Privacy Policy

We collect only the minimum information necessary to provide our services and verify your identity:

• Account information: Your name, email address, and company name, used to create and manage your account.
• Authentication data: Passwords (stored as irreversible hashes) and multi-factor authentication credentials, used solely to secure your account.
• Usage data: Basic server logs (IP addresses, browser type, access times) necessary for security monitoring and service reliability.

All personal information collected is used exclusively to ensure your true identity and provide you with secure access to PatchDesk.

Your information is used strictly for the following purposes:

• To verify your identity and authenticate your access to PatchDesk.
• To provide, maintain, and improve our services.
• To send essential account-related communications (e.g., password resets, security alerts).
• To process payments through our secure payment processor, Stripe.

We do not use your information for advertising, profiling, or any purpose beyond delivering our service to you.

We do not share, sell, rent, or disclose your data to any third-party entities.

The only exception is our payment processor, Stripe, which receives the minimum information necessary to process your subscription payments. Stripe operates under its own privacy policy and is PCI DSS Level 1 certified — the highest level of payment security certification.

We will only disclose information if required by law, such as in response to a valid court order or legal process. In such cases, we will notify you unless legally prohibited from doing so.

PatchDesk staff will not view, access, or read your customer data. This includes your bug reports, support tickets, customer conversations, internal notes, team communications, and any other content you create within PatchDesk.

Your data is yours. We provide the platform — we do not inspect what you put on it.

We take the security of your data seriously. All data is protected using multiple layers of security:

• Encryption at rest: All databases are encrypted. Sensitive fields such as personal information are additionally encrypted at the application level.
• Encryption in transit: All connections to PatchDesk are secured with TLS/SSL encryption.
• Password security: Passwords are hashed using bcrypt with salt rounds, making them irreversible.
• Multi-tenant isolation: Row-level security policies ensure that each organization's data is strictly isolated from all others.
• Multi-factor authentication: Optional MFA via TOTP, email, or SMS adds an additional layer of account protection.

You have the right to:

• Access the personal information we hold about you.
• Correct any inaccurate information in your account.
• Delete your account and all associated data.
• Export your data at any time using our built-in export tools.

To exercise any of these rights, contact us at [email protected].

PatchDesk uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics services.

If we make changes to this privacy policy, we will notify you by updating the date at the top of this page. For significant changes, we will provide additional notice via email.

If you have any questions about this privacy policy or our data practices, please contact us at:

[email protected]