Privacy and data protection policy

Data retention

Data removal

Project administrators (roles: admin, owner) can export customer data, using the specific functions (consult the Tiledesk documentation for further information), at any time during the term of the contract. We have included data export capabilities in our terms to enhance our data export capabilities, making it even easier to download a copy of your project data.

You can also delete end user data, via the Tiledesk services functionality, at any time. When Tiledesk receives a complete deletion instruction from you (for example when a conversation you have deleted can no longer be recovered from your “recycle bin”), Tiledesk will delete the relevant conversation data from all its systems within a maximum period of 180 days, unless special data retention obligations apply. In some cases and with particular privileges it is possible to completely delete the data, instantly and definitively, without going through the trash function.

What happens when a subscription expires?

Even if your support account is still accessible for a certain period of time after expiration or suspension, no new requests will reach your project and you will not be able to reply to old chats until we have processed the payment.

About 10 days after your project reaches the state where you can no longer receive or respond to requests, the project will become completely inaccessible. Reports and dashboards can no longer be recovered and the project will be deleted. If your account is inaccessible, please submit a support request using Tiledesk’s support chat, at the bottom right of this page.

Stopping or deleting a Project

Ninety (90) days after account closure or, except as noted below, two hundred and seventy (270) days after the trial period ends (assuming you have not purchased a subscription), an automatic process will begin which permanent Data for the canceled Project. The automatic cancellation procedure will not start for ninety (90) days. Once started, this process cannot be undone and the project data will be permanently deleted.

Can data be recovered from a deleted account?

Once an account is deleted, access to data within the account is lost. In accordance with our data deletion policy, an automatic deletion process begins after 90 days to permanently delete the data of the interrupted service.

Within these 90 days, it is possible to reactivate the account. If reactivated, the use of the account will be charged for the amount due from the time of cancellation to the current billing period.

Business Continuity and Disaster Recovery

Tiledesk’s Business Continuity and Disaster Recovery Program ensures resilience, recoverability and contingency from service disruptions, such as local or regional events, natural disasters, fires, power outages, acts of malice, technical or infrastructural outages. Business Continuity and Disaster Recovery focus on ensuring that Tiledesk’s critical functions and technologies will continue to function despite a significant outage that may otherwise have caused an outage, and will be restored to an operational state within a reasonably short period.

Resilience and risk mitigation

Business resilience is the ability of an organization to adapt quickly to disruptions while maintaining continuous business operations and safeguarding people, resources and overall brand value. One of the most important factors in maintaining business resilience is a proactive, comprehensive and methodical approach to risk (both internal and external to our clients).

* We have developed a risk structure and strategy that takes into account the assessment of our facilities, technology, applications, data, processes and overall organization to ensure that our risk mitigation strategy operates on multiple levels with broad coverage.

* On an annual basis we conduct risk assessments and business impact analyzes (BIA) to understand and mitigate risks.

Redundancy and recoverability

The clustering of our servers and network redundancies eliminate single points of failure, ensuring high service availability.

* Tiledesk uses a fully redundant, distributed and automated environment consisting of geographically separated data centers running multiple self-contained instances of the Tiledesk application. As a precaution, we have additional space and potential to add capacity to our data centers in the event that a data center becomes unrecoverable in the event of a disaster.

* We have multiple Internet Service Providers, connected on heterogeneous channels.

* Our data is stored on efficient flash memory devices with multiple redundant clustered servers and databases.

* Our strict backup regime helps protect your data in the event of a serious accident. Key source data for Tiledesk’s standard accounts is backed up daily, which includes both local and external storage.

Privacy protection and GDPR


Tiledesk helps its customers to maintain control over the privacy and security of their data in multiple ways:

Data security: We guarantee our customers compliance with high security standards

Disclosure of Customer Service Data: Tiledesk discloses Service Data to third parties only when it is necessary for the provision of services or when this is necessary to comply with legitimate requests from public authorities.

Trust: Tiledesk is constantly improving its security protection and control processes to help its customers ensure a safe environment for their information.

Localization of Data Hosting: all data are hosted on European servers.
Login Management: Tiledesk offers an advanced set of login and encryption features to help customers effectively protect their information. We do not access or use customer content for purposes other than the provision, maintenance and improvement of Tiledesk’s services or when otherwise required by law.

Who owns and controls the data of the services

From a privacy point of view, the customer is the owner of the Service Data and Tiledesk is responsible for them. This means that for as long as a customer is subscribed to Tiledesk’s services, he retains ownership and control of the Service Data of his account.

How Tiledesk uses Service Data

We use Service Data to manage and improve our services, help customers access, use them, and follow up on their requests, as well as to send them communications relating to the services provided.

What actions does Tiledesk take to protect Service Data

Data security is a priority for Tiledesk. To ensure ongoing protection of individual customer and business data, we combine enterprise-grade security features with comprehensive audits of our applications, systems and networks.

Where the Service Data is stored

Tiledesk’s data centers are located in Europe.

How Tiledesk responds to requests for information

Tiledesk recognizes that privacy and data security are a top priority for customers. Tiledesk does not disclose Service Data except when this is not useful for the provision of its services to customers or meets legal requirements, as specified in our Privacy Policy.


With reference to the GDPR, Tiledesk complies with all directives in particular:

Adherence to the obligation of Transparency

Ensure transparent communication with interested parties regarding the processing of their personal data.

Adherence to the Access and Rectification obligation

Allow data subjects to request a data controller to correct any errors in their personal data.

Adherence to the cancellation obligation

Provide the interested party with the right to cancel their personal data where their further processing is not justified. For example, it may be necessary to delete a customer’s personal data to meet their GDPR obligations. Chat administrators can delete Chat Agents profile information. By deleting the Agent’s profile information in the Tiledesk Chat, the Agent’s name, e-mail, display name and displayed image (avatar) will also be deleted. The names of the Chat Agents will continue to appear in the transcripts of the Tiledesk Chat, which can be deleted independently.

Compliance with the obligation of data portability

Provide the data subject with the right to transfer their personal data by distributing them among the data controllers. For example, the customer requires you to export and provide all associated personal data that you have stored. Chat Tiledesk allows you to export transcripts of conversations made.

Owner and manager of data processing

With respect to each Project in Tiledesk, the subscriber user of the project (the one who pays the subscription) is the “Data Controller” for that project together with Tiledesk SRL.

The data controller in the figure of the Subscriber can internally appoint its Data Processor.

Other important information for privacy

Data anonymization

In order to protect your privacy, we completely and permanently anonymize some personal data and / or information when you communicate it to us. The following actions will automatically activate anonymization:

  • A single user permanently closes their account
  • An administrator deletes a user from their account
  • Data retention policies require the anonymization of the data

Notice to End Users

Our Services are intended for use by companies. Where our Services are made available to you through one of our Subscribers, that company is the controller of your personal data. Your data privacy questions and requests should initially be submitted to Subscriber Tiledesk in its capacity as data controller. Tiledesk is not responsible for the privacy or security practices of our Subscribers which may differ from this Notice.

Tiledesk subscribers can:

restrict, suspend or terminate your access to the Services;

consult and describe your personal data that you have provided to them;

consult and export your personal data processed by them; And

modify your personal data, including your end user profile.

Data retention

Where Tiledesk is the data controller of personal data (for example, personal data relating to Website Visitors, Participants and individuals who register to use our Services), we retain the personal data that we collect where we have a legitimate current business need. (for example, to provide you with our services, to enable your participation in an event and to comply with applicable legal, tax or accounting requirements).

When we have no current legitimate business need to process your personal data, we will delete or anonymize it or, if this is not possible (for example, because the personal data has been stored in backup archives), in which case we will keep it in safely and we will isolate them from any further processing until elimination is possible.

If your personal data is processed within the Service Data (the data necessary for the provision of the service itself) of a Subscriber, we will process such personal data for the time indicated to us by the relevant Subscriber who is the Data Controller of the Service Data of the Subscriber.

How to exercise your data protection rights

You have some choices when it comes to your personal data. Below is a summary of these options, how they can be exercised and any limitations.

Correct, update and remove your information:

An individual who seeks to exercise their data protection rights in relation to personal data stored by us or processed on behalf of our Subscriber within the Subscriber Service Data (including to try to access, or to rectify , modify, delete, transmit or restrict the processing of such personal data) should direct your request to our Subscriber (the data controller). Upon receipt of a personal data removal request from one of our Subscribers, we will respond to their request within thirty (30) days. We will retain personal data that we process and hold on behalf of our Subscribers for as long as necessary to provide the Services to our Subscribers.

Accessing and updating or deleting your information:

Our Services and related documentation on our Privacy and Data Protection Site offer Agents and End Users the ability to access, update and delete certain personal data from within the Service. For example, you can access your Agent (seat) or End User profile and make updates to your personal data. In cases where we act as the controller of your personal data, we will provide you with information as to whether or not we have your personal data upon your explicit request. We will respond to all inquiries within a reasonable time frame. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

Deactivating your user profile:

If you no longer wish to use our Services, the Tiledesk subscriber is able to deactivate your End User account. First, contact a Tiledesk Subscriber with your request. If you are a Tiledesk Subscriber and are unable to deactivate an end user account using your settings, please contact Tiledesk for assistance. Note that deactivating your account does not delete your information, which remains visible to other users of the Service based on your past participation in the Services. For more information on how to delete your data, please refer to the product documentation.

Request the blocking of the use of information:

You may request that your personal data no longer be accessible, stored, used and otherwise processed where you believe that a Tiledesk or Tiledesk Subscriber themselves do not have appropriate rights to do so. For example, if you believe that an account for the Services has been created for you without your permission or if you are no longer an active user, you can request us to delete your account as provided in this Notice. If you have given us consent to use your personal data for a limited purpose, you can contact us to withdraw that consent. You can also choose to refuse our use of your personal data for marketing purposes by contacting us, as set out below. When you make such requests, we may need time to investigate and facilitate the request. Please note that an End User of a Tiledesk Subscriber must first contact the Tiledesk Subscriber with a request to stop accessing, storing and using personal data. In the event of a delay or dispute relating to our right to continue using your personal data, we will restrict any further use of your personal data until the request is fulfilled or the dispute resolved, provided Subscriber Tiledesk does not object ( where applicable).

Cancel receipt of communications:

We offer those who provide personal contact information a means of choosing how we use the information provided. You can manage your receipt of marketing and non-commercial communications by clicking on the “Unsubscribe” link located at the bottom of our marketing emails, or you can send a request to support at(@) tiledesk .com 

You can choose not to receive our promotional communications using the unsubscribe link within each e-mail. Even after you choose not to receive promotional messages from us, if you are an Agent, then you will continue to receive transactional messages from us regarding our Services. You can choose not to receive some notification messages in your account settings.

Other data protection rights:

If you wish to exercise any other data protection rights available to you under local data protection laws (such as the right to data portability or the restriction of data), then please send your request to support at(@) tiledesk .com and we will respond to it in accordance with applicable data protection laws.
You have the right to complain to your local data protection authority if you are not satisfied with our data protection practices. Contact details for data protection authorities in the European Economic Area can be found here.

Changes to this Notice

This Notice may be updated periodically to reflect changes in legal, regulatory or operational requirements. We encourage you to periodically review this document for the latest information on our privacy practices.

If there are any material changes to this Notice, you will be notified by posting a notice that will appear on our websites before the changes take effect.

If you do not accept any changes made to this Notice, stop using the Sites and Services.