Privacy Policy

Introduction

This Privacy Policy explains how Desk Tools ("Company", "we", "us", "our") collects, uses, stores, and protects information when you use the Desk Tools PDF Toolkit desktop application (the "Software") and our related website and services.

We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of our Software and website, regardless of location. We comply with the Nigeria Data Protection Regulation (NDPR), the General Data Protection Regulation (GDPR) for users in the European Economic Area, and other applicable data protection laws.

Data Controller

The data controller responsible for your personal information is:

For any privacy-related inquiries or to exercise your data rights, you can reach us at the contact details above or through our Support page.

What We Collect

We collect the minimum amount of data necessary to provide our services. Here is exactly what we collect and why:

a) License & Device Information

• License Key — the code you enter to activate Pro features. Collected during activation to verify your purchase.
• Machine ID — a hashed identifier derived from your computer's hostname, platform, architecture, and CPU model. This is a one-way hash — it cannot be reversed to reveal your computer's details. Used to bind your license to one device.
• Operating System — your OS platform (e.g., "win32", "darwin", "linux"). Used for compatibility tracking.
• App Version — the version number of the Software you are running. Used to ensure compatibility and for support purposes.

b) Purchase Information

• Email address — provided at the time of purchase. Used to deliver your License Key and for support communications.
• Name (if provided) — used for purchase receipts and license records.
• Payment transaction ID — provided by the payment processor. Used to verify purchases and process refunds.

c) Support Communications

• Email address — used to respond to your support requests.
• Name (if provided) — for personalized support.
• Message content — the details of your support request.
• Category selection — the type of issue you selected in the support form.

What We Do NOT Collect

• ❌ We do NOT collect, access, view, upload, or store any files or documents you process.
• ❌ We do NOT collect file names, file paths, or folder structures.
• ❌ We do NOT collect the content of any PDF, Word document, image, or other file.
• ❌ We do NOT collect OCR results, summaries, redaction details, or any output of the Software.
• ❌ We do NOT track which features you use, how often, or for how long.
• ❌ We do NOT collect usage analytics, telemetry, or behavioral data from the desktop application.
• ❌ We do NOT collect your IP address within the desktop application (though our web server may log IP addresses as part of standard server operation).
• ❌ We do NOT use any form of screen recording, keylogging, or clipboard monitoring.
• ❌ We do NOT sell, rent, lease, or trade your personal information to any third party.

All document processing happens entirely on your local machine. The Software does not require an internet connection to process files — internet is only needed for license activation and validation.

How We Use Your Data

We use the limited data we collect for the following purposes:

• License management: To activate, validate, and manage your Software license, and to prevent unauthorized use.
• Purchase fulfillment: To deliver your License Key, process payments, and issue receipts.
• Customer support: To respond to your support inquiries and resolve technical issues.
• Fraud prevention: To detect and prevent unauthorized license sharing or abuse.
• Service improvement: To understand which OS platforms and app versions our users run, helping us prioritize compatibility and updates.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

We process your data under the following legal bases (GDPR Article 6):

• Contract performance: Processing necessary to deliver the Software and services you purchased.
• Legitimate interests: Fraud prevention, security, and service improvement, balanced against your rights.
• Consent: Where you have explicitly provided consent, such as submitting a support request.
• Legal obligation: Where processing is required to comply with applicable law.

Data at a Glance

This table summarizes exactly what data moves where:

License Validation Process

When you activate or validate your license, the following data is sent to our server:

• Your License Key
• Your Machine ID (a hashed, non-reversible identifier)
• Your OS platform (e.g., "win32")
• Your app version
• The action type ("activate" or "validate")

Our server responds with a digitally signed token (JWT) that enables Pro features. This token is stored locally on your device in the application's user data directory. The token contains:

• Your plan type and enabled features
• Your Machine ID (for verification)
• An expiration timestamp

The token is cryptographically signed with our private key and verified locally using our public key. It cannot be forged or modified.

License validation may occur at application startup and periodically thereafter to ensure continued validity. If no internet connection is available, the Software will use the cached token until it expires.

Purchase & Payment Data

All payment processing is handled by our authorized third-party payment processor. We do not receive, process, or store your full credit/debit card number, CVV, or banking details.

Our payment processor may collect and process:

• Card number (encrypted, not shared with us)
• Billing address
• Email address (shared with us for License Key delivery)
• Transaction amount and currency

We receive only a transaction reference ID, your email, and confirmation of payment. Please refer to our payment processor's privacy policy for details on how they handle your payment information.

Support Communications

When you contact us through our support form, we collect your name, email address, issue category, and message content. This information is stored in our support database and used solely to respond to your inquiry and resolve your issue.

We may retain support communications for up to twenty-four (24) months for quality assurance and to provide context for follow-up inquiries. You may request deletion of your support history at any time.

Cookies & Tracking

Desktop Application: The Software does not use cookies, tracking pixels, analytics SDKs, or any form of behavioral tracking. No third-party analytics code (such as Google Analytics, Mixpanel, Amplitude, etc.) is embedded in the application.

Website: Our website (deskttools.store) may use essential cookies for basic functionality such as maintaining your session during checkout. We do not use advertising cookies or third-party tracking cookies on our website.

Data Storage & Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit: All communications between the Software and our servers use HTTPS/TLS encryption.
• Encryption at rest: License data and support records are stored in encrypted databases.
• Cryptographic signing: License tokens use RS256 (RSA-SHA256) digital signatures to prevent tampering.
• Hashed identifiers: Machine IDs are stored as SHA-256 hashes and cannot be reversed to reveal hardware details.
• Access controls: Access to our servers and databases is restricted to authorized personnel only, using multi-factor authentication.
• Regular security reviews: We periodically review and update our security practices.

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

Data Retention

• License records: Retained for the duration of your subscription plus twelve (12) months after expiration or cancellation, to facilitate reactivation and support.
• Purchase records: Retained for five (5) years to comply with financial and tax regulations.
• Support communications: Retained for twenty-four (24) months after the last interaction.
• Server logs: Automatically deleted after ninety (90) days.

You may request early deletion of your personal data at any time, subject to legal retention requirements. See "Your Rights" below.

Third-Party Services

We use a limited number of third-party services to operate our business:

• Payment Processor: Processes payments securely. We do not store your card details.
• Web Hosting Provider: Hosts our website and license validation API. Subject to their data processing agreement.
• Email Service: Used to deliver License Keys and respond to support requests.

We do not share your personal data with any third party for marketing, advertising, or profiling purposes. We do not sell your data.

International Data Transfers

Our servers may be located in different jurisdictions. If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant data protection authorities.
• Ensuring the receiving jurisdiction provides an adequate level of data protection.
• Technical safeguards such as encryption in transit and at rest.

Your Rights

Depending on your location, you have the following rights regarding your personal data under the NDPR, GDPR, and other applicable laws:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
• Right to Restrict Processing: Request that we limit how we process your data in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
• Right to Lodge a Complaint: File a complaint with the National Information Technology Development Agency (NITDA) in Nigeria, or your local data protection authority.

To exercise any of these rights, contact us at support@deskttools.store or through our Support page. We will respond within thirty (30) days.

Children's Privacy

The Software is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected data from a child under 13, we will promptly delete it.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Software, our website, or by email at least fourteen (14) days before they take effect.

The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Your continued use of the Software after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:

We aim to respond to all privacy-related inquiries within thirty (30) days.