Zendesk is committed to building responsible AI across our trusted products and solutions. Zendesk AI is built on our foundational principles of privacy, security, accuracy, transparency and customer control.

AI development

Zendesk develops our AI solutions both internally, by building customized solutions based on our industry-leading expertise in customer service, and by integrating with vetted large language models (LLMs).

Proprietary Models

Zendesk develops our own AI models to meet the nuanced and specific needs of our customers. These models may be trained on customer data to the extent instructed by the customer. Zendesk takes steps to protect data used for model training, including applying data minimization principles, data sanitization techniques, and implementing the same robust technical and organizational controls we apply to all data within our stewardship (see our Enterprise Security Measures). 

LLM Integrations

Zendesk unlocks the power of generative AI in our solutions by integrating with reputable third-party LLMs. Before deploying an LLM in Zendesk, we ensure that all customer data processed through the LLM continue to be protected by Zendesk’s robust security requirements. We also rigorously test all prospective LLMs against relevant criteria, such as accuracy, bias, and safety. No LLM is ever deployed within Zendesk without going through these processes.

Privacy

The Zendesk Resolution Platform is designed with privacy at the forefront. Not only do we build solutions to resolve customer and employee service issues, we also invest heavily in building state-of-the-art privacy-enhancing solutions.

Data Minimization Features

Zendesk offers ticket and end-user data deletion schedules right out of the box, regardless of plan. For Advanced Data Privacy and Protection customers with more nuanced data deletion requirements, Zendesk also offers advanced data retention policies, allowing customers to create conditional deletion schedules.

Additionally, all Zendesk customers have access to standard redaction capabilities, so that sensitive ticket content can be permanently redacted. Advanced Data Privacy and Protection customers also have access to our AI-powered redaction suggestions feature, which automatically highlights certain types of data within tickets for agents to quickly redact.

Notice and Consent Features

Zendesk’s privacy layer goes a step beyond data minimization – we also offer features to support GDPR compliance, including native notice options seamlessly embedded into our tools.

For Voice customers, Zendesk offers advanced options for providing notice and/or collecting consent from customers calling service lines. Customers can choose from a simple greeting or require proactive consent to proceed – and all greetings provide standard scripts or can be customized to fit a company’s voice.

For Messaging customers, Zendesk seamlessly embeds a native privacy notice option for customers to surface their legal terms to end-users submitting chats. This allows chat users to be immediately informed of customer privacy practices, deflecting common privacy challenges.

Security

Zendesk views protecting customer data as fundamental to responsible AI development, and has built a robust AI security program. Not only does Zendesk undergo routine security audits and receive certifications from ISO and FedRAMP, but we have developed an AI governance program modeled on the NIST AI Risk Management Framework. This program integrates technical controls, employee policies, AI impact assessments, rigorous testing, and ongoing monitoring into a holistic governance program overseen by company leadership.

The below table provides additional information about specific commitments applicable to both our own models and third-party LLMs:

Proprietary Models	LLM Integrations
Regional data hosting (with ability to host in US, UK, Ireland, Germany, Japan, and Australia)	Regional data hosting (with ability to host in US, EEA/Switzerland)
Data hosted within Zendesk’s SOC 2 certified AWS cloud environment	Zero data retention – no data is hosted by a third party beyond the ephemeral time necessary for the model to provide a response
Customers control whether their data is used for model training	Customer data is never used for model training
Supports customer HIPAA compliance (customers can sign BAA with Zendesk here)	Supports customer HIPAA compliance (signed BAA with Zendesk)

Transparency and Explainability

Transparency is a cornerstone of AI trust. AI-generated responses which are surfaced directly to end-users are identified, so there it is always clear whether your users are interacting with a human or AI.

We are open about how our AI works, including which data we collect and how it is used. Customers have visibility into AI predictions to guide informed automation decisions. Each AI intent, sentiment, or suggested macro prediction comes with a confidence score, enabling leaders to automate with precision and involve human oversight when needed. For customers using AI Agents - Advanced, Zendesk goes a step further and provides the logic behind an AI agent’s actions, so that customers can understand how AI works and continuously iterate and improve. This transparency builds the foundation of trust between our technology and our customers, ensuring responsible, ethical AI usage.

Zendesk also offers a native AI-powered quality assurance tool that continuously monitors outputs for accuracy, relevance, and quality, so that customers have the information they need to make informed decisions and continuously improve their AI deployments.

Customer Control

Customers always remain in control over when and how they choose to leverage generative AI technology. For example, Copilot AI features are grouped in a centralized AI hub and identified to admins, who have the ability to disable (and re-enable) any feature at their discretion. Generative AI features are also labeled in the Admin Center so that customers know exactly when this technology is deployed, and can disable if they so desire.

Zendesk AI is also designed to accommodate varying degrees of AI adoption based on customer industry or use case. For example, certain customers may prefer leveraging Copilot auto assistance features, which enable AI tools to improve agent productivity but still require human review before interacting directly with end-users. Other customers may wish to deploy next generation AI Agents, powered by agentic AI, to interact directly with end-users based on business procedures. Or a customer might wish to experiment and gradually increase AI automation over time.

Zendesk also ensures that AI outputs surfaced to customers are grounded in customer-defined materials like procedures, policies, and knowledge sources. We use the latest technology like RAG (short for Retrieval Augmented Generation) to ensure that customers remain in control of how AI responds in different scenarios.

Customers are also in control of their data. Not only can they delete and/or redact data in their instances, but they can decide whether or not their data can be used for product improvement purposes.
 

Legal

Zendesk understands that the legal landscape surrounding AI is evolving, but our principles-based approach to AI product design and development enable us to easily adapt to change. At our core, our tools empower customers to meet fundamental principles like data minimization and transparency.

To ensure that we remain on the forefront of the AI regulatory conversation, Zendesk actively participates in the Business Software Alliance, a leading industry policy and advocacy group. This allows Zendesk to stay informed about global AI regulatory developments while also educating legislators about how AI is deployed in our industry and where we see the most significant risks and opportunities for lawmaking.

Zendesk has reviewed new AI policy developments including the EU AI Act, the Colorado Protections for AI Act, and Korea’s AI Basic Act to ensure that Zendesk and our customers are prepared to comply with applicable requirements when they come into effect.

Our observation is that the global AI regulatory trend appears to be coalescing around a risk-based framework, with the majority of legal obligations applying only on AI systems deemed to be “high-risk”. Customer interaction and agent productivity features offered by Zendesk are generally not viewed as “high-risk,” and indeed chatbots have been specifically referenced as an example of a limited risk AI system under the EU AI Act (subject primarily to transparency requirements which Zendesk already meets). We encourage customers to conduct their own impact assessments in light of their specific industries and use cases.