Helpshift data collection practices
The following table describes different types of end-user data, correlates them with Helpshift data-collection practices — relative to a brand’s use of Helpshift SDKs — and shows additional detail when relevant.
We collect select personal information from a brand’s end-users to provide, operate, optimize, and maintain Helpshift services that support the brand’s customer service organization.
Some text in the table is adapted closely from an Apple notice to mobile software developers, which describes the disclosure standard that Helpshift and its brand-customers aim to meet.
Information is current as of December 11, 2020.
CONTACT INFO | Collected? | Linked to User? | Purpose |
Name
Such as first or last name |
Conditional
|
Yes, if collected | Customer service processing |
Email Address
Including but not limited to a hashed email address |
Conditional
|
Yes, if collected | Customer service processing |
Phone Number
Including but not limited to a hashed phone number |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) NOTE: However, we may collect an end-user’s telephone number in the unlikely event that both of the following statements are true simultaneously.
|
Yes, if collected | Customer service processing |
Physical Address
Such as home address, physical address, or mailing address |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Other User Contact Info
Any other information that can be used to contact the user outside the app |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
HEALTH AND FITNESS | Collected? | Linked to User? | Purpose |
Health
Health and medical data, including but not limited to data from the Apple Clinical Health Records API, Apple HealthKit API, Apple MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Fitness
Fitness and exercise data, including but not limited to the Apple Motion and Fitness API |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
FINANCIAL INFO | Collected? | Linked to User? | Purpose |
Payment Info
Such as form of payment, payment card number, or bank account number. In an app that uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed. |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
See Appendix A.) |
No
NOTE: In the event that such information is transmitted through the Helpshift platform, it is linked not to a user, but to a service request. These details could describe the payment method and/or the payment state |
Not applicable |
Credit Info
Such as credit score |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Other Financial Info
Such as salary, income, assets, debts, or any other financial information |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
LOCATION | Collected? | Linked to User? | Purpose |
Precise Location
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Coarse Location
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services |
Collected | No
NOTE: Helpshift collects an ISO 3166 country code, identifying the country from which an end-user submitted their service request. In the event that an end-user submits service requests from multiple countries, the stored country code differs per case. |
Customer service processing |
SENSITIVE INFO | Collected? | Linked to User? | Purpose |
Sensitive Info
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
CONTACTS | Collected? | Linked to User? | Purpose |
Contacts
Such as a list of contacts in the user’s phone, address book, or social graph |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
USER CONTENT | Collected? | Linked to User? | Purpose |
Emails or Text Messages
Including subject line, sender, recipients, and contents of the email or message |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Photos or Videos
The user’s photos or videos |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Audio Data
The user’s voice or sound recordings |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Gameplay Content
Such as user-generated content in-game |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Customer Support
Data generated by the user during a customer support request |
Collected | Yes | Customer service processing |
Other User Content
Any other user-generated content |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
BROWSING HISTORY | Collected? | Linked to User? | Purpose |
Browsing History
Information about content the user has viewed that is not part of the app, such as websites |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
SEARCH HISTORY | Collected? | Linked to User? | Purpose |
Search History
Information about searches performed in the app |
Collected | Yes | Customer service processing |
IDENTIFIERS | Collected? | Linked to User? | Purpose |
User ID
Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Device ID
Such as the device’s advertising identifier, or other device-level ID |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
PURCHASES | Collected? | Linked to User? | Purpose |
Purchase History
An account’s or individual’s purchases or purchase tendencies |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
USAGE DATA | Collected? | Linked to User? | Purpose |
Product Interaction
Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app |
All end-user session events are collected.
Brands may, optionally, choose to pass additional usage details through the Helpshift service. |
No | Active usage calculation for analytics and billing |
Advertising Data
Such as information about the advertisements the user has seen |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No | Not applicable |
Other Usage Data
Any other data about user activity in the app |
THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.) |
No
NOTE: Most brands prefer to store usage details of this type in a dedicated CRM. However, we do not prevent brands from collecting or updating such details via custom issue fields. In the event that they do so, such details is linked to their associated customer service request. |
Not applicable |
DIAGNOSTICS | Collected? | Linked to User? | Purpose |
Crash Data
Such as crash logs |
Collected | No |
|
Performance Data
Such as launch time, hang rate, or energy use |
Not collected | No | Not applicable |
Other Diagnostic Data
Any other data collected for the purposes of measuring technical diagnostics related to the app |
Collected | No |
|
OTHER DATA | Collected? | Linked to User? | Purpose |
Other Data Types*
Any other data types not mentioned |
We collect a unique “ID for vendor” (IDFV) value to identify the combination of (A.) each Helpshift SDK-integrated app that operates on a mobile device and (B.) the app’s developer. | No | IDFV values help us to exchange messages correctly with the specific app instance in which an end-user requested customer service.
NOTE: The distinction between a Device ID and an IDFV matters because, for example, in the event that there were five SDK-integrated apps installed on a single device, we lack any way to determine that the comingled apps share their one device in common. It is just as likely, from our limited vantage point, that each such app runs in isolation on a device of its own. |
NOTE: We neither access nor collect an end-user’s browser history beyond what may happen directly within an SDK-integrated app where (A.) the end-user exchanges messages with a customer service agent regarding a customer service request, and (B.) one of these messages includes a web link, which the end-user clicks. In this case exclusively, Helpshift analytics does capture and store the record of that single click.
|
|||
Appendix A — Unsolicited PIIIt is technically possible for a Helpshift brand-customer to pass unsolicited values to Helpshift through the customer’s integration of a Helpshift SDK, alongside the customer’s implementation of custom issue fields within an SDK-integrated app. It is also possible for a brand-customer’s end-user to transmit file attachments through the Helpshift platform while exchanging messages with customer service agents either (A.) within an SDK-integrated app or (B.) through a brand-customer’s implementation of a Helpshift web chat widget.
Any file attachments that an end-user may pass through the Helpshift platform are sent voluntarily and at the end-user’s sole discretion. It is further possible that a Helpshift brand-customer’s end-user may compose and send ordinary text messages through the Helpshift platform voluntarily and for whatever purpose, into which they have entered personally identifiable information in plaintext, also at their sole discretion. In many cases, customer service agents can redact personally identifiable details after resolving an issue whose conversational history may incidentally contain them. |
Additional information
Helpshift takes additional to maintain privacy, and to protect yours and your end-users’ data:
- Helpshift does not share any information shared or provided by the end-users, which may include PII, with third parties.
- Developers can configure a special flag (enableFullPrivacy) within the Helpshift SDK, which prevents Helpshift from receiving any custom data. See Helpshift iOS and Android documentation to learn more about enableFullPrivacy.
- Helpshift does not use customer data for our internal purposes, such as testing product features and functionality. We develop custom scripts to create test data to run test cases so that no production data is used in Helpshift UAT systems.
PII Storage and Encryption
Helpshift hosts its infrastructure on the cloud. PII collected from End Users are stored in cloud storages. Helpshift has implemented and acquired solutions as per the guidance of ISO 27001/17 and 18 to safeguard its infrastructure and data including PII. Helpshift uses various encryption mechanisms to protect its data, including PII data, in rest, motion and transit.
Encryption of Data at Rest
Helpshift encrypts data stored in its infrastructure which includes PII. We use encryption solutions provided by the CSPs, like KMS and LUKS, to encrypt data at rest.
Encryption of Data in Transit
Helpshift uses SSL/TLS encryption to transfer data over public networks.
Deletion of PII and Data Backups
Helpshift maintains data backup for a period of a month. Data at rest in backups are encrypted. Data backup is on an incremental basis and data older than a month is deleted. The entire data backup process is automated.
Access Controls to PII
Helpshift implemented access control to restrict access to PII, production data, and office premises. These controls are verified internally and by 3rd party such as the British Standards Institution for ISO and others. Access to production is not given by default. Access to production is granted based on need to know and with the principle of least privilege after proper approval.
Employee Training and awareness
Helpshift conducts information security training and awareness sessions on a regular basis and monitors the awareness of employees. The training and awareness session includes confidentiality and privacy of data which includes PII.
Reporting of Security and Privacy Incidents
Helpshift developed internal channels to report security and privacy incidents. Incidents can be reported via security@helpshift.com and privacy@helpshift.com. Helpshift conducts awareness session internally for internal employees on how to report incidents.
Tools for Redaction
In the event that PII is collected or accidentally shared and you’d like to remove it after the support interaction, Helpshift provides redaction tools to remove the data to protect you and your users.
Helpshift offers both dashboard tools and APIs to redact a specific or group of messages and attachments from the support conversation.
If you have any questions or concerns, please feel free to write to our support team.