KestrySign in

Privacy Policy

Last updated: 21 June 2026

1. Who We Are

Kestry is a multi-brand help desk and shared inbox platform operated by Ascendz Digital Limited ("we", "us", "our"), a business owned by Toni Martin. Kestry lets businesses ("Subscribers") manage customer support across multiple brands from one shared inbox, with email conversations, a self-serve knowledge base, and a lightweight project and task workspace.

Our platform is accessible at app.kestry.co. For privacy enquiries, contact us at: clientsupport@ascendz.co

1.1 Our Role: Controller and Processor

Our role under data protection law depends on the data in question:

  • For the personal data of our Subscribers (your account, login and billing data), we act as the data controller, and this Privacy Policy governs how we handle it.
  • For the personal data of your customers that flows through your inboxes (the contents of support emails, sender names and email addresses, attachments, and any contact details you record), the Subscriber is the data controller and Kestry acts as a data processor, processing that data only on the Subscriber's documented instructions in order to provide the service.

As a Subscriber, you are responsible for having a lawful basis to process your customers' data and for providing them with your own privacy notice. Our processing of that data on your behalf is governed by our Data Processing Agreement, which forms part of our Terms of Service.

2. Data We Collect

2.1 Account and Subscriber Data

When you register for Kestry, we collect your organisation name, email address and a hashed password. We also store your chosen subscription plan and billing information processed via Stripe (we do not store full payment card details).

2.2 Brand, Inbox and Knowledge Base Content

Configuration you create (brands, inboxes, agents, teams, saved replies, custom fields and ticket quotas) and the content you publish to your knowledge base (articles, collections and revisions) is stored on our servers and used to operate your help desk.

2.3 Conversation Data

Emails exchanged between your customers and your team are stored and associated with your account. This includes message text and HTML, sender and recipient addresses, subjects, timestamps, threading headers, file attachments, internal notes, and the conversation's status and assignment history.

2.4 Customer and Company Records

To organise support, we store the customer and company records you create or that are derived from inbound email, such as names, email addresses, the company a contact belongs to, and any custom contact properties you define.

2.5 AI Assist (optional)

Where you enable AI assist features (such as draft replies, thread summaries and task suggestions), the relevant conversation content is sent to our AI provider, Anthropic, solely to generate that output. AI assist is optional and degrades gracefully when disabled; no conversation content is sent to an AI provider when it is off.

2.6 Usage and Analytics Data

We collect aggregate usage data including conversation counts, response and resolution times, and inbox activity to display reporting within your dashboard and to improve the platform.

3. How We Use Your Data

  • To provide and operate the Kestry platform and your inboxes
  • To send and receive support email on your behalf
  • To generate optional AI assist output when you have enabled it
  • To process subscription payments via Stripe
  • To send service emails (account registration, password reset, notifications)
  • To display reporting in your dashboard
  • To enforce plan limits and per-client quotas and prevent abuse
  • To comply with legal obligations

We do not sell your data or your customers' data to any third party. We do not use your data for advertising purposes.

4. Data Sharing and Third Parties

We share data only as necessary to deliver the service:

  • Supabase: database and file storage infrastructure (EU region where available)
  • Railway: server hosting and deployment infrastructure
  • Postmark: sending and receiving of support email. Email content passes through Postmark to be delivered and to be parsed into conversations
  • Anthropic: when AI assist is enabled, the relevant conversation content is sent to Anthropic to generate the requested output
  • Stripe: payment processing. Stripe's privacy policy applies to payment data

We do not sell your personal data, and we do not share it with third parties for their own marketing or advertising purposes.

4.1 International Data Transfers

Some of the providers above are located outside the United Kingdom and the European Economic Area (EEA), in particular Postmark and Anthropic, which are based in the United States. This means that when we send or receive your support email, and when AI assist is used, the relevant content is transferred to and processed in the United States.

Where we transfer personal data outside the UK/EEA, we rely on appropriate safeguards as required by UK GDPR and EU GDPR, which may include the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), together with the data protection terms offered by each provider. You may request more information about the specific safeguards applied by contacting us at clientsupport@ascendz.co.

5. Data Retention

We retain your account data for as long as your subscription is active. Conversations you delete are moved to Trash and permanently purged after your organisation's configured retention period (30 days by default).

On account termination, your data is deleted within 30 days unless a longer retention period is required by law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain processing activities
  • Restriction: request we limit processing of your data

To exercise any of these rights, email clientsupport@ascendz.co. We will respond within 30 days. Where Kestry processes your customers' data on your behalf as a processor, requests from those individuals should be directed to the Subscriber as controller, and we will assist the Subscriber in responding.

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), bcrypt password hashing, JWT-based authentication, and strict per-tenant data isolation enforced both in application code and at the database level using PostgreSQL row-level security, so one organisation can never read another's data. File attachments are stored in object storage scoped per organisation, and database access uses a restricted role. We conduct regular security reviews.

No system is completely secure. In the event of a data breach affecting your personal data, we will notify you in accordance with applicable law.

8. Cookies

The Kestry platform uses only a functional session token, stored in your browser, for authentication. We do not use tracking or advertising cookies.

9. Children's Privacy

Kestry is intended for business use only and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Subscribers of material changes by email or via an in-platform notice. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests:

Ascendz Digital Limited / Toni Martin
Email: clientsupport@ascendz.co
Platform: app.kestry.co