Legal

Privacy Policy

Effective May 6, 2026 · Plain-English version

Diagnodesk is built around a simple idea: run once, report, leave. This policy explains exactly what data the Diagnodesk client and dashboard collect, why, and what we do (and don't do) with it.

01Who we are

Diagnodesk LLC ("Diagnodesk," "we," "us") is a New Jersey limited liability company with offices at 99 Wall Street, #1717, New York, NY 10005. We operate the Diagnodesk website, dashboard, and desktop client (collectively, the "Service").

For purposes of GDPR, Diagnodesk is the data controller for personal data submitted directly to our website and dashboard, and a data processor for diagnostic data your employer asks the client to collect from a hire's machine.

02What we collect

From you (the IT or People Ops user)

  • Account info: name, work email, company, role.
  • Billing info: handled by our payment processor; we receive the last 4 digits, brand, and country of the card. We never see the full number.
  • Usage logs: IP address, browser, pages visited, timestamps, anonymized analytics events.

From the new hire who runs the client

The desktop client runs once on the hire's machine, with their consent, and reads:

CategoryExamples
HardwareModel, CPU, RAM, disk size, free disk, battery health
OSOperating system, version, locale, timezone
NetworkConnection type, public IP, DNS reachability, throughput sample
Security postureDisk encryption status, firewall status, OS update status, screen-lock policy
Required toolsWhether each app on your team's check list is installed and at the required version
Identity (optional)Hire's name and email, only if your team pre-fills the check link
What we do not collect. The client does not read documents, browser history, message contents, keystrokes, screen contents, or the full list of installed applications. It checks only the apps your team explicitly asks about, then exits.

03How we use it

  • Provide the Service (deliver readiness reports, surface remediation steps, send notification emails).
  • Operate, maintain, and improve the Service (debug errors, monitor performance, plan capacity).
  • Communicate with you about your account, security alerts, and material product changes.
  • Comply with legal obligations and enforce our Terms.

We do not sell personal data. We do not use diagnostic data for advertising. We do not train machine-learning models on customer data without explicit, separate consent.

04Who we share it with

We share data only with vendors who help us run the Service, and only what they need to do their job:

  • Cloud hosting: our infrastructure provider, for storage and compute.
  • Payments: our payment processor, for billing.
  • Email: our transactional email provider, for invites, receipts, and notifications.
  • Analytics: a privacy-focused product analytics provider, for aggregate usage metrics.

A current list of subprocessors is available on request at support@diagnodesk.com. We may also disclose data when legally required (subpoena, court order) and we will notify you unless legally prohibited.

05How long we keep it

  • Readiness reports: retained for 90 days by default, then automatically deleted. Paid plans can configure 7 to 365 days.
  • Account data: retained while your account is active and for 30 days after cancellation, then deleted or anonymized.
  • Billing records: retained for 7 years to meet tax and accounting obligations.
  • Server logs: retained for 30 days.

06Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. California residents have additional rights under the CCPA, including the right to know what we collect and the right to opt out of "sale" or "sharing" (we do neither).

To exercise any of these rights, email support@diagnodesk.com. We will respond within 30 days. We will not discriminate against you for exercising a privacy right.

07Security

We protect data with HTTPS in transit and AES-256 at rest, role-based access controls, audit logging, and an annually reviewed access policy. The desktop client is code-signed and notarized, runs without elevated privileges, and uploads results over an authenticated TLS session.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the appropriate regulators within the timeframes required by law.

08Children

The Service is intended for businesses and is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

09Changes

We may update this policy. If changes are material, we will notify account owners by email at least 14 days before the change takes effect. Continued use of the Service after the effective date means you accept the updated policy.

10Contact

Privacy questions, requests, or complaints:

Diagnodesk LLC
99 Wall Street, #1717
New York, NY 10005
support@diagnodesk.com

Last updated: May 6, 2026