DeskFerry Logo

Privacy Policy

Learn how DeskFerry collects, uses, and protects your personal information on our Agentic AI Platform.

Last Updated: July 10, 2026

Privacy Policy for DeskFerry

Last Updated: July 10, 2026

1. Introduction and Scope

This Privacy Policy explains how Geistwerk AI Labs Pvt Ltd, doing business as DeskFerry ("DeskFerry," "we," "our," or "us"), collects, uses, shares, and protects personal information when you use our websites, products, and services, including our Agentic AI Platform (collectively, the "Services").

By using the Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Services.

Contact Information:

This Privacy Policy applies to our online and offline personal information processing activities including visitors to our website where this Policy is posted, individuals who create accounts with us, customers who purchase our Services, event participants, newsletter subscribers, and anyone who communicates or interacts with us.

Additional Notices: Depending on your interaction with us, we may provide supplemental privacy notices. This Policy does not apply to job applicants, employees, or contractors in their employment context.

Business Customers: When businesses purchase our Services, we may process employee or end-user personal information at their direction as a service provider. In such cases, the Customer's privacy policies apply to that processing.


2. About DeskFerry

DeskFerry is an Agentic AI Platform that enables businesses and professionals to build, deploy, and manage AI Agents without code. Our platform automates workflows, processes business data, and integrates securely with over 1,000 apps.

Users may connect their own AI provider accounts (e.g., OpenAI, Anthropic, Google Gemini, Amazon Bedrock, Perplexity, xAI) or use DeskFerry-provided models under their subscription.


3. Personal Information We Collect

We collect personal information directly from you, automatically through your use of our Services, and from third-party sources. To the extent permitted by applicable law, we may combine personal information from these sources.

3.1 Information You Provide Directly

Account and Profile Information: Name, email address, username, hashed password, company name, job title, preferences, and any other information you provide when creating or updating your account.

Billing and Payment Information: Payment card details, billing address, and transaction history. Payment processing is managed securely by our PCI-DSS compliant third-party payment processor; we do not store complete card numbers.

Communications and Support: Messages, feedback, inquiries, support tickets, and correspondence with our team.

Professional Information: Role, organization, business context, and other professional details.

Social Login Data: If you register via Google or other supported sign-in providers, we may receive profile information based on your privacy settings with those platforms.

Event and Registration Data: Information related to webinars, training sessions, events, or conferences you attend, including registration details and participation records.

Survey and Feedback Responses: Information you provide in surveys, questionnaires, or research activities.

Marketing Preferences: Communication preferences and subscription choices.

AI Inputs and Content: Prompts, instructions, uploaded files, and data you provide to our AI features. This may include business documents, customer data, or other content you choose to process through our platform.

3.2 Information Collected Automatically

Device and Browsing Information: IP address, browser type and version, device type and ID, operating system, language settings, domain name, page views, access times, date/time stamps, Internet service provider, referring and exit URLs, and clickstream data.

Usage and Activity Information: Features used, links clicked, searches performed, time spent on pages, interactions within the Services, workflow creation and execution data, AI agent performance metrics, and similar usage information.

Location Information: General location derived from IP address or device settings.

Cookies and Tracking Technologies: We and our service providers use or may use cookies, pixel tags, local storage objects, and similar technologies. See Section 8 for details.

3.3 Information from Third Parties

Integration Partners: Information from third-party platforms you connect through our Services (e.g., CRM systems, business tools, data sources accessed via integrations).

Analytics Providers: Data from analytics platforms we may use that help us understand how our Services are used.

Social Media Platforms: Publicly available information from social networks and professional platforms.

Referral Sources: Information about you from other users who refer you to our Services or collaborate with you.

3.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation), and we ask that you do not provide it to us. If you choose to include sensitive information in AI prompts or uploaded files, it is handled as User Content under this Policy and our agreements with you, and we process it only to provide the functionality you requested. We strongly encourage you to remove or anonymize sensitive data before submitting it to the Services.


4. How We Use Your Personal Information

We collect, use, and process personal information for the following purposes:

Service Delivery and Support: To provide, maintain, and improve our Services; manage your account; deliver customer support; respond to inquiries; fulfill requests; process workflows; execute AI agents; and operate our platform.

Payment Processing: To process transactions, manage subscriptions, handle billing, and maintain payment records.

Communication: To send service-related notifications, respond to questions, provide technical updates, and communicate about your account or Services.

Personalization and Customization: To tailor your experience, recommend features, customize content, and provide location-based services where appropriate.

Marketing and Promotion: To send newsletters, promotional materials, product updates, and information about new features or offerings (with opt-out options).

Analytics and Improvement: To understand how users interact with our Services; evaluate and improve features; develop new functionality; conduct research; perform quality control; and train our teams.

AI Development: To improve our AI features, optimize agent performance, and enhance platform capabilities. We do not use your User Content to train AI models (see Section 7.3).

Security and Fraud Prevention: To protect our Services, detect and prevent fraud, investigate unauthorized access, respond to security incidents, and protect our rights and those of our users.

Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests; respond to subpoenas or court orders; and fulfill audit and reporting obligations.

Business Operations: To conduct internal audits, maintain business records, assess business opportunities, manage vendor relationships, and support general operational needs.

Business Transactions: To evaluate, negotiate, and complete mergers, acquisitions, financing, restructuring, or asset sales.

We may also use your information for other purposes with your consent or as permitted by law.


For users in the EU, UK, or Switzerland, we process personal information based on the following legal grounds:

Contractual Necessity: To perform our contract with you and deliver the Services you requested.

Legitimate Interests: For business operations, security, analytics, service improvement, fraud prevention, and marketing to existing customers, where our interests are balanced against your rights.

Consent: For optional features, marketing to prospects, certain integrations, or where required by law. You may withdraw consent at any time.

Legal Obligations: To comply with applicable laws, regulations, and legal processes.

Vital Interests: To protect health, safety, or fundamental rights in exceptional circumstances.


6. How We Share Personal Information

We share personal information only when necessary and with appropriate safeguards:

6.1 Service Providers and Partners

  • Technology and Infrastructure Providers: Hosting, cloud storage, database management, and IT support vendors.
  • Analytics and Monitoring: Product analytics and performance monitoring tools we may use.
  • Communication Services: Email delivery platforms, customer support tools, and messaging services.
  • Payment Processing: Paddle (Paddle.com Market Limited and Paddle.com Inc.), our Merchant of Record, which acts as the reseller of our Services and processes payments, taxes, invoices, and refunds. We do not store or collect your payment card details; that information is provided directly to Paddle, which processes your payment data as an independent controller under its own privacy policy, available at .
  • AI Service Providers: Third-party AI model providers that process prompts, inputs, and outputs to deliver AI functionality. When you connect your own AI provider accounts, those providers process your data under your agreement with them and their own policies (see Section 7).
  • Integration Partners: Third-party platforms and integration services you choose to connect through our Services.

Service providers are engaged under contracts that restrict their use of personal information to the services they perform for us.

Sub-Processor List: A current list of our sub-processors, including their purpose and location, is published at . We will make commercially reasonable efforts to notify customers of material changes to our sub-processors. Enterprise customers may have additional contractual rights regarding sub-processors as specified in their agreements.

6.2 Business Transfers

In connection with mergers, acquisitions, financing, reorganizations, bankruptcies, or asset sales, we may disclose or transfer personal information to potential or actual buyers, investors, lenders, auditors, and advisors. Personal information will be subject to confidentiality obligations prior to completion of such transactions.

We may disclose personal information when required or permitted by law:

  • To comply with legal obligations, court orders, subpoenas, or regulatory requests
  • To law enforcement or government authorities in response to lawful requests
  • To protect our rights, property, safety, or that of our users or the public
  • To prevent, detect, or investigate fraud, security incidents, or illegal activities
  • To enforce our Terms and Conditions or other agreements
  • In connection with legal proceedings, disputes, or claims

We may share personal information for purposes you specifically authorize or consent to.

6.5 Aggregated and Deidentified Data

We may use and share aggregated, deidentified, or anonymized data that does not identify you personally for research, analytics, marketing, and other business purposes. We maintain and use such data in deidentified form and do not attempt to reidentify it, except to verify the adequacy of our deidentification processes as required by law.

6.6 International Transfers

We may transfer personal information to the United States and other countries where we or our service providers operate. For users in the EEA, UK, or Switzerland, such transfers are protected by Standard Contractual Clauses (SCCs) or other appropriate safeguards under GDPR and UK GDPR.


7. Use of AI and Data Processing

7.1 AI Features

Our Services include AI-powered features using machine learning and large language models (LLMs). These features may process:

  • User inputs, prompts, and instructions
  • Uploaded files and documents
  • Connected data sources
  • Workflow configurations
  • Agent execution logs

7.2 AI Model Selection

You control which AI models process your data:

  • DeskFerry-Provided Models: Included in your subscription; processed according to this Privacy Policy
  • Connected Third-Party Models: Your own API accounts with providers like OpenAI, Anthropic, Google, AWS, etc.; processed according to their privacy policies

You can change AI model preferences or disconnect third-party accounts anytime in your dashboard.

7.3 AI Training and Data Use Commitments

(a) No Model Training by DeskFerry: We do not use your prompts, inputs, outputs, uploaded content, or other User Content to train, fine-tune, or improve AI or machine learning models.

(b) Third-Party AI Providers: When your data is processed by third-party AI providers through DeskFerry-provided models, we use commercial API offerings under terms that do not permit the provider to train its models on data submitted through the API. When you connect your own AI provider accounts, your data is processed under your agreement with that provider and its policies.

(c) De-Identified and Aggregated Data: We may use de-identified or aggregated data derived from usage of the Services to analyze platform performance and reliability, improve the user experience, generate aggregate statistics, and develop platform features. We apply industry-standard de-identification techniques, maintain such data in de-identified form, and do not attempt to re-identify it, except to verify the adequacy of our de-identification processes where required by law. We do not use de-identified data to train AI models.

7.4 Data Control

You can:

  • Disconnect AI integrations and connected accounts
  • Control which data sources AI agents can access

To review, export, or delete your AI inputs, outputs, and other account data, contact [email protected] and we will fulfill your request as described in Section 9.

7.5 Automated Decision-Making

DeskFerry Platform Decisions: DeskFerry does not use solely automated decision-making (including profiling) that produces legal effects or similarly significant effects on you as a user of our Services. Decisions regarding your account, subscription, or access to the Services involve human review where they could significantly affect you.

Your Use of AI Agents: When you create and deploy AI agents through our platform, you control what decisions those agents make. If you use AI agents to make decisions that have legal or significant effects on individuals (such as employment screening, credit decisions, service eligibility, or similar determinations), you are responsible for:

(a) Ensuring meaningful human oversight of such decisions;

(b) Providing affected individuals with information about the automated processing;

(c) Implementing safeguards to prevent errors, bias, and discrimination;

(d) Offering affected individuals the ability to contest decisions and request human review; and

(e) Complying with all applicable laws regarding automated decision-making, including GDPR Article 22, the EU AI Act, and similar regulations.

Your Rights: Under GDPR and similar laws, you have the right to:

  • Not be subject to decisions based solely on automated processing that produce legal or significant effects on you
  • Obtain human intervention in automated decisions
  • Express your point of view and contest automated decisions
  • Receive an explanation of decisions made about you

To exercise these rights regarding any decisions made by DeskFerry about you, contact us at [email protected].


8. Cookies and Tracking Technologies

We and our third-party service providers use or may use cookies, pixels, local storage, and similar technologies to enhance functionality, analyze usage, and provide personalized experiences.

8.1 Types of Technologies

  • Cookies: Small text files stored on your device that help us recognize you, maintain session state, remember preferences, and analyze usage patterns.
  • Pixel Tags (Web Beacons): Tiny graphics embedded in web pages to track page views and user actions.
  • Local Storage Objects: Browser-based storage mechanisms that persist data between sessions for faster loading and enhanced functionality.
  • Log Files: Records of system activity, errors, and usage patterns.

8.2 Categories of Cookies We Use or May Use

CategoryPurposeExamplesDuration
Strictly NecessaryEssential for the website and Services to function. Cannot be disabled.Session management, authentication, security tokens, load balancingSession to 1 year
FunctionalRemember your preferences and settings to enhance your experience.Language preferences, display settings, previously viewed content1 year
AnalyticsHelp us understand how visitors interact with our Services to improve performance.Page views, feature usage, error tracking, performance metricsUp to 2 years
MarketingMeasure the effectiveness of our marketing campaigns.Campaign attribution, conversion measurementUp to 2 years

8.3 Third-Party Cookies and Services

We may use the following categories of third-party services that set cookies:

  • Analytics Providers: To measure and analyze how users interact with our Services
  • Social Media Platforms: To enable social sharing features and track referrals
  • Payment Processors: To facilitate secure payment transactions

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

Where required by applicable law (including in the EU and UK), we obtain consent for non-essential cookies. You can manage cookies at any time by:

  • Adjusting your browser settings (see Section 8.5)
  • Using the opt-out links below
  • Contacting us at [email protected]

Strictly Necessary cookies do not require consent and cannot be disabled as they are essential for the Services to function.

8.5 Managing Your Preferences

Browser Controls: Most browsers allow you to:

  • View what cookies are stored on your device
  • Block all cookies or only third-party cookies
  • Delete cookies when you close your browser
  • Receive alerts when cookies are being set

Note: Disabling cookies may limit functionality of the Services. For example, you may not be able to log in or access certain features.

Opt-Out Links:

8.6 Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Our Services currently do not respond to DNT signals. However, you can use the cookie controls described above to manage tracking preferences.


9. Your Privacy Rights and Choices

9.1 Marketing Communications

You may opt out of promotional emails by:

You will continue to receive transactional and service-related communications.

9.2 Data Subject Rights

Depending on your location, you may have rights to:

  • Access: Request a copy of personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request transfer of your data in a structured, machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

End Users of Business Customers: If we process your personal information on behalf of a business customer (for example, your employer or a company whose services you use), please direct your request to that customer, as their privacy policies govern that processing. We will assist the customer in responding as required by our agreement with them and applicable law.

9.3 Exercising Your Rights

To exercise these rights:

We will verify your identity and respond within the timeframe required by applicable law. You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.


10. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. To determine appropriate retention periods, we consider the nature and sensitivity of the information, the purposes for which we process it, applicable legal, tax, and accounting requirements, and the need to preserve records for disputes or enforcement of our agreements.

When personal information is no longer needed, we securely delete or de-identify it. You may request earlier deletion as described in Section 9, subject to legal and operational requirements.


11. Security Measures

We implement reasonable administrative, technical, and organizational measures designed to protect personal information, including encryption of data in transit and at rest, secure authentication, and access controls.

If we become aware of a data breach affecting personal information, we will investigate and contain the incident and notify affected individuals and applicable regulators as required by applicable law.

While we use reasonable security measures, no system is completely secure. You can help protect your account by using a strong, unique password.


12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

If you are a parent or guardian and believe we have collected information about your child, please contact us at [email protected]. We will promptly delete such information.


13. U.S. State-Specific Privacy Rights

Residents of California, Colorado, Connecticut, Virginia, Utah, and other U.S. states with comprehensive privacy laws have additional rights.

California residents have rights to know what personal information we collect, access specific pieces of personal information, delete personal information, correct inaccurate personal information, opt-out of sale or sharing of personal information, limit use of sensitive personal information, and non-discrimination for exercising privacy rights.

We do not sell personal information for monetary consideration. If we engage in any activity that constitutes "selling" or "sharing" personal information under applicable state law in the future, we will update this Policy and provide any required opt-out mechanisms before doing so.

Submit requests via email at [email protected]. You may also use an authorized agent to submit requests on your behalf; we may require proof of the agent's authorization and verification of your identity. We will verify your identity before processing requests and respond within the timeframe required by applicable law.

Appeals: If we decline to act on your request, you may appeal our decision by replying to our response or emailing [email protected] with the subject line "Privacy Appeal." If your appeal is denied, you may contact the Attorney General of your state.


14. International Provisions

We comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) and UK GDPR, for users in those jurisdictions.

For EU/UK users, you have rights to access, rectification, erasure, restriction, data portability, objection, withdraw consent, and lodge complaints with supervisory authorities. Contact [email protected] to exercise these rights.

For transfers from the EEA and UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented in our agreements with service providers, and other legally recognized transfer mechanisms.


15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, Services, legal requirements, or for other operational reasons.

Material changes will be communicated via email to your registered address, prominent notice on our website or within the Services, and the "Last Updated" date at the top of this Policy.

We encourage you to review this Policy periodically. Continued use of our Services after changes constitutes acceptance of the updated Policy.


16. Contact Information

Geistwerk AI Labs Pvt Ltd (doing business as DeskFerry)

Email:

Response Time: We respond to privacy inquiries within the timeframes required by applicable law, after identity verification.


This Privacy Policy is effective as of the Last Updated date above and applies to all users of DeskFerry Services.