Skip to main content
Your Team, OrganizedStart Free Trial

Privacy Policy

Effective Date: March 1, 2026

GalaDesk Inc. ("GalaDesk," "we," "us," or "our") operates the GalaDesk platform at galadesk.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and password. If you sign up through a third-party provider (e.g., Google), we receive basic profile information from that provider.

1.2 Organization & Event Data

We collect information you provide about your organization, including business name, team member details (names, emails, roles), job/event data, client information, venue addresses, and any notes or files you upload to the platform.

1.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card number or full payment details on our servers. We receive and store a transaction identifier, subscription status, and billing email from Stripe.

1.4 Usage & Analytics Data

We use Google Analytics 4 (GA4) to collect anonymized usage data, including pages visited, features used, session duration, device type, browser, and approximate geographic location. This data helps us improve the product.

1.5 Cookies & Local Storage

We use cookies and local storage to maintain your authentication session, remember your preferences, and support analytics. Essential cookies are required for the service to function. You can disable non-essential cookies through your browser settings, though some features may not work as expected.

1.6 Third-Party Services

When you use location-based features, we may send venue addresses to the Google Maps API to display maps and calculate distances. Google's privacy policy governs their handling of this data.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the GalaDesk platform
  • Process subscriptions and payments
  • Send transactional emails (e.g., account verification, password resets, job notifications)
  • Provide customer support
  • Analyze usage patterns to improve features and performance
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data to train AI or machine learning models.

3. Data Sharing & Third-Party Processors

We share data only with the following service providers who process it on our behalf:

  • Supabase — database hosting and authentication
  • Stripe — payment processing and subscription management
  • Resend — transactional email delivery
  • Google — Maps API (venue geocoding) and Analytics (GA4)
  • Vercel — application hosting and edge delivery

Each processor is contractually obligated to handle your data securely and only for the purposes we specify. We may also disclose information if required by law, court order, or to protect the rights and safety of GalaDesk and its users.

4. Data Storage & Security

Your data is stored in Supabase-managed infrastructure with encryption at rest and in transit (TLS 1.2+). We implement role-based access controls, row-level security policies, and regular security audits. While no system is perfectly secure, we take commercially reasonable measures to protect your information.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal, accounting, or fraud-prevention purposes (up to 7 years for financial records).

Organization data (jobs, events, team records) is retained for the organization owner. If an organization is deleted, all associated data is permanently removed within 30 days.

6. Your Rights (GDPR & Global Privacy)

Regardless of where you are located, you have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Portability — Request your data in a structured, machine-readable format
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing based on legitimate interests
  • Withdraw Consent — Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at daniel@galadesk.com. We will respond within 30 days.

7. International Data Transfers

Your data may be processed in countries outside your own, including the United States. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for any international transfers.

8. Children's Privacy

GalaDesk is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform at least 14 days before the changes take effect. Your continued use of GalaDesk after the effective date constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

GalaDesk Inc.
Email: daniel@galadesk.com
Website: galadesk.com