Privacy notice

Last updated: 25 May 2026. DRAFT — pending legal review.

Who we are

Effortless Desk ("we") is the trading name of the entity that operates effortlessdesk.com. We provide reception-operations software to UK offices.

Contact: hello@effortlessdesk.com

Our role

When your office subscribes to Effortless Desk, your office is the data controller for the staff and visitor records you put into the app. We are the data processor — we hold and process the data on your office's instruction under a Data Processing Agreement.

For visitors of our marketing site (effortlessdesk.com), we are the controller of the limited data we collect about you.

What we collect about end-users

  • Staff directory: name, work email, department, optional date of birth, optional avatar, role.
  • Parcels: recipient name, courier, tracking number, label photo (default retention 30 days), notes.
  • Visitors: name, optional company, host, arrival + departure times. Optional visitor photo only with explicit consent.
  • Meeting rooms: who booked which room, when, what setup they asked for.
  • Audit log: who did what action and when, for security investigation.

Why we hold it

Legitimate interest of your office (and the legal bases established under your DPA) to run reception operations — receive parcels, track visitors for fire safety, manage shared resources.

Where it lives

All data is hosted in the United Kingdom (Supabase eu-west-2 region, London) using PostgreSQL with row-level isolation per organisation. Email is sent via Resend (EU region, Frankfurt). OCR is processed by Anthropic (UK / EU residency). No data is transferred outside the UK / EEA without your explicit configuration.

How long we keep it

  • Parcel photos: 30 days (configurable per office)
  • Parcel records: 90 days (configurable)
  • Visitor records: 30 days (configurable)
  • Fob handouts: 2 years (configurable)
  • Audit log: 7 years (regulatory)

You can change these in Settings → Compliance. When you cancel your subscription, all data is permanently deleted after 30 days.

Your rights

Under UK GDPR you have the right to access, rectify, erase, port, object to processing, and restrict processing of your personal data. To exercise these rights, contact your office's admin in the first instance, or email hello@effortlessdesk.com.

Admin users can export a Data Subject Access Request (DSAR) for any individual via Settings → Compliance.

Sub-processors

We use:

  • Supabase Inc — database + storage + auth (UK region)
  • Anthropic — OCR vision API for parcel labels
  • Resend — transactional email
  • Vercel — application hosting
  • Stripe — billing only (no end-user PII)

Sub-processor list may change. We give 30 days notice of additions via email to billing contacts.

Cookies

We use strictly-necessary cookies for sign-in sessions only. No analytics or marketing cookies on the app. Our marketing site at effortlessdesk.com may use a privacy-respecting analytics service (no personal data, no cross-site tracking).

Security

HTTPS in transit. Encryption at rest. Per-organisation row-level security. Audit log of all sensitive actions. Two-factor auth available. We do not share or sell your data.

Complaints

If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office (ICO) — ico.org.uk.

← Back to home