Legal

Privacy Policy

Effective date: March 13, 2026

1. Who We Are

deskctl is operated by FlowCanon LLC ("we," "us," or "our"). We provide operational software for coworking spaces, including membership management, billing, WiFi access control, door access, and bookings. Our principal place of business is in the United States.

2. Information We Collect

We collect information in the following categories:

a. Information You Provide

  • Account information: name, email address, and authentication credentials (via Google or Apple sign-in).
  • Payment information: billing details processed through Stripe. We do not store full credit card numbers on our servers.
  • Agreement acceptances: typed signatures, timestamps, and IP addresses when you accept terms of service or other agreements.
  • Communications: any emails or messages you send us, including beta signup submissions.

b. Information Collected Automatically

  • Device and network information: MAC addresses, IP addresses, and device identifiers collected through captive portal and WiFi access control.
  • Usage data: login times, pages visited, and feature interactions.
  • Access logs: records of door access events and network connections tied to your membership.

c. Information from Third Parties

  • OAuth providers (Google, Apple): name and email address used to create or link your account.
  • Stripe: payment status, subscription details, and transaction records.
  • Network infrastructure (e.g., Meraki): device connection events and splash page interactions.

3. How We Use Your Information

  • Provide and operate the service: process payments, manage memberships, control WiFi and door access, and handle bookings.
  • Enforce access rules: automatically grant or revoke WiFi and physical access based on payment and membership status.
  • Communicate with you: send transactional emails, service updates, and respond to support requests.
  • Improve the service: analyze usage patterns to fix bugs, improve features, and ensure system reliability.
  • Comply with legal obligations: maintain records as required by law, respond to legal process, and enforce our agreements.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Coworking space operators: The operator of the space where you hold a membership can see your membership status, access history, and booking activity.
  • Service providers: We use third-party services to operate, including Stripe (payments), Google and Apple (authentication), and network infrastructure providers (WiFi and door access). These providers receive only the data necessary to perform their function.
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Agreement acceptance records (including signatures and IP addresses) are retained indefinitely for legal compliance. When you request account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), secure credential storage, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your state of residence, you may have rights under applicable privacy laws (such as the California Consumer Privacy Act). These rights may include:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information, subject to legal exceptions.
  • Opt out of the sale of personal information (we do not sell your data).
  • Non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected].

8. Cookies and Analytics

We use essential cookies for authentication and session management. We use Plausible Analytics for privacy-friendly website analytics. Plausible does not use cookies, does not collect personal data, and is compliant with GDPR, CCPA, and PECR. We do not use third-party advertising cookies or tracking pixels.

9. Children's Privacy

deskctl is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].