely responsible for their privacy notices, consents, and communications with End Users.
16. Questions
Astro Arpanet LLC is the data controller for personal information processed through MyDesk 5.0, except where you act as controller of End User Data as described above.
Questions about this Policy may be submitted through Contact us (topic: Privacy / data request). If there is a conflict between this Privacy Policy and the Terms and Conditions, the Terms and Conditions govern dispute resolution and limitation of liability to the fullest extent permitted by law.