Skip to content
helpdash / io
EN
English EN
Start free trial

helpdash · document

Privacy Policy.

How Helpdash Ltd collects, uses, and protects personal data across the Helpdash marketing site and platform.

Contents

  1. Introduction
  2. Information We Collect
  3. Legal Bases for Processing (GDPR Art. 6)
  4. How We Use Your Information
  5. Data Sharing & Sub-processors
  6. International Transfers
  7. Data Retention
  8. Security Measures
  9. Your Rights Under GDPR
  10. Cookies
  11. Children's Privacy
  12. Tenant End-Users
  13. Data Processing Agreement
  14. Changes to This Policy
  15. Contact Us

1. Introduction

Helpdash Ltd ("Helpdash", "we", "us", or "our"), a company registered in England & Wales, operates the Helpdash customer-support platform and the marketing website at helpdash.io. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over your data.

We act in two distinct capacities depending on whose data is being processed:

  • Data Controller — for personal data of marketing-site visitors, sales-inquiry contacts, and tenant account holders (the customers who sign up for a Helpdash workspace).
  • Data Processor — for personal data submitted by tenant end-users (for example, an end-user submitting a support ticket through one of our customer's portals). In this case, the Helpdash customer is the data controller and we process the data on their documented instructions under our Data Processing Agreement (DPA).

This Policy is written to comply with the EU General Data Protection Regulation (GDPR) and the United Kingdom General Data Protection Regulation (UK GDPR) as supplemented by the Data Protection Act 2018, and is informed by similar laws including the California Consumer Privacy Act (CCPA/CPRA) where applicable.

2. Information We Collect

2.1 From marketing-site visitors

  • Cookies and local storage — a single first-party item (helpdash.cookie-consent.v1) to remember whether you have dismissed the cookie notice. We do not run third-party analytics, advertising, or tracking pixels on the marketing site.
  • Contact form fields — when you submit a contact form, we collect your name, email address, and the contents of your message.
  • "Talk to sales" form fields — when you submit a sales inquiry, we collect your name, email, company name, role, expected team size, and the contents of your message.
  • Server logs — incoming requests are logged at the edge, including IP address, user-agent string, referrer, request path, response status, and timestamp. These logs are kept for security and abuse-prevention purposes.

2.2 From tenant account holders

  • Identity and account data — name, work email, password (hashed), profile photo (optional), preferred language, time-zone.
  • Workspace and configuration data — workspace name, slug, custom-domain DNS information, branding choices, role assignments, automation rules, integration credentials (encrypted at rest).
  • Billing data — billing name, billing address, tax identifier (where applicable), and a Paddle customer ID. We do not store payment-card details on our own servers; payment information is collected and held by Paddle in their capacity as our Merchant of Record (see Section 5).
  • Usage data — login history, device and browser type, in-product navigation events used for service security, abuse prevention, and aggregated product analytics.

2.3 From tenant end-users

When an end-user interacts with one of our customers' Helpdash-powered portals (for example, by submitting a support ticket or starting a live-chat conversation), we process the following on the customer's behalf:

  • Ticket and message content — the body of tickets, replies, internal notes, and live-chat transcripts, including any attachments.
  • Identity data — name and email address provided by the end-user when submitting a ticket or starting a chat session.
  • Visitor metadata — IP address, user-agent string, page URL, referrer, browser locale, timezone, and approximate geolocation derived from IP, used by tenants for routing, fraud prevention, and analytics.

For Section 2.3 data, the Helpdash customer is the data controller. We process this data only on the customer's documented instructions per our DPA. Privacy requests for this data should be directed to the customer in question (see Section 12).

Where the GDPR or UK GDPR applies, our processing of personal data relies on one or more of the following legal bases:

  • Performance of a contract — to provide the Service to our customers and to honour the agreement formed when a customer signs up for a Helpdash account.
  • Consent — for any non-essential cookies and for direct marketing emails to non-customers. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legitimate interests — for service security, fraud and abuse prevention, network security, aggregated product analytics, and the soft opt-in for transactional and product-update emails to existing customers. Where we rely on legitimate interests, we have carried out a balancing assessment and you have the right to object (see Section 9).
  • Compliance with a legal obligation — to retain tax and billing records, to respond to lawful requests from public authorities, and to comply with court orders.

4. How We Use Your Information

  • To provide, operate, maintain, and improve the Service;
  • To process subscription payments via Paddle (Merchant of Record) and to issue invoices and receipts;
  • To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Acceptable Use Policy;
  • To provide customer support and respond to inquiries;
  • To send transactional communications (account confirmations, security alerts, billing notices, service-status updates);
  • To send product-update or marketing communications to existing customers under the soft opt-in, and to non-customers only where they have consented;
  • To improve our products through aggregated, anonymised usage analytics;
  • To comply with legal obligations and enforce our Terms of Service.

We do not use personal data for automated decision-making that produces legal effects or similarly significant effects on individuals.

5. Data Sharing & Sub-processors

We do not sell personal information to third parties. We share personal data only with the categories of recipient listed below, and only to the extent necessary to provide the Service. Each sub-processor is contractually bound to protect personal data to a standard at least equivalent to that imposed by the GDPR.

  • Paddle.com Market Limited (United Kingdom) — payment processing as our Merchant of Record. Paddle handles tax calculation, refund processing, and payment-dispute resolution. See Paddle's Privacy Notice.
  • Resend (Resend, Inc.) (United States) — transactional email delivery. Data transferred under the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.
  • Cloudflare, Inc. (global infrastructure) — DNS, content-delivery network, DDoS protection, and edge security. Data transferred under the SCCs where applicable.
  • Hostinger International Ltd (Lithuania, EU) — server hosting for the Helpdash application and database. Processing within the European Economic Area.
  • Google LLC (United States) — only where a tenant or end-user enables Google OAuth to sign in. Data transferred under the SCCs.

We may also disclose personal data: (a) where required by law, court order, or other lawful request from a public authority; (b) to enforce our Terms of Service; (c) to protect the rights, property, or safety of Helpdash, our customers, or third parties; or (d) in connection with a corporate transaction such as a merger, acquisition, or sale of assets, in which case we will give notice in accordance with Section 14.

6. International Transfers

Our primary processing takes place within the European Economic Area (EEA) and the United Kingdom. Some of our sub-processors are located outside the EEA/UK (notably in the United States). Where personal data is transferred outside the EEA/UK, we rely on one of the following safeguards:

  • An adequacy decision from the European Commission or the UK Government covering the destination country;
  • The European Commission's Standard Contractual Clauses (SCCs) and, for transfers from the UK, the UK International Data Transfer Addendum;
  • Where required, supplementary measures (such as encryption in transit and at rest, pseudonymisation, and access controls) following a Transfer Impact Assessment.

A copy of the relevant transfer mechanism is available on request from privacy@helpdash.io.

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including any legal, accounting, or reporting requirements. Specific retention periods include:

  • Active customer accounts — retained for the lifetime of the account, plus ninety (90) days following cancellation to allow data export.
  • Database backups — encrypted backups are retained for thirty (30) days on a rolling basis.
  • Tax and billing records — retained for seven (7) years from the date of issue, in line with the legal requirement in most jurisdictions in which we operate.
  • Marketing-site server logs — retained for ninety (90) days for security and abuse-prevention purposes.
  • Sales-inquiry leads — retained for twenty-four (24) months from the date of last contact, unless the lead converts to an active customer (in which case the customer-account retention applies).
  • Marketing-site analytics — if collected at all, retained for a maximum of twenty-four (24) months in aggregated form.

8. Security Measures

We take the security of personal data seriously and implement appropriate technical and organisational measures including, without limitation:

  • TLS 1.2 or higher for all data in transit between clients and our infrastructure;
  • Encryption at rest for sensitive fields (integration credentials, OAuth tokens, encrypted-settings values) and full-disk encryption on production database volumes;
  • Role-based access control inside our application, with least-privilege defaults;
  • Multi-factor authentication for staff access to production systems;
  • Regular security patching of dependencies and operating-system packages;
  • Network-level isolation between tenants enforced by global database scopes;
  • A vulnerability-disclosure programme — please report security issues to security@helpdash.io;
  • An incident-response plan covering detection, containment, notification, and post-incident review;
  • Periodic security review of all sub-processors.

We will notify affected data subjects and the relevant supervisory authority of a personal-data breach in accordance with Article 33 and Article 34 of the GDPR/UK GDPR (without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach).

9. Your Rights Under GDPR / Similar Laws

Subject to applicable law, you have the following rights in respect of your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to ask us to delete your personal data, subject to legal-retention obligations.
  • Right to restriction of processing — to ask us to limit how we use your personal data.
  • Right to data portability — to receive a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to object — to object to processing carried out on the basis of legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent — at any time and without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint — with your local supervisory authority (for example, the Information Commissioner's Office in the United Kingdom, the CNIL in France, the AEPD in Spain, the Garante in Italy, the BfDI in Germany, or the Datatilsynet in the Nordics).

To exercise any of these rights, please email privacy@helpdash.io. We will respond to verified requests within one (1) calendar month, with the option to extend by a further two (2) months for complex requests as permitted by Article 12 of the GDPR. We may need to verify your identity before responding to a request.

10. Cookies

The marketing site uses a single first-party local-storage item to remember whether you have dismissed the cookie notice. We do not run third-party analytics, advertising, or tracking pixels on the marketing site. The product application at app.helpdash.io may set additional first-party cookies required to keep you signed in. For more detail, see our Cookie Policy.

11. Children's Privacy

The Service is not directed at children under the age of sixteen (16). We do not knowingly collect personal data from children under sixteen. If you believe we have inadvertently collected personal data from a child under sixteen, please contact us at privacy@helpdash.io and we will take steps to delete the data and the associated account.

12. Tenant End-Users (Visitor / Ticket Submitter)

If you are interacting with a Helpdash customer (for example, by submitting a support ticket through their portal or chatting with their support team), the Helpdash customer is the data controller for your interactions with them. Privacy requests (access, deletion, rectification, etc.) should be directed to the customer in question. Helpdash acts only as a data processor under their instructions per our Data Processing Agreement (DPA).

Where you cannot identify or reach the customer, you may contact us at privacy@helpdash.io and we will use reasonable efforts to facilitate the request and forward it to the relevant customer.

13. Data Processing Agreement (DPA)

A Data Processing Agreement that incorporates the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum is available on request from privacy@helpdash.io for all customers on a paid plan. A pre-signed bilateral DPA is included as part of the standard onboarding for customers on the Enterprise tier.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in applicable law, or in our service. For material changes, we will provide at least thirty (30) days' advance notice via in-app banner and email to the address on file before the change takes effect. Non-material changes (clarifications, typographical fixes) take effect on posting.

Archived prior versions of this Policy are available on request from privacy@helpdash.io.

15. Contact Us

For privacy or data-protection inquiries, please contact:

Data Protection contactprivacy@helpdash.io
Postal address — Helpdash Ltd, London, United Kingdom, England & Wales

We do not currently maintain a representative in the European Union under Article 27 of the GDPR. We will appoint one where required as our customer base in the EU grows; this Policy will be updated accordingly.

Related

Terms of Service · Cookie Policy · Refund Policy

$ effective 2026-05-05 · version 1.0 · last reviewed 2026-05-05

helpdash · talk to sales

Talk to sales

Leave a few details and a real person on the helpdash team will reply within one business day.

We use this only to reply. No marketing pings.
helpdash · sign in · find workspace

Find your workspace

Enter your workspace slug to sign in. We'll take you to the right place.

Your workspace URL is your-team.helpdash.io. If you forgot it, check the welcome email we sent on signup.