Helpshift data collection practices

The following table describes different types of end-user data, correlates them with Helpshift data-collection practices — relative to a brand’s use of Helpshift SDKs — and shows additional detail when relevant.

We collect select personal information from a brand’s end-users to provide, operate, optimize, and maintain Helpshift services that support the brand’s customer service organization.

Some text in the table is adapted closely from an Apple notice to mobile software developers, which describes the disclosure standard that Helpshift and its brand-customers aim to meet.

Information is current as of December 11, 2020.

CONTACT INFO Collected? Linked to User? Purpose
Name

Such as first or last name

Conditional

  • (SDK — optional) May be passed by the app developer to the SDK via custom issue fields, which Helpshift does not control. Customer service agents can redact these details after resolving the end-user’s service request.
  • (SDK — optional) May be provided voluntarily by the end-user who requested in-app support. Customer service agents can redact these details after resolving the end-user’s service request.
Yes, if collected Customer service processing
Email Address

Including but not limited to a hashed email address

Conditional

  • (SDK — optional) May be passed by the app developer to the SDK programmatically via custom issue fields, which Helpshift does not control. Customer service agents can redact these details after resolving the end-user’s service request.
  • (SDK — optional) May be provided voluntarily by the end-user who requested in-app support. Customer service agents can redact these details after resolving the end-user’s service request.
  • (Email — optional) Only after an also-optional third-party service integration, and only when provided voluntarily by the end-user who requested in-app support. Customer service agents can redact these details after resolving the end-user’s service request.
Yes, if collected Customer service processing
Phone Number

Including but not limited to a hashed phone number

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

NOTE: However, we may collect an end-user’s telephone number in the unlikely event that both of the following statements are true simultaneously.

  • A brand-customer’s hosted Helpshift instance is fully integrated with an optional third-party telephone service.
  • The end-user has requested phone-based support explicitly and provided their telephone number voluntarily.
Yes, if collected Customer service processing
Physical Address

Such as home address, physical address, or mailing address

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Other User Contact Info

Any other information that can be used to contact the user outside the app

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
HEALTH AND FITNESS Collected? Linked to User? Purpose
Health

Health and medical data, including but not limited to data from the Apple Clinical Health Records API, Apple HealthKit API, Apple MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Fitness

Fitness and exercise data, including but not limited to the Apple Motion and Fitness API

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
FINANCIAL INFO Collected? Linked to User? Purpose
Payment Info

Such as form of payment, payment card number, or bank account number. In an app that uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed.

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

See Appendix A.)

No

NOTE: In the event that such information is transmitted through the Helpshift platform, it is linked not to a user, but to a service request. These details could describe the payment method and/or the payment state

Not applicable
Credit Info

Such as credit score

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Other Financial Info

Such as salary, income, assets, debts, or any other financial information

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
LOCATION Collected? Linked to User? Purpose
Precise Location

Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Coarse Location

Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services

Collected No

NOTE: Helpshift collects an ISO 3166 country code, identifying the country from which an end-user submitted their service request. In the event that an end-user submits service requests from multiple countries, the stored country code differs per case.

Customer service processing
SENSITIVE INFO Collected? Linked to User? Purpose
Sensitive Info

Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
CONTACTS Collected? Linked to User? Purpose
Contacts

Such as a list of contacts in the user’s phone, address book, or social graph

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
USER CONTENT Collected? Linked to User? Purpose
Emails or Text Messages

Including subject line, sender, recipients, and contents of the email or message

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Photos or Videos

The user’s photos or videos

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Audio Data

The user’s voice or sound recordings

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Gameplay Content

Such as user-generated content in-game

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Customer Support

Data generated by the user during a customer support request

Collected Yes Customer service processing
Other User Content

Any other user-generated content

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
BROWSING HISTORY Collected? Linked to User? Purpose
Browsing History

Information about content the user has viewed that is not part of the app, such as websites

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
SEARCH HISTORY Collected? Linked to User? Purpose
Search History

Information about searches performed in the app

Collected Yes Customer service processing
IDENTIFIERS Collected? Linked to User? Purpose
User ID

Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Device ID

Such as the device’s advertising identifier, or other device-level ID

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
PURCHASES Collected? Linked to User? Purpose
Purchase History

An account’s or individual’s purchases or purchase tendencies

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
USAGE DATA Collected? Linked to User? Purpose
Product Interaction

Such as app launches, taps, clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app

All end-user session events are collected.

Brands may, optionally, choose to pass additional usage details through the Helpshift service.

No Active usage calculation for analytics and billing
Advertising Data

Such as information about the advertisements the user has seen

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No Not applicable
Other Usage Data

Any other data about user activity in the app

THE HELPSHIFT PLATFORM IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.

(See Appendix A.)

No

NOTE: Most brands prefer to store usage details of this type in a dedicated CRM. However, we do not prevent brands from collecting or updating such details via custom issue fields. In the event that they do so, such details is linked to their associated customer service request.

Not applicable
DIAGNOSTICS Collected? Linked to User? Purpose
Crash Data

Such as crash logs

Collected No
  • Analyzing product stability
  • Improving product stability
Performance Data

Such as launch time, hang rate, or energy use

Not collected No Not applicable
Other Diagnostic Data

Any other data collected for the purposes of measuring technical diagnostics related to the app

Collected No
  • Logging internal errors
  • Analyzing product stability
  • Improving product stability
OTHER DATA Collected? Linked to User? Purpose
Other Data Types*

Any other data types not mentioned

We collect a unique “ID for vendor” (IDFV) value to identify the combination of (A.) each Helpshift SDK-integrated app that operates on a mobile device and (B.) the app’s developer. No IDFV values help us to exchange messages correctly with the specific app instance in which an end-user requested customer service.


NOTE: The distinction between a Device ID and an IDFV matters because, for example, in the event that there were five SDK-integrated apps installed on a single device, we lack any way to determine that the comingled apps share their one device in common. It is just as likely, from our limited vantage point, that each such app runs in isolation on a device of its own.

  • For troubleshooting purposes after an end-user requests customer service, we identify their device model, operating system, and installed browser. In addition, we identify the type of network their mobile device is connected to, and we identify their network carrier.

NOTE: We neither access nor collect an end-user’s browser history beyond what may happen directly within an SDK-integrated app where (A.) the end-user exchanges messages with a customer service agent regarding a customer service request, and (B.) one of these messages includes a web link, which the end-user clicks. In this case exclusively, Helpshift analytics does capture and store the record of that single click.

  • For troubleshooting purposes after an end-user requests customer service, we collect language data from their mobile device, which helps us to communicate with them in their preferred language.
  • App developers can configure their Helpshift SDK implementation to collect custom data. When this custom data includes any personally identifiable information, we ask them to apply a special flag — enableFullPrivacy — to the data and thereby prevent Helpshift from ever receiving it. Our iOS and Android developer documentationdescribes in full the process to accomplish this data suppression.
  • Although Helpshift engages with certain third-party data processors, we impose data protection terms on each of them to maintain high security and enforce data privacy.

Appendix A — Unsolicited PII

It is technically possible for a Helpshift brand-customer to pass unsolicited values to Helpshift through the customer’s integration of a Helpshift SDK, alongside the customer’s implementation of custom issue fields within an SDK-integrated app.

It is also possible for a brand-customer’s end-user to transmit file attachments through the Helpshift platform while exchanging messages with customer service agents either (A.) within an SDK-integrated app or (B.) through a brand-customer’s implementation of a Helpshift web chat widget.

  • File attachment types may possibly include photographs, screenshots, screencasts, audio recordings, compressed file archives, portable documents, or other file types as supporting material for a customer service request.
  • File attachments may contain personally identifiable information.

Any file attachments that an end-user may pass through the Helpshift platform are sent voluntarily and at the end-user’s sole discretion.

It is further possible that a Helpshift brand-customer’s end-user may compose and send ordinary text messages through the Helpshift platform voluntarily and for whatever purpose, into which they have entered personally identifiable information in plaintext, also at their sole discretion.

In many cases, customer service agents can redact personally identifiable details after resolving an issue whose conversational history may incidentally contain them.

Additional information

Helpshift takes additional to maintain privacy, and to protect yours and your end-users’ data:

  • Helpshift does not share any information shared or provided by the end-users, which may include PII, with third parties.
  • Developers can configure a special flag (enableFullPrivacy) within the Helpshift SDK, which prevents Helpshift from receiving any custom data. See Helpshift iOS and Android documentation to learn more about enableFullPrivacy.
  • Helpshift does not use customer data for our internal purposes, such as testing product features and functionality. We develop custom scripts to create test data to run test cases so that no production data is used in Helpshift UAT systems.

PII Storage and Encryption

Helpshift hosts its infrastructure on the cloud. PII collected from End Users are stored in cloud storages. Helpshift has implemented and acquired solutions as per the guidance of ISO 27001/17 and 18 to safeguard its infrastructure and data including PII. Helpshift uses various encryption mechanisms to protect its data, including PII data, in rest, motion and transit.

Encryption of Data at Rest

Helpshift encrypts data stored in its infrastructure which includes PII. We use encryption solutions provided by the CSPs, like KMS and LUKS, to encrypt data at rest.

Encryption of Data in Transit

Helpshift uses SSL/TLS encryption to transfer data over public networks.

Deletion of PII and Data Backups

Helpshift maintains data backup for a period of a month. Data at rest in backups are encrypted. Data backup is on an incremental basis and data older than a month is deleted. The entire data backup process is automated.


Access Controls to PII

Helpshift implemented access control to restrict access to PII, production data, and office premises. These controls are verified internally and by 3rd party such as the British Standards Institution for ISO and others. Access to production is not given by default. Access to production is granted based on need to know and with the principle of least privilege after proper approval.

Employee Training and awareness

Helpshift conducts information security training and awareness sessions on a regular basis and monitors the awareness of employees. The training and awareness session includes confidentiality and privacy of data which includes PII.

Reporting of Security and Privacy Incidents

Helpshift developed internal channels to report security and privacy incidents. Incidents can be reported via security@helpshift.com and privacy@helpshift.com. Helpshift conducts awareness session internally for internal employees on how to report incidents.


Tools for Redaction

In the event that PII is collected or accidentally shared and you’d like to remove it after the support interaction, Helpshift provides redaction tools to remove the data to protect you and your users.

Helpshift offers both dashboard tools and APIs to redact a specific or group of messages and attachments from the support conversation.


If you have any questions or concerns, please feel free to write to our support team.