Data Processing Policy
Last updated: 27 September 2022
We understand you take your customers’ data very seriously, so we are 100% blunt on how we handle the data that you provide us with for processing, including your Zendesk data. Below, please find a detailed explanation on how we access, store, and use your and your customers’ data when you use one or more of our Apps.
Please note that, in instances where we act as a data processor with regard to your or your customers’ personal data, our Data Processing Agreement (DPA) applies. The DPA is incorporated by reference to our Service Agreement.
How we access your Zendesk data
In order to provide our Apps functionalities, we need to read and store a set of records and fields from your Zendesk Support account. To do so, we use Zendesk's secure REST API and follow best practices when accessing this API.
All the traffic between our apps and Zendesk API is exchanged via HTTPS, so is 100% encrypted.
We use OAuth 2 to authenticate all our application's API requests to Zendesk. OAuth provides a secure way for our application to access your Zendesk data without having to store and use the passwords of Zendesk users, which is sensitive information. All you have to do is authorize us to read your Zendesk data. No passwords or API keys, no mess.
How we store your Zendesk data
All the data is stored securely in Amazon Web Services (AWS) facilities in Europe, Ireland. This service provider meets international security standards such as ISO 27001 and SOC 1, 2 and 3.
All of our servers are within our own virtual private cloud (VPC) with firewalls and network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.
All the data stored is encrypted both at rest and in motion.
What Zendesk data we read and store, and why
We read your Help Center articles to analyze their content, extract links and images, and make them available to you.
We use the Zendesk Articles API endpoint to read the articles data from your Help Center instance. We read and store all the data returned by this API Endpoint, including: articles title and content, sections, categories, author's name, labels, and votes. None of your customers or tickets data is accessed from this endpoint.
We read and store all the articles fields made available by Zendesk at this endpoint.
To enable Apps features such Find & Replace and Duplicate articles, we also need to ask for write access to your Help Center. This permission is only required for Help Center data, none of the other Zendesk data is accessed.
Automatic Translation
We use OpenAI's API to translate Help Center articles from one language to another. While this feature is generative in nature, OpenAI will not use your data to train its models or otherwise improve its services, and your data will not be hosted by OpenAI except ephemerally for the purpose of providing the service. For more information about the processing of your data by OpenAI, please see ANNEX A in our Data Processing Agreement.
When the analytics script is enabled and active on your Help Center, it will send traffic data to our servers for every user event such as page change or search.
Traffic data stored on Swifteq servers to enable Analytics only contains non-personal data, such as: timestamp; device type; URL; search terms; article ID; user id hash; and user email hash (an anonymized identifier that cannot reveal any personal data about the user).
The user email address, where available, is also sent to the App but ONLY stored as an anonymized hash. The raw email address or name of the user is NOT stored on our servers.
In the Help Center Analytics App, you can optionally choose to enable Integrated Analytics: analyze together the Help Center traffic data and the ticketing data from your helpdesk, i.e. comparing ticket volumes with Help Center visits to calculate the Self Service Score. When Integrated Analytics is enabled, we need to read and store a small number of standard non-sensitive fields for each Zendesk ticket and user, such as: TicketId; User ID; and Anonymized User Email Hash.
NO personal data from tickets or users are stored on our servers.
We access and use your Help Center articles to analyze their content, detect broken links and make them available to you.
We use the Zendesk Articles API endpoint to read the articles data from your Help Center instance. None of your customers’ data is accessed from this endpoint.
We read and store the following fields: article title & body, author name, dates & times, url, language, section, category, labels, votes.
Ticket Data Fields
NO personal data from Zendesk tickets (your employees or customers) will be stored on our servers. A cache service running on our servers persists the following fields for each ticket for up to 5 minutes, after which they are automatically deleted: ticket id, requester id, group id, priority, channel. Such information does not contain personal data.
App Merge Duplicates only: in order to allow for the exclusion of tickets from certain email addresses, the requester email address is also sent to the App for verification only (on the fly), but it is NOT stored in any shape or form on our servers. If, for security concerns, you don't need this field to be sent to the App, please get in touch with us.
Configuration Data
This is data that you knowingly configure in the App to exclude certain tickets from merging (groups, priority, requester emails).
NO personal data from Zendesk tickets (your employees or customers) will be stored on our servers. A cache service running on our servers persists the ticket ID while the ticket event is being processed, after which it is automatically deleted. All the other ticket data points are loaded on the fly through the Zendesk API and sent to the OpenAI API for processing ONLY when they are the object of the ChatGPT action in a workflow.
Depending on your workflows, these data points are the ticket comments from customers or agents, and will be sent to the OpenAI API as part of a ChatGPT prompt. According to OpenAI's enterprise privacy policy, OpenAI will not use your data to train its models or otherwise improve its services, and your data will not be hosted by OpenAI except ephemerally for the purpose of providing the service. For more information about the processing of your data by OpenAI, please see ANNEX A in our Data Processing Agreement.
In order to provide our rich search functionality in Zendesk, we need to read, store and index a set of records and fields from your Zendesk Support account. To do so, we use Zendesk's secure REST API and follow best practices when accessing this API.
With Answer Search, we put you in the driving seat when it comes to data handling. You have full control on what data from your Zendesk account you allow us to read and store. Obviously, this will impact the level of functionality available in the App.
Help Center Articles
We use your Help Center articles to index and make them available to your Customer Support team for fast searching and linking into an existing response.
We use this API endpoint to read the articles data from your Help Center instance. None of your customers’ data is accessed from this endpoint.
We read and store the following fields: article title & body, author name, dates & times, url, language, section, category, labels, votes.
We need the articles to provide the core functionality of our App, so loading of this data point cannot be disabled.
Tickets in Zendesk Support
We use the content of your Zendesk tickets to index and make them available to your Support team for fast searching of old answers and customer questions.
We read the tickets data using the following API endpoints:
• Search API: read the archive of old tickets; and
• Ticket Audits: read the entire conversation flow of each ticket (public and private comments).
For each ticket we (optionally) store the following data on our secure servers:
Agent Replies
This is the agent-side of the conversation, both public and private comments. For each agent message in the conversation we store:
• the content of the message;
• date & time; and
• agent name.
Loading this data point is optional and can be disabled before you connect your Zendesk account.
However, it enables an important part of the App's functionality: searching and reusing past answers from older support tickets. Our advice is to keep this enabled.
Customer Messages
This is the customer-side of the conversation: what the customer said when he created the ticket and after that. For each customer message in the conversation we store:
• the content of the message;
• date & time; and
• customer’s name.
Loading this data point is optional and can be disabled before you connect your Zendesk account.
When this data point is disabled, the loss in functionality is relatively small: your team will not be able to search for questions customers previously asked.
Standard ticket fields
We read and store a small number of standard fields for each ticket: Ticket ID; Channel, Group; Data & time; and Tags.
We think there is no privacy concern in relation to these fields and we need them to index, filter and sort the tickets data.