Like you, we care about the data that we put into our tools and services. Whether you’re using this data to meet internal privacy policies, evaluate our offerings via vendor or privacy review or determine where your use case falls according to regulatory frameworks, we make it easy for you to find the information you need. The list below includes default data points captured (by product) regardless of use case. For a more comprehensive picture of your data types, use this resource in combination with your specific use case data and any resultant data types.
Please consider these points when using this list:
- Non-default, custom configurations, integrations or use of third party services may alter this list respectively.
- Your individual use case will largely determine the type, amount, and sensitivity of data you and/or your end users put into your instance(s) of the service.
- As a Data Processor for thousands of Data Controllers (i.e., Subscribers), we don’t always have insight into individual customer use cases, nor can we integrate individual tenant data policies into our service. You, as the Data Controller, are tasked with administering the data in your instance and using the tools that we provide you with to ensure your treatment of data maps to your own policies as well as regulatory frameworks within your industry.
- For more information on contractual requirements for data treatment, please see our Main Services Agreement (“MSA”). You should also refer to the Zendesk Shared Responsibility model for more information on responsibility boundaries.
This article covers the data points captured by the following Zendesk services:
- Support
- Guide
- Gather
- Chat
- Messaging
- Sell
- Talk
- Explore
- SunCo (Conversations)
- Sunshine
- Mobile Apps
- Software Development Kits (SDKs)
Default data points captured by the services (at minimum):
Support:
- Username (which may or may not be the individual's actual name).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP address as perceived by our edge architecture (which may or may not be the actual user’s originating IP address).
- Selections made within drop down menus or radio boxes.
- Any text entered into free form text fields (e.g., titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
- Date and time of events as perceived by the app.
- Any data added to Agent or Admin profiles or signatures.
- Any data digested by incoming emails (where emails are allowed for ticket instantiation).
- Any data contained in attachments.
- Owner, Admin configuration choices.
- Contact information for the instance Owner and Agents.
- Email addresses of Users.
- Any communication, setup, or integration data entered into the Side Conversation feature.
- The chosen domain name of your instance (as well as any TLS certificate data you, or a third party TLS certificate service upload, where using host mapping)
Guide:
- Any data added to Guide help center articles.
- Any data added to Guide help center article comment sections (where comments are enabled).
- Any attachments or images uploaded to the Guide help center (e.g,. comments, images, logos, article attachments, front page images, etc.).
- Any custom code added to the Guide help center.
Gather:
- Any topics or posts added to the Gather community
- And attachments or images added to Gather topics or posts.
Chat:
- Username (which may or may not be the individual's actual name), or visitor number where unauthenticated End Users are allowed.
- Email of the End User (which may or may not be the actual email when unauthenticated Chats are allowed). Please note that unauthenticated (i.e., anonymous Chats will begin even when no username or email is submitted by the End User).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP address as perceived by our edge architecture (which may or may not be the actual originating IP address)
- Country and City associated with said IP address.
- Any text data added to the Chat window.
- Operating System (OS) and version used by Chat End User(s).
- End User's device type.
- Browser and version of the Chat End User.
- Date and time of events as perceived by the application.
- Any data in attachments, Owner or Admin configuration choices.
- Owner’s contact information.
- Any data collected by custom fields when created via Software Developer Kit (SDK).
Messaging (Workspace + Bot)
- Username (which may or may not be the individual's actual name).
- IP address of users as perceived by the edge architecture (which may or may not be the actual user’s originating IP address).
- Country and City associated with said IP address.
- Choices made within drop down menus or radio boxes.
- Any text entered into free form text fields (e.g.,titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
- Date and time of events as perceived by the app.
- Any data digested by incorporated channels (e.g, email, chat, voip, Instagram, etc.).
- Any data contained in attachments.
- Email address of users.
- Operating System (OS) and version used by a user.
- User’s device type and model.
- Browser and version of a user.
- Any workflows or bot configurations created with Flow Builder.
- User unique identifier (this could be the user’s email address, or a business defined identifier - not controlled by Zendesk). This is referred internally as an external_id.
- Zendesk Software Development Kit (SDK) version number.
- App version and app code.
Sell:
- Username (which may or may not be the individual's actual name).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP address of users as perceived by our edge architecture (which may or may not be the actual user’s originating IP address).
- Country and city associated with said IP address.
- Choices made within drop down menus or radio boxes.
- Any text entered into free form text fields (e.g., titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
- Date and time of events as perceived by the app.
- Any data added to a user profile or signature.
- Any data digested by incoming and outgoing emails (when email integration is enabled).
- Any data in calendar events.
- Any data contained in attachments.
- Owner and Admin configuration choices.
- Contact information for the instance owner and users.
- Email address of users.
- Operating System (OS) and version used by a user.
- User’s device type.
- Browser and version of a user.
- Call recordings (if enabled).
- Text messages (if enabled).
- Any data filled in for Leads, Contacts, Deals or any of associated objects (e.g. Notes, Tags, Calls) including data entered in custom fields.
Talk:
- The choice of whether or not to retain call recordings is entirely yours as a Zendesk Talk subscriber. When choosing to record calls, the content of any calls will be captured and retained until either your decision to delete such calls, or your termination of account.
- Originating telephone number (caller)
- The destination number (call recipient)
- The country of origin for the call (as determined by number).
- The user name or ID of agent answering (which may or may not be the actual person's name).
- Duration of call.
- When choosing to record custom greeting messages or privacy warnings, the content of such recordings will be captured and retained until deleted by Subscriber, or upon termination of account.
Explore:
Use of the Explore product primarily entails the analytics of data already existing within a Subscriber’s Support instance. Additional data points include:
- Any new names and/or email addresses added as dashboard export recipients
- Any text used for custom dashboard titles or search queries
- Any images uploaded to dashboards.
Sunshine Conversations (SunCo):
- Name, Email, Creation Date of Sunshine Conversations Administrator
- Name, Creation Date of all created Service Accounts
- Name, Creation Date, Channel Integrations, Webhooks and API Keys of all created Apps
- External ID, Sign-Up Date and, when applicable, Given Name, Last Name, Email, Avatar URL, Locale and all elected custom user properties of all End Users using the services
- Unread Count and Read Timestamps of all Conversations
- Conversation ID, Author ID, Name, Avatar, Received Date, Channel Source, Attachment and Content of all Messages in a Conversation
- Channel Name, Conversation Title, SDK Version, User Agent, External ID, Display Name and Personal Identifiable Information of all Clients automatically generated for Users when they send Messages
- Third-party credentials and IDs, configuration and other integration metadata of all Integrations created via the Dashboard
- Triggers, Target URL and Secrets of all Webhooks
- Template Name and Message Content of Templates created for all structured Messages.
Sunshine:
In addition to what is captured in Support:
Custom Objects (if used)
- Object Types (definitions of objects) as defined here.
- Object Records (objects created based on Object Types).
- Relationship Types (definition of relationship between objects) as defined here.
- Relationship records (relationships created based on Relationship Types).
- Custom Objects Events (early access only) as defined here.
- Metadata of Custom Object Jobs as defined here.
Profiles (if used)
- Custom Profiles assigned to users as defined here.
Events (if used)
- Custom Events associated with profiles as defined here.
Mobile Apps:
Support Mobile Application
- Username (which may or may not be the individual's actual name).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP as perceived by the edge architecture (which may or may not be the actual user’s originating IP address).
- Choices made within drop down menus or radio boxes.
- Any text entered into free form text fields (titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
- Date and time of events as perceived by the app.
- Any data added to agent or admin profiles or signatures.
- Any data digested by incoming emails (where emails are allowed for ticket instantiation).
- Any data contained in attachments.
- Owner, admin configuration choices.
- Contact information for the instance owner and Agents.
- Email address of Users.
- Operating System and version used by a user.
- User’s device type.
Sell Mobile Application
- Username (which may or may not be the individual's actual name).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP of users as perceived by the edge architecture (which may or may not be the actual user’s originating IP address).
- Country and city associated with said IP (?)
- Choices made within drop down menus or radio boxes.
- Any text entered into free form text fields (titles, text boxes, ticket comment fields, satisfaction survey fields, search fields, etc.).
- Date and time of events as perceived by the app.
- Any data added to a user profile or signature.
- Any data digested by incoming and outgoing emails (when email integration is enabled).
- Any data in calendar events.
- Any data contained in attachments.
- Owner, admin configuration choices.
- Contact information for the instance owner and users.
- Email address of users.
- Operating System and version used by a user.
- User’s device type.
- Browser and version of a user.
- Call recordings (if enabled).
- Text messages (if enabled).
- Any data filled in for Leads, Contacts, Deals or any of associated objects (e.g. Notes, Tags, Calls) including data entered in custom fields.
Chat Mobile Application
- Username (which may or may not be the individual's actual name).
- Salted hash of the user's password (where passwords are chosen as the authentication mechanism).
- IP as perceived by the edge architecture (which may or may not be the actual originating IP address).
- Country and City associated with said IP.
- Any text data added to a Chat conversation.
- Operating System and version used by Chat end users.
- End user's device type.
- Browser and version of the Chat end user.
- Date and time of events as perceived by the app.
- Any data in attachments.
Software Development Kits (SDKs)
See here for a comprehensive list of default data types captured when using our Software Development Kits (SDKs).
Other Resources:
For concerns around data privacy within Zendesk services, refer to our Security page, Trust Center, In-Product Cookie Policy, and our Main Services Agreement.