Privacy Policy

1. Who We Are

Vantage Desk ("we," "us," or "our") is a project management product developed by Vantage Suite, operated from Canada. This Privacy Policy explains how we collect, use, and protect information when you visit vantagedesk.io (our marketing site) or use app.vantagedesk.io (our application).

If you have questions about this policy, please reach out at support@vantagedesk.io.

2. Information We Collect

A. Application account data (app.vantagedesk.io)

When you or your organization creates a workspace, we collect:

• Your name and email address (used for authentication and in-app identification)
• Tasks, projects, and workspace content you or your team create
• Your notification preferences (which types of email reminders you opt into)
• Your role within your organization's workspace

This data is scoped to your organization's workspace. Members of other organizations cannot see it.

B. Emails you send to us

If you contact us at support@vantagedesk.io or use our demo booking form, we receive your name, email address, and message content. We use this only to respond to you.

3. How We Use Your Information

• To operate the application: authenticate users, enforce workspace access controls, and deliver the features you've signed up for.
• To send task and project reminders: if you enable email notifications, we send reminders about upcoming or overdue tasks based on your preferences.
• To send onboarding emails: new workspace admins receive a short onboarding sequence (up to 3 emails) to help them get started. These stop automatically after a few days.
• To respond to support requests: we use contact information only to reply to your message.

We do not use your data for advertising, profiling, or any purpose not listed here.

4. Third-Party Services

We use a small number of trusted providers to operate the platform:

• Supabase: our database, authentication, and file storage provider. All application data (tasks, members, projects, etc.) is stored on Supabase infrastructure. Supabase is SOC 2 Type II certified. Data is stored in the United States. See supabase.com/privacy.
• Resend: our transactional email provider, used to send task reminders and onboarding emails. Resend receives your email address and the content of the emails we send you. See resend.com/privacy.
• Stripe: our payment processing provider, used to handle subscription billing. When you subscribe to a paid plan, your payment card details are entered directly into Stripe's interface and never touch our servers. Stripe is PCI-DSS compliant. See stripe.com/privacy.

We do not use Google Analytics, Meta Pixel, or any advertising network. We do not engage in cross-site tracking.

5. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your data with third parties except:

• With the service providers listed in Section 4, to the extent necessary to operate the platform.
• If required by Canadian law, a court order, or a government authority with jurisdiction.
• If we merge with or are acquired by another company. In that case we will notify you and you will have the option to delete your account before any transfer occurs.

6. Data Retention

We retain your account data for as long as your workspace is active. If your organization's workspace is deleted or you request deletion, we remove your personal data within 30 days, except where we are required by law to retain it longer.

Email records (reminders and onboarding) are retained in our deduplication log to prevent duplicate sends. This log does not contain the email body, only the fact that a given email type was sent to a given member ID on a given date.

7. Your Rights Under PIPEDA

As a Canadian-operated service, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Withdrawal of consent: withdraw consent for processing that relies on consent, subject to legal or contractual restrictions.
• Deletion: request that we delete your personal information. We will comply within 30 days, subject to any legal retention requirements.
• Complaint: if you believe we have not handled your information appropriately, you may file a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, email us at support@vantagedesk.io. We will respond within 30 days.

8. Security

We apply reasonable technical and organizational safeguards to protect your data, including encrypted connections, logical data isolation so that each organization's workspace is inaccessible to others, and strict access controls that limit who on our team can reach production data.

No system is perfectly secure. If you discover a security concern, please contact us at support@vantagedesk.io and we will respond promptly.

9. Children

Vantage Desk is a business productivity tool intended for adults. We do not knowingly collect personal information from anyone under 16. If you believe a minor has created an account, please contact us and we will remove it.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If we make material changes that affect how we handle your personal information, we will notify workspace admins by email before the change takes effect.

11. Contact Us

Questions, requests, or concerns about this privacy policy or how we handle your data: