Privacy Policy

EntryDesk Privacy Policy

Dcard US Inc. (“Dcard” or “we”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, and protect information in connection with Client (your organization)’s use of EntryDesk, our AI Agent platform designed for enterprise SaaS integration and task automation.

By accessing or using EntryDesk, you agree to the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to all data processed by EntryDesk in its role as an enterprise AI Agent operating under the Model Context Protocol (MCP) framework. It covers data processed via our web application, mobile application (iOS/Android), and any APIs or connected integrations.

This policy does not apply to standalone websites or services operated by third parties, including third-party SaaS applications integrated via EntryDesk.

2. Data We Process

Depending on your organization’s configuration and usage, EntryDesk may process the following categories of data on behalf of the enterprise user (“User”):

Account and access data: User IDs, email addresses, roles, access scopes;
Integration metadata: Tokens or credentials (scoped), authorized service endpoints, configuration logs;
Operational context: Prompts, commands, query history, or action requests submitted to the AI Agent;
System interaction data: File names, calendar entries, chat messages, API responses (processed in-session only);
Usage logs: Timestamps, error messages, automation results, workflow triggers.

Due to EntryDesk’s architecture based on the Model Context Protocol (MCP), certain user inputs, integration references, and operational context may be temporarily stored on designated servers in order to preserve contextual continuity across AI Agent sessions. Such storage may occur on:

infrastructure deployed within the User’s organization (on-premises), or
cloud environments managed by Dcard,

depending on the installation method selected by the Client.

Users may delete such temporarily stored data by removing specific AI Agent projects or using the tools and controls provided by EntryDesk for data clearing and session reset.

We do not persistently store or collect sensitive content submitted to or returned by the AI Agent, unless explicitly configured by the Client for auditing or compliance purposes.

3. How We Use Your Data

We process personal or operational data for the following purposes:

To authenticate users and authorize actions across integrated systems;
To facilitate secure communication between the AI Agent and connected SaaS platforms;
To generate AI-powered task outputs based on user queries and authorized context;
To maintain system integrity, perform diagnostics, and improve service performance;
To comply with legal obligations or enforce terms of service.

We do not use Customer Data for advertising, profiling, or model training.

4. Data Retention

Based on the MCP framework, EntryDesk may, during the execution of specific AI Agent projects, organize and retain user input information in a contextualized form to improve the quality, relevance, and continuity of AI-driven responses. This contextual memory is scoped to the specific project or task and is retained only as necessary to fulfill its intended operational purpose.

Operational logs and metadata (e.g., task status, workflow triggers, execution history) are also retained for the period required to support service delivery, diagnostics, and customer support, unless a longer retention is mandated by law or specifically requested by the Customer.

Transient data (e.g., in-session prompts and outputs unrelated to project-level context) are processed in memory and are not stored persistently by default.

Client may configure data retention rules, including the duration and scope of contextual memory, through EntryDesk’s admin console.

5. Data Security and Protection

Security procedures are in place to protect the confidentiality of your data, including Google user data and other sensitive information:

We implement industry-standard security measures to protect your data, including:

Encryption: We use encryption to protect your information both in transit and at rest;
Role-based access control and audit logging;
Endpoint protection and API gateway filtering;
Regular penetration testing and access reviews.

Client shall be responsible for securing their internal access credentials and properly configuring integration scopes.

6. How We Share and Disclose Your Data

6.1 Third-Party Services

In the course of using EntryDesk, Users may choose to integrate or utilize third-party services such as external SaaS platforms (e.g., Google Workspace, Slack) or large language model (LLM) providers (e.g., OpenAI, Anthropic, or other compute service providers). These third-party service providers may, as necessary to fulfill their functionality, including data processing, inference, or response generation, store or use certain information submitted or accessed via EntryDesk, including but not limited to prompts, contextual data, and operational inputs.

If any such information includes personal data, the handling, storage, and protection of that data is governed solely by the privacy policies and terms of service of the respective third-party providers. Dcard shall not be responsible for any processing, retention, or misuse of data by such third parties.

Users are solely responsible for reviewing and agreeing to the applicable terms of service and privacy policies of any third-party services before enabling their integration or use within EntryDesk.

6.2 Legal and Regulatory Requirements

We may disclose personal data when required by law or to protect rights and safety:

To comply with legal obligations, court orders, or governmental requests;
To enforce our Terms of Service or investigate potential violations;
To protect the rights, property, or safety of Dcard, our users, or the public;
To respond to claims of illegal activity or violations of third-party rights.

6.3 With Your Consent or Direction

We may share personal data for other purposes when you give us explicit consent or direct us to do so as part of using EntryDesk’s features.

7. International Transfers

Any transfer, storage, or processing of personal data across jurisdictions will be handled in accordance with the personal data protection laws applicable in the jurisdiction where Dcard is established, including implementing appropriate safeguards as required by such laws.

8. Data Subject Rights

To the extent required by applicable laws, Users may have the right to:

Access your personal data;
Correct incomplete or inaccurate data we hold about you;
Ask us to erase the personal data we hold about you;
Ask us to restrict our handling of your personal data;
Ask us to transfer your personal data to a third party;
Withdraw your consent to us handling your personal data.

All such requests shall be directed through the Client, who serves as the data controller under this Policy.

9. Your Responsibilities

As a User using EntryDesk, you are responsible for:

Ensuring that data subjects are informed about the use of AI agents in enterprise workflows;
Obtaining all necessary consents for the processing and transmission of personal data through integrated services;
Managing role-based access to sensitive functions via EntryDesk’s Admin Console.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our practices. When we do, we will revise the “Effective Date” at the top and notify enterprise administrators through the EntryDesk platform or via email.

11. Contact Us

If you have questions about this Privacy Policy or our data handling practices, please contact:

support@entrydesk.com