Privacy Policy

Last Updated: January 6, 2026

1. Introduction

CCO Desk ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance operations platform (the "Service").

BY USING THE SERVICE, YOU CONSENT TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Account Information: Firm name, email address, full name, and password
  • Profile Information: Job title, role designation, and notification preferences
  • Compliance Data: Task templates, task instances, completion notes, and uploaded evidence
  • Communication Data: Messages sent through the Service or to our support team
  • Payment Information: Billing address and payment method details (processed securely by third-party payment processors)

2.2 Automatically Collected Information

When you use the Service, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent, and clickstream data
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Access times, error logs, and system activity
  • Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your account
  • Send transactional emails (task reminders, daily digests, system notifications)
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Enforce our Terms of Service and protect our legal rights
  • Comply with legal obligations and regulatory requirements
  • Send periodic updates about new features or service changes (you may opt out)

4. Information Sharing and Disclosure

4.1 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We may share your information with trusted third-party service providers who assist in operating the Service:

  • Cloud Infrastructure: Amazon Web Services (AWS), Supabase, or similar providers for hosting and data storage
  • Email Services: Resend or similar providers for transactional email delivery
  • Payment Processing: Stripe or similar providers for billing and subscription management
  • Analytics: Google Analytics or similar services for usage monitoring

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal obligations, court orders, or regulatory requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of CCO Desk, our users, or the public
  • Investigate fraud, security breaches, or violations of our policies

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. You will be notified via email and/or a prominent notice on the Service.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Multi-tenant data isolation using row-level security policies
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure backup and disaster recovery procedures

HOWEVER, NO METHOD OF TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS 100% SECURE. WHILE WE STRIVE TO PROTECT YOUR INFORMATION, WE CANNOT GUARANTEE ABSOLUTE SECURITY.

You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Upon account termination, we will:

  • Provide you with 30 days to export your data
  • Delete your personal information within 90 days of termination
  • Retain anonymized data for analytics and service improvement
  • Retain records required by law or for legal defense purposes

We may retain audit logs and compliance records for up to 7 years to comply with regulatory requirements.

7. Your Rights and Choices

7.1 Access and Correction

You may access and update your account information at any time through the Service settings.

7.2 Data Portability

You may export your compliance data at any time in standard formats (CSV, JSON).

7.3 Email Communications

You may opt out of marketing emails by clicking the unsubscribe link. Note that transactional emails (e.g., task reminders, security alerts) cannot be disabled as they are essential to the Service.

7.4 Deletion

You may request deletion of your account by contacting support. This will permanently delete your data (subject to legal retention requirements).

7.5 California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what information we collect, the right to delete information, and the right to opt-out of sales (which we do not engage in).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings, but disabling certain cookies may limit Service functionality.

9. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Your continued use after such notice constitutes acceptance of the revised policy.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CCO DESK SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM:

  • Unauthorized access to or disclosure of your information
  • Data breaches resulting from third-party attacks
  • Interruptions or security failures of the Service
  • Your failure to maintain the security of your credentials
  • Data loss due to events outside our reasonable control

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@ccodesk.com

Support: support@ccodesk.com