Privacy
Last updated: 11 June 2026
This notice explains how Service Desk Builder handles personal data when you visit the website, create an account, contact us, make a payment, apply for or receive an Service Desk Performance Audit, or run an automated AI Readiness Audit against a connected service desk platform such as Freshservice or Zendesk.
For account, billing, website, support, and product analytics data, Service Desk Builder acts as controller. For personal data read from your organisation's connected service desk platform solely to provide the audit, Service Desk Builder generally acts as processor for your organisation. Our Data Processing Addendum applies to that processor activity unless we agree a separate signed DPA.
For privacy, deletion, or procurement questions, email hello@servicedeskbuilder.com.
AI Readiness Audit data handling
What we read
Freshservice
Zendesk
What we write (only when you ask)
If you use the optional task-to-ticket feature, we create Freshservice or Zendesk tickets only after you enable ticket creation and confirm the action. We write the remediation task subject, recommended fix, dimension, effort, impact, estimated score recovery, source report link, and Service Desk Builder task ID. We do not create, update, or close tickets unless you explicitly trigger that action.
If you configure Slack or Microsoft Teams notifications, we send messages to the incoming-webhook URL you provide. Those destinations are chosen and controlled by you, and the messages contain only the audit score, affected dimension names, and a link — never ticket or knowledge-base content.
What we store
We store computed scores, metrics, audit history, your connected platform, platform subdomain, selected workspace where applicable, limited category diagnostics, report access state, client labels, white-label branding assets for MSP-plan accounts, generated report outputs where needed to provide the Service, and platform ticket IDs/URLs returned when you ask us to create remediation tickets. Raw API keys are not stored.
What we never read or store
Performance Audit data handling
When you enquire
The enquiry form collects your name, work email, company, job title, and structured details about your service (team size, platform, ticket volume, challenges, and your written context). We use it solely to assess whether the audit is a suitable fit and to respond to you. Enquiry details are sent to us by email through our email provider and are not exposed in client-side logs or product analytics. Please do not include passwords, API keys, or sensitive ticket contents in the form.
Audit evidence
If we proceed, the evidence used for the audit — such as exported service desk metrics, existing reports, SLA and workflow information, and questionnaire responses — is agreed with you in advance. We prefer anonymised or minimised data wherever the full content is not needed, and most analysis runs on ticket-level metrics and metadata rather than the contents of individual tickets. Where you choose to use an optional read-only integration for Freshservice or Zendesk, the AI Readiness Audit data handling described above applies to that connection.
What we ask you not to send
Passwords, API keys, and sensitive ticket contents should never be sent through the enquiry form or by email. If any evidence needs to contain sensitive material, we will agree a secure method for sharing it rather than accepting it through the website.
Where UK GDPR or EU GDPR applies, we rely on the following lawful bases as applicable:
We record anonymous product-usage events (for example, that an audit was started or a report viewed) to understand and improve the Service. These use a random, first-party session identifier only — we do not use them to track you across other websites, and they are not sold or shared with advertisers.
We use third-party providers to operate the Service. Current key providers include:
We require providers to handle data only for the services they provide to us. A current subprocessor list or security questionnaire response is available by emailing hello@servicedeskbuilder.com.
Some providers may process data outside the United Kingdom or European Economic Area. Where required, we rely on appropriate safeguards such as adequacy regulations, Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent contractual protections used by our providers.
You can request deletion at any time. Some records may need to be retained where required by law, fraud prevention, dispute handling, or legitimate business recordkeeping.
Depending on where you are located, you may have rights to access, correct, delete, restrict, or object to the use of your personal data, and to request a copy of your data. You can exercise these rights by emailing hello@servicedeskbuilder.com.
If you are in the UK and are unhappy with our response, you can complain to the Information Commissioner's Office at ico.org.uk.
We use reasonable technical and organisational measures to protect data, including managed authentication, encrypted provider infrastructure, limited credential handling, and least-data collection for audits. No internet service can be guaranteed completely secure.
We may update this notice as the Service changes. Material updates will be reflected by changing the last updated date and, where appropriate, notifying active customers.