Privacy Policy
Table of Contents
Summary: TeamX is a remote desktop platform. We collect the minimum data necessary to provide the service. We do not sell your personal data. Remote session streams are encrypted end-to-end and are never accessible to TeamX staff.
1 Who We Are
TeamX ("we", "our", "us") provides a secure WebRTC-based remote desktop platform. The data controller for your personal information is TeamX Technologies. If you have questions about how your data is handled, contact us at privacy@teamx.io.
2 Information We Collect
We collect information in the following categories:
- Account data: Email address, display name, hashed password, organisation name, registration date.
- Device data: Device name, TeamX device ID, operating system, last-seen timestamp. No hardware fingerprinting.
- Session metadata: Session start/end times, duration, participant device IDs, recording status. Not session content.
- Usage data: Features used, error events, connection quality metrics (collected anonymously).
- Authentication logs: Login timestamps, IP addresses, MFA events — retained for security auditing.
- Communications: Emails you send to our support team.
We do not collect payment card data directly. Payments are processed by third-party processors subject to PCI-DSS.
3 How We Use Your Information
- Providing, operating, and improving the TeamX service
- Authenticating users and detecting fraudulent sign-ins
- Sending transactional emails (password resets, email verification, session notifications)
- Responding to support requests
- Analysing aggregated, anonymised usage to improve reliability
- Complying with legal obligations
We do not use your data for advertising or sell it to third parties.
4 Legal Bases for Processing (GDPR)
| Processing activity | Legal basis |
|---|---|
| Providing the service (account, sessions) | Contract performance (Art. 6(1)(b)) |
| Security, fraud prevention, audit logs | Legitimate interests (Art. 6(1)(f)) |
| Optional analytics cookies | Consent (Art. 6(1)(a)) |
| Legal compliance & law enforcement | Legal obligation (Art. 6(1)(c)) |
5 Data Sharing & Third Parties
We share personal data only with:
- Infrastructure providers: Cloud hosting for our servers (data processed under data processing agreements).
- Email delivery: Transactional email service for password resets and notifications.
- Payment processors: Billing handled by PCI-DSS-compliant providers. We do not store card numbers.
- Legal authorities: When required by applicable law, regulation, or valid legal process.
All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security measures.
6 Remote Session Data
This section is important for understanding what TeamX can and cannot see during remote sessions.
- Screen content, keyboard input, mouse events: Transmitted peer-to-peer via WebRTC with DTLS-SRTP encryption. These streams never pass through TeamX servers and are never accessible to TeamX staff.
- Session recordings: If you (as the host) enable session recording, the recording is stored encrypted in your account's storage. Only you (and users you grant access to) can retrieve it.
- Chat messages: Session chat is transmitted through our signaling server as relay. Chat content is not logged by default.
- Clipboard: Clipboard synchronisation is opt-in and handled peer-to-peer.
7 Data Retention
| Data type | Retention period |
|---|---|
| Account data | Until account deletion + 30 days |
| Session metadata | 90 days (Free), 1 year (Pro), configurable (Enterprise) |
| Session recordings | Until manually deleted by account owner |
| Audit / login logs | 12 months |
| Support communications | 3 years |
| Anonymised analytics | Indefinitely (no personal data) |
You can delete your account at any time from Profile > Settings. This triggers immediate deletion of personal data subject to legal retention obligations.
8 Security
- All data in transit is encrypted with TLS 1.3
- Session streams use WebRTC DTLS-SRTP (end-to-end)
- Passwords are stored as bcrypt hashes — never in plaintext
- JWT access tokens expire in 15 minutes; refresh tokens are rotated on use
- Databases are encrypted at rest with AES-256
- Access to production systems is restricted by IP allowlisting and MFA
If you discover a security vulnerability, please report it responsibly to security@teamx.io.
9 Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Restrict processing in certain circumstances
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: For processing based on consent (e.g., analytics cookies)
To exercise any of these rights, email privacy@teamx.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
10 Cookies
We use cookies and similar technologies to operate the service and, with your consent, to measure usage. See our Cookie Policy for full details and to manage your preferences.
11 Children's Privacy
TeamX is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at privacy@teamx.io and we will delete it.
12 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top. Continued use of TeamX after such notice constitutes acceptance of the updated policy.
13 Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@teamx.io
- Contact form: Contact page