Privacy Policy

AxoDesk is a customer conversation management platform operated by Axora Infotech ("AxoDesk", "we", "us", or "our"). Our operating contact is Axora Infotech, Satellite, Ahmedabad, Gujarat, India.

For privacy questions, requests, or grievances, contact support@axodesk.io. For general business correspondence, contact info@axorainfotech.com. If you are an end customer of a business using AxoDesk, contact that business first because it usually controls your personal data.

This policy applies to the AxoDesk website, applications, customer workspaces, support channels, sales interactions, and related services. It does not replace the privacy notice of an AxoDesk customer or the terms of a third-party channel selected by a customer.

We act as a controller or data fiduciary when we decide why and how to process website, prospect, account, billing, and support data. We generally act as a processor or service provider when we process workspace data for a customer, such as contacts, conversations, imported records, and connected-channel data. Our Data Processing Addendum describes that processor relationship in more detail.

The data processed by AxoDesk depends on how the service is used:

• Website and prospect data: contact details, company details, sales inquiries, demo requests, newsletter submissions, support-chat content, browser data, IP address, referrer, and consent choices.
• Account and authentication data: name, business email, profile information, organization and workspace membership, roles, permissions, login events, session records, OAuth account references, and security events.
• Contact and CRM data: names, phone numbers, email addresses, external identifiers, company information, tags, custom fields, lifecycle stages, assignments, notes, marketing opt-out status, and source information.
• Conversation and channel data: inbound and outbound messages, email content, attachments, media references, comments, delivery and read status, reactions, templates, conversation history, call-related information, and channel identifiers.
• Automation and campaign data: workflows, triggers, execution records, broadcasts, recipient status, unsubscribe events, audience criteria, and analytics derived from customer activity.
• Integration data: configuration, OAuth references, access credentials stored for enabled connections, webhook events, and records exchanged with services selected by a workspace administrator, such as Meta channels, Meta Ads, Shopify, Google, email, SMS, calling, and webchat.
• Commerce context: where Shopify or another commerce feature is enabled, customer profiles, products, carts, orders, line items, amounts, status, and provider references used to give customer-facing teams relevant context.
• AI-enabled feature data: prompts, instructions, knowledge content, conversation context, generated suggestions, summaries, tool-execution context, and configuration selected by a customer.
• Billing, support, and operations data: plan, subscription and invoice references, payment status, support correspondence, notifications, browser push-subscription data, activity records, diagnostics, and audit-related records.

Customers control the data they connect, import, transmit, or make available to AxoDesk. They must not provide data they are not authorized to process.

• Directly from you when you browse, submit a form, contact us, create an account, or configure a workspace.
• From the organization that invited you to an AxoDesk workspace.
• From AxoDesk customers that import, enter, or synchronize their contact and business records.
• From customer-directed integrations and communication channels, including Meta services, Shopify, Google, email, SMS, calling, and website chat.
• Automatically from your browser, device, and use of the service, subject to applicable consent requirements.

Depending on the context and applicable law, we rely on the following purposes and legal bases:

AxoDesk can provide AI-assisted replies, summaries, workflow intelligence, knowledge features, lead-handling support, and customer-configured AI agents. When enabled, relevant workspace data may be sent to the AI provider configured for that feature. Depending on deployment and configuration, supported providers may include OpenAI, Mistral AI, Cohere, Anthropic, or Google Gemini.

AI output may be incomplete, inaccurate, or unsuitable for a particular context. Customers are responsible for configuration, testing, human oversight, and deciding whether output may be used. AxoDesk should not be used to make decisions producing legal or similarly significant effects about individuals without an appropriate legal basis, safeguards, and human review.

We disclose personal data only as reasonably necessary for the service or as required by law:

• Within a customer organization: to authorized workspace users according to roles and permissions.
• Vendors and subprocessors: to providers supporting hosting, object storage, monitoring, payments, analytics, support, and AI-enabled features.
• Customer-directed third parties: to channels and integrations enabled by customers, such as Meta, Shopify, Google, email, SMS, calling, and AI providers.
• Professional advisers and authorities: where reasonably necessary for legal advice, compliance, security, fraud prevention, or a valid legal request.
• Business transfers: in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.

See our Third-Party Services and Subprocessors Notice for more detail.

AxoDesk is operated from India and can use providers or customer-selected integrations in other countries. Where transfer restrictions apply, we use an appropriate transfer mechanism, such as contractual safeguards, an adequacy decision, or another lawful basis. Customers should review enabled integrations because those providers may independently process data under their own terms.

We retain data for as long as reasonably necessary to provide the service, maintain security and reliability, comply with law, resolve disputes, and enforce agreements. Retention depends on the data type, account status, enabled features, customer instructions, and legal obligations.

Customer workspace data is handled according to the service agreement and applicable DPA. Some residual copies may remain for a limited period in backups, logs, fraud-prevention records, or records we must retain by law. Customers are responsible for exporting required data before account closure.

Depending on applicable law, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, and information about processing or sharing. You may also have the right to complain to a competent data-protection authority or grievance body.

For website consent, use the Cookie Policy and cookie-preferences control in the footer. For workspace data, contact the AxoDesk customer that controls the workspace first. For data controlled by AxoDesk, email support@axodesk.io. We may ask for information needed to verify your identity and request.

AxoDesk is a business service and is not directed to children. Do not use the service to process children's data unless you have assessed applicable law and obtained all required authorization.

Do not use AxoDesk for special-category, sensitive, health, financial, biometric, government-identification, or similarly regulated data unless your agreement expressly permits the use and you have implemented appropriate safeguards. AxoDesk is not an emergency service.

We may update this policy as our service or legal obligations evolve. We will post the updated version and revise the effective date. Where required, we will provide additional notice for material changes.