Start Free
Security

Security Overview

A practical overview of how NivaDesk protects accounts, workspaces, files, business data, payments, backups, offline data, roles and security incidents.

Last updated: 17 June 2026

NivaDesk Security Overview

A practical overview of how NivaDesk protects accounts, workspaces, files, and business data.

NivaDesk is operated by EGGCRAFT LIMITED. Contact: contact@nivadesk.co.uk.

This Security Overview explains the security practices we use to help protect NivaDesk, our users, and the business data stored in workspaces. It is intended to provide transparency for customers, team members, and businesses evaluating NivaDesk.

NivaDesk is designed for small businesses, studios, makers, freelancers, and teams that need to manage orders, clients, tasks, files, notes, timelines, and team access in one place. Because this information can include personal data, customer details, files, addresses, workflow records, and business notes, we treat security as an important part of the product.

This document is not a guarantee that any system is completely secure. No online or offline system can be made risk-free. However, we use reasonable technical and organisational measures to reduce risk and protect customer data.

1. Security principles

NivaDesk is built around the following principles:

  • protect each workspace so users only access data they are authorised to view;
  • keep account access secure through modern authentication methods;
  • apply role-based permissions for team members;
  • use trusted cloud infrastructure and service providers;
  • limit access to customer data to what is needed to operate and support the service;
  • provide export and deletion options where appropriate;
  • monitor, improve, and respond to security issues as the product evolves.

2. Account security

Users may sign in to NivaDesk using supported authentication methods, such as email/password, Google sign-in, Apple sign-in, or other login options that we may support in the future.

  • Passwords are handled through secure authentication systems and are not stored by us in plain text.
  • Users are responsible for keeping their login details and devices secure.
  • Users should use strong, unique passwords and avoid sharing accounts.
  • Where supported, users should enable additional device security such as Face ID, Touch ID, passcode, or operating system account protection.
  • If a user believes their account has been accessed without permission, they should contact us immediately.

3. Workspace isolation

NivaDesk uses a workspace-based structure. Business data is organised inside workspaces, and access is controlled according to workspace membership and role permissions.

  • Users should only see workspaces they belong to.
  • Workspace data should be separated from other customers and companies.
  • Workspace owners and administrators control who can join the workspace.
  • Members who leave or are removed should no longer have access to that workspace.
  • Where applicable, security rules and database permissions are used to restrict access to each user and workspace.

4. Role-based access control

NivaDesk is designed to support different team roles so businesses can limit access according to responsibility.

  • Owner: manages the workspace, settings, team access, and key business data.
  • Member: accesses workspace features according to the permissions granted.
  • View Only: can view permitted content without editing key records.
  • Workflow Only: can focus on workflow or production information while sensitive financial information may be hidden.
  • Additional roles or permission controls may be added as the product develops.

5. Client files and uploaded content

NivaDesk may allow users to upload and manage client files, images, PDFs, documents, design files, and other business materials. Uploaded files may include metadata such as filename, file type, file size, upload date, uploader, and the related order or workspace.

  • File access is controlled according to workspace and role permissions.
  • Storage limits and upload limits may apply depending on the plan.
  • File metadata may be used to display, search, manage, audit, and secure uploads.
  • We may apply file type restrictions, file size limits, upload safety checks, or abuse prevention controls.
  • Users are responsible for ensuring they have the right to upload, store, and share any file they add to NivaDesk.

6. Cloud infrastructure and storage

NivaDesk may use trusted third-party infrastructure providers for authentication, database hosting, cloud storage, app hosting, payments, analytics, crash reporting, and email delivery.

  • We aim to use reputable providers with appropriate security practices.
  • Data may be processed or stored by service providers according to our Privacy Policy and applicable data protection terms.
  • Access to infrastructure is limited to authorised personnel or systems where needed.
  • Service providers may be listed in our Subprocessors page where applicable.
  • We review our architecture and providers as the product develops.

7. Encryption and transmission security

We use secure transmission methods where appropriate to protect data moving between user devices, our services, and third-party providers.

  • Connections to NivaDesk services should use encrypted communication where supported.
  • Payment details are processed by payment providers and full card numbers are not stored by NivaDesk.
  • Authentication providers may apply their own encryption and security controls.
  • Local device storage and offline cache security may depend partly on the user's device, operating system, and device security settings.

8. Offline mode and local data

NivaDesk may support offline access, local caching, and pending sync features. These features are designed to help users continue working when internet access is unavailable or unstable.

  • Offline data may be stored temporarily on the user's device.
  • Users are responsible for keeping their devices secure.
  • Device-level protection such as passcodes, biometrics, disk encryption, and account passwords can help protect offline data.
  • Offline sync may be affected by connectivity issues, deleted records, permission changes, or conflicting edits.
  • Offline mode is not a replacement for proper backups or secure device management.

9. Activity logs and audit information

NivaDesk may record certain activity or history logs to support transparency, troubleshooting, security, and team accountability.

  • Order history or workflow logs may record changes such as status updates, notes, file uploads, task changes, or delivery updates.
  • File audit metadata may record upload date, uploader, file size, and related workspace information.
  • Security and technical logs may be used to detect abuse, diagnose errors, and improve reliability.
  • Logs may be retained for a limited period depending on legal, technical, security, and product requirements.

10. Payments and billing security

Payments may be handled by third-party payment providers such as Stripe, Apple App Store, Google Play, or other supported platforms.

  • We do not store full payment card details ourselves.
  • Payment providers process card details, renewals, cancellations, refunds, and billing information according to their own terms and privacy policies.
  • NivaDesk may receive limited billing information, such as plan status, invoice details, subscription state, payment confirmation, or renewal status.
  • Users should manage Apple or Google subscriptions through the relevant app store account where applicable.

11. Access to customer data by NivaDesk

We limit access to customer data to situations where it is necessary to operate, maintain, secure, or support NivaDesk.

  • We do not routinely inspect customer workspace content.
  • Access may be required for troubleshooting, support, legal compliance, security investigations, abuse prevention, or service maintenance.
  • Where possible, access is limited to the minimum information needed for the purpose.
  • We do not sell customer workspace content.

12. Backups, retention, and recovery

We protect your workspace against accidental loss and technical failure on several layers, combining in-product recovery with automated infrastructure backups.

  • Trash: deleted orders are kept for 30 days and can be restored before they are permanently removed.
  • Point-in-time recovery: the workspace database can be restored to any moment within the last 7 days.
  • Automatic daily database backups, retained for two weeks.
  • A daily backup of account records, retained for 30 days.
  • The above are automatic backups that we run and use to recover the service; you do not access them directly.
  • Separately, your own export: you can download your own copy of your data at any time from Settings → Data Management. This is a self-service export you control: not part of, and not a substitute for, our automatic backups.
  • Retention periods may vary by data type, provider, plan, and legal requirements; these measures are best-effort and not a guarantee.
  • Users should still keep their own copies of critical business files: NivaDesk should not be your only backup.

13. Vulnerability and incident response

If we become aware of a security vulnerability or incident, we will assess the issue and take appropriate action based on its severity and impact.

  • We may investigate suspicious activity, abuse, account compromise, or system vulnerability reports.
  • We may temporarily restrict access, disable features, rotate credentials, or apply fixes where needed.
  • Where legally required, we will notify affected users, customers, regulators, or authorities.
  • Users can report security concerns by contacting contact@nivadesk.co.uk.

14. Customer responsibilities

Security is shared between NivaDesk and its users. Customers and users are responsible for using the service safely.

  • Use strong, unique passwords and secure login methods.
  • Protect devices with passcodes, biometrics, and operating system security updates.
  • Only invite trusted users to workspaces.
  • Remove team members who should no longer have access.
  • Assign roles carefully, especially for financial data and client files.
  • Do not upload unlawful, harmful, or unauthorised content.
  • Keep separate backup copies of critical files and business records.
  • Contact us quickly if you suspect unauthorised access or security issues.

15. Data export and account deletion

Where available, NivaDesk may allow users to export their business data or request account deletion.

  • Export options may depend on the user's role, workspace permissions, plan, and technical availability.
  • If a paid plan expires or is cancelled, users may be downgraded to a free or limited plan, but we aim to allow access to export existing business data where technically and legally possible.
  • Account deletion requests are handled according to our Account Deletion Policy and Privacy Policy.
  • Some information may be retained where required for legal, tax, accounting, security, dispute resolution, or operational reasons.

16. Security limitations

Although we take reasonable steps to protect NivaDesk, no system can be guaranteed to be completely secure.

  • Internet transmission can never be guaranteed to be fully secure.
  • Device compromise, weak passwords, phishing, shared accounts, malware, or user error can create security risks.
  • Third-party services may experience outages or security issues outside our control.
  • Users should consider their own backup, device management, access control, and privacy obligations.

17. Related policies

This Security Overview should be read together with our other legal and policy documents:

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Account Deletion Policy
  • Refund & Cancellation Policy
  • Data Processing Agreement, where applicable
  • Subprocessors page, where applicable
  • Acceptable Use Policy, where applicable

18. Contact

If you have any questions about this Security Overview or want to report a security concern, please contact:

EGGCRAFT LIMITED

141 Randolph Avenue

London

W9 1DN

United Kingdom

Email: contact@nivadesk.co.uk

NivaDesk Security Overview