Privacy Policy (UK & EU)

Deskree Technologies Inc. and Deskree US Inc. ("Deskree," "we," or "our") provide the Tetrix AI platform and related services. This Privacy Policy explains how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and Swiss Federal Act on Data Protection.

When you connect systems to Tetrix AI, we access data based on the credentials and permissions you provide:

Source code, commit history, issues, pull requests, documentation, and repository metadata.

Schema information and data access as permitted by your credentials. By default, we request full read/write access, but you can provide restricted credentials (read-only, schema-only, specific tables).

Resource configurations and metadata. Object contents and logs are accessed only when you explicitly request them.

This data may include personal information in code comments, commits, logs, or database records.

• Name, email, company, phone number
• Payment information via Stripe (we store only last 4 digits and billing address)

• Platform usage, features accessed, performance metrics
• Analytics via PostHog

We process personal data under GDPR Article 6(1):

• Contract: To provide Services you've requested
• Legitimate Interests: Platform security, improvements, fraud prevention
• Consent: Marketing communications, non-essential cookies
• Legal Obligation: Compliance with laws

• Provide and improve Services
• Process AI queries using your connected data
• Maintain security and prevent abuse
• Process payments and communicate with you
• Comply with legal obligations

We do not use your data to train AI models.

When you ask a question:

1. We identify relevant context from your connected systems
2. Your query, recent conversation history, and relevant context are sent to AI providers (OpenAI, Anthropic)
3. The AI response is returned to you

We do NOT send customer metadata, account IDs, company names, emails, tokens, or credentials to AI providers. We use automated PII detection to mask sensitive data before processing.

Your data is:

• Stored in physically isolated databases (one per customer)
• Not shared with other customers
• Not used to train AI models
• Deleted when you disconnect integrations or delete your account

AI providers (OpenAI, Anthropic) may retain query data for up to 30 days for abuse monitoring per their standard terms, but do not use it to train their models.

We do not sell personal information.

We share data with service providers (subprocessors) who help us operate:

• AI Processing: OpenAI (US), Anthropic (US)
• Infrastructure: AWS, MongoDB, Vercel, Cloudflare
• Payments: Stripe
• Analytics: PostHog, Sentry, LangSmith

All providers are bound by Data Processing Agreements.

View our complete subprocessor list at our Trust Center.

We notify customers at least 30 days before adding new subprocessors. We also disclose information when required by law.

Personal data is transferred to:

• Canada: Deskree headquarters (partial EU adequacy under PIPEDA)
• United States: AI providers (OpenAI, Anthropic) and infrastructure

We protect transfers using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement (IDTA) for UK transfers
• Encryption and access controls

Request a copy of our SCCs at help@deskree.com.

Customer data is stored in AWS regions US-East-1 (Virginia) and EU-West-1 (Ireland). Each customer receives a physically isolated database. Enterprise customers can request specific regional deployments.

• Encryption in transit (TLS 1.3) and at rest (AES-256 via AWS KMS)
• Role-based access controls
• Credentials stored in AWS Secrets Manager
• Automated PII detection and masking
• SOC 2 Type II and HIPAA compliance

Only authorized senior engineers and security team members can access customer data, using time-limited credentials (24-48h) with MFA. All access is logged and retained 7 years.

When you delete your account or disconnect integrations, we purge data within 48 hours and destroy encryption keys via AWS KMS, making all backups cryptographically unrecoverable within 30 days.

You have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restrict processing
• Data portability (receive data in machine-readable format)
• Object to processing based on legitimate interests
• Withdraw consent at any time

Contact help@deskree.com. We respond within 30 days.

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

We use cookies for essential functionality and analytics. EU/UK users must consent to non-essential cookies via our cookie banner.

Manage preferences at our website or through browser settings.

Your connected systems may contain sensitive information (credentials, personal data, trade secrets) that could be processed and surfaced by AI. We recommend:

• Using secrets management tools instead of hardcoding credentials
• Providing least-privilege database credentials
• Reviewing data before connecting

Contact help@deskree.com before connecting systems with health data subject to GDPR special category protections.

Our Services are not for children under 13. Do not connect systems containing children's data.

You retain all rights to your code and data. We do not claim ownership, share your code with other customers, or use it to train AI models.

We do not engage in automated decision-making with legal or significant effects under GDPR Article 22. AI features assist but do not replace human decisions.

We may update this policy and will notify you of material changes via email or platform notice at least 30 days in advance.

Privacy Officer: Makar Levashov

Email: help@deskree.com

Address: 169 Gore Vale Avenue, Toronto, ON, M6J 2R5

Under GDPR Article 27, we are not required to appoint an EU representative as our processing does not meet the threshold requiring designation.

Enterprise customers can request Data Processing Agreements at sales@deskree.com.