Last updated: July 10, 2026
Overview
RockDesk is a self-hosted remote desktop solution. We are committed to protecting your privacy and handling your data with transparency. This policy describes what information we collect through the RockDesk client software and the rockdesk.io website, and how we use it.
Information We Collect
We collect the minimum information necessary to provide and improve our services:
- Account information — Email address used for registration and login verification.
- Device information — Device ID (randomly generated), operating system, hostname, and basic hardware info (CPU, memory). This is transmitted via periodic heartbeat to the server your device is registered with.
- Connection metadata — Connection timestamps, peer IDs, connection type (P2P or relay), and duration. Used for audit logging and troubleshooting.
- Payment information — Processed entirely by our payment provider (Paddle). We do not store your credit card numbers or bank details.
- Website analytics — Standard web server logs (IP address, browser type, pages visited). The rockdesk.io website is served through Cloudflare, which may set cookies for security and performance purposes.
Information We Do NOT Collect
- Screen content — Remote desktop sessions are end-to-end encrypted (AES-256-GCM). We cannot see, intercept, or record the content of your sessions.
- File transfers — Files transferred between devices are encrypted end-to-end. We have no access to their contents.
- Device passwords — Your device access passwords are stored locally on your device, never transmitted to us in plaintext.
- Keystrokes or clipboard — Input data within remote sessions is encrypted end-to-end and is not accessible to us.
Self-Hosted Deployments
If you deploy RockDesk on your own infrastructure (Enterprise / Self-Hosted plan), all data — including connection metadata, device information, session recordings, and audit logs — stays entirely on your servers. RockDesk software does not phone home or transmit data to us. You are the data controller and processor; this privacy policy does not apply to data processed on your own servers.
How We Use Your Information
- Service delivery — Authenticate your account, manage device licenses, route connections through our relay network.
- Security — Detect abuse, enforce rate limits, prevent unauthorized access.
- Support — Diagnose connection issues and respond to your inquiries.
- Billing — Process payments and manage subscriptions through Paddle.
Data Sharing
We do not sell your personal data. We share information only with:
- Paddle — Our payment processor, for transaction processing. Paddle's privacy policy applies to payment data.
- Cloudflare — Our CDN and DDoS protection provider, which processes web traffic to rockdesk.io.
- Legal obligations — When required by law, regulation, or valid legal process.
Data Retention
Account data is retained while your account is active. Connection logs are retained for up to 90 days. You may request deletion of your account and associated data at any time by contacting us.
Security
All remote desktop sessions use end-to-end encryption (AES-256-GCM with X25519 key exchange). API communications use TLS. Account passwords are hashed with Argon2. We follow industry best practices to protect your data at rest and in transit.
Your Rights
You have the right to access, correct, or delete your personal data. You can export your data or request account deletion. To exercise these rights, contact us at the email below.
Children's Privacy
RockDesk is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this policy from time to time. Material changes will be announced on our website. Continued use of RockDesk after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or your data, contact us at: [email protected]