How does GrowthDot ensure your data security
- General
At GrowthDot, we design our apps with data security as a top priority, ensuring that your Zendesk data is handled responsibly and safely. Here's how we keep your data secure.
How is data transferred between Zendesk and GrowthDot apps?
When you authorize one of the GrowthDot apps to connect with your Zendesk instance, we securely access only the data necessary to perform the tasks you initiate. Our systems interact with your Zendesk platform through HTTPS connections to ensure that your data remains safe and confidential throughout the entire process.
How does the data transfer process work?
When an action is triggered (such as sending a notification or updating a record), we request the necessary data from your Zendesk server. This may include details like ticket information, user data, or system configurations. All data transfers are encrypted to prevent unauthorized access or interception.
What data does GrowthDot access?
GrowthDot apps access only the data necessary to perform specific actions, such as:
- User Information: Name, email, and other contact details.
- Ticket Details: Subject, description, assignee, and requester ID.
- Custom Fields: Data linked to specific configurations set in Zendesk.
We emphasize minimal access, retrieving only the essential information to deliver functionality without unnecessary data exposure.
What data is continuously stored?
At GrowthDot, we store a limited amount of data to ensure the seamless functionality of our apps. The types of data we continuously store include:
- Subdomain Name: Used solely for identification purposes.
- Agent User ID, Email, and Access Tokens: Essential for maintaining access to the app for authorized agents.
For actions requiring temporary data use, such as processing tickets or sending surveys, we retrieve and process the information from Zendesk without storing it.
Where is your data stored, and for how long?
When data must be saved for the application's functional purposes, it is securely stored using Amazon Web Services (AWS) infrastructure in certified data centers located in Frankfurt, Germany. These data centers are fully encrypted, ensuring robust protection against unauthorized access.
Our retention policies are designed to balance functionality and privacy:
- Temporary Data: In many cases, the data we access is used temporarily and not stored. For instance, when processing tickets or analyzing customer interactions, data is retrieved from your system, processed, and then discarded.
- Intermediate Data: In app processes involving multiple stages, such as GDPR Compliance or Proactive Campaigns apps, we temporarily store non-personalized identifiers (ticket/user/organization IDs) for the duration of the process. These intermediate data are deleted immediately after the process is successfully completed or within 7 days if it is stopped.
- Stored Data: We keep essential information related to your app settings and statistics for as long as your customer subdomain remains active. If your account becomes inactive — such as when the app is uninstalled, or the subscription is not renewed — we will automatically delete this data after 30 days.
How can you control the data we access?
We believe in transparency and provide you with complete control over your data. You can request details about what data we access and store, as well as request its deletion at any time. Once we delete your data, we can provide you with a deletion certificate to confirm that all your information has been permanently removed from our systems.
If you have any further questions regarding data security, contact our support team for answers.
