eZDesk Zendesk Apps DPA

Last Updated: March 9, 2025

This Data Processing Agreement (DPA) is between you and eZDesk.app LLC (“eZDesk”, “Processor”), outlining our commitment to data management, security, and privacy across all eZDesk applications integrated within Zendesk.

---

1. Introduction

This policy reflects our dedication to securing and responsibly managing data across our suite of applications, ensuring adherence to industry best practices and compliance with legal standards in data security and privacy.

This Data Processing Agreement (DPA) applies to the following eZDesk apps:

1. Super Admin Tools – Operates within Zendesk but optionally sends telemetry data to eZDesk’s DigitalOcean-hosted server. Customers can opt out of telemetry. Also uses local IndexedDB storage within the user’s browser to cache Zendesk data for improved performance.
2. Ticket Events History – Fully contained within Zendesk’s infrastructure; monthly subscription fee processed via Zendesk/Stripe.
3. Ticket Exporter – Fully contained within Zendesk’s infrastructure; monthly subscription fee processed via Zendesk/Stripe.
4. Tag Inspector – Fully contained within Zendesk’s infrastructure; monthly subscription fee processed via Zendesk/Stripe.
5. Smart Comments – Now free and fully contained within Zendesk’s infrastructure; no external data processing.

By using any of these apps, you agree to this DPA. If you do not agree, you must uninstall the app(s).

---

2. Data Collection and Use

2.1 Super Admin Tools

• Operates entirely within Zendesk, except for:
  • Optional telemetry data sent to a DigitalOcean-hosted server.
  • Local IndexedDB storage in the user’s browser for caching Zendesk data.
• Telemetry data does NOT contain any personally identifiable information (PII).

What Data is Collected for Telemetry (If Enabled)?

• Zendesk subdomain (used to distinguish different customer instances).
• User IDs (only numerical or alphanumeric identifiers assigned by Zendesk, not personal information).
• Feature usage totals (counts of how many times each tool or feature is used).

No ticket content, user details, email addresses, or personally identifiable information (PII) is collected.

What Data is Stored in IndexedDB?

• To improve performance, Super Admin Tools stores Zendesk-related data in IndexedDB within the user’s browser.
• This data is cached locally and used only within the application.
• IndexedDB storage is not encrypted but remains entirely within the user’s control.
• Each Zendesk instance has its own separate IndexedDB storage, distinguished by its subdomain.
• eZDesk does not access or transmit IndexedDB data outside the user’s browser.

Telemetry Opt-Out Option

Customers can disable telemetry via the app settings. If telemetry is disabled, Super Admin Tools operates entirely within Zendesk, with no external data processing.

Payment Handling

• Payments for Super Admin Tools are processed exclusively through Zendesk via Stripe.
• eZDesk does not handle payment processing or store any payment data.

---

2.2 Ticket Events History, Ticket Exporter, Tag Inspector

• Fully contained within Zendesk’s infrastructure.
• No external API requests or third-party data storage.
• No external processing of customer data.

Payment Handling

• These apps require a monthly subscription fee, processed through Zendesk via Stripe.
• eZDesk does not process or store payment data.

---

2.3 Smart Comments (Free App)

• Fully contained within Zendesk’s infrastructure.
• No external processing of customer data.
• No payment processing required.

---

3. Data Storage and Security

3.1 Super Admin Tools

If telemetry is enabled, data is sent to DigitalOcean (New York Data Center 1 – NYC1) and stored securely with:

• Encryption at rest for stored telemetry data.
• TLS encryption for data transmission.
• Access control measures ensuring only authorized internal systems interact with telemetry data.

If telemetry is disabled, all data remains within Zendesk with no external data storage.

3.2 IndexedDB Storage in the User’s Browser (Super Admin Tools Only)

• Data is stored locally in the user’s browser IndexedDB to improve performance.
• This data is not encrypted but remains within the user’s control.
• eZDesk does not have access to IndexedDB data and does not transmit it externally.
• Each Zendesk instance has a separate IndexedDB storage identified by its subdomain.

3.3 Other Apps

• Ticket Events History, Ticket Exporter, Tag Inspector, and Smart Comments do not store any data outside Zendesk.
• All processing occurs within Zendesk’s secure infrastructure.

---

4. Sub-Processors

4.1 Super Admin Tools

• Zendesk – Serves as a foundational sub-processor, hosting the application within its ecosystem.
• DigitalOcean – Used only for optional telemetry storage (if enabled). DigitalOcean Data Processing Agreement
• Stripe (via Zendesk) – Handles payments for Super Admin Tools (eZDesk does not process or store payment data). Stripe Privacy & Data Processing Agreement

4.2 Other Paid Apps (Ticket Events History, Ticket Exporter, Tag Inspector)

• Zendesk – Hosts the application and processes payments via Stripe.
• Stripe (via Zendesk) – Handles subscription payments. Stripe Privacy & Data Processing Agreement

4.3 Smart Comments (Free App)

• Zendesk – Sole sub-processor, as all data processing occurs within Zendesk.

---

Key Updates from Previous DPA:

✅ IndexedDB usage in Super Admin Tools documented.
✅ Telemetry in Super Admin Tools only collects subdomain, user IDs, and usage totals – No PII.
✅ Telemetry in Super Admin Tools is enabled by default but is optional and can be disabled in the app’s settings.
✅ Clarified payment model for each app.