Get started

LookDesk Privacy Policy

Last updated: February 15, 2026

Introduction

This Privacy Policy explains what personal data we collect when you use LookDesk websites, applications, and services (collectively, the “Service”), how we use and share that data, and the choices you have with respect to your personal data. It also describes certain legal rights you may have under privacy laws (especially if you are in the European Economic Area or California).

BY USING THE SERVICE, YOU PROMISE THAT YOU HAVE READ AND UNDERSTAND THIS PRIVACY POLICY AND AGREE TO ITS TERMS. You also confirm that you are over 18 years of age, or if you are younger than 18, that your parent or legal guardian has reviewed and agreed to this Privacy Policy on your behalf. If you do not agree with this Privacy Policy or cannot make the above promise, you must not use the Service. In such case, you should contact us (using the information in the Contact Us section below) to request deletion of any data we may have collected from you, and refrain from accessing our websites or services.

For convenience, this Privacy Policy may be provided in other languages. However, any translated version is provided for convenience only, and in the event of any conflict or ambiguity between the English version and a translation, the English version shall prevail. The original English text is the sole legally binding version.

Definitions: In this Policy, “personal data” means any information that relates to an identified or identifiable individual (this may be called “personal information” under some laws). “Processing” means any operation performed on personal data, such as collection, use, storage, disclosure, etc. The “GDPR” refers to the EU General Data Protection Regulation (EU 2016/679), and “EEA” includes the European Union member states plus Iceland, Liechtenstein, and Norway (and for purposes of this Policy, the United Kingdom is included in references to EEA).

1. Who We Are (Data Controller)

The entity responsible for the processing of your personal data (the “data controller”) is LLC LookDesk (ТОВ ЛукДеск), a company registered in Ukraine. Our office is located in Harmatna St, 38A, ap 272, Kyiv, 03067, Ukraine. You can find our contact details in the Contact Us section of this Policy.

If you have any questions about this Privacy Policy or our data practices, you may contact us at support@lookdesk.ai .

2. Personal Data We Collect

We collect different types of information about you from various sources, including information you provide directly to us, information collected automatically, and information from third parties. The types of personal data we may collect include:

  • Contact and Account Information: When you create an account or contact us through the Service, we collect personal data such as your name, email address, telephone number, company name, job title, mailing address, or other contact details. For example, we collect your email address and password when you register for a LookDesk account. If you fill out a form on our website (such as a demo request or support form) or correspond with us via email or chat, we may collect the information you provide (like your name, contact information, and the content of your communication).

  • Profile and User-Provided Data: You may choose to provide additional information for your profile (such as a profile photo, preferred time zone, or other details) in the Service. If the Service allows messaging or content sharing, any information you post or upload (including any personal data contained in those communications or files) will be collected. For instance, if LookDesk provides an AI assistant to analyze documents, and you upload documents that contain personal data, we will collect and process that data as part of providing the Service.

  • Payment Information: If you make a purchase or subscribe to a paid plan, our third-party payment processor will collect payment information. This typically includes your name, billing address, and payment card details. We do not store your full credit card number or bank account details on our servers; that information is handled by the payment processor. We may retain non-sensitive payment details associated with your account, such as the last four digits of your card, the cardholder name, expiry date, and billing address, for record-keeping and receipt purposes.

  • Device and Usage Information: When you interact with our Service, we automatically collect certain technical information about your device and usage of the Service. This includes your IP address, browser type, device type, operating system, referring/exit pages, date and time of visit, and pages or features you accessed. We also collect data about your activity on our Service, such as log-in times, search queries, what features you use, and crash or error reports. If you use our application, we might collect mobile device IDs or crash analytics data. This information helps us understand how users use our Service and to secure and improve our platform.

  • Cookies and Tracking Technologies: We use cookies and similar tracking technologies (like web beacons and pixels) to collect data about your visits and interactions on our website, such as which pages you viewed and links you clicked. Cookies are small text files stored on your browser or device, which may include an anonymous unique identifier. We use cookies to remember your preferences, authenticate users, and analyze site traffic and usage. Some cookies are essential for the Service to function (e.g., to keep you logged in), while others are used for analytics and personalization. For more details, see the Cookies section below.

  • Third-Party Integrations and Data: If you choose to integrate or sign in via third-party services (for example, using “Sign in with Google” or connecting an integration to LookDesk), we may receive certain information from those third parties. This might include your profile information (like name or email) from an identity provider, or data needed for the integration to function (e.g., an API token). We only receive what you authorize the third party to share with us. Additionally, if you interact with LookDesk through social media (such as visiting our pages on LinkedIn, Facebook, etc., or using a social media plugin on our site), those platforms may send us some information (for example, aggregate analytics about engagement). Please check the privacy settings and policies of such third-party services for details.

  • Support and Inquiry Information: If you contact us for customer support or with a question (via email, chat, or phone), we will collect the information you choose to provide in that interaction. This may include your contact details and the content of your communications. We will use this information to assist you and improve our support services.

We do not intentionally collect sensitive personal data (such as personal health information, biometric data, or special categories of data as defined under GDPR) from general users, and we ask that you do not upload or submit such data to the Service unless it is necessary. LookDesk is not directed at children under 18, and we do not knowingly collect personal data from children. If we learn that we have inadvertently collected personal data from a child under 18 (or under the relevant age of consent in certain jurisdictions), we will take steps to delete that data.

Cookies and Similar Technologies

As mentioned, we and our partners use cookies and similar tracking technologies to provide and improve the Service. Cookies are small text files sent by a website to your device, which allow the website to recognize your browser or store information. We use cookies for several reasons:

  • Essential Cookies: These are necessary for the Service to function, for example to keep you logged in or remember your session. Without these, some parts of our Service would not work properly.

  • Analytics Cookies: These cookies collect information about how visitors use our website, which pages are popular, or if error messages are seen. We use this information to improve our website’s design and functionality. For instance, we use Google Analytics (or similar tools) which may set cookies to gather usage statistics (Google’s ability to use and share information collected by Google Analytics about your visits is governed by the Google Analytics Terms of Use and Privacy Policy).

  • Functional Cookies: These cookies allow our site to remember choices you make (like your language or region) and provide enhanced features, to personalize your experience.

  • Advertising Cookies: We currently do not display third-party ads on LookDesk Service to individual users. However, if in the future we engage in any advertising or retargeting, cookies might be used to track your browsing habits on our site and others in order to show you relevant ads. If we do this, we will update this Policy and provide appropriate opt-out mechanisms.

Your Choices: When you first visit our site, you may see a cookies notice or banner. By clicking accept or continuing to use the site, you indicate your consent to use of cookies as described. You can control or delete cookies through your browser settings. Most web browsers give you the ability to accept or reject cookies, or only accept certain types of cookies. You can also delete cookies that have already been set. Please note, if you disable cookies entirely, the Service may not function properly (for example, you might not be able to log in or certain preferences might not be saved).

For more information about cookies and how to manage them, you can visit third-party informational sites such as allaboutcookies.org. Some third parties (like Google Analytics) also provide their own opt-out mechanisms. For example, to prevent Google Analytics from using your data, you can install the Google Analytics Opt-out Browser Add-on.

Do Not Track: Some browsers offer a “Do Not Track” (DNT) feature that signals to websites that you do not want to be tracked. Currently, our Service does not respond to DNT signals or similar mechanisms, due to the lack of a common standard of how to interpret them. We will update this section if our practices change in the future. For more information on Do Not Track, see the “Do Not Track” section below in this Policy.

3. How We Use Personal Data (Purposes of Processing)

We use the personal data we collect for the following purposes (and in accordance with the legal bases described in Section 4):

  • To Provide and Operate the Service: We process data to authenticate you as a user, to provide the features and services you request, and to allow you to use the platform’s functionalities. For example, we use your account information to log you in and manage your account, and we use data you input (like documents or messages) to perform the services you expect (such as storing files, running analyses, or generating responses). We also use personal data to maintain and improve our Service’s functionality, to troubleshoot and fix issues, and to develop new features.

  • Customer Support: We use contact information and communications to provide support and respond to inquiries. For example, if you email support@lookdesk.ai for help, we will use your email and the issue described to assist you. We may also use your feedback to improve our Service and train our support team.

  • Analytics and Service Improvement: We process usage, device, and analytics data to understand how users interact with our Service, which features are used most, and where improvements or optimizations are needed. This helps us troubleshoot problems (like slow page load times or errors), improve the user interface, and enhance the quality of our Service. We may also use aggregated usage information to research and develop new products or services.

  • Communications and Updates: We use your contact information (such as email) to send you important notices or administrative messages about the Service, including confirmations, invoices, technical notices, updates, security alerts, or support and service-related announcements. We may also send promotional communications or newsletters to inform you about new features, special offers, or other news about LookDesk that we think you’d like to hear about. You can opt-out of marketing emails as described below in Your Rights and Choices, but we will still send you essential notices pertaining to the Services and your account.

  • Security and Fraud Prevention: We process personal data (including account info, device identifiers, and usage logs) to monitor, prevent, and detect fraud, abuse, or illegal activities on our Service. This includes enforcing our Terms of Service, investigating suspicious activity (like unauthorized access attempts or violation of our use policies), and taking steps to secure our platform and protect the rights and safety of our users and third parties. For example, we may analyze logins for unusual patterns to guard against credential stuffing, or use automated systems to detect spam or malware content.

  • Compliance with Legal Obligations: We use personal data as necessary to comply with our legal obligations, such as maintaining proper business records, handling data subject rights requests, or complying with lawful requests by public authorities. For instance, if we receive a legal subpoena or court order, we may need to preserve or share certain data as required by law. We may also use your data to enforce our agreements or to protect our legal rights in case of a dispute.

  • Personalization (if applicable): We might use certain data to personalize your experience on the Service. For example, we could use cookies to remember your preferences (language, layout) or to auto-fill your login ID, etc. If we provide content recommendations or similar features, they might be based on your usage patterns.

  • Marketing and Advertising: Currently, LookDesk does not heavily profile users for targeted advertising outside of our own offerings. If you are a business contact or have subscribed to our newsletter, we may use your data to send you marketing communications about product updates, events, or promotions (you can opt-out as noted). We do not sell your personal data to third-party advertisers. If in the future we partner with advertising networks or run ads, we may use cookies and pixels to measure the effectiveness of campaigns and to deliver relevant ads about our Service on third-party sites (this is typically done through hashed or non-direct identifiers). We will update this Policy and obtain any necessary consent if we engage in these practices.

  • Other Purposes: We may use personal data for other purposes that are compatible with the above, in circumstances where we have obtained your consent or as otherwise permitted or required by law. For example, we might ask for your permission to use a quote from your feedback as a testimonial on our website – in which case we would process your name and feedback for that specific purpose with your consent.

We ensure that we have a valid legal basis for each use of your personal data (see Section 4 below). We do not use your personal data for automated decision-making or profiling in a way that produces legal effects or similarly significant effects concerning you, except as described (e.g., automated spam filtering or security checks, which are intended to protect all users, or delivering certain content automatically based on your usage).

4. Legal Bases for Processing (GDPR Notice)

If you are in the EEA, UK, Switzerland or a similar jurisdiction that requires a legal basis for processing personal data, our legal bases are as follows:

  • Performance of a Contract: We process personal data that is necessary to provide the Service and perform our obligations under our contract with you (the Terms of Service). This includes data needed to create and maintain your account, to provide the features you request, to troubleshoot and deliver support, and so forth. For example, we need your email address to create your account and communicate with you about Service-related matters.

  • Legitimate Interests: We process certain data as necessary for our (or others’) legitimate interests, provided those interests are not overridden by your data protection rights. Our legitimate interests include: improving and personalizing our Service; understanding how users interact with our Service; securing our Service and preventing fraud; marketing our products to business users; and enforcing our legal rights. We rely on this basis, for instance, to collect analytics data, to send you marketing communications about our similar products (if you are a customer) unless you opt-out, and to keep backups for security continuity. We will always consider your rights and objections when processing on this basis (see Your Rights below for your right to object to certain processing).

  • Consent: In some cases, we rely on your consent to process personal data. For example, we will obtain your consent to send you certain marketing emails (where required by law), or to collect certain cookies or tracking data (where required). If we ask for your consent to use your data, you have the right to withdraw your consent at any time (this will not affect processing already occurred, but will stop future processing of that type). For instance, if you consent to a particular integration accessing your data, you can later disconnect it.

  • Legal Obligation: We process personal data where necessary to comply with a legal obligation to which we are subject. For example, we may keep transaction records to satisfy financial reporting laws, or respond to valid requests from law enforcement when required by law.

  • Vital Interests and Public Interest: These bases are generally not applicable to our typical operations. However, in rare cases we might process data to protect someone’s vital interests (e.g., in a life-or-death scenario) or for a task in the public interest or official authority, but those are not common for our Service. If they were to occur, we would ensure such processing is lawful.

If you have questions about the legal basis of how we process your personal data, you can contact us for more information. In all cases, we will ensure that we only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose (and we will inform you as required).

5. How We Share Personal Data

We understand the importance of keeping your personal data private. We do not sell or rent your personal information to third parties for their own marketing purposes. However, we do share personal data with third parties in certain situations, as described below:

  • Service Providers (Processors): We share personal data with trusted third-party service providers who perform services on our behalf to help us operate and improve LookDesk. For example, we use third parties for: hosting and infrastructure (data storage, database, cloud computing services), payment processing, email delivery and communications (e.g., sending transactional emails or newsletters), analytics services (to understand usage of our Service), customer support tools, and security services (such as services that help us detect fraud). These service providers may process personal data as part of providing those services to us. We only share the minimum information that the service provider needs to carry out its tasks, and we contractually require them to protect it and not use it for any purpose other than providing services to LookDesk. Our service providers are obligated to keep personal data confidential and secure.

  • Business Partners and Integrations: If LookDesk offers integrations with third-party services or if you sign up for LookDesk through a referral or reseller, we may share certain information with the third parties involved. For instance, if you choose to connect LookDesk to a partner application (like a CRM system or a chat platform), we will share data as needed to facilitate that integration at your direction. Similarly, if a partner co-sponsors an event or promotion with us, and you register for it, we might share registration info with that partner (we will let you know at the time of collection if that is the case).

  • Affiliates: We may share your information with our affiliates (if we have a parent company, subsidiaries, joint ventures, or other companies under common control). Any such affiliate will be required to honor this Privacy Policy. For example, if LookDesk expands and has an affiliate in another country helping to provide the Service, we might transfer data to that affiliate. They would be bound to protect your data to the same standard.

  • Legal Compliance and Protection: We may disclose personal data when we have a good faith belief that such disclosure is necessary to comply with a legal obligation, regulation, or valid legal request (e.g., a subpoena, court order, or search warrant). We may also disclose data to enforce our Terms of Service or other agreements, to investigate or defend against third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of our Service, or to exercise or protect the rights, property, or safety of LookDesk, our users, or others. For example, we might provide information to law enforcement authorities if required by law or to report criminal activity.

  • Business Transfers: If LookDesk is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of Service to another provider, your personal data may be transferred as part of such a transaction. In such cases, we will ensure that the successor entity will be bound by terms substantially consistent with this Privacy Policy with respect to your personal data. We will endeavor to notify you (for example, via email or a prominent notice on our site) of any such change in ownership or control of your personal information, if and as required by applicable law.

  • Other Users: If you use collaborative features of the Service, some of your personal data may be visible to other authorized users. For example, if your account is part of a company team on LookDesk, certain profile information (like your name, email, or any profile picture) might be visible to other users in your team’s workspace. Similarly, content you contribute may be visible to others in the context of the Service (depending on settings). Please be mindful of what information you share in any public areas of the Service, as content you post could be seen by others. Where the Service allows you to publish content publicly (e.g., a community forum or public dashboard), that information could become accessible to anyone on the internet; you should only share information you are comfortable being public.

  • With Your Consent or At Your Direction: We will share your personal data with third parties when you explicitly ask or consent for us to do so. For example, if you request that we share data with an outside consultant or if you opt-in to a feature that involves sharing data, we will do so under your direction.

We may also share aggregated or de-identified information that cannot reasonably be used to identify you. For instance, we might publish reports or insights that aggregate usage trends of our Service (e.g., “X% of users use feature Y”) or share anonymized data with research partners. Such information does not identify any individual and therefore may be used and shared for any purpose as it is not considered personal data.

If we ever need to share your personal data in a manner not covered above, we will endeavor to notify you and, if required, obtain your consent.

6. Your Rights and Choices

You have certain rights and choices regarding your personal data. These rights may vary depending on your location and applicable laws, but we are committed to honoring the rights of individuals as required by law (such as GDPR for EU users and CCPA for California residents). Your principal rights include:

  • Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This is sometimes called a “data subject access request.” We will provide you a copy of your data in a commonly used format, usually within a reasonable time and as required by law (generally within 30 days for GDPR requests). For California residents, this includes the right to request the categories and specific pieces of personal information we have collected about you in the past 12 months.

  • Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. You can also update some of your personal data directly by logging into your account (for example, changing your profile information or email). For other changes, contact us and we will address them.

  • Erasure: You have the right to request deletion of your personal data (the “right to be forgotten”). We will honor deletion requests to the extent required by applicable law. For example, we may need to retain certain information for legal compliance or legitimate business purposes (e.g., keeping transaction records, or if it’s required to detect fraud). If you request account deletion, we will remove or anonymize personal data associated with your account (subject to our data retention obligations noted below). California residents have the right to request deletion of their personal information, subject to similar exceptions.

  • Restriction of Processing: You have the right to ask us to limit or halt the processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data, or if you believe our processing is unlawful but you oppose erasure and prefer restriction. When processing is restricted, such data will be marked accordingly and only processed for certain purposes (with your consent or for legal claims, etc.) as allowed by law.

  • Data Portability: In certain cases, you have the right to obtain your personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another service provider (where technically feasible). This applies to personal data that you have provided to us and is processed by us by automated means based on your consent or for performance of a contract. Where applicable, we will provide you with an electronic file of your data or may directly transmit the data to another entity upon your request.

  • Objection to Processing: You have the right to object to our processing of your personal data in some situations. In particular, you have the right to object to processing based on legitimate interests and to direct marketing. For example, if we process your data for our legitimate interest of marketing, you can object and we will stop using your data for that purpose. If you object to processing that we justify with legitimate interests, we will evaluate your objection and stop or limit processing unless we have compelling legitimate grounds to continue or if it is needed for legal reasons. Where we rely on legitimate interest, we believe we have balanced those interests against your rights, but we will respect your rights as required by law.

  • Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw your consent at any time. For example, if you consented to receive our newsletter, you can unsubscribe at any time (withdrawing consent to marketing emails). Withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing of your personal data under other legal bases. If you withdraw consent for a specific optional feature that requires your data, you may not be able to continue using that feature.

  • Automated Decision-Making: LookDesk does not typically make automated decisions about you that have legal or similarly significant effects without human involvement. If we do in the future, you would have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, except as permitted under applicable law (such as if necessary for entering or performing a contract, with your explicit consent, or authorized by law with safeguards). In any case, you would have the right to express your point of view and contest the decision.

  • California Privacy Rights (CCPA/CPRA): If you are a California resident, in addition to the rights above, you have the right to know what personal information we have collected about you in the last 12 months, the categories of sources, the business or commercial purposes for collection, the categories of third parties with whom we share personal information, and if we disclosed or sold personal information (note: LookDesk does not sell personal data to third parties for profit). You also have the right to request deletion of your personal information, as described above, and the right to opt-out of the sale or sharing of personal information (as noted, we do not sell personal data; if that ever changes, we will provide a “Do Not Sell or Share My Personal Information” link). California law also provides the right to correct inaccurate personal information and the right to limit use of sensitive personal information (though we typically do not collect sensitive personal info as defined in the CPRA; if we do, we will honor limitation requests). Additionally, California residents may not be discriminated against for exercising their privacy rights (e.g., we will not deny you services or provide a different level of service just because you exercised your rights, except as permitted by law).

  • Other State Laws: If you are a resident of certain U.S. states (such as Virginia, Colorado, Connecticut, etc.), you may have similar rights under those states’ privacy laws, like the right to confirm if we process your data, to access and delete data, to opt out of certain processing (like targeted advertising or profiling), and to appeal any denial of your rights request. We intend to comply with those laws as applicable. For example, residents of Virginia can opt out of the processing of personal data for targeted advertising or the sale of personal data (we do not sell data) and profiling in furtherance of decisions that produce legal or similarly significant effects. Our platform currently does not engage in profiling that produces legal effects, and any targeted advertising would only pertain to our own products unless otherwise disclosed.

Exercising Your Rights: To exercise any of your rights, please contact us at support@lookdesk.ai with your request. We may need to verify your identity (for example, by confirming control of your email or other details) before fulfilling certain requests. In some cases, we may refuse or limit your request if we have a lawful reason – for example, if fulfilling it would adversely affect the rights and freedoms of others, or if you are requesting deletion of data that we are legally required to keep. If we decline a request, we will explain our reasoning (to the extent we are allowed to under the law).

For California or other U.S. state residents, you (or an authorized agent acting on your behalf) can submit requests through the contact methods provided. If you use an authorized agent, we may require proof of the agent’s written permission to act on your behalf and verification of your identity directly, unless the agent holds a power of attorney. We will respond to verifiable consumer requests within the timeframes required by law (generally within 45 days for CCPA, which may be extended by an additional 45 days with notice).

Opting Out of Marketing: If you no longer wish to receive marketing or promotional emails from us, you can unsubscribe at any time by clicking the “unsubscribe” link in those emails or by contacting us. Please note that you cannot opt out of transactional or administrative emails (e.g., emails about your account, service status, or responses to your inquiries), as those are not promotional.

Cookies Choices: As discussed, you can manage cookies through browser settings. You can also use tools like browser extensions to block trackers. For mobile apps, you can reset advertising identifiers or limit ad tracking via your device settings.

Complaints: If you believe we have infringed your privacy rights, you have the right to file a complaint with a supervisory authority. If you are in the EU/EEA, you may lodge a complaint with the data protection authority of the country where you live or work, or where the alleged infringement took place. For example, in Estonia the Data Protection Inspectorate (Andmekaitse Inspektsioon) is the supervisory authority. If you are in the UK, you can contact the ICO; in Canada, the OPC; in California, the CPPA, etc. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider reaching out to us first to see if we can resolve the issue.

We will not discriminate against you for exercising any of these rights. Our aim is to be transparent and helpful in enabling you to control your personal data.

7. Age Limitations

LookDesk’s Service is not directed to individuals under the age of 18, and we do not knowingly collect personal data from children under 18. If you are under 18, please do not use the Service or submit any personal data to us.

If we learn that we have inadvertently collected personal information from a child under 18 (or under the age of 13, for U.S. children, in violation of COPPA), we will take reasonable steps to delete it as soon as possible. Parents or guardians who believe that their child under 18 (or under 13 in the U.S.) may have provided us personal data can contact us at support@lookdesk.ai, and we will promptly investigate and remove the data if necessary.

If you are at least 18 but considered a minor in your jurisdiction (for example, under 18 in many places), you should use LookDesk only with involvement of a parent or guardian. Some countries may set different age thresholds for required parental consent; where applicable, we abide by those requirements (for instance, in certain EU Member States the age of digital consent may be 13 to 16 – we treat anyone below 18 as needing consent, unless local law is stricter).

8. International Data Transfers

The personal data we collect may be transferred to and stored on servers in countries outside of your own. This includes transfers to servers and service providers located in the European Union, the United States, and possibly other countries. The data may be processed by staff operating outside your country who work for us or for one of our service providers (for instance, a support team or a cloud hosting provider).

Whenever we transfer personal data out of the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we will ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. These may include:

  • Adequacy Decisions: Where applicable, we may transfer data to countries that have been deemed by the European Commission (or relevant authority) to provide an adequate level of data protection under Article 45 of GDPR. (For example, data can flow freely within the EEA and to countries like Canada, Switzerland, Japan, and others deemed adequate.)

  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision (such as the United States), we rely on European Commission-approved Standard Contractual Clauses as a legal mechanism for transfer. These are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of the data in line with EU standards. If UK data is involved, we use the UK’s International Data Transfer Agreement or Addendum as appropriate.

  • Additional Safeguards: In some cases, we implement additional technical and organizational measures to supplement SCCs, such as encryption in transit and at rest, de-identification of data, and policies to address government data requests, to ensure data is afforded essentially equivalent protection to that in the EU.

  • Binding Corporate Rules: Although we do not yet have Binding Corporate Rules, if we were part of a corporate group with such rules approved, we would rely on them for intra-group transfers.

By using the Service or providing us information, you understand that your personal data may be transferred to and processed in countries outside of your country of residence. Those countries may have data protection laws different from (and potentially less stringent than) the laws of your own country. In all such cases, we will take reasonable measures to protect your information as described in this Privacy Policy.

If you would like further information about our international data transfer practices or want to obtain a copy of the SCCs or other transfer mechanism we use, you can contact us using the information provided in the Contact Us section.

9. Data Security

We take data security seriously at LookDesk. We implement a variety of technical and organizational security measures to help protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use encryption to protect data in transit (using HTTPS/TLS protocols for our website and API) and, in many cases, to encrypt data at rest on our servers or databases. This means that the communications between your browser or app and our servers are encrypted, reducing the risk of interception.

  • Access Controls: We limit access to personal data to those employees, contractors, and service providers who have a business need to know such data. They are subject to confidentiality obligations. We use authentication controls (such as passwords and, where appropriate, multi-factor authentication) to protect account access both for users and internally.

  • Network & System Security: Our servers are protected by firewalls and monitoring tools. We regularly update and patch systems and software to address security vulnerabilities. We may utilize intrusion detection and prevention systems to alert of suspicious activities. We also keep backups and use anti-virus/anti-malware solutions where appropriate.

  • Testing and Audits: We conduct periodic security assessments of our platform, which may include penetration testing by independent specialists. We also review our information collection, storage, and processing practices periodically. Our team receives training on proper handling of personal data and security practices.

  • Anonymization and Pseudonymization: Where feasible, we pseudonymize or anonymize personal data, meaning that we remove or replace information that directly identifies you with tokens or aggregated data, especially when using data for development and testing.

  • Physical Security: For the infrastructure that we manage, we implement physical access controls to our facilities. For cloud infrastructure, we rely on reputable providers that have strong physical security standards (e.g., controlled data centers with access logs, surveillance, etc.).

Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. You should also play a role in protecting your information by keeping your account credentials confidential and ensuring you log out after using the Service or using unique, strong passwords and updating them periodically.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please notify us immediately at support@lookdesk.ai so that we can take appropriate action.

In the event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law. We have a breach response plan in place to promptly address such incidents.

10. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • If you have an account with LookDesk, we typically keep your account information and content while your account is active or as needed to provide you the Service. If you delete your account or if it has been inactive for a long time, we will initiate deletion or anonymization of certain personal data, unless we need to keep it longer (see below).

  • We may retain certain data for a longer period if we have a legitimate business interest or legal obligation to do so. For example:

    • Legal and Compliance: We might retain some of your information to comply with laws (e.g., tax and financial records) or evidence our compliance (e.g., consent records). Typically, contract and transaction information is kept for at least the duration required by law (such as 7 years for financial records in some jurisdictions).

    • Dispute Resolution and Enforcement: If we are handling a dispute or believe that litigation could arise relating to your personal data or use of our Service, we will retain relevant information until the issue is resolved. We also retain information as needed to enforce our agreements or to investigate violations (e.g., logs to detect fraud and abuse may be kept to support security).

    • Backups and Integrity: Residual copies of your personal data might persist in our backup systems or archives (these are kept securely) for some time as per our usual backup retention policies. We protect this data and isolate it from active systems.

  • When we have no ongoing legitimate need to process your personal data, we will either delete it or anonymize it so it can no longer be associated with you (and is no longer personal data). If deletion or anonymization is not feasible (for example, because personal data is stored in backup archives), then we will securely store the personal data and isolate it from any further processing until deletion is possible.


The exact retention periods depend on the type of data and the purposes for which we collected it. Here are some general guidelines:

  • Account Information: retained until account deletion, then a grace period before permanent deletion (in case of accidental deletion or reactivation). Some basic data like email may be kept in a suppression list to honor opt-outs.

  • Content Data: e.g., documents or messages you provide – typically retained until you remove them or delete your account. We may purge certain data after a period if it’s no longer needed.

  • Logs and Analytics: basic web server logs and analytics data may be retained for a short period (e.g., 90 days to 1 year) unless used for security analysis which might be kept longer in a secure form.

  • Support Communications: retained as long as needed to address your inquiry and potentially for training or quality purposes, possibly up to a few years.


If you have questions about our retention practices or specific data retention, you can contact us for more details.

11. Do Not Track & Global Privacy Control

“Do Not Track” (DNT) is a preference you can set in your web browser to indicate that you do not wish websites to track you. Currently, there is no universally accepted standard for how to interpret and respond to DNT signals. As a result, LookDesk’s websites do not respond to Do Not Track signals at this time. We treat all users the same, whether or not they have a DNT signal enabled in their browser.

However, we care about your privacy and provide the other privacy controls described in this Policy (such as the ability to opt-out of marketing and manage cookies). If standards emerge and we are required to do so, we will update our practices and this Policy accordingly.

Some newer regulations and proposals involve a “Global Privacy Control” (GPC) signal, which is similar in concept to DNT but intended as an opt-out of sale/sharing under laws like the CCPA. As mentioned, we do not sell personal information, and we currently do not have targeted advertising on our site requiring such an opt-out. If you utilize a GPC signal, we will interpret it as a general opt-out of sale/sharing of personal data, which aligns with our practice of not selling data.

If you have any questions regarding Do Not Track, feel free to contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top. In some cases, we might provide additional notice, such as via email or with an in-app notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make significant changes that require your consent (under applicable law), we will seek your consent as appropriate.

Your continued use of LookDesk’s Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any changes, you should stop using the Service and can request deletion of your data.

13. Additional Notices for Certain Jurisdictions

California Residents: If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, provides you with specific rights regarding your personal information. We have detailed the categories of personal information we collect and the purposes in this Policy (see above). The categories of personal information (as defined in the CCPA) that we may collect correspond to the information described in Section 2 of this Policy (for example: identifiers like name and email; personal information categories like contact details; internet or other electronic network activity information via usage data and cookies; professional or employment information if you provide it; and potentially inferences drawn from the above). We do not sell your personal information to third parties for monetary consideration, and we do not share it for cross-context behavioral advertising in a manner that triggers the “Do Not Sell/Share” requirement. We also do not use or disclose sensitive personal information for purposes that California law would deem unrelated or that you cannot opt out of. If this changes, we will update our practices and provide proper opt-outs.

California’s “Shine the Light” law (Civil Code § 1798.83) also permits California users to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes without consent.

Other U.S. States: Residents of Virginia, Colorado, Connecticut, and Utah (and other states with new privacy laws) have rights similar to those described for California and under Section 6 above. We will facilitate your exercise of those rights in line with those laws. Notably, you have the right to opt out of targeted advertising and the sale of personal data (as defined by those laws) – as stated, LookDesk does not sell personal data, and any targeted advertising is currently limited to our own communications with you. If in the future we engage in targeted advertising involving sharing of data, we will provide a mechanism to opt out. Virginia, Colorado, and Connecticut residents also have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in such profiling. If you feel any action we do constitutes profiling and you want to opt out, please contact us. If you are a resident of these states, you also have a right to appeal our decision if we decline to act on your rights request – instructions will be provided in our response if applicable.

EU/EEA, UK, Switzerland: If you are in these regions, we have addressed GDPR-related information throughout this Policy. You also have the right to lodge a complaint with your local Data Protection Authority as noted.

Our lead supervisory authority under GDPR may be the Estonian Data Protection Inspectorate. You can contact them at info@aki.ee or see their website for more info, if needed.

14. Contact Us

If you have any questions, concerns, or comments about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us as follows:

Email: support@lookdesk.ai

Postal Mail: LLC LookDesk (ТОВ ЛукДеск), Harmatna St, 38A, ap 272, Kyiv, 03067, Ukraine

We will do our best to respond promptly. When you contact us, please provide your contact information and a clear description of your request or question. If you are making a rights request (such as requesting access or deletion), please describe the data you are inquiring about and any relevant details that will help us fulfill your request.

If you have a privacy or data use concern that we have not addressed satisfactorily, you may also contact your local data protection authority (as discussed above) or other applicable regulatory body.

Thank you for reading our Privacy Policy. We value your trust and are committed to protecting your personal data while providing you with a useful and enjoyable Service.