Privacy
Privacy
notice.
This notice covers the current DeskToilet.com website and its launch-access form. Section 6 onward describes proposed practices for Desk Toilet One, Desk Toilet Cloud, and DT Fleet. Those products and services are not yet active.
Effective July 12, 2026.
1. Current website data
DeskToilet.com is a public product-concept website. It does not use advertising pixels, behavioral analytics, account logins, or browser cookies. It does not request access to your location, camera, microphone, or contacts.
If you follow a link to another site or open an email link, that provider may process information under its own terms.
2. Launch-access requests
When you submit the form, we store your email address, the page or form that sent the request, and the submission time. We convert the address to lowercase and store it once.
We use these records to maintain the access list, measure regional interest, and contact you about pilot eligibility, configuration reviews, or substantial launch updates. The form does not collect payment information or create an order or reservation.
3. Security and operational logs
The server may process standard request information, including IP address, requested path, request time, protocol, and browser user agent. This is used to deliver the site, establish secure connections, diagnose failures, and limit abusive form submissions.
For rate limiting, the signup service converts the client network address into a one-way hash held in memory. It checks a rolling one-minute window and does not write the hash to the signup database. Server access logs rotate by file size and are not used for advertising or profiling.
5. Retention, access, and removal
We keep launch-list records while the pilot and commercialization program is active, unless you ask us to remove your address or the record is no longer needed. Rate-limit values held in memory disappear when the service restarts. Log retention varies with traffic because the files rotate by size.
Email privacy@desktoilet.com to ask whether your address is on the list, request a copy or correction, or have it removed. We may ask you to verify control of the address. Additional rights may apply where you live.
6. Proposed connected-product practices
This section describes planned product behavior. The current website does not collect this information. Desk Toilet One would calculate fill, seal, temperature, filter, battery, and service states on the device. If the owner enables Cloud sync, the service would receive those states, device diagnostics, service events, collection status, and selected account settings.
The proposed hardware has no camera or microphone. It would not create biometric profiles, estimate body weight, diagnose health, or analyze material composition. The unit would convert raw pressure readings into an occupied or unoccupied state and discard the readings locally.
The proposed retention targets are 30 days for personal event detail, 13 months for personal aggregates, and 24 months for device service records. Custody and Impact Ledger records may remain while the account is active or longer where a legal or processing-chain requirement applies. Final terms and deletion exceptions will be published before a connected service launches.
7. Proposed enterprise data domains
DT Fleet would keep three types of information separate. Personal activity includes optional session history, personal aggregates, workstation-time estimates, benchmark choice, and personal credits. It would remain in the individual account and would not be available through DT Fleet or Desk Toilet API.
Fleet operations includes battery, seal, temperature, filter, connectivity, cartridge state, inventory, and custody records. Facilities roles would see these records by asset, site, and service location. They would not receive live occupied or unoccupied state. Safety-critical faults could appear immediately.
Identity and assignment would be stored separately. A hardware administrator could assign an asset, while facilities roles would see its service location rather than personal activity. No standard role would combine named assignment with occupancy-derived history. Temporary support access that joins those records would require a reason, time limit, and audit entry.
Enterprise Collection ready status would appear at a fixed service refresh proposed twice each day, without an initiating-session timestamp. Organization-level analytics would require at least 10 participating units, 30 qualifying events, and a 24-hour delay. Individuals could disable optional personal history and choose “Do not include me in team benchmarks.”
A unit installed in a named person’s private office may still allow coworkers or facilities staff to draw conclusions from its physical location or a safety-service event. The proposed pilot would require employee notice and would prohibit using DT Fleet data for individual attendance or performance decisions. The product cannot promise anonymity against observation in the physical workplace.
8. Contact and changes
Questions or privacy requests may be sent to privacy@desktoilet.com. General product questions may be sent to hello@desktoilet.com.
We may revise this notice as the website, launch program, or applicable requirements change. The effective date at the top will identify the current version. Material changes to connected-product practices will be presented before those services are activated.