Privacy Policy

Last updated: February 26, 2026
This Privacy Policy explains how 28Loops ("28Loops", "we", "us", or "our") collects, uses, shares, and retains personal information when you visit our websites or use initdesk and related services (the "Service"). 28Loops owns and operates initdesk.
If you have questions or want to exercise privacy rights, contact us at legal@initdesk.com.

1. Scope and Roles

This policy applies when 28Loops processes personal information as a controller, such as when you visit our website, create an account, subscribe, or contact us.
When customers use initdesk to manage support inboxes, we process emails, tickets, requester data, and related content on behalf of that customer. In that context, 28Loops typically acts as a processor or service provider, and the customer acts as the controller. If you are an end user contacting a business that uses initdesk, please send privacy requests to that business first.

2. Personal Information We Collect

We collect information you provide, information collected automatically, and information from integrations you choose to connect.

2.1 Information You Provide

  • Account information: name, email address, profile photo, and login details.
  • Organization information: organization name, teammates, inboxes, workspace settings, and roles.
  • Communications: support requests, messages, feedback, surveys, and sales conversations.
  • Billing information: billing contact details, plan selection, transaction identifiers, and payment status.
Payment card details are processed by our payment providers. We do not intentionally store full payment card numbers.

2.2 Support Content Processed Through initdesk

If you connect an inbox or use initdesk for customer support, we process content and metadata such as emails, conversations, headers, bodies, ticket status, timestamps, assignees, tags, customer contact details, signatures, attachments, and files submitted through the Service.

2.3 Information Collected Automatically

When you visit our website or use the Service, we may collect device and network information, browser type, operating system, language, IP address, pages viewed, features used, actions taken, timestamps, referrers, diagnostic events, error logs, and security or performance data.

3. Cookies and Similar Technologies

We use cookies and similar technologies for essential functionality, authentication, security, analytics, service improvement, and advertising measurement when enabled. You can control cookies through browser settings. Where we provide consent controls, you can manage preferences there.

4. How We Use Personal Information

We use personal information to provide, operate, maintain, secure, and improve the Service; create and administer accounts and organizations; process subscriptions and billing; communicate service notices and support messages; debug and test features; prevent fraud and unauthorized access; comply with legal obligations; and enforce our Terms of Service.

4.1 AI Features

If you use AI features such as drafted replies, summaries, translation, classification, or auto-tagging, we process relevant content to generate outputs. AI outputs are suggestions and may be inaccurate or incomplete. You are responsible for reviewing outputs before sending or relying on them.

5. How We Share Personal Information

We do not rent personal information. We may share personal information with service providers that support hosting, analytics, communications, support, security, payment processing, infrastructure, and business operations; with integrations you enable; with your organization administrators and authorized users; to comply with law or legal process; to protect rights, safety, and security; or as part of a merger, financing, acquisition, restructuring, or sale of assets.
Service providers may process personal information only for the purposes we authorize and subject to appropriate contractual obligations.

6. Account Status and Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, preserve security, and maintain business records.
Free or trial organizations that remain inactive may be deleted under the inactivity process described in our Terms of Service. Paid organizations in good standing are not deleted solely because of inactivity under that process.
When customer data is deleted, residual copies may remain in backups or logs for a limited period before routine deletion, unless we need to retain information for legal, security, or compliance reasons.

7. International Data Transfers

We may process and store personal information in the United States and other countries where we or our service providers operate. Those countries may have data protection laws different from the laws where you live. Where required, we use appropriate safeguards for international transfers.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No system is completely secure. You are responsible for maintaining the confidentiality of credentials, controlling access to your organization, and promptly telling us about suspected unauthorized access.

9. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to certain processing of personal information. You may also have the right to withdraw consent or appeal a decision.
To exercise rights for data we control, contact legal@initdesk.com. If your data is controlled by an initdesk customer, contact that customer first. We may need to verify your request before acting on it.
You can unsubscribe from marketing emails by using the unsubscribe link in those emails. You will still receive transactional or service messages when needed.

10. Children

The Service is not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law. If you believe a child provided personal information to us, contact legal@initdesk.com.

11. Third-Party Links and Integrations

The Service may include links to third-party websites and integrations with third-party services. Their privacy practices are governed by their own policies. We are not responsible for their practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as posting a notice in the Service or updating the date above. Your continued use of the Service after an update means the updated policy applies.

13. Contact