{"platform":"Zendesk AI","slug":"zendesk-ai","category":"CRM & Content Operations","website":"https://www.zendesk.com/service/ai","risk_rating":"medium","verification":"tracked","corpus_status":"corpus_complete","canonical":"https://aipolicycompare.com/platform/zendesk-ai","machine_url":"https://aipolicycompare.com/api/machine/platform/zendesk-ai","findings_count":157,"findings":[{"surface":"output_ownership","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Ownership : From a privacy perspective, the subscriber is the controller of Service Data and Zendesk is a processor. This means that throughout the time that you subscribe to services with Zendesk, you retain ownership of and control over Service Data in your Zendesk instance.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Ownership%20%3A%20From%20a,in%20your%20Zendesk%20instance.","char_start":36936,"char_end":37213}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r We do not “sell” our subscriber’s personal information as defined under the CCPA. We may share aggregated and/or anonymized information regarding use of the Service(s), which is not considered personal information under the CCPA, with third parties to help us develop and improve the Services and provide our subscribers with more relevant content and service offerings as detailed in our subscriber agreements.\n\r Zendesk’s CCPA Addendum has been incorporated into Zendesk’s Data Processing Agreement. If you would like to review and/or execute Zendesk’s Data Processing Agreement, please  click here. \n\r If you would like to review and/or execute Zendesk’s US State Addendum to the Main Services Agreement, please  click here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20We%20do%20not,please%20click%20here%20.","char_start":28378,"char_end":29108}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Does Zendesk use customer Service Data to train machine learning models?\n\r Zendesk offers three types of machine learning functionality:","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Does%20Zendesk%20use,of%20machine%20learning%20functionality%3A","char_start":44243,"char_end":44380}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r How does Zendesk protect Service Data when used for model training?  Before Service Data is used to train generic ML functionality, Zendesk applies aggregation and sanitation processes, as necessary. No fields designed to intake personal data or ticket attachments are used for model training.  Zendesk is committed to ensuring that no Service Data will be reproduced by the model.  There is no risk that one customer’s data will be exposed to another customer through the model’s output. See  AI Data Use Information .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20How%20does%20Zendesk,Data%20Use%20Information%20.","char_start":45293,"char_end":45814}},{"surface":"training_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" \r Zendesk utilizes the Retrieval Augmented Generation (RAG) technique to ensure that generated replies or search results are grounded in specific knowledge base content","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20utilizes%20the,specific%20knowledge%20base%20content","char_start":46178,"char_end":46347}},{"surface":"training_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Zendesk developed a benchmarking platform to systematically evaluate LLMs using a Golden data set and human annotation. Grounding our evaluation with realistic data and human supervision reduces the risk that the model does not perform as expected.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20developed%20a,not%20perform%20as%20expected.","char_start":46541,"char_end":46790}},{"surface":"training_use","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Before Service Data is used to train generic ML functionality, Zendesk applies aggregation and sanitation processes, as necessary. No fields designed to intake personal data or ticket attachments are used for model training.  Zendesk is committed to ensuring that no Service Data will be reproduced by the model.  There is no risk that one customer’s data will be exposed to another customer through the model’s outpu","caution":"While safeguards are described, Service Data is still used for generic model training. The phrase 'as necessary' for aggregation/sanitization suggests these steps are not always applied uniformly.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Before%20Service%20Data%20is,through%20the%20model%E2%80%99s%20outpu","char_start":45364,"char_end":45781}},{"surface":"training_use","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"We may share aggregated and/or anonymized information regarding use of the Service(s), which is not considered personal information under the CCPA, with third parties to help us develop and improve the Services and provide our subscribers with more relevant content and service offerings as detailed in our subscriber agreements.","caution":"Aggregated/anonymized usage data may be shared with third parties for service development and improvement. While described as non-personal, re-identification risks exist, and 'improve the Services' could encompass model training activities.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20may%20share%20aggregated,in%20our%20subscriber%20agreements.","char_start":28462,"char_end":28791}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r 1. Account-specific machine learning:  Zendesk creates classification or clustering machine learning models tailored to a customer’s account using only data existing in the account. Account-specific models will not be used by any other customer.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%201.%20Account-specific%20machine,by%20any%20other%20customer.","char_start":44381,"char_end":44628}},{"surface":"training_use","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Generative AI functionality:  All generative AI functionality is powered by third-party LLMs. These models are pre-trained and Zendesk customer data will never be used by the third-party LLM provider to train their model(s). See About Generative AI at Zendesk ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Generative%20AI%20functionality%3A%20All,AI%20at%20Zendesk%20","char_start":45031,"char_end":45291}},{"surface":"training_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Non-generative Machine Learning models are evaluated using human-annotated data. This is the golden standard in label quality, and provides Zendesk with the most reliable way to evaluate classification models.\n\r Hallucinations are an intrinsic risk for generative AI features. Zendesk does three things to mitigate this risk:","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Non-generative%20Machine%20Learning,to%20mitigate%20this%20risk%3A","char_start":45848,"char_end":46174}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r 3. Generative AI functionality:  All generative AI functionality is powered by third-party LLMs. These models are pre-trained and Zendesk customer data will never be used by the third-party LLM provider to train their model(s). See About Generative AI at Zendesk .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%203.%20Generative%20AI,AI%20at%20Zendesk%20.","char_start":45026,"char_end":45292}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r 2. Generic machine learning:  Zendesk uses Service Data to train its generic, cross-account machine learning models to be predictive and useful to multiple Zendesk customers. These include global and industry models. These models will never disclose one customer’s Service Data to another customer, because they are not “generative” (i.e., they do not create text - See Model Security section).","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%202.%20Generic%20machine,See%20Model%20Security%20section).","char_start":44629,"char_end":45025}},{"surface":"training_use","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Zendesk uses Service Data to train its generic, cross-account machine learning models to be predictive and useful to multiple Zendesk customers. These include global and industry models. These models will never disclose one customer’s Service Data to another customer, because they are not “generative” (i.e., they do not create text - See Model Security section).","caution":"Zendesk explicitly uses subscriber Service Data to train cross-account (generic) ML models. Users should be aware their data contributes to models serving other customers, even if non-generative protections limit re-exposure.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20uses%20Service%20Data,See%20Model%20Security%20section).","char_start":44661,"char_end":45025}},{"surface":"training_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" All models developed by Zendesk are classification and clustering models – this means they are trained to read and classify inputs into one of a set number of categories created by Zendesk. Because these models are not generative, no content is produced by the model, and it is not possible for training data to be reproduced by the model .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20models%20developed,by%20the%20model%20.","char_start":43868,"char_end":44209}},{"surface":"privacy_data_use","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Zendesk subscribers that collect and store personal data in Zendesk Services may be considered “controllers” under the LGPD. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the LGPD. Zendesk acts as a “processor,” as such term is defined in the LGPD, with respect to the processing of personal data through our Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20subscribers%20that%20collect,data%20through%20our%20Services.","char_start":25728,"char_end":26154}},{"surface":"privacy_data_use","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Service Data is any information, including personal data, which is stored in or transmitted via the Zendesk Services by, or on behalf of, our subscribers and their end-users. We use Service Data to operate and improve our Services, help customers access and use the Services, respond to subscriber inquiries, and send communications related to the Services.","caution":"'Operate and improve our Services' is a broad purpose for using Service Data that includes personal data. The scope of 'improve' is not narrowly defined and could encompass a range of secondary uses.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Service%20Data%20is%20any,related%20to%20the%20Services.","char_start":35335,"char_end":35692}},{"surface":"privacy_data_use","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"We do not access or use customer content for any purpose other than providing, maintaining, and improving the Zendesk services and as otherwise required by law.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20do%20not%20access,otherwise%20required%20by%20law.","char_start":35866,"char_end":36026}},{"surface":"privacy_data_use","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the Zendesk Services and as otherwise required by applicable law.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20do%20not%20access,required%20by%20applicable%20law.","char_start":39667,"char_end":39837}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Service Data is encrypted at rest in AWS using AES-256 key encryption.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Service%20Data%20is,using%20AES-256%20key%20encryption.","char_start":14246,"char_end":14318}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Testing%20and%20staging,development%20or%20test%20environments.","char_start":16358,"char_end":16514}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20follows%20secure,secure%2C%20salted%2C%20one-way%20hash.","char_start":18764,"char_end":18933}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The Brazilian General Data Protection Law or Lei Geral de Proteção de Dados Pessoais (“LGPD”), was entered into effect on September 18, 2020. LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and provides individual rights.\n\r Zendesk subscribers that collect and store personal data in Zendesk Services may be considered “controllers” under the LGPD. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the LGPD. Zendesk acts as a “processor,” as such term is defined in the LGPD, with respect to the processing of personal data through our Services.\n\r Subscribers can view our  Product Guides  and  Service Data Deletion Policy  for more detailed information on how to use Zendesk’s products to align with compliance initiatives.The National Authority for Protection Data (“ANPD”) may issue additional guidance for the LGPD in the future. Zendesk will continue to actively track the law and we will continue to keep our subscribers updated on features and functionality they can use to support their compliance efforts.\n\r Zendesk’s LGPD Addendum has been incorporated into Zendesk’s Data Processing Agreement. If you would like to review and/or execute Zendesk’s Data Processing Agreement, please  click here. ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20Brazilian%20General,please%20click%20here.%20","char_start":25444,"char_end":26815}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The  California Consumer Privacy Act , Cal. Civ. Code §§ 1798.100 et seq. (“CCPA”) is a U.S. law enacted in the State of California, which went into force on January 1, 2020. It expands upon the privacy rights available to certain California consumers, and requires certain companies to comply with various data protection requirements. Please also visit the final  CCPA Regulations  and the  California Privacy Rights Act  (“CPRA”). A few CPRA provisions went into effect on December 16, 2020, with the remaining provisions of the CPRA becoming operative on January 1, 2023.\n\r Zendesk subscribers that collect and store personal information in Zendesk Services may be considered “Businesses” under the CCPA. Businesses bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the CCPA. Zendesk acts as a “Service Provider,” as such term is defined in the current version of the CCPA, with respect to the processing of personal information through our Services. Therefore, Zendesk collects, accesses, maintains, uses, processes, and transfers the personal information of our subscribers and our subscriber’s end-users processed through the Services solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.\n","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20California%20Consumer,Services%20we%20provide.%20","char_start":26916,"char_end":28378}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" \r Data Subject Requests : An individual who seeks to exercise their data protection rights in respect of personal data stored or processed by us on behalf of a subscriber of ours within the subscriber’s Service Data (including to seek access to, or to correct, amend, delete, port, or restrict processing of such personal data) should direct such query to our subscriber (the data controller). Upon receipt of a request from one of our subscribers to remove personal data from Zendesk, we will respond to such request within thirty (30) days. We will retain personal data that we process and store on behalf of our subscribers for as long as needed to provide the Services to our subscribers.\n\r Zendesk's data subject request platform is available at this webform:  https://www.zendesk.com/datasubjectrequest/ ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Data%20Subject%20Requests,this%20webform%3A%20https%3A%2F%2Fwww.zendesk.com%2Fdatasubjectrequest%2F%20","char_start":32387,"char_end":33203}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" In-Product Cookie Policy Provides information about how and when Zendesk uses cookies within the Zendesk Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20In-Product%20Cookie%20Policy,within%20the%20Zendesk%20Services.","char_start":38562,"char_end":38677}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk provides an advanced set of access and encryption features to help subscribers effectively protect their information. We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the Zendesk Services and as otherwise required by applicable law. Additional information is available  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20provides%20an,is%20available%20here%20.","char_start":39540,"char_end":39881}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk has a robust global privacy and data protection program, which takes a unified approach to privacy and information governance to give customers flexibility to manage personal data that lives within Zendesk’s systems. For details, see our product guides:  Complying with Privacy and Data Protection in Zendesk Products .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20a,in%20Zendesk%20Products%20.","char_start":40494,"char_end":40822}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk has two types of redaction for removing sensitive data:\n\r Manual redaction provides the ability to redact or remove sensitive data in Support ticket comments, and securely delete attachments so that you can protect confidential information. The data is redacted from tickets via the UI or API to prevent sensitive information from being stored in Zendesk.  Learn more about redaction via the UI or API .\n\r Automatic redaction allows for automatic redaction of credit card numbers from Agent- or End-User-submitted tickets. When enabled, credit card numbers are partially replaced with blank boxes in the ticket. The numbers are also redacted from logs and database entries.  Learn how to enable this feature and how the credit card numbers are identified .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20two,numbers%20are%20identified%20.","char_start":40871,"char_end":41636}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk’s privacy layer goes a step beyond data minimization – we also offer native end-user notice and/or consent options seamlessly embedded into our tools.\n\r For Voice customers, Zendesk offers advanced options for providing notice and/or collecting consent from customers calling service lines. Customers can choose from a simple greeting or require proactive consent to proceed – and all greetings provide standard scripts or can be customized to fit a company’s voice.\n\r For Messaging customers, Zendesk seamlessly embeds a native privacy notice option for customers to surface their legal terms to end-users submitting chats. This allows chat users to be immediately informed of customer privacy practices, deflecting common privacy challenges.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%E2%80%99s%20privacy%20layer,deflecting%20common%20privacy%20challenges.","char_start":48449,"char_end":49202}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Cookie Notice Detailed information about how and when we use cookies on Zendesk websites.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Cookie%20Notice%20Detailed,cookies%20on%20Zendesk%20websites.","char_start":50347,"char_end":50437}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" In-Product Cookie Policy Provides information about how and when Zendesk uses cookies within the Zendesk Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20In-Product%20Cookie%20Policy,within%20the%20Zendesk%20Services.","char_start":50441,"char_end":50556}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Privacy Notice Describes how Zendesk collects, uses, shares, and secures personal data.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Privacy%20Notice%20Describes,and%20secures%20personal%20data.","char_start":50999,"char_end":51087}},{"surface":"privacy_data_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":"\r For more information on  automatically redacting credit card numbers  or  adding a credit card identification field ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20For%20more%20information,card%20identification%20field%20","char_start":6098,"char_end":6216}},{"surface":"privacy_data_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Zendesk takes security very seriously—just ask the number of  Fortune 100 and Fortune 500 companies  that trust us with their data. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is protected, which means every customer can rest easy—our own included.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20takes%20security,rest%20easy%E2%80%94our%20own%20included.","char_start":3535,"char_end":3892}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk has a formal global privacy and data protection program, which includes cross-functional key stakeholders including Legal, Security, Product, and Executive sectors of the company. As privacy advocates, we work diligently to ensure our Services and team members are dedicated to compliance with applicable regulatory and industry frameworks.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20a,regulatory%20and%20industry%20frameworks.","char_start":24681,"char_end":25030}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Cookie Policy Detailed information about how and when we use cookies on Zendesk websites.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Cookie%20Policy%20Detailed,cookies%20on%20Zendesk%20websites.","char_start":38468,"char_end":38558}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk provides free TLS encryption for host-mapped Guide help centers. Zendesk uses Let’s Encrypt to request certificates and automatically renews the certificate before it expires.\n\r You can also upload your own certificate, if you choose.\n\r To learn more about setting up encryption certificates for a Guide help center please see  Setting up a hosted TLS encryption certificate .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20provides%20free,TLS%20encryption%20certificate%20.","char_start":20445,"char_end":20831}},{"surface":"privacy_data_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Zendesk AI is built based on the core principles of privacy, security, and compliance, by design. Our commitment to providing businesses with secure, trusted products and solutions is embedded in our DNA. As part of this, Zendesk leverages a set of  design principles  that not only set the standard for how we design, develop, and build everything we do, but set a clear foundation for our use of AI for customer experiences (CX and employee experience (EX)). For more information, see AI Trust at Zendesk .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20AI%20is,Trust%20at%20Zendesk%20.","char_start":41664,"char_end":42173}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r All communications with Zendesk UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Zendesk is secure during transit. Additionally for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. Exceptions for encryption may include any use of in-product SMS functionality, any other third-party app, integration, or service subscribers may choose to leverage at their own discretion.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20communications%20with,at%20their%20own%20discretion.","char_start":13575,"char_end":14212}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" All Zendesk products and features are designed with privacy in-mind, and the Zendesk AI is no different.\n\r Customers can  comply with various privacy laws (including GDPR and CCPA) when using Zendesk, including Zendesk AI features.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20Zendesk%20products,including%20Zendesk%20AI%20features.","char_start":47480,"char_end":47712}},{"surface":"privacy_data_use","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Zendesk collects, accesses, maintains, uses, processes, and transfers the personal information of our subscribers and our subscriber’s end-users processed through the Services solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20collects%2C%20accesses%2C%20maintains%2C,the%20Services%20we%20provide.","char_start":27975,"char_end":28377}},{"surface":"privacy_data_use","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Disclosure of Service Data : Zendesk only discloses Service Data to third parties where disclosure is necessary to provide or improve the services or as required to respond to lawful requests from public authorities.","caution":"Service Data may be disclosed to third parties for service improvement purposes (not just legal compulsion). The 'improve the services' carve-out is broad and could encompass a range of third-party sharing.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Disclosure%20of%20Service%20Data,requests%20from%20public%20authorities.","char_start":51480,"char_end":51696}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk has tools for each of its products to assist with user requests and other obligations under applicable privacy and data protection laws and regulations, such as data access, correction, portability, deletion, and objection. To learn about the features and functionality in each Zendesk product, please see  Complying with Privacy and Data Protection in Zendesk products .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20tools,in%20Zendesk%20products%20.","char_start":39123,"char_end":39503}},{"surface":"privacy_data_use","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk tracks the devices used to sign in to each user account. When someone signs into an account from a new device, it is added to the device list in that user's profile. That user can get an email notification when a new device is added, and should follow up if the activity seems suspicious. Suspicious sessions can be terminated through the agent UI.  Learn about device tracking .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20tracks%20the,about%20device%20tracking%20.","char_start":23166,"char_end":23560}},{"surface":"privacy_data_use","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Service Data is any information, including personal data, which is stored in or transmitted via the Zendesk Services by, or on behalf of, our subscribers and their end-users. We use Service Data to operate and improve our Services, help customers access and use the Services, respond to subscriber inquiries, and send communications related to the Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Service%20Data%20is,related%20to%20the%20Services.","char_start":35334,"char_end":35692}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20globally%20distributed,security%20alerts%20and%20events.","char_start":10414,"char_end":10512}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20We%20scan%20the,the%20vulnerabilities%20are%20managed.","char_start":16989,"char_end":17122}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Network%20security%20scanning,or%20potentially%20vulnerable%20systems.","char_start":11338,"char_end":11468}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20Security%20Incident,for%20investigation%20and%20response.","char_start":11777,"char_end":12020}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on risk.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20participates%20in,action%20based%20on%20risk.","char_start":12412,"char_end":12578}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Access to the Zendesk Production Network is restricted on an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Zendesk Production Network are required to use multiple factors of authentication.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Access%20to%20the,multiple%20factors%20of%20authentication.","char_start":12912,"char_end":13215}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20In%20case%20of,channels%20and%20escalation%20paths.","char_start":13257,"char_end":13508}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Annual secure code training for all engineers, based on OWASP Top 10 security risks. ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Annual%20secure%20code,10%20security%20risks.%20","char_start":15695,"char_end":15782}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20leverages%20modern,Forgery%20(CSRF)%2C%20among%20others.","char_start":15822,"char_end":16105}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk native authentication for products available through the  Admin Center  offers 2-factor (2FA) for agents and admins via SMS or an authenticator app.  Learn about 2FA .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20native%20authentication,Learn%20about%202FA%20.","char_start":18545,"char_end":18722}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Any Zendesk account can restrict access to their Zendesk Support to users within a specific range of IP addresses. Only users from the allowed IP addresses will be able to sign in to your Zendesk account. You can allow subscribers (not agents or admins) to bypass this restriction. For more information, see  Restricting access to Zendesk Support and your Help Center using IP restrictions  and  Using IP Access Restriction in Chat .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Any%20Zendesk%20account,Restriction%20in%20Chat%20.","char_start":19942,"char_end":20377}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk Chat allows the ability to restrict what file types are sent to agents. Alternatively, you can choose to turn off file sending entirely in the Chat product. To learn about this feature, see  Managing file sending in live chat .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20Chat%20allows,in%20live%20chat%20.","char_start":20872,"char_end":21109}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk’s spam filtering service can be used to prevent end-user spam posts from being published in your Guide help center.  Learn about filtering spam in Guide .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%E2%80%99s%20spam%20filtering,spam%20in%20Guide%20.","char_start":22612,"char_end":22776}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r All employees attend a Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Code Training. The Security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20employees%20attend,presentations%20during%20internal%20events.","char_start":23888,"char_end":24175}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Copyright Infringement Notice & Takedown Policy How Zendesk handles notifications of infringement.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Copyright%20Infringement%20Notice,handles%20notifications%20of%20infringement.","char_start":50560,"char_end":50659}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20network%20is,traffic%20and%20network%20attacks.","char_start":10538,"char_end":10795}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Service%20ingress%20and,includes%2024%2F7%20system%20monitoring.","char_start":12070,"char_end":12369}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk offers  DMARC  (Domain-based Message Authentication, Reporting, & Conformance) for signing outbound emails from Zendesk when you have to set up an external email domain on your Zendesk. Using an email service that supports these features helps you stop email spoofing.  Learn about digitally signing your email .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20offers%20DMARC,signing%20your%20email%20.","char_start":22813,"char_end":23135}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our  Responsible Disclosure Program  gives security researchers as well as subscribers an avenue for safely testing and notifying Zendesk of security vulnerabilities through our partnership with  HackerOne .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20Responsible%20Disclosure,partnership%20with%20HackerOne%20.","char_start":17437,"char_end":17646}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk has several different authentication options. Subscribers can turn on Zendesk authentication (email and password sign-in), social media single sign-on (SSO) (such as Facebook and Google), and enterprise SSO (such as SAML and OIDC) for end user and team member authentication. ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20several,team%20member%20authentication.%20","char_start":17756,"char_end":18042}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r We employ third-party security tooling to continuously and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20We%20employ%20third-party,remediate%20any%20discovered%20issues.","char_start":16604,"char_end":16944}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our network security architecture consists of multiple security zones. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20network%20security,different%20zones%20of%20trust.","char_start":10823,"char_end":11292}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r In addition to our extensive internal scanning and testing program, Zendesk employs third-party security experts to perform detailed penetration tests on different applications within our family of products.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20In%20addition%20to,our%20family%20of%20products.","char_start":17169,"char_end":17378}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provides deeper protection along with our use of AWS DDoS specific services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20architected,AWS%20DDoS%20specific%20services.","char_start":12609,"char_end":12882}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk native authentication for products available through the  Admin Center  provides the following levels of password security: low, medium, and high, as well as set custom password rules for agents and admins. Zendesk also allows different password security levels to apply to end users vs. agents and admins. Only admins can change the password security level.  Learn about configurable password policies .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20native%20authentication,configurable%20password%20policies%20.","char_start":18086,"char_end":18500}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk maintains a publicly available  system-status webpage , which includes system availability details, scheduled maintenance, service incident history, and relevant security events.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20maintains%20a,and%20relevant%20security%20events.","char_start":14385,"char_end":14573}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Subscribers can configure their instance so that users are required to sign in to view ticket attachments.  Learn about Private Attachments .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Subscribers%20can%20configure,about%20Private%20Attachments%20.","char_start":21564,"char_end":21707}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20Quality%20Assurance,security%20vulnerabilities%20in%20code.","char_start":16138,"char_end":16321}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Access to data within Zendesk applications is governed by role-based access control (RBAC) and can be configured to define granular access privileges. Zendesk supports various permission levels for users (owner, admin, agent, end-user, etc.).\n\r Learn about user roles:","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Access%20to%20data,Learn%20about%20user%20roles%3A","char_start":19358,"char_end":19628}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Zendesk development team regularly inspects replies with negative end user feedback for hallucinations to develop tools that can automatically detect and prevent such scenarios.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20development%20team,and%20prevent%20such%20scenarios.","char_start":46355,"char_end":46533}},{"surface":"moderation_enforcement","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk performs background checks on all new employees in accordance with local laws. These checks are also required for contractors. The background check includes criminal, education, and employment verification. Cleaning crews are included.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20performs%20background,Cleaning%20crews%20are%20included.","char_start":24244,"char_end":24489}},{"surface":"data_retention","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"We will retain personal data that we process and store on behalf of our subscribers for as long as needed to provide the Services to our subscribers.","caution":"'As long as needed to provide the Services' is an indefinite and potentially broad retention standard. No specific retention periods are stated in this clause.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20will%20retain%20personal,Services%20to%20our%20subscribers.","char_start":32931,"char_end":33080}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Replication : Zendesk periodically replicates data for purposes of archival, backup, and audit logs. We use Amazon Web Services (AWS) to store some of the information that is backed up, such as database information and attachment files. Please see our  Regional Data Hosting Policy  for further details.\n\r Security : Zendesk prioritizes data security and combines enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure subscriber and business data is protected. See additional information  here .\n\r Security Incidents : For more information about security incident management see our  Security Incident Response .\n\r Sub-processors : Zendesk may use sub-processors, including affiliates of Zendesk, as well as third-party companies, to provide, secure, or improve the Services, and such sub-processors may have access to Service Data. Our  Sub-processors policy  provides an up-to-date list of the names and locations of all sub-processors.\n\r Termination : Zendesk maintains a  Service Data Deletion Policy  that describes Zendesk’s data deletion processes upon subscriber’s termination or expiration of the Zendesk subscription.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Replication%20%3A%20Zendesk,of%20the%20Zendesk%20subscription.","char_start":37214,"char_end":38403}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Service Data Deletion Policy How our Subscribers’ Service Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Service%20Data%20Deletion,within%20the%20Zendesk%20Services.","char_start":38681,"char_end":38861}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk offers ticket and end-user data deletion schedules right out of the box, regardless of plan. For Advanced Data Privacy and Protection customers with more nuanced data deletion requirements, Zendesk also offers advanced data retention policies, allowing customers to create conditional deletion schedules.\n\r Additionally, all Zendesk customers have access to standard redaction capabilities , so that sensitive ticket content can be permanently redacted. Advanced Data Privacy and Protection customers also have access to our AI-powered redaction suggestions feature, which automatically highlights certain types of data within tickets for agents to quickly redact.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20offers%20ticket,agents%20to%20quickly%20redact.","char_start":47743,"char_end":48417}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Data Deletion Policy How our Subscribers’ Service Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Data%20Deletion%20Policy,within%20the%20Zendesk%20Services.","char_start":50663,"char_end":50835}},{"surface":"data_retention","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Termination : Zendesk maintains a  Service Data Deletion Policy  that describes Zendesk’s data deletion processes upon subscriber’s termination or expiration of the Zendesk subscriptio","caution":"Deletion terms upon termination are deferred to a separate policy document not reproduced here. Users must consult that policy to understand actual deletion timelines and procedures.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Termination%20%3A%20Zendesk%20maintains,of%20the%20Zendesk%20subscriptio","char_start":38217,"char_end":38401}},{"surface":"data_retention","risk":"medium","confidence":"medium","tier":"Paid","verified":true,"quote":"customizable data retention policies, data masking, PII redaction, and access logs.","caution":"Customizable data retention policies are only available as an add-on. Without this, subscribers cannot control retention periods for their Service Data, raising compliance risks.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=customizable%20data%20retention%20policies%2C,redaction%2C%20and%20access%20logs.","char_start":19177,"char_end":19260}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our  Disaster Recovery (DR) program  ensures that our services remain available and are easily recoverable in the case of a disaster.\n\r This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing  activities .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20Disaster%20Recovery,and%20testing%20activities%20.","char_start":14930,"char_end":15197}},{"surface":"data_retention","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our  Enhanced Disaster Recovery  service offering allows us to deliver a high level of service availability, as Service Data is replicated across availability zones.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20employs%20service,replicated%20across%20availability%20zones.","char_start":14599,"char_end":14897}},{"surface":"data_retention","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Data%20is%20deleted%20in,within%20the%20Zendesk%20Services.","char_start":38740,"char_end":38861}},{"surface":"tier_differences","risk":"medium","confidence":"high","tier":"Enterprise","verified":true,"quote":"Zendesk offers Audit Logs to accounts with Enterprise/Enterprise Plus plans. These logs include account changes, user changes, app changes, business rules, ticket deletions, and settings.","caution":"Audit log access is restricted to Enterprise/Enterprise Plus tiers; lower-tier users lack visibility into account activity changes, reducing their ability to detect unauthorized access or changes.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20offers%20Audit%20Logs,ticket%20deletions%2C%20and%20settings.","char_start":21137,"char_end":21324}},{"surface":"tier_differences","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r For businesses that need a higher level of data privacy and security, Zendesk offers the  Advanced Data Privacy and Protection add-on . The add-on includes capabilities for BYOK encryption, customizable data retention policies, data masking, PII redaction, and access logs.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20For%20businesses%20that,redaction%2C%20and%20access%20logs.","char_start":18985,"char_end":19260}},{"surface":"tier_differences","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" To achieve a HIPAA-Enabled Account, you will need to (1) purchase the Advanced Security Deployed Associated Service or Advanced Compliance Deployed Associated Service Add-On; (2) enable a set of security configurations as outlined by Zendesk; and (3) execute our  Business Associate Agreement  (“BAA”). For more details, including a list of which Services can be HIPAA-enabled, please see  Advanced Compliance .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20To%20achieve%20a,see%20Advanced%20Compliance%20.","char_start":34873,"char_end":35285}},{"surface":"tier_differences","risk":"medium","confidence":"high","tier":"Paid","verified":true,"quote":"Zendesk offers ticket and end-user data deletion schedules right out of the box, regardless of plan. For Advanced Data Privacy and Protection customers with more nuanced data deletion requirements, Zendesk also offers advanced data retention policies, allowing customers to create conditional deletion schedules.","caution":"Advanced data retention and conditional deletion capabilities are only available to 'Advanced Data Privacy and Protection' tier customers. Lower-tier users are limited to standard deletion schedules.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20offers%20ticket%20and,create%20conditional%20deletion%20schedules.","char_start":47745,"char_end":48057}},{"surface":"tier_differences","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The Zendesk AI is eligible for coverage under  Zendesk’s Business Associate Agreement (BAA) .\n\r Customers interested in executing a BAA with Zendesk must have access to the Advanced Compliance Add-on .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20Zendesk%20AI,Advanced%20Compliance%20Add-on%20.","char_start":49227,"char_end":49429}},{"surface":"tier_differences","risk":"medium","confidence":"high","tier":"Paid","verified":true,"quote":"For businesses that need a higher level of data privacy and security, Zendesk offers the  Advanced Data Privacy and Protection add-on . The add-on includes capabilities for BYOK encryption, customizable data retention policies, data masking, PII redaction, and access logs","caution":"Key privacy and security features (BYOK encryption, customizable data retention, PII redaction, access logs) are paywalled behind an add-on, not available to all tiers by default.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=For%20businesses%20that%20need,redaction%2C%20and%20access%20logs","char_start":18987,"char_end":19259}},{"surface":"tier_differences","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Our  Enhanced Disaster Recovery  package adds contractual objectives for Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These are supported through our capability to prioritize operations of Enhanced Disaster Recovery subscribers during any declared disaster event.\n\r Get more information on Disaster Recovery Guarantees. ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20Enhanced%20Disaster,Disaster%20Recovery%20Guarantees.%20","char_start":15239,"char_end":15582}},{"surface":"tier_differences","risk":"medium","confidence":"medium","tier":"Paid","verified":true,"quote":"To achieve a HIPAA-Enabled Account, you will need to (1) purchase the Advanced Security Deployed Associated Service or Advanced Compliance Deployed Associated Service Add-On; (2) enable a set of security configurations as outlined by Zendesk; and (3) execute our  Business Associate Agreement  (“BAA”","caution":"HIPAA compliance is only available on paid add-on tiers (Advanced Security or Advanced Compliance). Free or standard tier subscribers cannot achieve HIPAA-enabled status, creating a significant compliance gap for healthcare use cases.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=To%20achieve%20a%20HIPAA-Enabled,Business%20Associate%20Agreement%20(%E2%80%9CBAA%E2%80%9D","char_start":34874,"char_end":35174}},{"surface":"indemnity_liability","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Shared Responsibility Model This framework clarifies which party is responsible for which controls related to the security and privacy of your data.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Shared%20Responsibility%20Model,privacy%20of%20your%20data.","char_start":38865,"char_end":39014}},{"surface":"confidentiality","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Zendesk information assets.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20developed,to%20Zendesk%20information%20assets.","char_start":23646,"char_end":23864}},{"surface":"confidentiality","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r All new hires are required to sign Non-Disclosure and Confidentiality agreements.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20new%20hires,Non-Disclosure%20and%20Confidentiality%20agreements.","char_start":24531,"char_end":24614}},{"surface":"confidentiality","risk":"low","confidence":"medium","tier":"All","verified":true,"quote":"We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.","caution":"Customers must agree to confidentiality obligations (NDA) before receiving SOC 2 reports, which is a unilateral confidentiality imposition on the customer in order to access compliance documentation.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20undergo%20routine%20audits,request%20and%20under%20NDA.","char_start":4229,"char_end":4334}},{"surface":"confidentiality","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk has two types of redaction for removing sensitive data: Manual redaction provides the ability to redact or remove sensitive data in Support ticket comments, and securely delete attachments, so you can protect confidential information. The data is redacted from tickets via the UI or API to prevent sensitive information from being stored in Zendesk. Learn about redaction via the  UI  or  API .\n\r Automatic redaction allows for automatic redaction of credit card numbers from subscriber-submitted tickets. When enabled, credit card numbers are partially replaced with blank boxes in the ticket. They are also redacted from logs and database entries. To learn more about how to enable this feature and how credit card numbers are identified, see  Automatically redacting credit card numbers from tickets  and from  chats .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20two,and%20from%20chats%20.","char_start":21732,"char_end":22563}},{"surface":"confidentiality","risk":"low","confidence":"medium","tier":"All","verified":true,"quote":"Service Data will not be shared with any other customer.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Service%20Data%20will%20not,with%20any%20other%20customer.","char_start":42431,"char_end":42487}},{"surface":"confidentiality","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Our agreements and policies provide our subscribers transparency and detailed information about Zendesk’s Services, which in turn support our subscribers in meeting their own legal and compliance standards.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Our%20agreements%20and,legal%20and%20compliance%20standards.","char_start":49452,"char_end":49659}},{"surface":"confidentiality","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"All new hires are required to sign Non-Disclosure and Confidentiality agreements.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=All%20new%20hires%20are,Non-Disclosure%20and%20Confidentiality%20agreements.","char_start":24533,"char_end":24614}},{"surface":"subprocessors_data_sharing","risk":"low","confidence":"medium","tier":"All","verified":true,"quote":"Service Data is encrypted at rest in AWS using AES-256 key encryption.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Service%20Data%20is%20encrypted,using%20AES-256%20key%20encryption.","char_start":14248,"char_end":14318}},{"surface":"subprocessors_data_sharing","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Generative AI features are currently powered by OpenAI (using zero data retention endpoints) or models hosted on Microsoft Azure, Amazon Bedrock, or Google Cloud Platform (where the model provider never has access to prompts or outputs). We also offer AI transcription services powered by Twilio and DeepGram.","caution":"User data (prompts/outputs) is processed by multiple third-party subprocessors including OpenAI, Microsoft Azure, Amazon Bedrock, Google Cloud Platform, Twilio, and DeepGram. While protections are described, data leaves Zendesk's direct control.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Generative%20AI%20features%20are,by%20Twilio%20and%20DeepGram.","char_start":42490,"char_end":42799}},{"surface":"subprocessors_data_sharing","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"All Service Data is hosted in Zendesk’s existing AWS regions , except that certain features offered through acquisitions such as QA and AI Agents - Advanced may remain on Google Cloud Platform (GCP) hosting locations in the US and/or Europe for a period of time until fully integrated to Zendesk. For sub-processor hosting locations, please see the Zendesk Sub-processor Policy .","caution":"Certain acquired product features temporarily host data on GCP outside of Zendesk's standard infrastructure. Sub-processor locations are managed by a separate policy referenced but not reproduced here.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=All%20Service%20Data%20is,Zendesk%20Sub-processor%20Policy%20.","char_start":46842,"char_end":47221}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20minimizes%20risks,systems%20or%20Service%20Data.","char_start":10180,"char_end":10343}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Access : Zendesk provides an advanced set of access and encryption features to help customers effectively protect their information. We do not access or use customer content for any purpose other than providing, maintaining, and improving the Zendesk services and as otherwise required by law. See  here  for additional information.\n\r Data Hosting : Zendesk uses Amazon Web Services to host Service Data as described  here  and in the  Regional Data Hosting Policy . For additional information, please also see the  Security section .\n\r Default Data Types Collected by the Service : Zendesk has created a  list of data points , categorized by product. For the full picture of data types, subscribers can use this list in conjunction with their specific intended use case and resultant data types.\n\r Legal or Government Requests : Privacy, data security, and subscriber trust are our top priorities. Zendesk does not disclose Service Data, except as necessary to provide our Services and to comply with applicable laws, as detailed in our  Privacy Notice . To assist our subscribers in performing compliance reviews, we have additional resources:  Transparency Report  and  Government Request Policy .\n\r Ownership : From a privacy perspective, the subscriber is the controller of Service Data and Zendesk is a processor. This means that throughout the time that you subscribe to services with Zendesk, you retain ownership of and control over Service Data in your Zendesk instance.\n","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Access%20%3A%20Zendesk,your%20Zendesk%20instance.%20","char_start":35732,"char_end":37214}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Service Data processed by Zendesk AI is subject to all security standards and commitments, including compliance with Zendesk’s robust  Enterprise Security Measures , and storage within Zendesk’s  SOC 2-compliant environment . Service Data will not be shared with any other customer.\n\r Generative AI features are currently powered by OpenAI (using zero data retention endpoints) or models hosted on Microsoft Azure, Amazon Bedrock, or Google Cloud Platform (where the model provider never has access to prompts or outputs). We also offer AI transcription services powered by Twilio and DeepGram.\n\r OpenAI data security practices are available here . Amazon Bedrock data security practices are available here . Microsoft Azure data security practices are available here . Google Cloud Platform data security practices are available here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Service%20Data%20processed,are%20available%20here%20.","char_start":42204,"char_end":43041}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Legal or Government Request Policy Addresses Zendesk’s procedure for responding to a request received from a law enforcement or other government authority.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Legal%20or%20Government,or%20other%20government%20authority.","char_start":50839,"char_end":50995}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Disclosure of Service Data : Zendesk only discloses Service Data to third parties where disclosure is necessary to provide or improve the services or as required to respond to lawful requests from public authorities. Please see our  Government Data Request Policy  as well as the  Zendesk Transparency Report .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Disclosure%20of%20Service,Zendesk%20Transparency%20Report%20.","char_start":51478,"char_end":51790}},{"surface":"subprocessors_data_sharing","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Sub-processors : Zendesk may use sub-processors, including affiliates of Zendesk, as well as third-party companies, to provide, secure, or improve the Services, and such sub-processors may have access to Service Data. Our  Sub-processors policy  provides an up-to-date list of the names and locations of all sub-processor","caution":"Service Data, which includes personal data, may be accessed by Zendesk affiliates and unspecified third-party sub-processors. Users must consult a separate sub-processors policy to identify who has access.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Sub-processors%20%3A%20Zendesk%20may,locations%20of%20all%20sub-processor","char_start":37891,"char_end":38212}},{"surface":"subprocessors_data_sharing","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Zendesk AI leverages a flexible, modular architecture that enables the use of multiple leading Large Language Models (LLMs), including frontier, and open source models. This intentional multi-LLM approach allows Zendesk to select the best model for each workflow and use case, optimizing for quality, speed, cost, and resilience, and avoid reliance on any single LLM provider, minimizing the risks of vendor lock-in for our customers. Zendesk’s platform is designed for flexible model switching, allowing us to quickly adopt improvements and new models as soon as they become available. Our multi-LLM architecture, combined with a global infrastructure and rigorous governance, ensures Zendesk AI is resilient and our customers’ investments - secure.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20AI%20leverages,customers%E2%80%99%20investments%20-%20secure.","char_start":43083,"char_end":43834}},{"surface":"subprocessors_data_sharing","risk":"ambiguous","confidence":"low","tier":"All","verified":true,"quote":"Zendesk minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.","caution":"The document confirms third-party vendors can have access to Service Data but does not enumerate which vendors, what data they access, or under what contractual obligations they operate. Full subprocessor list not provided in this document.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20minimizes%20risks%20associated,systems%20or%20Service%20Data.","char_start":10181,"char_end":10343}},{"surface":"audit_rights_dpa_residency","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.  Request the latest SOC 2 Type II report .","caution":"Audit artifacts are available but require execution of an NDA, which may slow procurement and compliance review processes.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=We%20undergo%20routine%20audits,Type%20II%20report%20.","char_start":4229,"char_end":4377}},{"surface":"audit_rights_dpa_residency","risk":"medium","confidence":"medium","tier":"Paid","verified":true,"quote":"Subscribers who purchase the  Data Center Location Deployed Associated Service  (“Data Center Location Add-on”), or have the Data Center Location functionality in their Service Plan, have the ability to select the region that will host their Service Data from a list of Zendesk available region","caution":"Data residency is not available to all subscribers by default — it requires purchasing an add-on or having it in the service plan. Free/lower-tier subscribers may have no control over data hosting region.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Subscribers%20who%20purchase%20the,of%20Zendesk%20available%20region","char_start":40161,"char_end":40455}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk uses best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our subscribers meet their own compliance standards.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20uses%20best,their%20own%20compliance%20standards.","char_start":3952,"char_end":4162}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk is ISO 27017:2015 certified. The certificate is available for download  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20ISO,for%20download%20here%20.","char_start":4739,"char_end":4827}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r ISO 42001 is the world’s first international standard for managing artificial intelligence. Achieving certification means that Zendesk’s AI practices — spanning design and development through deployment and ongoing monitoring — have been independently audited for conformance with a formal Artificial Intelligence Management System (AIMS) and demonstrate transparency, security, and responsible governance.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20ISO%2042001%20is,security%2C%20and%20responsible%20governance.","char_start":4852,"char_end":5260}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk is FedRAMP authorized with Low Impact Software-as-a-Service (LI-SaaS) and is listed in the  FedRAMP Marketplace . US Government agency subscribers can request access to the Zendesk FedRAMP Security Package by completing a Package Access Request Form or submitting a request to  fedramp@zendesk.com .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20FedRAMP,request%20to%20fedramp%40zendesk.com%20.","char_start":5291,"char_end":5600}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r CSA STAR AI Levels 1 & 2 certify advanced cloud security and AI governance practices, with Zendesk proudly being the first in the industry to achieve this recognition.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20CSA%20STAR%20AI,to%20achieve%20this%20recognition.","char_start":5861,"char_end":6030}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":"\r Zendesk is a member of  IT-ISAC , a group focused on bringing together a diverse set of private sector companies to leverage evolving technology and have a common commitment to security. IT-ISAC enables collaboration and sharing of relevant, actionable threat intelligence information and practices. They moderate special interest groups that focus on Intelligence, Insider Threat, Physical Security, and other specific areas to help further our mission of securing Zendesk.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20a,mission%20of%20securing%20Zendesk.","char_start":7477,"char_end":7953}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk has satisfied all requirements (Stage 1 and Stage 2) to become fully registered on the FSQS (Financial Services Qualification System) supplier qualification system, as set out by participating buying organisations. Request the latest FSQS Certificate  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20satisfied,FSQS%20Certificate%20here%20.","char_start":8519,"char_end":8787}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk leverages AWS data centers in the United States, Europe, and Asia Pacific.  Learn about Data Hosting Locations for your Zendesk Service Data .\n\r Zendesk offers multiple data locality choices including the United States (US), Australia (AU), Japan (JP), or European Economic Area (EEA). For more information on product, plan, and regional offerings please see our  Regional Data Hosting Policy .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20leverages%20AWS,Data%20Hosting%20Policy%20.","char_start":9737,"char_end":10141}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r In addition to our extensive internal scanning and testing program, each year Zendesk employs third-party security experts to perform a broad penetration test across the Zendesk Production and Corporate Networks.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20In%20addition%20to,Production%20and%20Corporate%20Networks.","char_start":11513,"char_end":11727}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The Australian Privacy Act of 1988 (as amended) provides several data subject rights and added mandatory notification of eligible data breaches. Unlike the GDPR, there are no concepts of data controller and data processor.  https://www.zendesk.com/company/anz-privacy/ ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20Australian%20Privacy,data%20processor.%20https%3A%2F%2Fwww.zendesk.com%2Fcompany%2Fanz-privacy%2F%20","char_start":25101,"char_end":25371}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" The Personal Data Protection Act of Singapore establishes data protection laws that govern the collection, use, and disclosure of Personal Data as of July 2, 2014. Zendesk is a recognized Infocomm Development Authority of Singapore (IDA) Data Intermediary as a Software-as-a-Service (“SaaS”) Service Provider. Additional information is available  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20Personal%20Data,is%20available%20here%20.","char_start":34130,"char_end":34484}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" \r Zendesk's Data Processor and Data Controller Binding Corporate Rules \r","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%26%23x27%3Bs%20Data%20Processor,Binding%20Corporate%20Rules%20","char_start":32307,"char_end":32385}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Subscribers who purchase the  Data Center Location Deployed Associated Service  (“Data Center Location Add-on”), or have the Data Center Location functionality in their Service Plan, have the ability to select the region that will host their Service Data from a list of Zendesk available regions.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Subscribers%20who%20purchase,of%20Zendesk%20available%20regions.","char_start":40160,"char_end":40457}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" All Service Data is hosted in Zendesk’s existing AWS regions , except that certain features offered through acquisitions such as QA and AI Agents - Advanced may remain on Google Cloud Platform (GCP) hosting locations in the US and/or Europe for a period of time until fully integrated to Zendesk. For sub-processor hosting locations, please see the Zendesk Sub-processor Policy .\n\r Use of Zendesk AI does not impact any Customer data locality commitments, including those available in the Data Center Location Add-on . Service Data of eligible Customers will continue to be hosted in the selected region.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20All%20Service%20Data,in%20the%20selected%20region.","char_start":46841,"char_end":47446}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Regional Data Hosting Policy Where Zendesk Service Data can be hosted if a Subscriber purchases or enables the Data Center Location Add-On.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Regional%20Data%20Hosting,Data%20Center%20Location%20Add-On.","char_start":51091,"char_end":51231}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Explore our Conveyor Trust Portal for on-demand, self-serve access to up-to-date security artifacts — certifications, audit reports, policies, and questionnaire answers.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Explore%20our%20Conveyor,policies%2C%20and%20questionnaire%20answers.","char_start":8820,"char_end":8990}},{"surface":"audit_rights_dpa_residency","risk":"low","confidence":"medium","tier":"All","verified":true,"quote":"Zendesk offers several data processing agreements and other addenda to support subscribers’ compliance with data privacy laws, available for execution  here . These include:\n\r Data Processing Agreement (DPA) \n\r United States HIPAA Business Associate Agreement (BAA) \n\r Zendesk Customer Agreement (ZCA) \n\r US State Addendum ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20offers%20several%20data,US%20State%20Addendum%20","char_start":49688,"char_end":50011}},{"surface":"audit_rights_dpa_residency","risk":"low","confidence":"medium","tier":"All","verified":true,"quote":"Zendesk hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.","caution":"Physical security and infrastructure compliance is inherited from AWS. Users should note that Zendesk's own certifications and AWS's certifications are distinct, and the word 'primarily' leaves open the possibility of non-AWS hosting.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20hosts%20Service%20Data,and%2For%20SOC%202%20compliant.","char_start":9104,"char_end":9257}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.  Request the latest SOC 2 Type II report .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20We%20undergo%20routine,Type%20II%20report%20.","char_start":4227,"char_end":4377}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":"\r Zendesk received the  McAfee CloudTrust Program . The program presents the McAfee Enterprise-Ready seal to only those services that have the highest CloudTrust™ rating possible. These are among the services that have earned McAfee's CloudTrust™ and a rating of McAfee Enterprise-Ready based on their attributes across the data, user and device, security, business, and legal evaluation categories.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20received%20the,and%20legal%20evaluation%20categories.","char_start":6439,"char_end":6843}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The United Kingdom withdrew from the European Union on 31 January 2020. On 28 June 2021, the European Commission adopted  adequacy decisions  for transfers of personal data to the United Kingdom under GDPR.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20United%20Kingdom,United%20Kingdom%20under%20GDPR.","char_start":34534,"char_end":34741}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk offers Audit Logs to accounts with Enterprise/Enterprise Plus plans. These logs include account changes, user changes, app changes, business rules, ticket deletions, and settings. The Audit Log is available in both the  Admin Center  and  Support API . To learn more about Audit Logs and see what information is available within the log please see  Viewing the audit log for changes .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20offers%20Audit,log%20for%20changes%20.","char_start":21135,"char_end":21529}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" HDS enables healthcare providers in France to use Zendesk’s customer service and engagement platform with confidence that our platform has appropriate technical and governance measures in place to secure and protect personal health information (PHI). Additional information is available  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20HDS%20enables%20healthcare,is%20available%20here%20.","char_start":33288,"char_end":33583}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk is ISO 27001:2022 certified.  Download the certificate .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20ISO,Download%20the%20certificate%20.","char_start":4407,"char_end":4473}},{"surface":"audit_rights_dpa_residency","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Zendesk offers multiple data locality choices including the United States (US), Australia (AU), Japan (JP), or European Economic Area (EEA). For more information on product, plan, and regional offerings please see our  Regional Data Hosting Policy .","caution":"Data residency options vary by product and plan tier; users must verify their specific plan supports their preferred region before assuming compliance with local data-residency requirements.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Zendesk%20offers%20multiple%20data,Data%20Hosting%20Policy%20.","char_start":9892,"char_end":10141}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":" Canada’s Personal Information Protection and Electronic Documents Act went into effect in 2000 and is focused around ten fair information principles, which form the rules for collection, use, access, and disclosure of personal information. In October of 2021, the International Technology Association of Canada and Information Technology Industry Council suggested changes to PIPEDA to provide greater privacy and transparency rights for Canadian citizens.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Canada%E2%80%99s%20Personal%20Information,rights%20for%20Canadian%20citizens.","char_start":29204,"char_end":29661}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.  Learn about Compliance at AWS .\n\r AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.  Learn about Data Center Controls at AWS .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20hosts%20Service,Controls%20at%20AWS%20.","char_start":9102,"char_end":9480}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Cyber Essentials Plus is a UK government-backed certification that demonstrates an organization’s commitment to strong cybersecurity through independent verification of key controls.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Cyber%20Essentials%20Plus,verification%20of%20key%20controls.","char_start":5637,"char_end":5821}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. CSA has launched the Security, Trust & Assurance Registry (STAR), a publicly accessible registry that documents the security controls provided by various cloud computing offerings. Zendesk completed a publicly available Consensus Assessment Initiative (CAI) Questionnaire, based on the results of our due diligence self-assessment.\n\r The CSA CAIQ is available  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20a,is%20available%20here%20.","char_start":6888,"char_end":7454}},{"surface":"audit_rights_dpa_residency","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"The Zendesk DPA covers the specific processing activities and security measures applicable to our Services and incorporates the new EU Standard Contractual Clauses (“EU SCCs”).","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=The%20Zendesk%20DPA%20covers,Contractual%20Clauses%20(%E2%80%9CEU%20SCCs%E2%80%9D).","char_start":29765,"char_end":29941}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":"\r Zendesk is a member of  FIRST , an international confederation of incident response teams that cooperatively handles computer security incidents and promotes incident prevention programs. FIRST members develop and share technical information, tools, methodologies, processes and best practices. As a member of FIRST, Zendesk Security works with other members to use their combined knowledge, skills, and experience to promote a safer and more secure global electronic environment.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20a,secure%20global%20electronic%20environment.","char_start":7974,"char_end":8456}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk has achieved a number of internationally recognized certifications and accreditations demonstrating compliance with third-party assurance frameworks. Security certifications are described  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20has%20achieved,are%20described%20here%20.","char_start":39915,"char_end":40119}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" The New Zealand Privacy Act in 2020 commenced on December 1, 2020, applies to agencies and maintains the principle-based framework of the 1993 Act. The 2020 Act states that organisations are responsible for ensuring that personal information sent outside of New Zealand is adequately protected and added mandatory breach notification requirements.  https://www.zendesk.com/company/anz-privacy/ ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20The%20New%20Zealand,notification%20requirements.%20https%3A%2F%2Fwww.zendesk.com%2Fcompany%2Fanz-privacy%2F%20","char_start":33670,"char_end":34065}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Zendesk offers several data processing agreements and other addenda to support subscribers’ compliance with data privacy laws, available for execution  here . These include:","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20offers%20several,here%20.%20These%20include%3A","char_start":49687,"char_end":49861}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" Since our inception, Zendesk’s approach has been anchored by a strong commitment to privacy, security, compliance, and transparency. This approach includes supporting our subscribers’ compliance with EU data protection requirements, such as those set out in the  General Data Protection Regulation  (“GDPR”).\n\r If a subscriber collects, transmits, hosts, or analyzes personal data of EU citizens, GDPR requires the subscriber to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our subscribers’ trust, our Data Processing Agreement (“DPA”) has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR.\n\r Binding Corporate Rules (BCRs) : Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities. Subscribers can find the full list of approved entities on the Binding Corporate Rules Approved List  here . In 2017 Zendesk completed the EU approval process with the Irish Data Protection Commissioner (“DPC”) (peer reviewed by both the UK Information Commissioner’s Office and the Dutch Data Protection Authority) BCRs as processor and as a controller. ","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Since%20our%20inception%2C,as%20a%20controller.%20","char_start":30209,"char_end":31855}},{"surface":"audit_rights_dpa_residency","risk":"low","confidence":"high","tier":"All","verified":true,"quote":"Binding Corporate Rules (BCRs) : Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities. Subscribers can find the full list of approved entities on the Binding Corporate Rules Approved List  here . In 2017 Zendesk completed the EU approval process with the Irish Data Protection Commissioner (“DPC”) (peer reviewed by both the UK Information Commissioner’s Office and the Dutch Data Protection Authority) BCRs as processor and as a controller","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Binding%20Corporate%20Rules%20(BCRs),and%20as%20a%20controller","char_start":31059,"char_end":31853}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"This significant regulatory approval validated Zendesk’s implementation of the highest possible standards for protecting personal data globally, covering both the personal data of its customers and its employees. Zendesk is one of the first software companies in the world to have received approval for its BCRs; and was the second company ever to receive approval from the Irish DPC.\n\r To access Zendesk's EU BCRs and UK addenda please visit:","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=This%20significant%20regulatory%20approval,UK%20addenda%20please%20visit%3A","char_start":31855,"char_end":32303}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":" You can review and/or execute Zendesk’s DPA  here . The Zendesk DPA covers the specific processing activities and security measures applicable to our Services and incorporates the new EU Standard Contractual Clauses (“EU SCCs”).\n\r Subscribers can read our  Product Guides  and  Service Data Deletion Policy  for detailed information on how to use Zendesk’s products to assist in compliance with data protection and privacy laws.","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20You%20can%20review,protection%20and%20privacy%20laws.","char_start":29712,"char_end":30141}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"medium","tier":"All","verified":true,"quote":"\r AWS on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.  Learn about AWS physical security .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20AWS%20on-site%20security,AWS%20physical%20security%20.","char_start":9512,"char_end":9700}},{"surface":"audit_rights_dpa_residency","risk":"medium","confidence":"medium","tier":"All","verified":true,"quote":"Data Hosting : Zendesk uses Amazon Web Services to host Service Data as described  here  and in the  Regional Data Hosting Policy . ","caution":"Service Data is hosted on AWS infrastructure. Data residency specifics are deferred to a separate Regional Data Hosting Policy. Users must review that policy to determine where their data is stored.","provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=Data%20Hosting%20%3A%20Zendesk,Hosting%20Policy%20.%20","char_start":36068,"char_end":36200}},{"surface":"audit_rights_dpa_residency","risk":"unknown","confidence":"high","tier":"All","verified":true,"quote":"\r Zendesk is ISO 27018:2019 certified. The certificate is available for download  here .","caution":null,"provenance":{"source_url":"https://www.zendesk.com/company/privacy-and-data-protection/","snapshot_sha256":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569","wayback_url":null,"deep_link":"https://www.zendesk.com/company/privacy-and-data-protection/#:~:text=%20Zendesk%20is%20ISO,for%20download%20here%20.","char_start":4503,"char_end":4591}}],"disclaimer":"Informational only, not legal advice. Every finding is a verbatim quote from a fully-read, gate-verified document; verify via snapshot_sha256 + wayback_url. Partially-verified platforms show findings only from their verified document(s).","@jsonld":{"@context":"https://schema.org","@type":"Dataset","name":"Zendesk AI — AI policy risk findings","description":"Verified, cited policy findings for Zendesk AI across 13 risk surfaces.","url":"https://aipolicycompare.com/platform/zendesk-ai","creator":{"@type":"Organization","name":"AIPolicyCompare","url":"https://aipolicycompare.com"},"isAccessibleForFree":true,"license":"https://aipolicycompare.com/terms","additionalProperty":[{"@type":"PropertyValue","name":"verification","value":"tracked"}],"variableMeasured":[{"@type":"PropertyValue","name":"output_ownership","value":"low","description":"Ownership : From a privacy perspective, the subscriber is the controller of Service Data and Zendesk is a processor. This means that throughout the time that you subscribe to services with Zendesk, you retain ownership of and control over Service Data in your Zendesk instance.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":"\r We do not “sell” our subscriber’s personal information as defined under the CCPA. We may share aggregated and/or anonymized information regarding use of the Service(s), which is not considered personal information under the CCPA, with third parties to help us develop and improve the Services and provide our subscribers with more relevant content and service offerings as detailed in our subscriber agreements.\n\r Zendesk’s CCPA Addendum has been incorporated into Zendesk’s Data Processing Agreement. If you would like to review and/or execute Zendesk’s Data Processing Agreement, please  click here. \n\r If you would like to review and/or execute Zendesk’s US State Addendum to the Main Services Agreement, please  click here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":" Does Zendesk use customer Service Data to train machine learning models?\n\r Zendesk offers three types of machine learning functionality:","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":"\r How does Zendesk protect Service Data when used for model training?  Before Service Data is used to train generic ML functionality, Zendesk applies aggregation and sanitation processes, as necessary. No fields designed to intake personal data or ticket attachments are used for model training.  Zendesk is committed to ensuring that no Service Data will be reproduced by the model.  There is no risk that one customer’s data will be exposed to another customer through the model’s output. See  AI Data Use Information .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":" \r Zendesk utilizes the Retrieval Augmented Generation (RAG) technique to ensure that generated replies or search results are grounded in specific knowledge base content","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":" Zendesk developed a benchmarking platform to systematically evaluate LLMs using a Golden data set and human annotation. Grounding our evaluation with realistic data and human supervision reduces the risk that the model does not perform as expected.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"medium","description":"Before Service Data is used to train generic ML functionality, Zendesk applies aggregation and sanitation processes, as necessary. No fields designed to intake personal data or ticket attachments are used for model training.  Zendesk is committed to ensuring that no Service Data will be reproduced by the model.  There is no risk that one customer’s data will be exposed to another customer through the model’s outpu","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"medium","description":"We may share aggregated and/or anonymized information regarding use of the Service(s), which is not considered personal information under the CCPA, with third parties to help us develop and improve the Services and provide our subscribers with more relevant content and service offerings as detailed in our subscriber agreements.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":"\r 1. Account-specific machine learning:  Zendesk creates classification or clustering machine learning models tailored to a customer’s account using only data existing in the account. Account-specific models will not be used by any other customer.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"low","description":"Generative AI functionality:  All generative AI functionality is powered by third-party LLMs. These models are pre-trained and Zendesk customer data will never be used by the third-party LLM provider to train their model(s). See About Generative AI at Zendesk ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":" Non-generative Machine Learning models are evaluated using human-annotated data. This is the golden standard in label quality, and provides Zendesk with the most reliable way to evaluate classification models.\n\r Hallucinations are an intrinsic risk for generative AI features. Zendesk does three things to mitigate this risk:","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":"\r 3. Generative AI functionality:  All generative AI functionality is powered by third-party LLMs. These models are pre-trained and Zendesk customer data will never be used by the third-party LLM provider to train their model(s). See About Generative AI at Zendesk .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":"\r 2. Generic machine learning:  Zendesk uses Service Data to train its generic, cross-account machine learning models to be predictive and useful to multiple Zendesk customers. These include global and industry models. These models will never disclose one customer’s Service Data to another customer, because they are not “generative” (i.e., they do not create text - See Model Security section).","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"medium","description":"Zendesk uses Service Data to train its generic, cross-account machine learning models to be predictive and useful to multiple Zendesk customers. These include global and industry models. These models will never disclose one customer’s Service Data to another customer, because they are not “generative” (i.e., they do not create text - See Model Security section).","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"training_use","value":"unknown","description":" All models developed by Zendesk are classification and clustering models – this means they are trained to read and classify inputs into one of a set number of categories created by Zendesk. Because these models are not generative, no content is produced by the model, and it is not possible for training data to be reproduced by the model .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"low","description":"Zendesk subscribers that collect and store personal data in Zendesk Services may be considered “controllers” under the LGPD. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the LGPD. Zendesk acts as a “processor,” as such term is defined in the LGPD, with respect to the processing of personal data through our Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"medium","description":"Service Data is any information, including personal data, which is stored in or transmitted via the Zendesk Services by, or on behalf of, our subscribers and their end-users. We use Service Data to operate and improve our Services, help customers access and use the Services, respond to subscriber inquiries, and send communications related to the Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"low","description":"We do not access or use customer content for any purpose other than providing, maintaining, and improving the Zendesk services and as otherwise required by law.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"low","description":"We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the Zendesk Services and as otherwise required by applicable law.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Service Data is encrypted at rest in AWS using AES-256 key encryption.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Zendesk follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" The Brazilian General Data Protection Law or Lei Geral de Proteção de Dados Pessoais (“LGPD”), was entered into effect on September 18, 2020. LGPD is a comprehensive data protection law which covers the activities of data controllers and processors and provides individual rights.\n\r Zendesk subscribers that collect and store personal data in Zendesk Services may be considered “controllers” under the LGPD. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the LGPD. Zendesk acts as a “processor,” as such term is defined in the LGPD, with respect to the processing of personal data through our Services.\n\r Subscribers can view our  Product Guides  and  Service Data Deletion Policy  for more detailed information on how to use Zendesk’s products to align with compliance initiatives.The National Authority for Protection Data (“ANPD”) may issue additional guidance for the LGPD in the future. Zendesk will continue to actively track the law and we will continue to keep our subscribers updated on features and functionality they can use to support their compliance efforts.\n\r Zendesk’s LGPD Addendum has been incorporated into Zendesk’s Data Processing Agreement. If you would like to review and/or execute Zendesk’s Data Processing Agreement, please  click here. ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" The  California Consumer Privacy Act , Cal. Civ. Code §§ 1798.100 et seq. (“CCPA”) is a U.S. law enacted in the State of California, which went into force on January 1, 2020. It expands upon the privacy rights available to certain California consumers, and requires certain companies to comply with various data protection requirements. Please also visit the final  CCPA Regulations  and the  California Privacy Rights Act  (“CPRA”). A few CPRA provisions went into effect on December 16, 2020, with the remaining provisions of the CPRA becoming operative on January 1, 2023.\n\r Zendesk subscribers that collect and store personal information in Zendesk Services may be considered “Businesses” under the CCPA. Businesses bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant data protection law, including the CCPA. Zendesk acts as a “Service Provider,” as such term is defined in the current version of the CCPA, with respect to the processing of personal information through our Services. Therefore, Zendesk collects, accesses, maintains, uses, processes, and transfers the personal information of our subscribers and our subscriber’s end-users processed through the Services solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.\n","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" \r Data Subject Requests : An individual who seeks to exercise their data protection rights in respect of personal data stored or processed by us on behalf of a subscriber of ours within the subscriber’s Service Data (including to seek access to, or to correct, amend, delete, port, or restrict processing of such personal data) should direct such query to our subscriber (the data controller). Upon receipt of a request from one of our subscribers to remove personal data from Zendesk, we will respond to such request within thirty (30) days. We will retain personal data that we process and store on behalf of our subscribers for as long as needed to provide the Services to our subscribers.\n\r Zendesk's data subject request platform is available at this webform:  https://www.zendesk.com/datasubjectrequest/ ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" In-Product Cookie Policy Provides information about how and when Zendesk uses cookies within the Zendesk Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk provides an advanced set of access and encryption features to help subscribers effectively protect their information. We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the Zendesk Services and as otherwise required by applicable law. Additional information is available  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk has a robust global privacy and data protection program, which takes a unified approach to privacy and information governance to give customers flexibility to manage personal data that lives within Zendesk’s systems. For details, see our product guides:  Complying with Privacy and Data Protection in Zendesk Products .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk has two types of redaction for removing sensitive data:\n\r Manual redaction provides the ability to redact or remove sensitive data in Support ticket comments, and securely delete attachments so that you can protect confidential information. The data is redacted from tickets via the UI or API to prevent sensitive information from being stored in Zendesk.  Learn more about redaction via the UI or API .\n\r Automatic redaction allows for automatic redaction of credit card numbers from Agent- or End-User-submitted tickets. When enabled, credit card numbers are partially replaced with blank boxes in the ticket. The numbers are also redacted from logs and database entries.  Learn how to enable this feature and how the credit card numbers are identified .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Zendesk’s privacy layer goes a step beyond data minimization – we also offer native end-user notice and/or consent options seamlessly embedded into our tools.\n\r For Voice customers, Zendesk offers advanced options for providing notice and/or collecting consent from customers calling service lines. Customers can choose from a simple greeting or require proactive consent to proceed – and all greetings provide standard scripts or can be customized to fit a company’s voice.\n\r For Messaging customers, Zendesk seamlessly embeds a native privacy notice option for customers to surface their legal terms to end-users submitting chats. This allows chat users to be immediately informed of customer privacy practices, deflecting common privacy challenges.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Cookie Notice Detailed information about how and when we use cookies on Zendesk websites.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" In-Product Cookie Policy Provides information about how and when Zendesk uses cookies within the Zendesk Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Privacy Notice Describes how Zendesk collects, uses, shares, and secures personal data.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r For more information on  automatically redacting credit card numbers  or  adding a credit card identification field ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk takes security very seriously—just ask the number of  Fortune 100 and Fortune 500 companies  that trust us with their data. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is protected, which means every customer can rest easy—our own included.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk has a formal global privacy and data protection program, which includes cross-functional key stakeholders including Legal, Security, Product, and Executive sectors of the company. As privacy advocates, we work diligently to ensure our Services and team members are dedicated to compliance with applicable regulatory and industry frameworks.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Cookie Policy Detailed information about how and when we use cookies on Zendesk websites.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Zendesk provides free TLS encryption for host-mapped Guide help centers. Zendesk uses Let’s Encrypt to request certificates and automatically renews the certificate before it expires.\n\r You can also upload your own certificate, if you choose.\n\r To learn more about setting up encryption certificates for a Guide help center please see  Setting up a hosted TLS encryption certificate .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk AI is built based on the core principles of privacy, security, and compliance, by design. Our commitment to providing businesses with secure, trusted products and solutions is embedded in our DNA. As part of this, Zendesk leverages a set of  design principles  that not only set the standard for how we design, develop, and build everything we do, but set a clear foundation for our use of AI for customer experiences (CX and employee experience (EX)). For more information, see AI Trust at Zendesk .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r All communications with Zendesk UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Zendesk is secure during transit. Additionally for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. Exceptions for encryption may include any use of in-product SMS functionality, any other third-party app, integration, or service subscribers may choose to leverage at their own discretion.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" All Zendesk products and features are designed with privacy in-mind, and the Zendesk AI is no different.\n\r Customers can  comply with various privacy laws (including GDPR and CCPA) when using Zendesk, including Zendesk AI features.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"low","description":"Zendesk collects, accesses, maintains, uses, processes, and transfers the personal information of our subscribers and our subscriber’s end-users processed through the Services solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and for no commercial purpose other than the performance of such obligations and improvement of the Services we provide.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"medium","description":"Disclosure of Service Data : Zendesk only discloses Service Data to third parties where disclosure is necessary to provide or improve the services or as required to respond to lawful requests from public authorities.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Zendesk has tools for each of its products to assist with user requests and other obligations under applicable privacy and data protection laws and regulations, such as data access, correction, portability, deletion, and objection. To learn about the features and functionality in each Zendesk product, please see  Complying with Privacy and Data Protection in Zendesk products .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":"\r Zendesk tracks the devices used to sign in to each user account. When someone signs into an account from a new device, it is added to the device list in that user's profile. That user can get an email notification when a new device is added, and should follow up if the activity seems suspicious. Suspicious sessions can be terminated through the agent UI.  Learn about device tracking .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"privacy_data_use","value":"unknown","description":" Service Data is any information, including personal data, which is stored in or transmitted via the Zendesk Services by, or on behalf of, our subscribers and their end-users. We use Service Data to operate and improve our Services, help customers access and use the Services, respond to subscriber inquiries, and send communications related to the Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on risk.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Access to the Zendesk Production Network is restricted on an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Zendesk Production Network are required to use multiple factors of authentication.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Annual secure code training for all engineers, based on OWASP Top 10 security risks. ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk native authentication for products available through the  Admin Center  offers 2-factor (2FA) for agents and admins via SMS or an authenticator app.  Learn about 2FA .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Any Zendesk account can restrict access to their Zendesk Support to users within a specific range of IP addresses. Only users from the allowed IP addresses will be able to sign in to your Zendesk account. You can allow subscribers (not agents or admins) to bypass this restriction. For more information, see  Restricting access to Zendesk Support and your Help Center using IP restrictions  and  Using IP Access Restriction in Chat .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk Chat allows the ability to restrict what file types are sent to agents. Alternatively, you can choose to turn off file sending entirely in the Chat product. To learn about this feature, see  Managing file sending in live chat .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk’s spam filtering service can be used to prevent end-user spam posts from being published in your Guide help center.  Learn about filtering spam in Guide .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r All employees attend a Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Code Training. The Security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":" Copyright Infringement Notice & Takedown Policy How Zendesk handles notifications of infringement.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk offers  DMARC  (Domain-based Message Authentication, Reporting, & Conformance) for signing outbound emails from Zendesk when you have to set up an external email domain on your Zendesk. Using an email service that supports these features helps you stop email spoofing.  Learn about digitally signing your email .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our  Responsible Disclosure Program  gives security researchers as well as subscribers an avenue for safely testing and notifying Zendesk of security vulnerabilities through our partnership with  HackerOne .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk has several different authentication options. Subscribers can turn on Zendesk authentication (email and password sign-in), social media single sign-on (SSO) (such as Facebook and Google), and enterprise SSO (such as SAML and OIDC) for end user and team member authentication. ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r We employ third-party security tooling to continuously and dynamically scan our core applications against common web application security risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our network security architecture consists of multiple security zones. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r In addition to our extensive internal scanning and testing program, Zendesk employs third-party security experts to perform detailed penetration tests on different applications within our family of products.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provides deeper protection along with our use of AWS DDoS specific services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk native authentication for products available through the  Admin Center  provides the following levels of password security: low, medium, and high, as well as set custom password rules for agents and admins. Zendesk also allows different password security levels to apply to end users vs. agents and admins. Only admins can change the password security level.  Learn about configurable password policies .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk maintains a publicly available  system-status webpage , which includes system availability details, scheduled maintenance, service incident history, and relevant security events.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Subscribers can configure their instance so that users are required to sign in to view ticket attachments.  Learn about Private Attachments .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Access to data within Zendesk applications is governed by role-based access control (RBAC) and can be configured to define granular access privileges. Zendesk supports various permission levels for users (owner, admin, agent, end-user, etc.).\n\r Learn about user roles:","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":" Zendesk development team regularly inspects replies with negative end user feedback for hallucinations to develop tools that can automatically detect and prevent such scenarios.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"moderation_enforcement","value":"unknown","description":"\r Zendesk performs background checks on all new employees in accordance with local laws. These checks are also required for contractors. The background check includes criminal, education, and employment verification. Cleaning crews are included.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"medium","description":"We will retain personal data that we process and store on behalf of our subscribers for as long as needed to provide the Services to our subscribers.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":"\r Replication : Zendesk periodically replicates data for purposes of archival, backup, and audit logs. We use Amazon Web Services (AWS) to store some of the information that is backed up, such as database information and attachment files. Please see our  Regional Data Hosting Policy  for further details.\n\r Security : Zendesk prioritizes data security and combines enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure subscriber and business data is protected. See additional information  here .\n\r Security Incidents : For more information about security incident management see our  Security Incident Response .\n\r Sub-processors : Zendesk may use sub-processors, including affiliates of Zendesk, as well as third-party companies, to provide, secure, or improve the Services, and such sub-processors may have access to Service Data. Our  Sub-processors policy  provides an up-to-date list of the names and locations of all sub-processors.\n\r Termination : Zendesk maintains a  Service Data Deletion Policy  that describes Zendesk’s data deletion processes upon subscriber’s termination or expiration of the Zendesk subscription.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":" Service Data Deletion Policy How our Subscribers’ Service Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":"\r Zendesk offers ticket and end-user data deletion schedules right out of the box, regardless of plan. For Advanced Data Privacy and Protection customers with more nuanced data deletion requirements, Zendesk also offers advanced data retention policies, allowing customers to create conditional deletion schedules.\n\r Additionally, all Zendesk customers have access to standard redaction capabilities , so that sensitive ticket content can be permanently redacted. Advanced Data Privacy and Protection customers also have access to our AI-powered redaction suggestions feature, which automatically highlights certain types of data within tickets for agents to quickly redact.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":" Data Deletion Policy How our Subscribers’ Service Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"medium","description":"Termination : Zendesk maintains a  Service Data Deletion Policy  that describes Zendesk’s data deletion processes upon subscriber’s termination or expiration of the Zendesk subscriptio","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"medium","description":"customizable data retention policies, data masking, PII redaction, and access logs.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":"\r Our  Disaster Recovery (DR) program  ensures that our services remain available and are easily recoverable in the case of a disaster.\n\r This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing  activities .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"unknown","description":"\r Zendesk employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our  Enhanced Disaster Recovery  service offering allows us to deliver a high level of service availability, as Service Data is replicated across availability zones.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"data_retention","value":"low","description":"Data is deleted in connection with the cancellation, termination, or migration of an Account within the Zendesk Services.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"medium","description":"Zendesk offers Audit Logs to accounts with Enterprise/Enterprise Plus plans. These logs include account changes, user changes, app changes, business rules, ticket deletions, and settings.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"unknown","description":"\r For businesses that need a higher level of data privacy and security, Zendesk offers the  Advanced Data Privacy and Protection add-on . The add-on includes capabilities for BYOK encryption, customizable data retention policies, data masking, PII redaction, and access logs.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"unknown","description":" To achieve a HIPAA-Enabled Account, you will need to (1) purchase the Advanced Security Deployed Associated Service or Advanced Compliance Deployed Associated Service Add-On; (2) enable a set of security configurations as outlined by Zendesk; and (3) execute our  Business Associate Agreement  (“BAA”). For more details, including a list of which Services can be HIPAA-enabled, please see  Advanced Compliance .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"medium","description":"Zendesk offers ticket and end-user data deletion schedules right out of the box, regardless of plan. For Advanced Data Privacy and Protection customers with more nuanced data deletion requirements, Zendesk also offers advanced data retention policies, allowing customers to create conditional deletion schedules.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"unknown","description":" The Zendesk AI is eligible for coverage under  Zendesk’s Business Associate Agreement (BAA) .\n\r Customers interested in executing a BAA with Zendesk must have access to the Advanced Compliance Add-on .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"medium","description":"For businesses that need a higher level of data privacy and security, Zendesk offers the  Advanced Data Privacy and Protection add-on . The add-on includes capabilities for BYOK encryption, customizable data retention policies, data masking, PII redaction, and access logs","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"unknown","description":"\r Our  Enhanced Disaster Recovery  package adds contractual objectives for Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These are supported through our capability to prioritize operations of Enhanced Disaster Recovery subscribers during any declared disaster event.\n\r Get more information on Disaster Recovery Guarantees. ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"tier_differences","value":"medium","description":"To achieve a HIPAA-Enabled Account, you will need to (1) purchase the Advanced Security Deployed Associated Service or Advanced Compliance Deployed Associated Service Add-On; (2) enable a set of security configurations as outlined by Zendesk; and (3) execute our  Business Associate Agreement  (“BAA”","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"indemnity_liability","value":"unknown","description":" Shared Responsibility Model This framework clarifies which party is responsible for which controls related to the security and privacy of your data.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"unknown","description":"\r Zendesk has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Zendesk information assets.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"unknown","description":"\r All new hires are required to sign Non-Disclosure and Confidentiality agreements.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"low","description":"We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"unknown","description":"\r Zendesk has two types of redaction for removing sensitive data: Manual redaction provides the ability to redact or remove sensitive data in Support ticket comments, and securely delete attachments, so you can protect confidential information. The data is redacted from tickets via the UI or API to prevent sensitive information from being stored in Zendesk. Learn about redaction via the  UI  or  API .\n\r Automatic redaction allows for automatic redaction of credit card numbers from subscriber-submitted tickets. When enabled, credit card numbers are partially replaced with blank boxes in the ticket. They are also redacted from logs and database entries. To learn more about how to enable this feature and how credit card numbers are identified, see  Automatically redacting credit card numbers from tickets  and from  chats .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"low","description":"Service Data will not be shared with any other customer.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"unknown","description":" Our agreements and policies provide our subscribers transparency and detailed information about Zendesk’s Services, which in turn support our subscribers in meeting their own legal and compliance standards.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"confidentiality","value":"low","description":"All new hires are required to sign Non-Disclosure and Confidentiality agreements.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"low","description":"Service Data is encrypted at rest in AWS using AES-256 key encryption.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"medium","description":"Generative AI features are currently powered by OpenAI (using zero data retention endpoints) or models hosted on Microsoft Azure, Amazon Bedrock, or Google Cloud Platform (where the model provider never has access to prompts or outputs). We also offer AI transcription services powered by Twilio and DeepGram.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"medium","description":"All Service Data is hosted in Zendesk’s existing AWS regions , except that certain features offered through acquisitions such as QA and AI Agents - Advanced may remain on Google Cloud Platform (GCP) hosting locations in the US and/or Europe for a period of time until fully integrated to Zendesk. For sub-processor hosting locations, please see the Zendesk Sub-processor Policy .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":" Zendesk minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":" Access : Zendesk provides an advanced set of access and encryption features to help customers effectively protect their information. We do not access or use customer content for any purpose other than providing, maintaining, and improving the Zendesk services and as otherwise required by law. See  here  for additional information.\n\r Data Hosting : Zendesk uses Amazon Web Services to host Service Data as described  here  and in the  Regional Data Hosting Policy . For additional information, please also see the  Security section .\n\r Default Data Types Collected by the Service : Zendesk has created a  list of data points , categorized by product. For the full picture of data types, subscribers can use this list in conjunction with their specific intended use case and resultant data types.\n\r Legal or Government Requests : Privacy, data security, and subscriber trust are our top priorities. Zendesk does not disclose Service Data, except as necessary to provide our Services and to comply with applicable laws, as detailed in our  Privacy Notice . To assist our subscribers in performing compliance reviews, we have additional resources:  Transparency Report  and  Government Request Policy .\n\r Ownership : From a privacy perspective, the subscriber is the controller of Service Data and Zendesk is a processor. This means that throughout the time that you subscribe to services with Zendesk, you retain ownership of and control over Service Data in your Zendesk instance.\n","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":" Service Data processed by Zendesk AI is subject to all security standards and commitments, including compliance with Zendesk’s robust  Enterprise Security Measures , and storage within Zendesk’s  SOC 2-compliant environment . Service Data will not be shared with any other customer.\n\r Generative AI features are currently powered by OpenAI (using zero data retention endpoints) or models hosted on Microsoft Azure, Amazon Bedrock, or Google Cloud Platform (where the model provider never has access to prompts or outputs). We also offer AI transcription services powered by Twilio and DeepGram.\n\r OpenAI data security practices are available here . Amazon Bedrock data security practices are available here . Microsoft Azure data security practices are available here . Google Cloud Platform data security practices are available here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":" Legal or Government Request Policy Addresses Zendesk’s procedure for responding to a request received from a law enforcement or other government authority.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":"\r Disclosure of Service Data : Zendesk only discloses Service Data to third parties where disclosure is necessary to provide or improve the services or as required to respond to lawful requests from public authorities. Please see our  Government Data Request Policy  as well as the  Zendesk Transparency Report .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"medium","description":"Sub-processors : Zendesk may use sub-processors, including affiliates of Zendesk, as well as third-party companies, to provide, secure, or improve the Services, and such sub-processors may have access to Service Data. Our  Sub-processors policy  provides an up-to-date list of the names and locations of all sub-processor","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"unknown","description":" Zendesk AI leverages a flexible, modular architecture that enables the use of multiple leading Large Language Models (LLMs), including frontier, and open source models. This intentional multi-LLM approach allows Zendesk to select the best model for each workflow and use case, optimizing for quality, speed, cost, and resilience, and avoid reliance on any single LLM provider, minimizing the risks of vendor lock-in for our customers. Zendesk’s platform is designed for flexible model switching, allowing us to quickly adopt improvements and new models as soon as they become available. Our multi-LLM architecture, combined with a global infrastructure and rigorous governance, ensures Zendesk AI is resilient and our customers’ investments - secure.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"subprocessors_data_sharing","value":"ambiguous","description":"Zendesk minimizes risks associated with third-party vendors by performing security reviews on all vendors with any level of access to our systems or Service Data.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"low"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"low","description":"We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.  Request the latest SOC 2 Type II report .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"medium","description":"Subscribers who purchase the  Data Center Location Deployed Associated Service  (“Data Center Location Add-on”), or have the Data Center Location functionality in their Service Plan, have the ability to select the region that will host their Service Data from a list of Zendesk available region","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Zendesk uses best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our subscribers meet their own compliance standards.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is ISO 27017:2015 certified. The certificate is available for download  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r ISO 42001 is the world’s first international standard for managing artificial intelligence. Achieving certification means that Zendesk’s AI practices — spanning design and development through deployment and ongoing monitoring — have been independently audited for conformance with a formal Artificial Intelligence Management System (AIMS) and demonstrate transparency, security, and responsible governance.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is FedRAMP authorized with Low Impact Software-as-a-Service (LI-SaaS) and is listed in the  FedRAMP Marketplace . US Government agency subscribers can request access to the Zendesk FedRAMP Security Package by completing a Package Access Request Form or submitting a request to  fedramp@zendesk.com .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r CSA STAR AI Levels 1 & 2 certify advanced cloud security and AI governance practices, with Zendesk proudly being the first in the industry to achieve this recognition.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is a member of  IT-ISAC , a group focused on bringing together a diverse set of private sector companies to leverage evolving technology and have a common commitment to security. IT-ISAC enables collaboration and sharing of relevant, actionable threat intelligence information and practices. They moderate special interest groups that focus on Intelligence, Insider Threat, Physical Security, and other specific areas to help further our mission of securing Zendesk.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk has satisfied all requirements (Stage 1 and Stage 2) to become fully registered on the FSQS (Financial Services Qualification System) supplier qualification system, as set out by participating buying organisations. Request the latest FSQS Certificate  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk leverages AWS data centers in the United States, Europe, and Asia Pacific.  Learn about Data Hosting Locations for your Zendesk Service Data .\n\r Zendesk offers multiple data locality choices including the United States (US), Australia (AU), Japan (JP), or European Economic Area (EEA). For more information on product, plan, and regional offerings please see our  Regional Data Hosting Policy .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r In addition to our extensive internal scanning and testing program, each year Zendesk employs third-party security experts to perform a broad penetration test across the Zendesk Production and Corporate Networks.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" The Australian Privacy Act of 1988 (as amended) provides several data subject rights and added mandatory notification of eligible data breaches. Unlike the GDPR, there are no concepts of data controller and data processor.  https://www.zendesk.com/company/anz-privacy/ ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" The Personal Data Protection Act of Singapore establishes data protection laws that govern the collection, use, and disclosure of Personal Data as of July 2, 2014. Zendesk is a recognized Infocomm Development Authority of Singapore (IDA) Data Intermediary as a Software-as-a-Service (“SaaS”) Service Provider. Additional information is available  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" \r Zendesk's Data Processor and Data Controller Binding Corporate Rules \r","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Subscribers who purchase the  Data Center Location Deployed Associated Service  (“Data Center Location Add-on”), or have the Data Center Location functionality in their Service Plan, have the ability to select the region that will host their Service Data from a list of Zendesk available regions.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" All Service Data is hosted in Zendesk’s existing AWS regions , except that certain features offered through acquisitions such as QA and AI Agents - Advanced may remain on Google Cloud Platform (GCP) hosting locations in the US and/or Europe for a period of time until fully integrated to Zendesk. For sub-processor hosting locations, please see the Zendesk Sub-processor Policy .\n\r Use of Zendesk AI does not impact any Customer data locality commitments, including those available in the Data Center Location Add-on . Service Data of eligible Customers will continue to be hosted in the selected region.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Regional Data Hosting Policy Where Zendesk Service Data can be hosted if a Subscriber purchases or enables the Data Center Location Add-On.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Explore our Conveyor Trust Portal for on-demand, self-serve access to up-to-date security artifacts — certifications, audit reports, policies, and questionnaire answers.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"low","description":"Zendesk offers several data processing agreements and other addenda to support subscribers’ compliance with data privacy laws, available for execution  here . These include:\n\r Data Processing Agreement (DPA) \n\r United States HIPAA Business Associate Agreement (BAA) \n\r Zendesk Customer Agreement (ZCA) \n\r US State Addendum ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"low","description":"Zendesk hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r We undergo routine audits to receive updated SOC 2 Type II reports, available upon request and under NDA.  Request the latest SOC 2 Type II report .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk received the  McAfee CloudTrust Program . The program presents the McAfee Enterprise-Ready seal to only those services that have the highest CloudTrust™ rating possible. These are among the services that have earned McAfee's CloudTrust™ and a rating of McAfee Enterprise-Ready based on their attributes across the data, user and device, security, business, and legal evaluation categories.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" The United Kingdom withdrew from the European Union on 31 January 2020. On 28 June 2021, the European Commission adopted  adequacy decisions  for transfers of personal data to the United Kingdom under GDPR.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk offers Audit Logs to accounts with Enterprise/Enterprise Plus plans. These logs include account changes, user changes, app changes, business rules, ticket deletions, and settings. The Audit Log is available in both the  Admin Center  and  Support API . To learn more about Audit Logs and see what information is available within the log please see  Viewing the audit log for changes .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" HDS enables healthcare providers in France to use Zendesk’s customer service and engagement platform with confidence that our platform has appropriate technical and governance measures in place to secure and protect personal health information (PHI). Additional information is available  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is ISO 27001:2022 certified.  Download the certificate .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"medium","description":"Zendesk offers multiple data locality choices including the United States (US), Australia (AU), Japan (JP), or European Economic Area (EEA). For more information on product, plan, and regional offerings please see our  Regional Data Hosting Policy .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Canada’s Personal Information Protection and Electronic Documents Act went into effect in 2000 and is focused around ten fair information principles, which form the rules for collection, use, access, and disclosure of personal information. In October of 2021, the International Technology Association of Canada and Information Technology Industry Council suggested changes to PIPEDA to provide greater privacy and transparency rights for Canadian citizens.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.  Learn about Compliance at AWS .\n\r AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.  Learn about Data Center Controls at AWS .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Cyber Essentials Plus is a UK government-backed certification that demonstrates an organization’s commitment to strong cybersecurity through independent verification of key controls.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing. CSA has launched the Security, Trust & Assurance Registry (STAR), a publicly accessible registry that documents the security controls provided by various cloud computing offerings. Zendesk completed a publicly available Consensus Assessment Initiative (CAI) Questionnaire, based on the results of our due diligence self-assessment.\n\r The CSA CAIQ is available  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"low","description":"The Zendesk DPA covers the specific processing activities and security measures applicable to our Services and incorporates the new EU Standard Contractual Clauses (“EU SCCs”).","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is a member of  FIRST , an international confederation of incident response teams that cooperatively handles computer security incidents and promotes incident prevention programs. FIRST members develop and share technical information, tools, methodologies, processes and best practices. As a member of FIRST, Zendesk Security works with other members to use their combined knowledge, skills, and experience to promote a safer and more secure global electronic environment.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Zendesk has achieved a number of internationally recognized certifications and accreditations demonstrating compliance with third-party assurance frameworks. Security certifications are described  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" The New Zealand Privacy Act in 2020 commenced on December 1, 2020, applies to agencies and maintains the principle-based framework of the 1993 Act. The 2020 Act states that organisations are responsible for ensuring that personal information sent outside of New Zealand is adequately protected and added mandatory breach notification requirements.  https://www.zendesk.com/company/anz-privacy/ ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Zendesk offers several data processing agreements and other addenda to support subscribers’ compliance with data privacy laws, available for execution  here . These include:","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" Since our inception, Zendesk’s approach has been anchored by a strong commitment to privacy, security, compliance, and transparency. This approach includes supporting our subscribers’ compliance with EU data protection requirements, such as those set out in the  General Data Protection Regulation  (“GDPR”).\n\r If a subscriber collects, transmits, hosts, or analyzes personal data of EU citizens, GDPR requires the subscriber to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our subscribers’ trust, our Data Processing Agreement (“DPA”) has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR.\n\r Binding Corporate Rules (BCRs) : Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities. Subscribers can find the full list of approved entities on the Binding Corporate Rules Approved List  here . In 2017 Zendesk completed the EU approval process with the Irish Data Protection Commissioner (“DPC”) (peer reviewed by both the UK Information Commissioner’s Office and the Dutch Data Protection Authority) BCRs as processor and as a controller. ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"low","description":"Binding Corporate Rules (BCRs) : Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities. Subscribers can find the full list of approved entities on the Binding Corporate Rules Approved List  here . In 2017 Zendesk completed the EU approval process with the Irish Data Protection Commissioner (“DPC”) (peer reviewed by both the UK Information Commissioner’s Office and the Dutch Data Protection Authority) BCRs as processor and as a controller","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"This significant regulatory approval validated Zendesk’s implementation of the highest possible standards for protecting personal data globally, covering both the personal data of its customers and its employees. Zendesk is one of the first software companies in the world to have received approval for its BCRs; and was the second company ever to receive approval from the Irish DPC.\n\r To access Zendesk's EU BCRs and UK addenda please visit:","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":" You can review and/or execute Zendesk’s DPA  here . The Zendesk DPA covers the specific processing activities and security measures applicable to our Services and incorporates the new EU Standard Contractual Clauses (“EU SCCs”).\n\r Subscribers can read our  Product Guides  and  Service Data Deletion Policy  for detailed information on how to use Zendesk’s products to assist in compliance with data protection and privacy laws.","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r AWS on-site security includes features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.  Learn about AWS physical security .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"medium","description":"Data Hosting : Zendesk uses Amazon Web Services to host Service Data as described  here  and in the  Regional Data Hosting Policy . ","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"medium"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]},{"@type":"PropertyValue","name":"audit_rights_dpa_residency","value":"unknown","description":"\r Zendesk is ISO 27018:2019 certified. The certificate is available for download  here .","additionalProperty":[{"@type":"PropertyValue","name":"confidence","value":"high"},{"@type":"PropertyValue","name":"snapshot_sha256","value":"c5b0b430561693d1b6cb3c45de1a13f33402c08da0169893981525c587587569"},{"@type":"PropertyValue","name":"wayback_url","value":""},{"@type":"PropertyValue","name":"source_url","value":"https://www.zendesk.com/company/privacy-and-data-protection/"}]}]}}