How we handle your data.

Last updated: 26 May 2026

1. Who we are

TDesk is operated by Design Technology Ltd, trading as Transcom Internet Services. Company number 2828342, registered in England & Wales. Registered office: Concorde House, Brighton BN2 1TS, United Kingdom.

For privacy queries: privacy@tdesk.uk.

2. What we collect

Account data

• Your name, email address, billing address, phone number
• Company details (if you registered as a business)
• Payment method details (handled by Stripe; we never see your card numbers)

Service data

• The domains, mailboxes, files and databases you create through TDesk
• Server logs (access, error, mail) — needed for support and abuse handling
• Backup data — encrypted, retained 30 days

Usage data

• Panel session activity (audit log) — what actions you took, when, from which IP
• Resource usage (disk, bandwidth, mail volumes) — for billing and quota enforcement

3. Why we collect it

• To deliver the service. You can't have hosting without us knowing your domain and storing your files.
• To bill you. We need your contact details and a payment method.
• To prevent abuse. Logs help us identify spam, attacks, and policy violations.
• To comply with the law. We retain certain data because UK and EU law requires it.

4. Where it lives

All TDesk data — account, service and usage — is hosted in the United Kingdom, on UK-based infrastructure. We use no US-based data processors.

Stripe (for payments) operates globally; payment data is transferred to Stripe under their Standard Contractual Clauses.

5. How long we keep it

• Account data: until you close your account, plus 7 years for tax records.
• Service data: while your account is active. Deleted within 30 days of cancellation (we keep backups for 30 days then purge).
• Server logs: 90 days, rotated automatically.
• Audit log: retained as long as your account is active.

6. Who we share it with

Nobody, unless legally required (UK court order, formal abuse complaint via established channels, or compliance with a regulator). We'll always notify you unless the order forbids it.

We use these data processors (all bound by GDPR-aligned contracts):

• Stripe — payment processing
• UK data-centre infrastructure provider — hosting
• DNS Unlimited — secondary DNS
• Mailgun — outbound transactional mail (signups, billing notices)

7. Your rights

Under UK GDPR you can:

• Ask what we hold about you (Subject Access Request)
• Correct or update inaccurate data
• Ask us to delete it (subject to legal retention requirements)
• Export it in a portable format
• Complain to the ICO if we've handled it badly — ico.org.uk

For any of these: privacy@tdesk.uk. We'll respond within 30 days.

8. Cookies

We use a single session cookie (tdesk_session) to keep you signed in. No third-party tracking, no analytics, no advertising cookies. We don't need a cookie banner.

9. Changes

If we change this policy materially, we'll email you. Minor wording updates may go in without notice; the "Last updated" date at the top will always reflect the current version.