Early Access: 2 Months Free + 50% off for life
initdesk
Sign inSign up

Privacy Policy

Last updated: February 26, 2026

This Privacy Policy explains how 28Loops (“28Loops,” “we,” “us,” or “our”) collects, uses, shares, and retains personal information when you visit our websites or use the initdesk product and related services (collectively, the “Service”). 28Loops owns and operates the initdesk product.

If you have questions or want to exercise your privacy rights, contact us at [email protected].

1) Scope and Roles (Controller vs. Processor)

This Privacy Policy applies to personal information that 28Loops processes as a controller (for example, when you visit our website, create an account, subscribe, or contact us).

When our customers use initdesk to manage their support inboxes, we process personal information included in emails, tickets, and related content on behalf of the customer. In that context, 28Loops typically acts as a processor/service provider, and the customer (our account holder) acts as the controller. If you are an end user contacting a business that uses initdesk, please direct privacy requests to that business first.

2) Personal Information We Collect

We collect personal information in three main ways: (a) information you provide, (b) information we collect automatically, and (c) information from integrations you choose to connect.

2.1 Information You Provide

Depending on how you use the Service, you may provide:

  • Account information (name, email address, profile photo if you choose to upload one)
  • Organization/workspace information (organization name, teammates you invite, workspace settings)
  • Communications (support requests, messages, feedback, survey responses)
  • Billing information (billing contact details, transaction identifiers, plan selection)

Payment card details are processed by our payment processors. We do not intentionally store full payment card numbers.

2.2 Customer Support Content Processed Through the Service

If you connect an inbox or otherwise use initdesk for customer support, we process content and related metadata such as:

  • emails and conversations (including headers and bodies)
  • ticket details (status, timestamps, assignees, tags)
  • customer contact information included in communications (names, email addresses, signatures)
  • attachments and files submitted through the Service (where supported)

2.3 Information We Collect Automatically

When you visit our website or use the Service, we may automatically collect:

  • device and network information (IP address, browser type, device identifiers, operating system, language)
  • usage and log data (pages viewed, features used, actions taken, timestamps, referrers)
  • security and performance data (diagnostic events, error logs, crash reports)

3) Cookies and Similar Technologies

We use cookies and similar technologies:

  • for essential functionality (e.g., authentication and security),
  • for analytics to understand usage and improve the Service, and
  • for advertising measurement (e.g., measuring campaign performance and conversions), if enabled.

You can control cookies through your browser settings. Where we provide consent controls, you can also manage certain cookie preferences there.

4) How We Use Personal Information

We use personal information to:

  • provide, operate, maintain, and secure the Service
  • create and administer accounts and organizations
  • process subscriptions, payments, and billing operations
  • communicate with you (service notices, administrative messages, support)
  • improve and develop the Service (analytics, debugging, feature testing)
  • prevent fraud, abuse, and unauthorized access
  • comply with legal obligations and enforce our terms

4.1 AI Features

If you use AI features (e.g., drafted replies or auto-tagging), we process relevant content to generate outputs. AI outputs are suggestions and may be inaccurate or incomplete; you remain responsible for reviewing and deciding what to send to your customers.

5) How We Share Personal Information

We do not rent personal information. We may share personal information in the following circumstances:

5.1 Service Providers (Subprocessors)

We use trusted service providers to help operate the Service. These providers may process personal information on our behalf, subject to appropriate contractual protections.

Examples of providers we may use include:

  • Amazon SES (email delivery)
  • Google Analytics (traffic and usage analytics)
  • PostHog (product analytics)
  • Google Ads (advertising measurement and attribution)
  • Cloudflare (CDN/DNS, security, and performance)
  • Sentry (error monitoring and performance)

5.2 Integrations and at Your Direction

If you connect third-party integrations (e.g., Slack, webhooks, email providers), we share data as needed to enable those integrations. Your use of third-party services is governed by their own terms and privacy policies.

5.3 Legal, Safety, and Compliance

We may disclose information if we believe in good faith that disclosure is necessary to:

  • comply with applicable law, regulation, legal process, or governmental request
  • protect the rights, safety, and security of 28Loops, our users, or others
  • prevent fraud, abuse, or security threats

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, consistent with applicable law and subject to appropriate confidentiality protections.

6) Account Status and Retention

6.1 Post-Trial Limited Access (Account Status)

After a free trial ends, account holders may still be able to log in, but the account may be placed into a limited access state that restricts certain actions (for example: sending email, replying to tickets, adding users, using AI features, or enabling integrations) until the account is upgraded. During limited access, account holders may still be able to manage billing and delete their account.

6.2 Retention and Deletion

We retain personal information for as long as reasonably necessary to provide the Service and for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Inactivity deletion (free/trial organizations). Under current settings, free/trial organizations may be deleted after 44 days without qualifying activity (30 days of inactivity + a 14-day notice period). Qualifying activity means an organization user responds to a ticket message from inside initdesk; inbound customer emails alone do not count. Paid accounts in good standing are not deleted solely due to inactivity.

Customer deletion. Account holders may delete their organization (where that functionality is provided in the product). If deletion is completed, the organization's data is removed and generally cannot be recovered.

Backups and legal retention. We may retain limited information where necessary for legal compliance, security, fraud prevention, dispute resolution, and/or in backups and archives for a limited period consistent with our operational practices and applicable law.

For more details on account rules and deletion mechanics, see our terms of service.

7) International Data Transfers

28Loops is based in the United States, and we and our service providers may process and store information in the United States and other countries. If you access the Service from outside the United States, your information may be transferred internationally. Where required by law, we use appropriate safeguards for cross-border transfers.

8) Security

We implement reasonable technical and organizational measures designed to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure. However, no system is completely secure.

9) Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, such as:

  • access and obtain a copy of your information
  • correct inaccurate information
  • delete your information
  • restrict or object to certain processing
  • data portability
  • withdraw consent (where processing is based on consent)

9.1 How to Submit Requests

To exercise rights related to information that 28Loops controls (e.g., website or account admin data), contact us at [email protected]. We may need to verify your identity.

If your request relates to messages you sent to a business that uses initdesk (i.e., our customer), please contact that business directly. We will assist our customers as required under applicable law and contract.

9.2 Marketing Communications

You can opt out of marketing emails by using the unsubscribe link in those messages. You will still receive service-related and administrative communications where necessary.

10) Children

The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact us at [email protected].

11) Third-Party Links

Our websites or Service may include links to third-party sites and services. We are not responsible for their privacy practices.

12) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by posting an updated version and updating the “Last updated” date, and where appropriate, by in-product notice or email).

13) Contact Us

28Loops
8 The Green, STE R
Dover, DE 19901
USA