RunDesk is a trade name of A. I. Tech Inc., a corporation registered in Ontario, Canada, located in Thorndale, Ontario. In this policy, “we,” “us,” and “our” refer to A. I. Tech Inc. operating as RunDesk.
This policy explains what personal information we collect, how we use it, how it is stored and protected, and your rights regarding your data.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy law.
Privacy Officer
Our Privacy Officer is responsible for our compliance with this policy and with PIPEDA. You may contact our Privacy Officer at:
Compliance Officer, A. I. Tech Inc.
Email: compliance@rundesk.co
Location: Thorndale, Ontario, Canada
What We Collect and Why
When you visit our website
What: Basic analytics data including pages visited, browser type, and approximate location (country/region).
Purpose: To understand how visitors use our website and improve its functionality.
Legal basis: Implied consent for non-sensitive, non-identifying analytics data.
We do not use this data to identify you personally. We use privacy-respecting analytics that do not track you across other websites.
When you submit the intake form
What: Your name, email address, phone number, company name, industry, team size, assistant preferences, and any additional context you share about your business.
Purpose: To configure your AI employee and determine the appropriate service plan for your needs.
Legal basis: Express consent provided by submitting the form.
When you become a client
What: Payment information processed through Stripe, including billing address and payment method.
Purpose: To process subscription payments and top-up purchases.
Legal basis: Contractual necessity for providing the service.
We do not store your credit card number, bank account details, or other payment credentials on our servers. Stripe handles all payment processing in compliance with PCI-DSS standards.
When you connect your Google account
What: OAuth authorization tokens granting your AI employee access to specific Google Workspace services.
Purpose: To enable your AI employee to manage your email, calendar, and files on your behalf.
Legal basis: Express consent provided during the onboarding process.
During onboarding, you may authorize your AI employee to access your Google Workspace account. Depending on your selected services, this may include the ability to:
- Gmail: Read, search, draft, and send emails (sending always requires your explicit approval)
- Google Calendar: View, create, and modify calendar events and check availability
- Google Drive: Search, read, download, and upload files
- Google Docs: Read and export document content
- Google Sheets: Read, write, and append data
- Google Contacts: Look up and search contacts
Your AI employee will never delete emails, files, or calendar events without listing exactly what will be removed and obtaining your explicit confirmation. Your AI employee will never send emails without showing you the draft and receiving your approval. Your AI employee will never access Google services beyond those you explicitly authorize.
You authorize access directly through Google's OAuth system. We do not see or store your Google password. You can revoke access at any time through your Google account settings at myaccount.google.com/permissions.
When you use your AI employee
What: Your conversations with your AI assistant, including messages, requests, and any content you share.
Purpose: To provide the AI employee service, including responding to your requests, maintaining conversation memory, and executing tasks on your behalf.
Legal basis: Contractual necessity and express consent.
Your conversation data is stored on your dedicated, isolated server. Your conversation data is not shared with other clients, used for marketing, or sold to third parties.
Consent for AI Processing
By subscribing to RunDesk, you expressly consent to the processing of your messages, emails, calendar data, files, and other content by third-party AI model providers for the purpose of powering your AI employee's responses and actions.
You may withdraw this consent at any time by cancelling your subscription. Withdrawal of consent may require termination of the service, as AI processing is essential to the functioning of your AI employee.
How Your Data Is Processed by AI Providers
Your AI employee uses large language models from third-party providers to process your requests. When you send a message to your assistant or when your assistant accesses your email, calendar, or files, the relevant content is sent to one of these providers for processing.
Current AI model providers include:
- Anthropic (Claude) — anthropic.com/privacy
- OpenAI (GPT) — openai.com/privacy
- Google (Gemini) — ai.google.dev/terms
We select providers that offer enterprise-grade data processing agreements, that process data solely for the purpose of generating responses, and that do not use your data to train their models through API access. We may change providers or add additional providers from time to time. Material changes to our provider list will be communicated to active clients via email.
Cross-Border Data Transfers
Your data may be transferred to and processed in the United States by our AI model providers. By using the RunDesk service, you consent to this transfer. We ensure that all providers maintain privacy protections consistent with Canadian privacy law through their data processing agreements and privacy policies.
Our infrastructure (servers hosting your AI employee) is located in North America. Intake form submissions are stored in a Supabase database hosted in North America with encryption at rest.
How We Store and Protect Your Data
Each client's AI employee runs on dedicated, isolated infrastructure. Your data is completely separated from every other client's data. All connections to your AI employee are encrypted using WireGuard tunnels. There are no open ports exposed to the public internet.
Intake form submissions are stored with encryption at rest. OAuth tokens are stored locally within your isolated container with restricted file permissions. Backups are encrypted.
What Our Team Can See
Our operations team monitors the technical health of your AI employee. This includes metrics such as uptime, error counts, resource usage, and message volume (for example, “47 messages processed today”). Our team does not read the content of your conversations with your assistant or access your email, calendar, files, or other connected accounts.
How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Active client data (conversations, files, memory) | For the duration of your subscription |
| Data after cancellation | Deleted within 30 days |
| Encrypted backups after cancellation | Deleted within 30 days |
| Intake form submissions (non-clients) | Deleted after 90 days |
| Payment and billing records | 7 years (as required by Canadian tax law) |
| Operational logs (no personal information) | 90 days |
If you request a copy of your conversation history before cancellation, we will provide it in a standard format.
Data Breach Notification
In the event of a breach of security safeguards that creates a real risk of significant harm to you, we will:
- Notify you as soon as feasible to allow you to take steps to mitigate potential harm
- Report to the Office of the Privacy Commissioner of Canada as required by PIPEDA
- Notify any other organizations that may be able to reduce the risk of harm
- Take immediate steps to contain the breach, investigate its cause, and prevent recurrence
We maintain records of all data breaches for a minimum of 24 months, regardless of whether they trigger notification, as required by PIPEDA.
Your Rights
Under PIPEDA and applicable Canadian privacy law, you have the right to:
- Access the personal information we hold about you
- Correct any inaccurate personal information
- Request deletion of your personal information (subject to legal retention requirements)
- Withdraw consent for data processing (which may require cancellation of the service)
- Request a copy of your data in a portable format
- Challenge our compliance with this policy
To exercise any of these rights, contact our Privacy Officer at compliance@rundesk.co. We will respond to your request within 30 days.
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.
Cookies
Our website uses minimal cookies necessary for the website to function. We do not use advertising cookies or tracking pixels. We do not sell your data to advertisers.
Third-Party Services
We use the following third-party services to provide and support the RunDesk service:
| Service | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Supabase | Form submission storage | North America | supabase.com/privacy |
| Stripe | Payment processing | United States | stripe.com/privacy |
| Vercel | Website hosting | United States | vercel.com/legal/privacy-policy |
| Anthropic | AI model provider | United States | anthropic.com/privacy |
| OpenAI | AI model provider | United States | openai.com/privacy |
| AI model provider & workspace | United States | ai.google.dev/terms | |
| Telegram | Messaging platform | Various | telegram.org/privacy |
Children
RunDesk is a business service and is not intended for use by individuals under the age of 18.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated to active clients via email at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
Contact
For privacy-related questions, requests, or complaints:
Compliance Officer, A. I. Tech Inc.
Email: compliance@rundesk.co
Location: Thorndale, Ontario, Canada