Privacy Policy
Last updated : March 2026
Hello Factory ('we', 'us', 'our') operates the HelloControlDesk website (www.hellocontroldesk.com) and the associated desktop application. This policy explains how we collect, use and protect your personal data.
1. Data controller
Hello Factory — SASU under French law. Contact: privacy@hellocontroldesk.com
2. Data we collect
We collect the following categories of personal data:
- Identity data: first name, last name, email address.
- Connection data: IP address, browser, timestamps.
- Billing data: handled exclusively by Stripe (PCI-DSS certified). We never store your card details.
- License data: your unique license token and associated metadata.
The HelloControlDesk desktop application itself does not transmit any personal data to our servers during normal use. All KVM traffic (mouse, keyboard) stays within your local network.
3. Purposes and legal basis
We process your data for the following purposes:
- Service provision and account management — contract performance.
- License activation and validation — contract performance.
- Subscription and billing management via Stripe — contract performance.
- Transactional emails (magic link, invoice receipts) via Resend — contract performance.
- Fraud prevention and service security — legitimate interest.
- Legal and accounting obligations — legal obligation.
4. Sub-processors
We share data with the following trusted third parties:
- Railway (USA) — web hosting and database. Standard Contractual Clauses.
- Stripe (USA) — payment processing. Standard Contractual Clauses.
- Resend (USA) — transactional emails. Standard Contractual Clauses.
5. Data retention
We retain your data as follows:
- Account and license data: for the duration of your subscription + 3 years.
- Billing data: 10 years (legal accounting obligation).
- Connection logs: 12 months.
- Data is deleted upon account closure, except where retention is legally required.
6. Security
We implement appropriate technical measures to protect your data: HTTPS/TLS encryption, hashed passwords (bcrypt), restricted access to production systems, and regular encrypted backups.
7. Your rights (GDPR)
As a data subject you have the right to: access, rectify, erase, port, object to processing, and restrict processing of your data. To exercise these rights, contact us at privacy@hellocontroldesk.com. We will respond within 30 days. You may also lodge a complaint with your national data protection authority.
8. Cookies
We use only essential cookies required for the service (session management). We do not use advertising or cross-site tracking cookies.
9. Changes
Material changes to this policy will be notified by email at least 30 days in advance. Continued use after the effective date constitutes acceptance.
10. Contact
Hello Factory — privacy@hellocontroldesk.com