Default Data Types Captured by the Services 

Here at Zendesk we care a lot about the types of data we put into any tool or service, and we know you are no different.  You may need to understand what data points go into your Zendesk services in order to meet internal privacy policies, get your purchase of Zendesk through privacy or vendor review, or even to determine whether or not your use of the service falls into certain regulatory frameworks.  We also know (from experience) that not all tools make this easy.  With this in mind, we’ve created a list of data points (categorized by product) which are captured regardless of what your individual use case would be.  For the full picture of your data types, use this list in conjunction with your specific intended use case and resultant data types.

Please keep in mind a few points when using this list:

• Non-default or custom configurations, integrations or use of third party services may alter this list
• Beyond these default data types, your individual use case will largely determine the type, amount, and sensitivity of data you and/or your end users put into your instance(s) of the service.
• As a Data Processor serving many thousands of Data Controllers (our Subscribers), we do not always have insight into individual customer use cases, nor can we integrate individual tenant data policies into our service.  You, as the Data Controller, are tasked with administering the data in your instance and using the tools we provide you to ensure your treatment of data maps to your own policies as well as particular regulatory frameworks within your industry may have to adhere to.
• For more information of our contractual requirements for treatment of your data, please see our Master Subscription Agreement (“MSA”) and for more information on responsibility boundaries, please refer to the Zendesk Shared Responsibility model.

Data points captured by the services will at a minimum be:

SUPPORT / GUIDE

1. Username (which may or may not be the individual's actual name).
2. Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
3. IP as perceived by the edge architecture (which may or may not be the actual user’s originating IP address).
4. Any data added to Guide help center articles.
5. Any data added to Guide help center article comment sections (where comments are enabled).
6. Choices made within drop down menus or radio boxes.
7. Any text entered into free form text fields (titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
8. Date and time of events as perceived by the app.
9. Any data added to agent or admin profiles or signatures.
10. Any data digested by incoming emails (where emails are allowed for ticket instantiation).
11. Any data contained in attachments.
12. Owner, admin configuration choices.
13. Contact information for the instance owner and Agents.
14. Email address of Users

CHAT:

1. Username (which may or may not be the individual's actual name), or visitor number where unauthenticated end users are allowed.
2. Email of the end user (which may or may not be the actual email when unauthenticated Chats are allowed). Please note the unauthenticated i.e. anonymous Chats will begin even when no username or email is submitted by the end user.
3. Salted hash of the user's password (where passwords are chosen as the auth mechanism).
4. IP as perceived by the edge architecture (which may or may not be the actual originating IP address).
5. Country and City associated with said IP.
6. Any text data added to the Chat window.
7. Operating System and version used by Chat end user.
8. End user's device type.
9. Browser and version of the Chat end user.
10. Date and time of events as perceived by the app.
11. Any data in attachments.Owner, admin configuration choices.
12. Owner’s contact information.
13. Any data collected by custom fields where created via Software Developer Kit (“SDK”).

TALK:

1. The choice of whether or not to retain call recordings is entirely your choice as a Zendesk Talk subscriber.  When choosing to record calls, the content of any calls will be captured and retained until either your decision to delete such calls, or after your termination of account.
2. Originating telephone number (caller).
3. The destination number (call recipient).
4. The country of origin for the call (as determined by number).
5. The user name or ID of agent answering (which may or may not be the actual person's name).
6. Duration of call.
7. Where choosing to record custom greeting messages or privacy warnings, the content of such recordings will be captured and retained until deletion.

EXPLORE:

Use of the Explore product primarily entails the analytics of data already existing within a Subscriber’s Support instance.  Additional data points would be:

1. Any new names and/or email addresses added as dashboard export recipients.
2. Any text used for custom dashboard titles or search queries.

Other Resources:

For concerns around data privacy within the Service, we advise taking a look at our Security page, Data Privacy and Protection pages, In-Product Cookie Policy, and our Master Subscription Agreement.