Privacy Policy
Last updated 15 June 2026
STOdesk (“we”, “us”) provides a customer-relationship and property-portal platform for inbound-travel trade representatives and the lodges and operators they work with. This policy explains what personal information we collect through the STOdesk web app and the STOdesk Capture mobile app, why we collect it, and the choices you have. We are committed to handling your information lawfully under the Protection of Personal Information Act (POPIA) and, where it applies, the GDPR.
Who controls your data
Each representation agency that uses STOdesk is the controller of the contact and business data it records in its own workspace. STOdesk processes that data on the agency’s behalf as its service provider. For account and billing information you give us directly, STOdesk is the controller.
What we collect
- Account details — your name, email address, and a password (stored only as a secure hash, never in plain text).
- Captures — photos you take of business cards and rate sheets, voicenotes you record, and notes you type, together with the time and any trade show you tag.
- Business records — the operator, lodge, contact, rate, and relationship information you enter to run your book.
- Technical data — basic logs (e.g. request times and error reports) needed to keep the service running and secure.
We do not collect your location, contacts, browsing history, or advertising identifiers, and STOdesk contains no third-party advertising or tracking SDKs.
How we use it
- To run the service — store your captures and records, and show them back to you in your workspace.
- To read your captures with AI — a snapped card is read into draft fields, and a voicenote is transcribed to text, so you don’t retype it (see “AI processing” below).
- To authenticate you and keep your workspace separate and secure.
- To contact you about your account, security, and material changes to the service.
We do not sell your personal information, and we do not use your business records to train AI models.
AI processing
When you ask STOdesk to read a card or transcribe a voicenote, that single image or audio clip is sent to our AI sub-processors — Anthropic (to read the card) and OpenAI (to transcribe the audio) — solely to return the text to your workspace. Under our agreements with these providers, your content is not used to train their models. If you would rather not use AI, you can fill in captures by hand instead.
Who we share it with
We share data only with the service providers that operate STOdesk for us, each under a data-processing agreement:
- Supabase — database, file storage, and authentication.
- Vercel — application hosting.
- Anthropic — reading card photos into text (only when you use that feature).
- OpenAI — transcribing voicenotes (only when you use that feature).
We may also disclose information if required by law, or as part of a merger or acquisition, in which case we will tell you. Your workspace’s business data is never shared with another agency on STOdesk.
Where it’s stored and how it’s protected
Data is stored on our providers’ infrastructure and may be processed outside South Africa, including in the United States and the European Union, under appropriate safeguards. Access is restricted by per-agency isolation enforced in the database, passwords are hashed, and traffic is encrypted in transit.
How long we keep it
We keep your data for as long as your account is active. Deleted captures are held briefly in a recovery window so you can undo a mistake, then permanently removed. If you close your account, we delete or anonymise your personal information within a reasonable period, except where we must retain it to meet a legal obligation.
Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal information, and you may object to or restrict certain processing. To make a request, contact us at the address below. You also have the right to lodge a complaint with the Information Regulator (South Africa) or your local data-protection authority.
Children
STOdesk is a business tool and is not intended for anyone under 18.
Changes
We’ll update this policy as the service evolves and revise the “last updated” date above. Material changes will be communicated to account holders.
Contact
Questions or requests: privacy@stodesk.io.