Privacy Policy

1. Data Controller

Deskflow ("we", "us") operates the desk booking service at deskflow.ie. We are the data controller for personal data processed through our service, in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

2. Data We Collect

• Account data: Name, email address, and profile picture (from Google Sign-In)
• Booking data: Desk reservations, dates, and associated team information
• Organisation data: Team name, floor plans, and desk configurations

3. How We Use Your Data

We process your data to:

• Provide the desk booking service
• Display availability and booking information to your team
• Generate anonymised utilisation analytics for team admins

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

4. Data Retention

Booking records are automatically deleted after 90 days. Account data is retained until you delete your account.

5. Your Rights

Under GDPR, you have the right to:

• Access your data (via the "Export My Data" feature)
• Erasure of your account and anonymisation of booking history (via "Delete My Account")
• Portability — export your data in JSON format
• Lodge a complaint with the Irish Data Protection Commission (DPC)

6. Data Isolation

Each organisation's data is isolated at the database level. Your team's bookings, users, and floor plans are never accessible to other organisations.

7. Third Parties

We use Google Sign-In for authentication. No personal data is shared with other third parties. We do not use tracking cookies or analytics services.

8. Contact

For data protection enquiries, contact us at privacy@deskflow.ie.