Privacy Policy — Project Desk by Atlier

Effective date: June 24, 2026 Last updated: June 24, 2026

This Privacy Policy explains what data Project Desk collects, why we collect it, who it is shared with, and the choices you have. It is written to be honest about what the service actually does — you can export your data and delete your account yourself, any time, from Settings (see "Your choices and deletion").


1. Who we are

Project Desk is a hosted, AI-first project and work-management "desk." You connect to it from an AI client (such as Claude Desktop or Codex Desktop) through a remote MCP connector, or directly over our HTTP API, and the AI reads and writes your work items (projects, issues, and returns) on your behalf.

Contact

For privacy questions, data-access requests, or deletion requests, contact:

Email: wildsdesign@gmail.com


2. What data we collect, and why

We collect three categories of data. We collect only what the service needs to sign you in, to store the work you create, and to keep the AI connector working.

a) Account and profile data (from GitHub or Google)

When you sign in, you authenticate directly with GitHub or Google using OAuth. We do not run a password system and we never see your GitHub or Google password. From your sign-in we receive and store:

We also generate an internal account id for you, which is the key that scopes all of your desk content to you.

*What we do not store from your profile: we do not* store your profile photo / avatar. We request only the minimal scopes needed to read your verified email and name (read:user user:email for GitHub; openid email profile for Google), and we read only your id, email, email-verification status, and name. The short-lived access token that GitHub or Google issues during sign-in is used once, in-request, to fetch that profile and is never saved.

Why: to identify you, to keep one account per person, and to display your name. This is necessary to provide the service you asked for.

b) The desk content you create

This is the substance of the service — the work items you (or the AI acting on your instructions) create and edit:

The title, body, shape, next-move, and context fields are free-form. They contain whatever you type or whatever the AI writes at your direction. This is your personal and work content.

Why: to store and display your work, and to let the AI connector read and update it on your behalf. This is the core function of the service.

c) Sign-in, session, and connector artifacts

To keep you signed in and to operate the AI connector securely, we store and use:

Connector access and refresh tokens are not stored. They are stateless, cryptographically signed (HMAC) tokens that carry your account id and an expiry (access tokens last about 1 hour; refresh tokens about 30 days). Because they are stateless, we cannot individually revoke a token before it expires. If you believe a token has been exposed, contact us — see "Security limitations you should know."

Why: to authenticate you, keep you signed in, and let approved AI clients connect securely.

d) Operational logs

Our hosting platform (Azure App Service) keeps standard request and console logs (for example timestamps, request paths, and error diagnostics) for reliability and troubleshooting. We do not run analytics, advertising, or tracking software, and we do not maintain a separate behavioral profile of you.


3. Legal basis and purpose

Where data-protection law (such as the EU/UK GDPR) applies, we rely on the following bases:

We do not use your data for advertising, and we do not sell it. See "What we do not do."


4. Subprocessors and third parties

We share data only with the service providers needed to run Project Desk. Each receives only what its function requires.

SubprocessorRoleWhat it receives
Microsoft AzureHosting (App Service) and database (Azure Postgres), region East US (United States)All stored data lives here: your account/profile data, your desk content, and the connector/authorization records described above.
GitHubAuthentication (sign-in) onlyThe OAuth exchange needed to verify you. We send the authorization code/token to GitHub's endpoints and receive back your verified email, GitHub account id, and name. No desk content is sent to GitHub.
GoogleAuthentication (sign-in) onlyThe OAuth exchange needed to verify you. We send the authorization code/token to Google's endpoints and receive back your verified email, Google account id, and name. No desk content is sent to Google.
Anthropic (and any AI client you connect)The AI client you use Project Desk fromWhen you use Project Desk through Claude Desktop, Codex Desktop, or a similar client, your prompts and the tool calls that read or write your desk pass through that AI client's product. This is inherent to using an AI connector. The data handling on that side is governed by that provider's privacy policy, not this one.

We do not currently use any analytics, advertising, payment, email, or tracking subprocessor.


5. Storage, security, and isolation

Security limitations you should know

We want to be straight with you about what is and is not in place today:


6. Data retention


7. Your choices and deletion

You have control over your data:

Depending on where you live, you may have additional rights (for example under the GDPR or under U.S. state privacy laws such as the CCPA/CPRA) — including the right to access, correct, delete, or port your data, and to object to certain processing. To exercise any of these, contact us. We will not discriminate against you for exercising your rights.

We will verify your identity (for example, by confirming control of the email tied to your account) before acting on an access or deletion request.


8. What we do not do


9. International data transfers

Project Desk is hosted in the United States (Azure, East US). If you access the service from outside the United States, your data will be transferred to and stored in the United States, which may have different data-protection laws than your country. By using the service, you understand that your data is processed in the United States.


10. Children

Project Desk is not directed to children and is not intended for anyone under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us and we will delete it.


11. Changes to this policy

We may update this Privacy Policy as the service evolves (for example, when self-serve deletion ships, or when a new subprocessor is added). When we make a material change, we will update the "Last updated" date above and, where appropriate, provide a more prominent notice. Your continued use of Project Desk after a change means you accept the updated policy.


This policy describes Project Desk as currently operated. It deliberately avoids claiming certifications or capabilities the service does not have. Where a decision is still open, it is marked for the operator to finalize before publication.

Project Desk by Atlier · Operated by Wilds, Inc. · Privacy · Terms · Support