Overview
TeamsDesk (by Query Minds LLC) is a multi-tenant help desk solution integrated with Microsoft Teams. This policy explains what we collect, how we use it, and the choices you have. It applies to all users of the TeamsDesk service and the teamsdesk.queryminds.com website.
Information we collect
- Identity & access: Tenant and user identifiers from Microsoft Entra ID (Azure AD) for authentication and authorization.
- Product data: Ticket content, attachments, comments, and related metadata generated by users and agents.
- Mailbox data: Email content and metadata necessary to convert Outlook messages into tickets.
- Telemetry: Diagnostic and performance signals to maintain reliability and improve the service. This data is aggregated and does not identify individual users.
- Billing data: Payment and subscription information processed by our payment provider (Stripe). We do not store full card numbers on our systems.
How we use data
- Provide, operate, and support the TeamsDesk service inside Microsoft 365.
- Secure access, enforce permissions, and detect abuse or misuse.
- Improve product performance and reliability based on aggregated telemetry.
- Provide customer support and troubleshoot issues you report.
- Process payments and manage your subscription.
We do not sell your data
Query Minds LLC does not sell, rent, or trade your personal data or your organization's data to any third party for any purpose. We do not use your data for advertising. This applies to all customers regardless of location, including California residents under CCPA.
Data processing & storage
- Hosting: Microsoft Azure (compute, storage, database). Data is stored in Azure regions in the United States unless a specific region is agreed upon in writing.
- Encryption: TLS 1.2+ in transit and AES-256 at rest.
- Data stores: Azure SQL Database and Azure Blob Storage with automated backups and role-restricted access.
Subprocessors
We use the following third-party subprocessors to operate the service. Each is bound by data protection obligations consistent with this policy.
| Provider | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting, compute, database, storage | United States |
| Microsoft 365 | Authentication (Entra ID), Teams integration, Outlook intake | United States |
| Stripe | Payment processing and subscription management | United States |
We will update this list when subprocessors are added or removed and will notify customers of material changes per the Policy changes section below.
Security
We support Entra ID SSO and MFA. Access to production systems is restricted to authorized Query Minds personnel under the principle of least privilege. We monitor and log access, apply change-management practices, and review access controls regularly. In the event of a data breach affecting your organization, we will notify you without undue delay and in accordance with applicable law.
Data retention
We retain customer data for the duration of your active subscription. After subscription termination or expiration, we retain your data for up to 90 days to support data export, billing disputes, and reactivation. After this period, data is permanently deleted from production systems and backups on a rolling schedule.
You may request earlier deletion in writing by emailing privacy@queryminds.com. Certain data may be retained longer where required by law or for legitimate business purposes such as fraud prevention.
GDPR & data roles
For customers in the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR may apply.
- Your organization is the Data Controller — you determine the purposes and means of processing personal data within TeamsDesk (e.g., what tickets are created, who has access).
- Query Minds LLC is the Data Processor — we process personal data on your behalf, strictly according to your instructions and this policy.
- Customers who require a Data Processing Agreement (DPA) for GDPR compliance may request one by emailing privacy@queryminds.com.
Your rights
Depending on your jurisdiction, you or your users may have the right to:
- Access personal data we hold about you
- Correct inaccurate personal data
- Request deletion of personal data (“right to be forgotten”)
- Export personal data in a portable format
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
To exercise these rights, email privacy@queryminds.com. We will respond to verifiable requests within 30 days (or the timeframe required by applicable law).
Policy changes
We may update this policy from time to time. We will update the “Last updated” date at the top of this page when changes are made. For material changes — such as new data categories, new subprocessors, or changes to retention periods — we will notify account administrators by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.
Governing law
This policy and any disputes related to it are governed by the laws of the State of Delaware, United States, without regard to its conflict-of-law provisions. Nothing in this section limits rights you may have under applicable data protection laws in your jurisdiction (including GDPR or CCPA).
Contact
Questions about this policy, your data, or to request a DPA? Email privacy@queryminds.com. We aim to respond within 5 business days.
This policy is provided for informational purposes. It does not constitute legal advice. Query Minds LLC recommends consulting qualified legal counsel for jurisdiction-specific compliance requirements.