Secure Customer Service

Make every effort to meet your needs

Zendesk takes security very seriously, just ask how many there areFortune 100 and Fortune 500 companiesTrust us with the information。 Our combination of enterprise-level security features with comprehensive audits of our applications, systems and networks to ensure that your data is always protected means that every customer, including ourselves, can rest easy。

Compliance certification and membership

Zendesk uses best practices and industry standards to ensure that we follow industry-recognized general security and privacy frameworks, which in turn helps our subscribers meet their compliance standards。

Safety compliance
SOC 2 Type II

We receive routine audits to obtain the latest SOC 2 Type II reports, which are available upon request and in accordance with the NDA。 Request the latest SOC 2 Type II report

ISO 27001:2013

Zendesk is ISO 27001:2013 certified。 Download the certificate

ISO 27018:2014

Zendesk is ISO 27018:2014 certified。 The certificate is available at此處下載。

FedRAMP LI-SaaS

Zendesk is a low-impact software as a Service (Li-saas) licensed by FedRAMP and listed FedRAMP Marketplace 中。 Us government agency subscribers mayFill in the application form或向 fedramp@goyinyang.com Submit an application to apply for the Zendesk FedRAMP security solution。

Based on industry compliance
PCI-DSS

Zendesk Support provides a PCI-compliant configurable credit card field with all but the last four digits deleted。 Understand Zendesk's PCI compliance

membership
McAfee Cloud Trust - McAfee Enterprise Ready

Zendesk get McAfee CloudTrust Program ratings。 The program issues the McAfee Enterprise-Ready seal only to services with the highest CloudTrust™ rating。 These services are rated McAfee CloudTrust™ and McAfee Enterprise-Ready based on characteristics in the data, user and device, security, business and legal assessment categories。

Cloud Security Alliance (CSA)

Zendesk is a member of the Cloud Security Alliance (CSA), a non-profit organization whose mission is to promote the use of best practices to provide security in cloud computing。 CSA has launched the Security, Trust and Assurance Register (STAR) program, which is publicly accessible and documents the security controls provided by various cloud computing products。 Zendesk completed a public Consensus Evaluation Program (CAI) questionnaire based on the results of our due diligence self-assessment。

CSA CAIQ can be in此處查閱。

IT-ISAC

Zendesk is IT-ISAC Member, an organization focused on bringing together different private sector companies to take advantage of evolving technology and make a shared commitment to security。 It-isac enables collaboration and sharing of relevant and viable threat intelligence information and practices。 They chair special focus groups that focus on intelligence, insider threats, physical security and other specific areas and help advance our mission to secure Zendesk。

FIRST

Zendesk isFIRST Member, FIRST is an international alliance of incident Response teams that work together to deal with computer security incidents and promote incident prevention programmes。 FIRST members develop and share technical information, tools, methods, processes and best practices。 As a FIRST member, Zendesk Security works with other members to leverage their combined knowledge, skills and experience to promote a safer and more secure global electronic environment。

Financial Services Qualification System (FSQS)

Zendesk has met all the requirements (stages 1 and 2) to register with the FSQS (Financial Services Qualification System) Supplier Qualification System as required by participating purchasing organizations。 在此Apply for the latest FSQS certificate。

For more information about FSQS, see http://hellios.com/fsqs/

Artificial service

Additional resources are available upon request。

Direct download of resources (non-NDA)

ISO 27001:2013 certification

ISO 27018:2014 certification

SOC 3 report

Information sheet/white paper

PCI Compliance Certificate (AoC) and compliance certification

Network Architecture Diagram

  • Support/Guidance
  • 聊天
  • 談話

CSA CAIQ

Risk Ledger

FSQS (Financial Services Qualification System)

Access to resources
NDA resources

The following resources may require an NDA submission。 Click the button for access。

Certificate of insurance

SOC 2 Type II report

Annual penetration test summary

Summary of business continuity and disaster Recovery tests

SIG Lite

VSA

HECVAT Lite

Current subscribers can access these resources in the admin UI:

Cloud security

Data center physical security
設施

Zendesk hosts service data primarily in AWS data centers that are certified to ISO 27001, PCI DSS service Provider Level 1 and/or SOC 2。 Understand AWS compliance

AWS infrastructure services include backup power, HVAC systems, and fire extinguishing equipment to help protect your servers and ultimately your data。 Understand AWS data center controls

Site safety

AWS on-site security includes features such as security guards, fences, safety feedback, intrusion detection technology and other security measures。 Understand AWS entity security

Location of data escrow

Zendesk draws on AWS data centres in the US, Europe and Asia Pacific。 Find out where your Zendesk service data is hosted

Zendesk offers a variety of data locations, including the United States (US), Australia (AU), Japan (JP) or the European Economic Area (EEA)。 For details of our products, programs and district services, please refer to ourDistrict data escrow policy

Supplier security

Zendesk conducts security reviews of all vendors that have access to our systems or services to minimize the risks associated with third-party vendors。

Network security
Full-time security team

Our global security team is on call 24/7 to respond to security alerts and incidents。

保護

We protect our networks through the use of critical AWS security services, integration with our Cloudflare Edge Protection network, regular audits, and cyber intelligence technologies that monitor and/or block known malicious traffic and cyber attacks。

Our network security architecture consists of multiple security zones。 More sensitive systems, such as database servers, are protected in areas we trust most。 Other systems are placed in areas commensurate with their sensitivity based on function, information classification, and risk。 Additional security monitoring and access control will apply depending on the area。 Use A DMZ between the Internet and within different trust zones。

Network Vulnerability Scanning

We gain deep insight through network security scans to quickly identify non-compliant or potentially vulnerable systems。

Third party penetration testing

In addition to implementing an extensive internal scanning and testing program, Zendesk hires third-party security experts to conduct extensive penetration testing of Zendesk's manufacturing and enterprise networks each year。

Security incident Management

Our security Incident Management (SIEM) system collects extensive records from critical network devices and escrow systems。 SIEM issues alerts based on triggers and notifies the security team for investigation and response based on relevant events。

Intrusion detection and prevention

Measure and monitor service entry and exit points to detect abnormal behavior。 These systems are programmed to alert when incidents and values exceed predetermined thresholds and use signatures that are updated regularly based on new threats。 This includes 24/7 system monitoring。

Threat intelligence program

Zendesk participates in several threat intelligence sharing programs。 We monitor threats posted to threat intelligence networks and take action based on the risk。

DDoS mitigation

Zendesk has built a multi-layered DDoS mitigation solution。 Working with Cloudflare's core technology provides network edge defense, while using AWS's extension and protection tools and our use of AWS dDOS-specific services provides deeper protection。

Logical access

Access to Zendesk's production network is controlled by our operations team, with minimal access, frequent audits and monitoring, on an apparent "need to know" basis。 Employees accessing Zendesk's production network need to use multiple authentication factors。

Emergency response

If a system alert is issued, the incident will be reported to our 24/7 team providing operations, network engineering and security services。 Employees receive training on safety incident response procedures, including communication channels and reporting paths。

加密
Transmission encryption

All communication with Zendesk UI and API is via industry standard HTTPS/TLS (TLS 1).2 or higher) encrypted over a public network。 This ensures that all communication between you and Zendesk is secure in transit。 In addition, for email, our product defaults to opportunistic TLS。 Transport Layer security (TLS) encrypts and securely transmits E-mail, alleviating monitoring between mail servers when peer-to-peer services support the protocol。 Exceptions to encryption may include the use of in-product messaging features, any other third-party applications, integrations or services, which subscriber may choose to utilize。

Static encryption

The service data is statically encrypted in AWS using AES-256 key encryption。

Availability and continuity
Uptime

Zendesk maintains a publicSystem Status page, which includes system availability details, scheduled maintenance, service event history, and related security events。

冗余

Zendesk uses service clustering and network redundancy to eliminate single points of failure。 Our strict backup system and/or ourEnhanced disaster recoveryServices enable us to provide a high level of service availability as service data is replicated across availability zones。

Disaster recovery

ourDisaster Recovery (DR) programsEnsure that our services remain available and easy to recover in the event of a disaster。 To do this, we built a strong technical environment, created disaster recovery plans and tested them活動

Enhanced disaster recovery

ourEnhanced disaster recoveryContract targets for recovery time Objectives (RTO) and recovery point objectives (RPO) have been added to the programme。 We can support these capabilities by prioritizing the operations of enhanced disaster Recovery subscribers in any declared disaster event。

Get more information about the disaster recovery guarantee。

Application security

Security Development (SDLC)
Frame safety control

Zendesk uses modern secure open source frameworks and security controls to limit OWASP's top 10 security risks。 These built-in controls reduce our risk of SQL imports (SQLi), cross-site scripting (XSS), and cross-site request forgery (CSRF)。

Quality assurance

Our QA department reviews and tests our code base。 Dedicated application security engineers identify, test, and classify security vulnerabilities in code。

The separation of the environment

Test and staging environments are logically separate from production environments。 Service materials are not used in our development or test environment。

Vulnerability management
Dynamic vulnerability scanning

We use third-party security tools to continuously and dynamically scan our core applications to address common network application security risks, including but not limited to OWASP's Top 10 security risks。 We have a dedicated in-house product safety team that conducts testing and works with the engineering team to remedy any issues found。

Software composition analysis

We scan the libraries and dependencies used in the product to identify vulnerabilities and ensure they are managed。

Third party penetration testing

In addition to conducting an extensive internal scanning and testing program, Zendesk employs third-party security experts to conduct detailed penetration testing of different applications in our product portfolio。

Responsible disclosure/Bug bounty program

ourResponsible Disclosure programThrough with HackerOne The collaboration gives security researchers and subscribers a way to test security and notify Zendesk of security vulnerabilities。

Product safety

Authentication security
Authentication options

Zendesk has a number of different authentication options: Subscribers can enable native Zendesk authentication, social media Single Sign-on (SSO) (Facebook, Twitter, Google) and/or enterprise SSO (SAML, JWT),For end user and/or proxy authentication。 Understand user access rights

A configurable password policy

Management centerProvides the following levels of password security for Zendesk native authentication provided with the product: low, medium, high, and custom password rules for agents and administrators。 Zendesk also allows different password security levels to apply to end users, agents, and administrators。 Only administrators can change the password security level。 Understand the password policies that can be set

Two-factor Authentication (2FA)

Management centerZendesk Native Authentication for Products Two-factor authentication for agents and administrators via SMS or authentication applications (2FA)。 Understand the two fa

Service Certificate Storage

Zendesk follows best practices for storing security certificates, never storing passwords in human-readable format and only in secure, feed, one-way hashing。

Other product safety features
Role-based access control

Access to data within Zendesk applications is managed by role-based Access Control (RBAC) and can be set to defined, detailed access rights。 Zendesk supports various user rights levels (owner, administrator, agent, end user, etc.)。

Understand user roles:

Details on global security and user access rights

IP restrictions

Any Zendesk account can restrict its Zendesk support to users within a specific IP address range。 Only users from permitted IP addresses can log into your Zendesk account。 You can allow subscribers, rather than agents or administrators, to bypass this restriction。 For details, please refer toUse IP restrictions to access Zendesk support and your help centerUse IP access restrictions in chat

Escrow Encryption credentials (TLS) for help Center

Zendesk provides free TLS encryption for the master's corresponding guide help center。 Zendesk uses Let's Encrypt to apply for credentials and automatically renew them before they expire。

You may also choose to upload your own credentials。

For details on setting encrypted credentials for the guide help center, seeSet up the escrow of TLS encryption credentials

File limits in chat

Zendesk Chat allows you to restrict which file types are sent to agents。 Alternatively, you can choose to turn off file sending completely in the chat product。 For details of this feature, please seeManage file sending in live chat

Audit records

Zendesk provides audit records for Enterprise/Enterprise Plus plan accounts。 These records include account changes, user changes, application changes, business rules, bill deletion and setting。 Audit records are available atManagement centerSupport API In the review。 For details of the audit record and to view the information provided in the record, please refer toReview audit record changes

Personal attachment

Subscribers can configure instances and users need to log in to view ticket attachments。 Understand personal Attachments

刪減

Zendesk has two ways to delete sensitive data: Manual Delete Deletes or deletes sensitive data in support notes, and securely removes attachments so that you protect confidential information。 Delete data in tickets through UI or API to prevent sensitive information from being stored in Zendesk。 For details, please click UIAPI abridge。

Automatic deletion Allows automatic deletion of credit card numbers in receipts submitted by subscribers。 When enabled, the credit card number is replaced by a blank box in the ticket。 These numbers are also redacted from records and database items。 For details on how to enable this feature and how to identify credit card numbers, seeAutomatically delete ticket聊天Credit card number in。

Guide to help center garbage filters

Zendesk's spam filtering service can be used to prevent end user spam posts from being published in the Guide help center。 Know how to filter garbage in the guide

Email Signature (DKIM/DMARC)

Zendesk provided DKIM(Domain key recognition message) and DMARC(domain-based mail authentication, reporting, and consistency) to sign outgoing emails from Zendesk when you must set up an external email domain on Zendesk。 Using email services that support these features can help you prevent email spoofing。 Learn how to digitally sign your email

Device to track

Zendesk tracks which devices are used to log into each user account。 When someone logs in to an account from a new device, the device is added to the device list in the user's profile。 When a new device is added, the user is notified by email and should follow up if the activity looks suspicious。 The suspect work phase can be terminated through the agent UI。 Understand device tracking

HR security

Safety awareness
政策

Zendesk has developed a comprehensive security policy covering a wide range of topics。 These policies are shared and made available to all employees and contractors who have access to Zendesk's information assets。

培訓

All employees are required to attend safety awareness training, which is conducted on entry and once a year thereafter。 All engineers receive annual training in secure code。 The security team provides additional security awareness updates through emails, blog posts and internal event presentations。

Employee review
A background check

Zendesk conducts background checks on all new hires in accordance with local laws。 Background checks on contractors are also required。 Background checks include criminal, educational and employment checks。 Cleaning staff are also included。

Confidential agreement

All new employees must sign a confidentiality agreement and confidentiality agreement。

Welcome to the Zendesk Global Privacy Program

Zendesk has a formal global privacy and data protection program that includes key cross-functional stakeholders, including the company's legal, security, product and enforcement departments。 As privacy advocates, we strive to ensure that our services and team members are committed to complying with applicable regulatory and industry frameworks。

合規

Australian Privacy Act 1988 and privacy Principles

The Australian Privacy Act 1998 (as amended) provides for a number of data subject rights and introduces mandatory notices for eligible data disclosure。 Unlike GDPR, there is no concept of data controller and data handler。http://frontdoor-eu.goyinyang.com/company/anz-privacy/

Appendix to Brazilian General Data Protection Act (LGPD)

Brazil's Lei Geral de Protecao de Dados Pessoais (LGPD) came into force on 18 September 2020。 LGPD is a comprehensive data protection law that covers the activities of data controllers and processors and sets out individual rights。

According to LGPD, Zendesk subscribers who collect and store personal data in Zendesk services can be considered 'controllers'。 Controllers have primary responsibility for ensuring that their handling of personal data complies with relevant data protection laws, including LGPD。 Zendesk is a "processor" as defined in LGPD in terms of processing personal data through our services。

For details on how to use Zendesk products in conjunction with our compliance program, subscribers can refer to ourProduct guideService Information deletion policy。The National Data Protection Administration (" ANPD ") may issue additional guidance on LGPD in the future。 Zendesk will continue to actively track the law and will continue to update our subscribers on features and features that can be used to support compliance efforts。

To view and/or sign Zendesk's main subscription agreement LGPD Appendix, please click此處。 our Zendesk's main subscription agreement包括「Area specific clause", specifically for Brazil。

Appendix to the California Consumer Privacy Act (CCPA)

California Consumer Privacy Act(California Civil Code 1798.100, etc.) (" CCPA ") is a United States law enacted by the State of California and effective January 1, 2020。 The CCPA expands the privacy rights of certain California consumers and requires certain companies to comply with various data protection requirements。 Also, check out the final version CCPA regulationsCalifornia Privacy Act(" CPRA ")。 Several provisions of THE CPRA enter into force on 16 December 2020, while the remaining provisions of the CPRA enter into force on 1 January 2023。

According to CCPA, Zendesk subscribers who collect and store personal information in Zendesk services can be considered "businesses"。 Businesses have primary responsibility for ensuring that their handling of personal data complies with relevant data protection laws, including CCPA。 Zendesk is a "service provider" as defined in the latest version of CCPA for the processing of personal data through our services.。 因此,Zendesk 僅為履行我們與訂戶現有合約規定的義務而收集、存取、維護、使用、處理及傳輸透過服務處理的訂戶及訂戶最終使用者個人資訊;除履行義務及改善我們提供的服務外,並無任何其他商業目的。

We do not "sell" subscriber's personal information as defined by CCPA。 We may share aggregated and/or anonymous information (not considered personal information under CCPA) about our use of the Services with third parties to help us develop and improve the Services and provide more relevant content and services to our Subscribers as set forth in the Subscriber Agreement。

You can be in此處Review and/or sign Zendesk's main subscription Agreement CCPA Appendix。

Personal Information Protection and Electronic Documents Act (PIPEDA)

Canada's Personal Information Protection and Electronic Documents Act, which came into force in 2000, focuses on ten fair information Principles that govern the collection, use, access and disclosure of personal information。 In October 2021, the Canadian International Technology Association and the Information Technology Industry Council recommended that PIPEDA be amended to provide more privacy and transparency rights for Canadian citizens。

Data Processing Protocol (DPA)

You can be in此處Review and/or sign Zendesk's DPA。 The Zendesk DPA covers specific processing activities and security measures applicable to our services。

Subscribers can read ourProduct guideService Information deletion policyTo learn more about how to use Zendesk products to help comply with privacy and data protection laws。

General Data Protection Regulation (GDPR)

Since our inception, Zendesk's approach has been based on a strong commitment to privacy, security, compliance and transparency。 This approach includes supporting our subscribers to comply with EU data protection requirements, for exampleGeneral Data Protection Ordinance(" GDPR ")。

If subscriber collects, transmits, hosts or analyzes the personal data of EU citizens, THE GDPR requires subscriber to use third party data processors that are guaranteed to be able to perform the GDPR technology and the organizational requirements。 To further gain subscribers' trust, our Data Processing Agreement (" DPA ") has been updated to provide our customers with additional contractual provisions relating to our compliance with our contractual commitments under the applicable EU Data Protection Law and the implementation of GDPR provisions。

Binding Business Rules (BCR): Binding Enterprise Rules (BCR) are company-wide data protection policies approved by the European Data Protection Authority for intra-group transmission of personal data from the European Economic Area (" EEA ") to countries outside the EEA。 The BCR is based on strict privacy principles laid down by eu data protection agencies and requires in-depth consultations with these agencies。 Subscriber may此處For a complete list of approved entities on the approved list of binding corporate rules。 In 2017, Zendesk acted as processor and controller to complete the EU approval process for the Irish Data Protection Commissioner (" DPC ") (peer reviewed by the UK Information Commissioner's Office and the Netherlands Data Protection Authority) BCR。 This important regulatory approval validates Zendesk's worldwide implementation of the highest standards for protecting personal data, including that of customers and employees。 Zendesk is全世界首批獲得 BCR 批准的軟件公司之一;亦是第二家獲得The Irish DPC 批准的公司。

To view Zendesk's BCR, please visit:
Zendesk's handlers enforce corporate rules, where Zendesk processes personal data on behalf of customers,
以及
Zendesk's controllers enforce corporate rulesFor Zendesk to process its personal data as a data controller。

Data subject request: Individuals who wish to exercise their data protection rights (including seeking access to, or correcting, modifying, deleting, transplanting or restricting the processing of personal data stored or processed by us in their service data on behalf of subscribers) should approach our subscribers (data controllers) directly。 Upon receipt of a subscriber's request to remove personal data from Zendesk, we will respond to the request within thirty (30) days。 We will retain the personal data processed and stored by us on behalf of subscribers for as long as necessary to provide the services to subscribers。

Data Protection Officer: The email address of data Protection Officer (" DPO ") of Zendesk is:euprivacy@goyinyang.com

Privacy protection: The US Department of Commerce, together with the European Commission and the Swiss Government, established the EU-US and Swiss-US Privacy Shield framework (the "Privacy Shield") to provide a mechanism for companies to provide adequate protection when transmitting personal data from the EU to the US, in line with European Data Protection Law。 Zendesk has proved to the US Department of Commerce that it meets the EU-US and Swiss-US Privacy shield frameworks and has been includedList of participants in the U.S. Department of Commerce's Self-certified Privacy Shield。 Our certification confirms that we comply with the Privacy Shield principles when transmitting European and Swiss personal data to the United States。

On 16 July 2020, the Court of Justice of the European Union (" CJEU ") issued a ruling, nullifying the EU-US Privacy Shield。 We understand that you may have questions about the ineffectiveness of the Privacy Shield and Zendesk's position, so we are publishing thisThis blogTo answer your questions。

Hebergeur de Donnees de Sante, France (HDS or health data escolation)

HDS enables healthcare providers in France to use Zendesk's customer service and interaction platform with confidence because our platform takes appropriate technical and governance measures to protect and protect personal health information (PHI)。 More information is available at此處查閱。

New Zealand's Privacy Act 2020 and its information Privacy principles

The New Zealand Privacy Act 2020 came into force on 1 December 2020, applies to organisations and maintains the principled framework of the 1993 Act。 The 2020 Act places the onus on agencies to ensure that personal information sent outside New Zealand is adequately protected and includes mandatory notification of non-compliance requirements。http://frontdoor-eu.goyinyang.com/company/anz-privacy/

Singapore Personal Data Protection Act (PDPA)

The Personal Data Protection Act of Singapore has been in place since 2 July 2014 to govern the collection, use and disclosure of personal data。 As a software as a Service (" SaaS ") service provider, Zendesk is a data intermediary approved by the Infocomm Media Development Authority (IDA) of Singapore。 More information is available at此處查閱。

GDPR and Brexit

Britain leaves the European Union on January 31, 2020。 On 28 June 2021, the European Commission approved the transfer of personal data to the UK under the GDPRAdequacy determines

Health Insurance Portability and Accountability Act (HIPAA) and Business Partnership Contract (BAA)

為實現啟用 HIPAA 賬戶,您需要 (1) 購買高級安全部署相關服務或Senior compliance部署相關服務附加項目;(2) 啟用 Zendesk 列出的一系列安全設定;及 (3) 簽署our Business Partnership Agreement(" BAA ")。 For details, including a list of hiPAA-enabled services, seeSenior compliance

Subscriber Service details

Service Data means any information, including personal data, stored in or transmitted through Zendesk Services by or on behalf of our Subscribers and their end users。 We use the service data to operate and improve our services, to help customers access and use the services, to respond to subscriber inquiries and to send communications related to the services。

For more information

存取Zendesk provides an advanced set of access and encryption features to help customers protect their information。 We do not access or use customer content for any purpose other than to provide, maintain and improve Zendesk services and as otherwise required by law。 Please refer to此處

Data escrowZendesk uses Amazon Web Services to host service data. See details此處District data escrow policy。 For other information, please seeSecurity section

The default type of data collected by the service: Zendesk has created a category by productList of data points。 To get a complete picture of the data types, subscribers can use this list in conjunction with their specific expected usage and resulting data types。

Legal or government request: Privacy, data security and subscriber trust are our priorities。 Zendesk will not disclose service information except for the purpose of providing our services and complying with applicable laws, as described in ourPrivacy policy。 To help our subscribers with compliance reviews, we have additional resources: Transparency reportGovernment request policy

The ownership of: From a privacy perspective, the subscriber is the controller of the service data and Zendesk is the processor。 This means that you retain ownership and control over the service data in the Zendesk instance throughout the time you subscribe to the service from Zendesk。

複製: Zendesk regularly copies data for archiving, backup, and audit records purposes。 We use Amazon Web Services (AWS) to store some backup information, such as database information and attachment files。 For more details, please refer to ourDistrict data escrow policy

安全Zendesk puts data security first and combines enterprise-level security features with comprehensive audits of our applications, systems and networks to ensure subscriber and business data are protected。 請在此處See Other information。

Safety accidents: For details on incident management, please refer to ourEmergency response

The child handler: Zendesk may use sub-processors, including Zendesk affiliates and third party companies, to provide, protect or improve the services, and these sub-processors may have access to the Service data。 ourSub-processor policyProvides an up-to-date list of all sub-processor names and locations。

終止: the Zendesk hasService Information deletion policy, which illustrates Zendesk's data removal process when a subscriber terminates or a Zendesk subscription expires。

Privacy related policies

政策

Details on how and when we use cookies on the Zendesk website。

Provide information about how and when Zendesk uses cookies in Zendesk services。

How do I delete our subscriber's service information when CANCELING, terminating or moving an account within Zendesk services。

Privacy-related application functions

Privacy and data protection tools

Each Zendesk product has tools to assist users in making requests and fulfilling other obligations under applicable privacy and data protection laws and regulations, such as data access, correction, portability, deletion and objection。 For more information on the features and functions of each Zendesk product, see Abide by the privacy and data protection policies in Zendesk products

Access management

Zendesk provides an advanced set of access and encryption features to help subscribers effectively protect their information。 We do not access or use Subscriber content for any purpose other than to provide, maintain and improve Zendesk services and as otherwise required by applicable law。 More information is available at此處查閱。

認證

Zendesk has received a number of internationally recognized certifications and accreditation for compliance with third-party assurance frameworks。 Safety certification see此處

Location of data escrow

購買Data center site deployment related services(" Data Center Location Additional Item ") or subscribers with data center location features in their service plan can select the location to host service data from Zendesk's list of available locations。

Privacy design

Zendesk has a strong global privacy and data protection program, a unified approach to privacy and information governance, and provides customers with flexibility in managing personal data used in Zendesk systems。 Please refer to our product guide for details: Abide by the privacy and data protection policies in Zendesk products

Delete/minimize data

Zendesk has two ways to delete sensitive data:

Manual delete deletes or deletes sensitive information in support ticket notes and securely removes attachments so that you protect confidential information。 Delete data in tickets through UI or API to prevent sensitive information from being stored in Zendesk。 Detailed understanding through THE UI or API to delete

Automatic deletion Allows automatic deletion of credit card numbers in invoices submitted by agents or end users。 When enabled, the credit card number is replaced by a blank box in the ticket。 These numbers are also redacted from records and database items。 Know how to enable this feature and how to identify credit card numbers

Transparency report

Disclosure of Service Information: Zendesk discloses service information to third parties only when it is necessary to provide or improve the service or in response to a legitimate request from a public body。 Please refer to oursGovernment information Request policy以及 Zendesk Transparency report

Transparency report

As of: 24 September 2021。

About our transparency report

Zendesk, like many technology companies, has occasionally received requests from law enforcement agencies in the U.S. and elsewhere for personal information Zendesk handles on behalf of clients。 Such requests may take the form of subpoenas, court orders, search warrants, national security letters or orders issued under the Foreign Intelligence Reconnaissance Act。 Zendesk must comply with legitimate government requests for personal information。

Zendesk, meanwhile, cares deeply about maintaining customer trust。 One way to maintain trust is to inform Zendesk's customers and the public of legitimate government requests。 To that end, we have prepared this transparency report。

This transparency report provides information on personal information requests we received from law enforcement agencies during the first half of 2021 (from January 1, 2021 to June 30, 2021)。 Zendesk will provide updates about every six months for the previous six-month period。

For more information on how Zendesk responds to law enforcement requests for information, see此處Government information request policy。

Request from U.S. law enforcement:

有關 Details of how Zendesk responds to law enforcement requests for personal information

Request typeNumber of requestsDisclosed content informationNon-content information disclosed
傳票404
The court ordered the case to101
A warrant220
A request from a non-US law enforcement agency。

Although Zendesk is based in the US, we operate in many other countries。 When we receive requests from non-U.S. governments, we work with U.S. and non-U.S. attorneys to determine the validity of the requests and our ability to respond in accordance with U.S. and other applicable law。

Request typeNumber of requestsNumber of times information provided
Informal request80
Non-us government based on MLAT request0
定義

Content data: Includes communication between end users and accounts, such as Zendesk support tickets and Zendesk chat。 Content materials are generally considered as service materials defined in Zendesk's master subscription agreement。

Non-content data: All information that is not part of the content data。 This includes account information as defined in Zendesk's privacy policy (e.g. account owner's name and contact information, billing information, duration of service, type of service used and account login information)。 In addition, if Zendesk receives a court order, non-content data may also include non-content relay data related to end-user and account communications, i.e., service data。

The court ordered the case to: Order made by a judge when he has determined that there are reasonable grounds for believing that the information requested is relevant and material to an ongoing criminal investigation。

FISA command: An order or request under the Foreign Intelligence Reconnaissance Act for user information published in the United States。

MLAT (Bilateral Treaty on Mutual Judicial Assistance): Zendesk requires non-U.S. government entities to use appropriate international law procedures, such as MLAT, to obtain customer data。

National Security Letter: National security letters issued under title 18, Section 2709, United States Code

A warrantOrder made by a judge after ruling on probable cause by law enforcement。 Obtaining content requires a warrant。

傳票3.A mandatory request (e.g., a grand jury subpoena) issued by a government entity to produce documents in a criminal case

友情链接: 1 2 3 4 5 6 7 8 9 10