Data protection and security

Introduction

We are committed to protecting your privacy and ensuring the security of your personal data. This privacy information outlines how we handle customer data for Plumsail HelpDesk.

Data Collection and Use

When you sign up for Plumsail HelpDesk, you may be asked to provide your name, company name, email address, and website name. This information is collected during the initial download of Plumsail HelpDesk. Please note that we do not store any messages, tickets, comments, or other data which is coming to your HelpDesk. All operations are processed via an email handler which doesn’t store any incoming messages. All operations are performed over secure encrypted HTTPS connection. We will never sell your personal information to third parties.

Data Security

Plumsail HelpDesk only accesses data required to deliver our services — including SharePoint domain details, HelpDesk URLs, and temporary access tokens for the SharePoint site and Outlook mailbox, if Outlook integration is configured. We do not retain customer tickets, comments, or emails long-term.

Access is limited to essential personnel, and we use strong security practices including multifactor authentication, AES-256 encryption, and regular backups to protect your data.

Data Hosting Options

To provide flexibility and assurance, we offer multiple data hosting options. Customers can choose to have their data hosted in one of the following regions:

• European Union

• United States

Data Processing Agreement

As part of our commitment to data protection, we have incorporated a Data Processing Agreement (DPA) into our service agreement. The DPA outlines the specific terms and conditions regarding the processing of personal data. It ensures that all processing activities are compliant with applicable data protection laws. The DPA details the roles and responsibilities of both the data controller (you) and the data processor (us), the types of personal data processed, and the security measures implemented to protect your data. Where necessary, the DPA includes Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries to ensure adequate protection in compliance with data protection laws. It also includes provisions on data retention, data subject rights, and the procedures for data breach notification.

Compliance and Certifications

Plumsail prioritizes data security and regulatory compliance. While we are not currently certified under frameworks such as SOC 2 Type 2, we adhere to industry best practices and comply with applicable data protection laws. SOC 2 Type 2 is on our roadmap, and we are actively working towards achieving this certification.

Contact Information

If you have any questions or concerns about our privacy practices or this Privacy Information, please contact us at support@plumsail.com.

Frequently Asked Questions

1. What information we collect, when and how we use it?

Plumsail HelpDesk follows strict data retention policies to ensure that customer data is not stored longer than necessary. The retention periods for different data types are as follows:

• Customer Data: We process incoming email messages, tickets, and comments but do not permanently store this data. As a data processor, we handle it solely to deliver the service and in line with data protection laws. All operations run through our email handler, which processes but does not retain messages. Tickets and comments are securely stored in your own SharePoint tenant — not on our servers. Data is kept only as long as needed for processing. For details, please see our Data Processing Agreement (DPA).

• Access logs: Access logs record information about who accessed what and when in the application. These logs are critical for security, compliance, auditing, and performance monitoring. We store them for 12 months.

2. What permissions requires Plumsail HelpDesk App?

The Plumsail HelpDesk App maintains access only to the specific SharePoint site where it is installed and to the Outlook mailbox if the integration is configured.

3. How can I manage permissions for SharePoint HelpDesk?

There are two main ways to manage permissions in Plumsail HelpDesk for Microsoft 365: Restrict end-user access to their own tickets using the HelpDesk Web widget and create separate working areas for your agents by installing multiple HelpDesk sites.

Please review the related articles:

• Manage permissions for SharePoint HelpDesk

• Create multiple HelpDesks for different departments and different mailboxes

4. How do we protect your information?

As mentioned above, we store only essential logs. This information is:

• Protected behind secured networks

• Accessible only to authorized personnel with confidentiality obligations

• Encrypted via Secure Socket Layer (SSL) and transmitted using HTTPS

5. What happens to data when HelpDesk has been uninstalled?

When you uninstall HelpDesk, logs are removed permanently. Tickets and comments which were stored inside your SharePoint site are also removed. Local storage data can be cleared manually in your browser. Information about HelpDesk downloads and installations are still stored on our servers and can be removed by request. You can send a request to support@plumsail.com.

6. Is Plumsail HelpDesk GDPR-compliant?

At Plumsail, we understand that data is critical to your organization’s values and operations. That’s why we prioritize your privacy and security.

Plumsail HelpDesk is installed directly into the customer’s SharePoint tenant. All personal data of requesters and agents remains within your Microsoft 365 environment, and Microsoft’s GDPR policies apply. For email-to-ticket conversion services, we ensure all data is securely processed and encrypted in accordance with our security policy. We also comply with GDPR requirements for data breach notifications to supervisory authorities and affected data subjects.

Review the Data Processing Agreement. It describes how we process data you send to us. The Data Processing Agreement is a part of the Master Service Agreement.