End-Users can share Personally Identifiable Information (PII) accidentally, or upon request from an agent. We understand the range of concerns that come along with the collection of PII and have implemented controls to secure the infrastructure and data collected during a support interaction. Data includes:
- End-User Data
- Name (Optional field, if completed by your End Users)
- Email address (Optional field for the mobile SDK; required field for email support)
- User ID (your developers define this)
- Device Metadata
- Type of internet browser and operating system
- Device model, device ID
- Network type, carrier
- Language, county
- Issue data collected from your End Users
- Message Title
- File Attachments and Screenshots
- Custom Data: Your developer can configure Helpshift SDK to collect Custom Data which could include additional personally identifiable data.
Here are measures Helpshift takes to maintain privacy, and to protect yours and your end users’ data:
- Helpshift does not share any information shared or provided by the end-users, which may include PII, with 3rd parties.
- Developers can configure a special flag (enableFullPrivacy) within the Helpshift SDK to prevent Helpshift from receiving any custom data. Refer to Helpshift iOS and Android documentation to learn more about enableFullPrivacy.
- Helpshift does not use customer data for our internal purposes, like testing product features and functionality, etc. We develop custom scripts to create test data to run test cases so that no production data is used in Helpshift UAT systems.
PII Storage and Encryption
Helpshift hosts its infrastructure on the cloud. PII collected from End Users are stored in cloud storages. Helpshift has implemented and acquired solutions as per the guidance of ISO 27001/17 and 18 to safeguard its infrastructure and data including PII. Helpshift uses various encryption mechanisms to protect its data, including PII data, in rest, motion and transit.
Encryption of Data at Rest
Helpshift encrypts data stored in its infrastructure which includes PII. We use encryption solutions provided by the CSPs, like KMS and LUKS, to encrypt data at rest.
Encryption of Data in Transit
Helpshift uses SSL/TLS encryption to transfer data over public networks.
Deletion of PII and Data Backups
Helpshift maintains data backup for a period of a month. Data at rest in backups are encrypted. Data backup is on an incremental basis and data older than a month is deleted. The entire data backup process is automated.
Access Controls to PII
Helpshift implemented access control to restrict access to PII, production data, and office premises. These controls are verified internally and by 3rd party such as the British Standards Institution for ISO and others. Access to production is not given by default. Access to production is granted based on need to know and with the principle of least privilege after proper approval.
Employee Training and awareness
Helpshift conducts information security training and awareness sessions on a regular basis and monitors the awareness of employees. The training and awareness session includes confidentiality and privacy of data which includes PII.
Reporting of Security and Privacy Incidents
Helpshift developed internal channels to report security and privacy incidents. Incidents can be reported via firstname.lastname@example.org and email@example.com. Helpshift conducts awareness session internally for internal employees on how to report incidents.
Tools for Redaction
In the event that PII is collected or accidentally shared and you’d like to remove it after the support interaction, Helpshift provides redaction tools to remove the data to protect you and your users.
Helpshift offers both dashboard tools and APIs to redact a specific or group of messages and attachments from the support conversation.
If you have any questions or concerns, please feel free to write to our support team.