Customers sometimes enter sensitive information such as credit card numbers, social security numbers, passwords, attachments. or other sensitive information in tickets when they shouldn't. In addition to being visible to anybody with access to the ticket, the sensitive information automatically gets stored in a database with the rest of the ticket.
This article contains the following sections:
About ticket redaction
Admins and agents in custom roles with permission can redact, or remove, sensitive information found in ticket comments and attachments so that your account stays secure and compliant. This helps keep confidential information out of Zendesk. On plans without custom roles, agents with permission to delete tickets can also redact.
- In the standard agent interface, you can use the Ticket Redaction app to redact personal data in ticket conversations. To download, install, and use the app, see Ticket Redaction app in Zendesk Marketplace.
- In the Zendesk Agent Workspace, you can use native ticket redaction to redact personal data. You don’t need to install a separate app. This article describes how native ticket redaction works.
Native ticket redaction works on:
- Side conversation emails, child tickets, and Microsoft Teams messages
- Social messaging channels enabled through Sunshine Conversations
- Web and mobile messaging
- Ended chat conversations from the Agent Workspace
- Public comments
- Internal notes
- Images (attached and inline)
- Attachments (with some limitations)
- Content in archived or closed tickets for email, API, and webform channels
- Tickets created through the Sunshine Conversations SDK.
Ticket redaction does not currently support redaction of entire tickets. Also, Zendesk recommends redacting content before merging tickets. If you redact content in the original ticket after it has been merged with another ticket, the redacted content will be removed from the original ticket, but not from the merged ticket.
If you redact a Zendesk message or a message created via the Sunshine Conversations SDK, the Support ticket interface shows the redacted areas of the messaging conversation, all within the context of the unredacted content. From the customer side, the entire message is deleted.
Redaction events are noted in a ticket’s event log so customers can be aware data has been deleted. In addition, when you redact ticket content, a redacted_content tag is automatically added to the ticket. When you redact ticket content, this causes an update to be made on the ticket using the same channel associated with the content that was redacted. For example, redacting a WhatsApp comment from a ticket. This behavior can cause triggers to fire if your trigger conditions are set to look for updates on a specific channel.
Ticket redaction limitations
- Messages in an active messaging conversation or chat
- Messages stored in the Answer Bot service
- Channel framework-enabled tickets
- Tickets created from Mobile SDK
- Tickets created from Slack Business Connect
- Slack side conversations
Additional limitations include:
- Redaction for messaging tickets does not work for messages created before April 2022. If the ticket contains sensitive information, the tickets will have to be permanently deleted.
- When you redact a ticket comment sent from an email channel, Zendesk does not redact the content of the original email in the email provider's channel (such as Gmail or Yahoo). Only the text hosted in Zendesk is redacted.
- When redacting a ticket, the underlying conversation is not edited on the social messaging platform and third-party integrations. It is redacted only within Zendesk-controlled systems. This also means that an end user, depending on how they communicate with your agent, may still see unredacted content themselves when accessing a message through different channels. For example, in Facebook Messenger or a 3rd-party Chat bot.
- Redaction of messages exchanged between Answer Bot and end users is not supported.
- If triggers are configured prior to redaction taking place, redacted content may persist in the channels launched by these triggers. For example, email conversations.
- Ticket redaction for the Chat history may not be instantaneous and may be delayed by up to 10 minutes due to database replication.
- Bulk redaction is not supported.
Redacting ticket content
To redact ticket content
- Open a ticket and scroll to the conversation thread that contains the content you want to redact.
You can only redact content in one thread at a time. Not all tickets can be redacted. See Ticket redaction limitations.
- Hover your mouse over the thread to display the options menu icon ().
- Click the options menu icon () and choose Redact.
A redaction pane appears.
- Select the content you want to redact, then click Mark for redaction.
The content you want to redact is highlighted.
- Continue to select content to redact and Mark it for redaction.
You can include multiple text strings, attachments, and images as part of the same redaction.
If you mark something for redaction by mistake, click the content and select Unmark for redaction.
- When you’ve finished selecting the content you want to redact, click Redact.
The ticket is updated with the redacted content. Ticket redaction is not reversible.
When you redact ticket content, a redacted_content tag is automatically added to the ticket. You can search for this tag to get a list of redacted tickets.
Redacting ticket content in side conversations
- Microsoft Teams
- Child tickets
- The redaction is only applied to the content in the side conversation. The content isn't redacted on the external channels on which it was delivered, such as an email or Microsoft Teams message.
- When you redact content on a side conversation child ticket, the redaction only takes place on the side conversation. You must separately redact the content in the child ticket.
- The redacted_content ticket tag isn't automatically added to the ticket.
Side conversation redaction in the Agent Workspace:
Side conversation redaction in the standard agent interface:
Is it possible to receive a notification when it is possible once again to redact on messaging tickets please?
You can redact messaging tickets, provided:
Is it possible to redact PART of a picture in a ticket?
Strac (https://www.strac.io/integrations/zendesk) has an integration with Zendesk which can be configured to redact PART of a picture in a ticket or the ENTIRE picture in a ticket. Strac works with all kinds of document formats (.png, .jpeg, .pdf, .docx, and more)
This can seriously hurt our current processing. How can I turn off the ability to redact for certain roles or all agents who are not admins?
As it says at the beginning of this article, only "admins and agents in custom roles with permission" can redact ticket content. Admins can redact. But, If you don't explicitly activate that permission for your agents via a custom role, agents can't redact. The setting is off by default. See Creating custom roles and assigning agents for details.
Lisa Kelly I believe the above solution for this is only available for certain plans.
Please provide a solution for the team plan. Thanks!
Just to clarify. Agents on plans lower than Enterprise, such as Team, should not be able to redact ticket content, unless they have permission to Delete tickets. Which is what you wanted, correct? On Enterprise plans, agents can redact and only if they are explicitly granted permission via a custom role.
Lisa Kelly As an admin under the TEAM plan, I was able to use the redact option on tickets when I tested the feature. There was no way for me to test this for agents who are not admins and did not know they will not be able to use this feature (which is great news). I will complete additional testing before we are forced to complete the update to the Agent Workspace, and message back in case we are still seeing an issue with the redact feature. Thank you!
Lisa Kelly I just completed a test with a non-admin user, on our TEAM plan, and he was able to redact information in the tickets (after we were told agents should not be able to on a TEAM plan).
Can you please create a support ticket for me and have a manager contact me on this. We need to get this resolved.
We are not using Chat (we don't even have it installed) so the update to Agent Workspace is totally unnecessary. We are now in the processing of finding a work-around.
At the very minimum, to avoid issues, I expect the role set up to become available on the TEAM plan before we are forced to change to Agent Workspace, so we can eliminate the possibility of any redaction of information, since there is no way to undo the action once a redaction is done.
I'm confused. Are you using Agent Workspace or not? This article describes how to redact ticket content in the Zendesk Agent Workspace (also known as native ticket redaction). If you're not using Agent Workspace, then perhaps you are using the Ticket redaction app instead? Please contact Zendesk Customer Support to help you with your issue and figure out what's going on.
Lisa Kelly We are testing the Agent Workspace before we are forced to complete the update to Agent Workspace. We are not using any redaction app. I will contact support.
"Zendesk recommends uninstalling this app if you’re using native ticket redaction in the Agent Workspace."
We would follow the recommendation BUT there is a BUG in the 'native' redaction: Internal comments which result from a merge are excluded from redaction.
My customer is asking how the data is stored after the redaction.
Could you please share little more information about it?
That type of information is outside the scope of this public-facing article. I recommend contacting the Product Management team.
There is a spelling error in this article. See screenshot for details:
Hi Cheryl Johnson,
Thank you for catching that! I've updated the article with the correct spelling.
So what are the options for redacting from Messaging tickets? Neither the native redaction tool (in Agent Workspace) nor the Ticket Redaction App work to redact in tickets funneled to our queue from Answer Bot.
Hi Erin Rowan,
Redaction in messaging is possible, so long as the conversation has been inactive for longer than 10 minutes. The native ticket redaction doesn't work in an active messaging conversation.
In addition to this, credit card information is automatically redacted in messaging. This internal redaction feature can be controlled using the app setting
maskCreditCardNumbers.For more information, see the SunCo API documentation.
Hi Erin Rowan,
Strac Zendesk Redactor automatically redacts sensitive data from Messaging Tickets. Would love to show you a demo if interested.
Arianne Batiles thanks for getting back to me. If a Messaging conversation turns into an Email conversation (in the same ticket), how should we approach redacting info in the Messaging conversation?
Please sign in to leave a comment.