PRIVACY POLICY
Last updated 22 June 2026
TrustDesk is a property-management platform used by tenants, building managers, and concierge staff. This page explains what personal data the app holds, why, and the rights you can exercise over it. It describes what the software actually does — nothing aspirational.
What we collect
- Account & profile: your email, name, phone number, unit number, and lease end date.
- Maintenance: requests you file — description, category, status, and any photos you attach.
- Payments: rent payment records (amount, due/paid dates, status, method label). We do not store card numbers.
- Move-out: move-out requests, forwarding address, and notes you provide.
- Documents: files you upload and their metadata.
- Messages: messages you send through the in-app messenger.
Why we hold it
We process this data solely to run the property-management service: authenticating you, showing your unit's information, routing maintenance and move-out requests to the right staff, recording rent status, and letting you message your building team. Access is enforced per-row by the database — you and authorized staff for your building see only what you are entitled to.
Who it's shared with
Your data stays within TrustDesk and the building staff authorized to manage your unit. It is stored in our Supabase (PostgreSQL) backend, which hosts the database and authentication. We do not sell your data and do not share it with advertising or analytics third parties.
Cookies
TrustDesk sets no advertising or analytics cookies. The only browser-stored data is the Supabase authentication session, which is strictly necessary to keep you signed in. Because there are no non-essential cookies, no consent banner is required.
Retention
Account and operational records are kept for as long as your account is active. When you erase your account (below), your profile's identifying fields are scrubbed and your login is removed. Operational records such as maintenance history are retained in anonymized form so buildings keep an accurate service record, but they can no longer be traced back to you by name.
Your rights
You can exercise these directly while signed in:
- Access & portability.
Download a complete JSON copy of your data via
GET /api/me/export(sent with your session token). It returns atrustdesk-export.jsonattachment. - Erasure.
Permanently delete your account via
POST /api/me/delete. This scrubs your profile's personal details and removes your login so you can no longer sign in. - Rectification. Correct your profile details from your account screen, or ask your building manager or our team to update them.
Security
Access is gated by authenticated sessions and per-row database policies, and the API runs behind standard request hardening and rate limiting. Connections are encrypted in transit.
Contact
Questions or requests about your data: contact@trust-desk.com.