Freshworks collects, stores and processes customer data, where data refers to all electronic data, messages or other material submitted to Freshworks by the customer through the customer’s account in connection with the customer’ use of Freshworks service(s). This data is processed in compliance with applicable laws and regulations for the purpose of providing services in the Freshworks product suite.
As a data processor, Freshworks performs operations or set of operations on this data in relation to services offered. ‘Data hosted’ meaning data stored and processed for delivery of these services, also includes data stored for backup and logs. ‘Data’ stated hereby is with reference to definitions specified in the table below:
|Ticket data||Information like custom fields, source, tags, attachments, activities in a ticket|
|Requestor data||Any data on requester's email, id, mobile, name, and phone|
|Agent/User data||Includes agent details like name, email, contact, location, group information,and user data like name, company information and custom field data|
|Call recording||Agent/User detail, company information, contact data and location|
|Conversations||Agent/User detail, company information, contact data and location, messages|
|Social content||User information like name, email,location and company information|
|Application integration data||Information related to the relationship, or linking of one data set to another, with one data set typically residing outside Freshworks|
|Knowledgebase content||Details pertaining to the article topic -- category, company information and access|
|Forum data||Data related to agent/user detail like name, activity and company information; message thread data|
|Report data||Company and agent information, and ticket details|
Freshworks practices minimal collection of data protected with appropriate security measures, and encryption of personal information.
Data is hosted with data centers qualified by global IT standards and regulations. Freshworks provides multiple locations to host data (upon purchase of Data Hosting Options). The below table summarizes various data hosting locations available with Freshworks.
|Ticket data, requestor/contact data, social data, application integration data,knowledge base data, forum data, report data||Available in EU, EUC, US and AU|
|Call recording, chat messages||Available in US only|
|Ticket data, requestor/contact data, application integration data,knowledge base data and forum data||Available in EU, EUC, US and AU|
|Problem, change & release information, asset data; contract details, project information and announcements|
|Lead data, contact data, account data, deal data, file data, application integration data, sales activity (appointment, task, call log, notes, custom sales activities) data, events data, report data||Available in EU, EUC, US and AU|
|Requestor/contact data, social data, application integration data,knowledge base data, forum data, report data||Available in US only|
|Conversations, social data, application integration data,knowledge base data, report data, agent/user data||Available in EU and US|
|Employee details, candidate details, report data, Social data||Available in US only|
|Website visitor data (browser, OS, location), website visitor activity data (clicks, scrolls), events data and report data||Available in US only|
Freshworks maintains a robust backup plan where data is distributed and stored in multiple secure locations. Data backup is retained for a stipulated period and then removed from the system. All personal data is stored and transferred in compliance with applicable global regulations.
Application and customer logs generated as part of services provided are maintained as per established retention limits. Post this period, data records are scheduled for auto-removal. Regular assessments in collaboration with relevant stakeholders is conducted to review existing retention limits, and amendments made as necessary. Detailed information on backup and log policies are available in Freshworks Security Policy.
Freshworks processes data necessary for delivery of services in a fair and lawful manner, in compliance with Freshworks’ Terms of Service and Privacy Notice. This data is processed with appropriate safeguards, which includes encryption of personal information. Processes are in place to ensure data is not kept longer than necessary, and retention limits are established for removal of data. Necessary steps are taken to facilitate correction of inaccurate, and deletion of personal data as required by Freshworks’ customer. Personal data is processed in a manner that ensures security and confidentiality of personal data, including prevention of unauthorised access to or use of this data. More details on Freshworks’ commitment to the General Data Protection Regulation(GDPR).
Freshworks partners with organizations, that like itself adhere to global standards and regulations. These organizations include sub-processors or third-parties that Freshworks utilizes to assist in providing its products. Regular assessments are conducted to ensure data is treated in a legal and fair manner, and data is processed only for purposes it was collected. Apart from evaluation for technical requirements, a legal examination for data protection measures, compliance with Freshworks’ security requirements and security audit report review is conducted before close of contract. Various checks on the service partner’s vulnerability, patch management processes for intrusion protection capabilities in AWS environments are reviewed. Copies of access management process, third-party vulnerability testing reports, SOC2 reports, ISO 27001 reports, etc. are shared by the service partner, and reviewed by Freshworks. Provision for breach notification in the event of unwarranted data incidents, and necessary security measures for protection and recovery of data is made part of initial agreements.
Freshworks’ SSO platform provides users with identity and access management capability across all Freshworks products. User authentication and profile data is collected and processed within Amazon Web Services(AWS) and Google Cloud Platform(GCP) environments. These services comply with recommended global security standards, and have necessary measures instituted for protection of data.
Freshworks provides data migration options for both Freshdesk and Freshservice customers. As a security measure, while moving services from other vendors to Freshdesk, Freshworks ensures service data is contained within the AWS environment of the product. The AWS environment is subject to required global security standards, and the migration process is executed on the Freshdesk Migration Platform in AWS. Data is erased upon completion of - the process and defined data retention limits. Customers benefit from migrations being automated, and no manual intervention is required. In addition to managed migrations, Freshworks also provides customers with self-service migrations available from the Marketplace, where solutions for Zendesk and GMail in particular are readily available.
Freshservice, while managing data migration requests for its customers, follows a well defined process that’s aligned with guidelines prescribed by global standards. Customers raise a migration request with Support, and are guided through required steps . Once into Freshworks, data is treated in accordance with guidelines stated in Freshworks Security Policy.
Freshworks Marketplace for Freshdesk and Freshservice showcases a collection of applications for integration and productivity with 3rd party systems. All published applications are passed through stringent code reviews, QA and security reviews. Security reviews are primarily focussed on testing for vulnerabilities and forging. The backend services of the applications run on a server-less architecture, and that means developers do not have to go through the trouble of managing and hosting their own infrastructure. Most applications execute completely within the Freshworks ecosystem, and are subject to IT standards followed by Freshworks Security Policy.