← Back to MoienDesk

Privacy Notice

Last updated: 2026

1. Who we are

MoienDesk ("we", "us", "our") is the data controller responsible for the personal data described in this notice. This notice explains what data we collect, why we collect it, who we share it with, and the rights you have over your data.

2. Data we collect

  • Account data: name, email address, login credentials.
  • Content you upload: documents, invoices, receipts, and related metadata.
  • Support data: messages and attachments you send us.
  • Usage and device data: log data, IP address, browser type, device identifiers, and how you interact with the Service.
  • Payment metadata: subscription status and plan details. Card and bank details are collected and processed directly by our payment provider, Paddle — we never see your full card number.

3. Why we use your data and legal basis

  • Provide the Service (account creation, processing your documents, customer support) — performance of our contract with you.
  • Security and fraud prevention — legitimate interests in keeping the Service safe.
  • Service improvement and analytics — legitimate interests in understanding usage and improving features.
  • Legal and tax obligations (e.g. retaining invoices) — legal obligation.
  • Marketing emails, where applicable — consent, which you can withdraw at any time.

4. Who we share data with

  • Service providers / subprocessors: cloud hosting, database, authentication, analytics, and customer support tooling that help us run the Service.
  • Paddle (Merchant of Record): Paddle.com handles the sale of subscriptions, payment processing, subscription management, tax compliance, invoicing and refunds. See Paddle's Privacy Notice.
  • Professional advisers: legal, accounting, and compliance professionals where necessary.
  • Authorities: if required by law, court order, or to protect our rights.

We do not sell your personal data.

5. International transfers

Some of our service providers may process your data outside the European Economic Area. When they do, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions to protect your data.

6. Data retention

We keep your personal data for as long as your account is active and as long as needed to provide the Service. After you delete your account, we delete or anonymise your data within a reasonable period, except where we are required to retain it (for example, financial records for tax purposes).

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Request a portable copy of your data;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with your local supervisory authority (in Luxembourg, the CNPD).

We respond to verified requests within one month.

8. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and audit logging — to protect your data. No system is perfectly secure, but we work to reduce risk and respond quickly to incidents.

9. Cookies

We use strictly necessary cookies to keep you signed in and to run the Service. Where we use analytics cookies, we do so to understand product usage. You can manage cookies through your browser settings.

10. Contact

To exercise your rights or ask questions about this notice, contact us through the in-app support channel.