Privacy & Terms

Last updated: 6 November 2025

ProjectDesk is committed to protecting customer data and providing clear expectations around the use of our services. This notice explains how we handle information, secure our systems, and what you agree to when using ProjectDesk.

Who We Are

ProjectDesk.app (“ProjectDesk”, “we”, “us”, or “our”) provides project and portfolio management software delivered as a hosted service. Our primary point of contact for privacy matters is available via our contact page.

Data Controller

ProjectDesk.app is operated by Bradley Kennedy (United Kingdom). For the purposes of UK and EU data protection law, we act as the data controller for personal data processed through our marketing site and application portal. If you have any questions, please reach out through our contact page.

Scope

This document applies to the use of our marketing site, application portal, APIs, and related support channels. By accessing or using ProjectDesk you agree to these terms and to our processing of information as described below.

Information We Collect

We collect only the data required to provide and improve ProjectDesk:

  • Account details such as name, email address, workspace name, and authentication credentials.
  • Billing details managed through our payment processor (GoCardless), including subscription history and invoice identifiers.
  • Workspace content that you upload or create, including projects, tasks, attachments, and comments.
  • Support interactions including messages, metadata, and diagnostic information.
  • Usage analytics such as device type, browser, and feature usage in aggregated or anonymised form.

Cookies & Analytics

ProjectDesk uses essential cookies to enable secure sign-in, session management, and core functionality. We may also use limited analytics cookies to understand aggregate usage patterns and improve the service. You can manage or delete cookies through your browser settings. If we use third-party analytics on the marketing site, they are configured to respect privacy and collect only aggregated or anonymised information.

How We Use Your Data

  • Deliver and maintain the ProjectDesk service and customer workspaces.
  • Authenticate users, manage accounts, and enforce security controls.
  • Process subscriptions and payments via GoCardless in line with their policies and applicable law.
  • Provide customer support, service announcements, and product updates.
  • Analyse platform performance and improve features using aggregated insights.
  • Meet legal, regulatory, and contractual obligations, including fraud prevention.

We never sell customer data. We share data only with vetted subprocessors required to run the service or where the law requires it.

Legal Basis for Processing

We process personal data under the following legal bases: contractual necessity (to provide and maintain your account and services), legitimate interests (to improve features, ensure security, and communicate relevant updates), legal obligation (to comply with applicable law), and consent where you have explicitly agreed (for example, optional communications or beta participation). Where we rely on legitimate interests, we balance our interests against your rights and expectations.

Data Location & Processing

All customer database records are stored in the European Union, within Frankfurt (eu-central-1). Application functions are deployed through Vercel and execute within Frankfurt (Germany), Dublin (Ireland), and London (United Kingdom). We use providers that comply with EU data protection requirements. Where data is transferred outside the UK or EEA, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and UK International Data Transfer Addendum where applicable).

Security Measures

Protecting your workspace is a core priority. Measures include:

  • TLS encryption for all web traffic between your browser and ProjectDesk.
  • Encryption at rest for databases and backups held within the EU data centre.
  • Strict access controls, reviewed audit logs, and the principle of least privilege for staff.
  • Automated dependency monitoring, vulnerability scanning, and timely patch management.
  • Regular backups, redundancy, and disaster recovery processes designed to maintain availability.

While no system is perfectly secure, we continually assess and improve safeguards to reduce risk.

Eligibility & Sponsored Accounts

  • ProjectDesk is intended for use by adults (18+). Minors are not permitted to create accounts or be invited as sponsored users.
  • Subscription purchases must be made by an adult with the legal capacity to enter into agreements.
  • You are responsible for ensuring sponsored members meet these eligibility requirements.

We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided personal data to us, please reach out via our contact page so we can remove it.

User Responsibilities & Acceptable Use

  • Use ProjectDesk in compliance with applicable laws and refrain from abusive, harassing, or fraudulent activity.
  • Do not attempt to gain unauthorised access to ProjectDesk infrastructure or other customer workspaces.
  • Do not upload malicious code or content that infringes intellectual property or privacy rights.
  • Report suspected vulnerabilities or misuse promptly.

Third-Party Services

We rely on reputable service providers to operate ProjectDesk, including (but not limited to):

  • GoCardless for subscription billing and secure storage of payment details, governed by GoCardless’s privacy and security policies.
  • Vercel for application hosting and serverless execution within the EU and UK.
  • Other infrastructure or analytics partners required to support the service, each bound by appropriate data protection agreements.

An up-to-date list of our subprocessors is available on request from our contact page. We will notify customers of material changes where required.

Data Retention & Deletion

Workspace data is retained for as long as your subscription remains active. Upon cancellation or request, we provide mechanisms to export or delete workspace content. Residual backups and system logs are retained for up to 30 days to support disaster recovery and auditing, after which they are securely purged unless a longer period is required by law.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal data. To exercise these rights or make a complaint, contact us via our contact page. We will respond within the timeframes required by applicable law.

Vulnerability Disclosure

If you believe you have discovered a security issue, please reach out through our contact page with details so we can investigate. Public disclosure of vulnerabilities before remediation is discouraged to protect all users.

Service Changes & Availability

We continually improve ProjectDesk and may update features, infrastructure, or policies. We strive for high availability and provide reasonable notice for material changes whenever feasible.

Updates to This Document

We may revise these Privacy & Terms from time to time. The “last updated” date reflects when changes take effect. We will post updates on this page and, where changes are material or required by law, notify you by email or in-app message.

Governing Law

These Privacy & Terms are governed by the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction, except where applicable data protection law provides otherwise.

Contact

For legal or privacy questions, please use our contact page. For general support, visit our contact page. We are committed to addressing concerns promptly and transparently.