We understand that some of our customers might be subject to COPPA, so if you are required to comply with the COPPA regulations, then you have probably already appropriately updated your policies and processes. This article provides practical tips for how you can avoid collecting personal information for each of the Zendesk Embeddables (Web Widget, Support SDKs, and Chat SDKs) without interfering with your COPPA compliance program if a child contacts you in your mobile app.
This article is not intended to provide you with legal advice on whether and how you are required to comply with COPPA and related regulations. Instead, this article is meant to provide you with functionality suggestions when using our services so as to not interfere with your compliance with COPPA and its requirements.
This article covers the following:
Defining a few terms
Here’s a list of the abbreviations or specific terms in this article.
- Agent: A person acting on behalf of the support manager, using Zendesk to handle support queries from end-user.
- API: Application programming interface.
- App: A piece of software designed to run on a device. In the context of this article, an app could run on the web or natively on the Android or iOS platform.
- COPPA: Children's Online Privacy Protection Act.
- End-user: The person using your service or website, and who might request support or browse your Help Center.
- JWT: JSON Web Token, a method of authentication between Zendesk and your own user identity management/authentication service.
- SDK: Software development kit, designed to make it easier for you to build your application using Zendesk functionality.
- UI: User Interface, the visual element of your app, with which your end-user interacts.
- Zendesk Chat: The chat service by Zendesk, used for end-User to agent real time text chat.
The Web Widget enables you to embed Help Center search and articles, ticket creation, and live chat (Zendesk Chat) on your website.
There are two options that, when enabled, allow your end-users to contact you: contact form and chat. You can access these settings in your Zendesk by going to Admin > Channels > Widget. See Configuring the components in your widget.
Contact form option
If you have the contact form option enabled, the end-user’s email address is a required field because it is the only way to respond. To avoid collecting the data of minors, you should not use the Web Widget for creating tickets. You should disable this option.
If you have the chat option enabled, the Web Widget will respect the settings you have configured in Zendesk Chat. See the next section about Zendesk Chat widget.
Zendesk Chat Widget
The Zendesk Chat widget enables you to embed live chat on your website.
Pre-chat form and visitor profile
By far the easiest way to ensure that no personal information is collected is to disable the pre-chat form and visitor profile. When configured in this way, the Zendesk Chat widget does not ask for any information, but instead initiates an anonymous chat when the end-user clicks it.
To disable the pre-chat form and visitor profile:
- In settings, click Widget, then click the Forms tab.
- In the Visitor Profile and Pre-Chat Form sections, click Off to turn those options off.
- Click Save Changes.
If you need to use the pre-chat form (eg. to set the correct department for the chat) then it is possible to make the identity not required. The option to provide the information is, however, still displayed to the end-user, and so may not be suitable for your COPPA compliance requirements. If the fields are filled in, the information will be stored.
If setting fields to simply ‘not required’ meets your unique needs, you can do so easily. To make these fields not required, in the Pre-Chat Form settings, ensure that the Require Identity option is deselected.
When you are outside of your working hours, or you have no agents signed in, there is the option to accept offline messages. When enabled, this requires end-users to provide their name and email address.
Offline messages can be disabled if you do not wish to collect this kind of information. Instructions on how to manage offline messages are here, and you can disable them.
End-users have the option to request a copy of the chat transcript. To do this, they must supply their email address. This email address is not recorded against the end-user profile, and is used only to service the request for the transcript.
The Support SDK enables you to add Help Center search and articles, ticket creation and updates, and ‘Rate My App’ functionality into your Android and iOS apps.
A note on price plans
On the Essential plan, the Conversations feature is not available. It is not possible to create tickets without the end-user providing an email address.
If you would like to use the features detailed in this section, you should consider upgrading your plan to Team or above. Find out more about our plans here.
When creating tickets, you might want to avoid collecting personal information. There are two authentication methods available when using the Support SDK, and both authentication types enable you to set some basic identifying parameters.
- JWT authentication: This enables you to identify end-users from your own database of users, and this information is required for the end-user to proceed. If using JWT authentication, no special treatment is required.
- Anonymous authentication: This does not require details from the end-user, but will accept them if provided. If using anonymous authentication, enabling COPPA configuration prevents the name and email address from being recorded even if they are provided. External ID will be allowed (more on identifying parameters is here for Android, and here for iOS).
Enabling COPPA configuration in your code
You can find instructions in our developer documentation on how to update your code. Android instructions are here and iOS instructions are here. Both include code snippets.
The implementations for both are very similar. Adding one line of code activates the COPPA functionality and causes name and email address to be ignored.
Keeping your users informed
If you do not collect your end-user’s email address, you will need a way to share ticket updates with them in your app. To do this using the Support SDK, ensure that the Conversations feature is enabled in your app settings in Zendesk.
Note: Conversations are not available on the Essential plan.
To enable Conversations:
- In Zendesk, click the Admin icon in the sidebar, then select Channels > Mobile SDK.
- Click the app you want to update, then click the Customization tab.
- Click the toggle next to Conversations to On, then click Save.
If you are using the Support SDK’s default UI with Conversations enabled, the ability to create, view, and update tickets is included in that UI already. If you are using providers (Android, iOS) and your own interface, make sure that you build your UI to include these features. This will avoid breaking communication lines with your end-users if you intend to reply.
For push notifications, the Zendesk service supports Urban Airship (Android, iOS) and the Webhook API (Android, iOS). You can set this up in the admin settings of your Zendesk (Admin > Support SDK > Your App > Customization > Push Notifications).
The Chat SDK does not currently offer features for COPPA compliance. However, this is planned as part of a later release.