Overview
ZenBriefr LLC is committed to protecting your privacy. This policy explains how we handle data when you use our Zendesk app for AI-powered ticket summarization and OCR processing.
Data Collection & Processing
What We Process
- Ticket Content: Text from Zendesk tickets for summarization
- Attachments: Images and documents for OCR text extraction
- Account Information: Zendesk subdomain, admin email, user ID for authentication
- Usage Metadata: Processing timestamps, feature usage, error logs (no PII)
What We DON'T Store
- No Ticket Data: Ticket content is processed in real-time and immediately discarded
- No Customer Information: No end-customer personal data is stored
- No Attachments: Files are processed temporarily and permanently deleted
- No Conversation History: We maintain zero conversation or chat logs
Data Handling
Processing Approach
- Ephemeral Processing: All customer data is processed in memory only
- Immediate Deletion: Data is discarded immediately after processing
- Hash-Only Caching: Only content hashes stored for deduplication (no actual content)
- Privacy-Safe Metadata: Only non-PII metadata retained for performance optimization
Third-Party Services
- OpenAI GPT-4: Ticket content sent for summarization with zero data retention enabled (verified working)
- Supabase: Account authentication data only (subdomain, admin email, tokens)
- No Data Storage: OpenAI zero-retention headers prevent any data logging or storage
- Historical Data: Any pre-existing API logs expire within 30 days maximum
- No Other Sharing: Data is never shared with other third parties
Data Security
Security Measures
- Encryption in Transit: All data transmission uses TLS 1.3
- OAuth Authentication: Secure token-based Zendesk integration
- No Database Storage: Customer data never touches our databases
- Access Controls: Minimal access principles for all systems
Compliance
- GDPR Compliant: Zero customer data storage ensures compliance
- SOC 2 Principles: Security, availability, and confidentiality controls
- Enterprise Standards: Bank-level security practices
Legal Basis for Processing (GDPR Article 6)
Our legal basis for processing personal data under GDPR is:
- Legitimate Interests (6(1)(f)): Processing ticket content to provide AI summarization services that improve support team efficiency
- Consent (6(1)(a)): When you install and use ZenBriefr, you consent to data processing as described
- Contract Performance (6(1)(b)): Processing necessary to provide the services you've subscribed to
You can withdraw consent or object to processing at any time by uninstalling the app.
Your Rights
Data Subject Rights (GDPR Articles 15-22)
- Right to Access (Article 15): Contact us for account information access
- Right to Rectification (Article 16): Update account info through Zendesk admin
- Right to Erasure (Article 17): Uninstall app to remove all account data
- Right to Object (Article 21): Object to processing by uninstalling the app
- Right to Data Portability (Article 20): No customer data stored to port
- Right to Restrict Processing (Article 18): Temporarily disable app features
How to Exercise Rights: Email support@zenbriefr.com or uninstall the app through Zendesk admin.
Account Management
- Uninstallation: Removes all stored account tokens and metadata
- Trial Expiration: Account data automatically deleted after 30 days of inactivity
- Data Retention: Account metadata retained only while app is installed
Data Breach Notification (GDPR Articles 33-34)
In the unlikely event of a data breach affecting personal data:
- Authority Notification: We will notify relevant supervisory authorities within 72 hours
- User Notification: Affected users will be notified without undue delay if high risk to rights and freedoms
- Mitigation: Immediate steps will be taken to contain and remedy the breach
- Prevention: Our zero-storage architecture minimizes breach impact
Updates to This Policy
We may update this privacy policy. Users will be notified of material changes through their Zendesk admin interface or email.
Governing Law
This privacy policy complies with GDPR, CCPA, and other applicable privacy regulations.