Data Processing Policy - Intercom Apps
Last updated: 27 September 2022
We understand you take your customers’ data very seriously, so we are 100% blunt on how we handle the data that you provide us with for processing, including your Intercom data. Below, please find a detailed explanation on how we access, store, and use your and your customers’ data when you use one or more of our Apps.
Please note that, in instances where we act as a data processor with regard to your or your customers’ personal data, our Data Processing Agreement (DPA) applies. The DPA is incorporated by reference to our Service Agreement.
How we access your Intercom data
In order to provide our Apps functionalities, we need to read and store a set of records and fields from your Intercom Support account. To do so, we use Intercom's secure REST API and follow best practices when accessing this API.
All the traffic between our apps and Intercom API is exchanged via HTTPS, so is 100% encrypted.
We use OAuth 2 to authenticate all our application's API requests to Intercom. OAuth provides a secure way for our application to access your Intercom data without having to store and use the passwords of Intercom users, which is sensitive information. All you have to do is authorize us to read your Intercom data. No passwords or API keys, no mess.
How we store your Intercom data
All the data is stored securely in Amazon Web Services (AWS) facilities in Europe, Ireland. This service provider meets international security standards such as ISO 27001 and SOC 1, 2 and 3.
All of our servers are within our own virtual private cloud (VPC) with firewalls and network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.
All the data stored is encrypted both at rest and in motion.
What Intercom data we read and store, and why
We read your Help Center articles and their metadata to store their content and make it available for translation.
We use the Intercom Articles API endpoint and the Help Center endpoint to read the articles data and their metadata from your Helpdesk instance. We read and store all the data returned by these API Endpoints, including: articles title and content, collections, author's name, internal IDs. In order to get the name of the author of each article, we also need access to your team member details. We use the Admins endpoint to read this information and only store the name of each team member and some non-identifiable information like internal IDs.
None of your customers or tickets data is accessed from these endpoints.
To allow you to translate articles and save the translations, we also need to ask for write access to your Help Center. This permission is only required for Help Center data, none of the other Intercom data is accessed.
We use OpenAI's API to translate Help Center articles from one language to another. While this feature is generative in nature, OpenAI will not use your data to train its models or otherwise improve its services, and your data will not be hosted by OpenAI except ephemerally for the purpose of providing the service. For more information about the processing of your data by OpenAI, please see ANNEX A in our Data Processing Agreement.