Helpshift data collection practices

The following table describes different types of end-user data, correlates them with Helpshift data-collection practices — relative to a brand’s use of Helpshift SDKs — and shows additional detail when relevant.

We collect select personal information from a brand’s end-users to provide, operate, optimize, and maintain Helpshift services that support the brand’s customer service organization.

Some text in the table is adapted closely from an Apple notice to mobile software developers, which describes the disclosure standard that Helpshift and its brand-customers aim to meet.

Information is current as of December 11, 2020.

CONTACT INFO

Collected?

Linked to User?

Purpose

Name

Such as first or last name

Conditional

  • (SDK - optional) May be passed by the app developer to the SDK via custom issue fields, which Helpshift does not control. Customer service agents can redact these details after resolving the end-user's service request.
  • (SDK - optional) May be provided voluntarily by the end-user who requested in-app support. Customer service agents can redact these details after resolving the end-user's service request.

Yes, if collected

Customer service processing

Email Address
Including but not limited to a hashed email address

Conditional

  • (SDK - optional) May be passed by the app developer to the SDK programmatically via custom issue fields, which Helpshift does not control. Customer service agents can redact these details after resolving the end-user's service request.
  • (SDK - optional) May be provided voluntarily by the end-user who requested in-app support. Customer service agents can redact these details after resolving the end-user's service request.
  • (Email - optional) Only after an also-optional third-party service integration, and only when provided
    voluntarily by the end user who requested in-app support. Customer service agents can redact these details after resolving the end-user's service request.

Yes, if collected

Customer service processing

Phone Number
Including but not limited to a hashed phone number

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)
NOTE: However, we may collect an end-user's telephone number in the unlikely event that both of the following statements are true simultaneously.

  • A brand-customer's hosted Helpshift instance is fully integrated with an optional third-party telephone service.

  • The end-user has requested phone-based support explicitly and provided their telephone number voluntarily.

Yes, if collected

Customer service processing

Physical Address
Such as home address, physical address, or mailing address

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Other User Contact Info
Any other information that can be used to contact the user outside the app

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

HEALTH AND FITNESS

Collected?

Linked to User?

Purpose

Health
Health and medical data, including but not limited to data from the Apple Clinical Health Records API, Apple HealthKit API, Apple MovementDisorderAPis, or health-related human subject research or any other user provided health or medical data

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Fitness
Fitness and exercise data.
including but not limited to the Apple Motion and Fitness API

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

PAYMENT INFO

Collected?

Linked to User?

Purpose

Payment Info
Such as form of payment, payment card number, or bank account number. In an app that uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No


THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
See Appendix A.)
NOTE: In the event that such information is transmitted through the
Helpshift platform, it is linked not to a user, but to a service request.
These details could describe the payment method and/or the payment state

Not applicable

Credit Info
Such as credit score

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Other Financial Info
Such as salary, income, assets, debts, or any other financial
information

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

LOCATION

Collected?

Linked to User?

Purpose

Precise Location
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Coarse Location
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services

Collected

No


NOTE: Helpshift collects an
ISO 3166 country code, identifying the country from which an end-user submitted their service request. In the event that an end-user submits service requests from multiple countries, the stored country code differs per case.

Customer service processing

SENSITIVE INFO

Collected?

Linked to User?

Purpose

Sensitive Info
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Contacts
Such as a list of contacts in the user's phone, address book, or social graph

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

USER CONTENT

Collected?

Linked to User?

Purpose

Emails or Text Messages
Including subject line, sender, recipients, and contents of the email or message

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Photos or Videos
The user's photos or videos

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Audio Data
The user's voice or sound recordings

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Gameplay Content
Such as user generated content in-game

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Customer Support
Data generated by the user during a customer support request

Collected

Yes

Customer service processing

Other User Content
Any other user-generated content

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

BROWSING HISTORY

Collected?

Linked to User?

Purpose

Browsing History
Information about content the user has viewed that is not part of the app, such as websites

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

SEARCH HISTORY

Collected?

Linked to User?

Purpose

Search History
Information about searches performed in the app

Collected

Yes

Customer service processing

IDENTIFIERS

Collected?

Linked to User?

Purpose

User ID
Such as screen name, handle. account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Device ID
Such as the device's advertising identifier, or other device-level iD

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

PURCHASES

Collected?

Linked to User?

Purpose

Purchase History
An account's or individual's purchases or purchase tendencies

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

USAGE DATA

Collected?

Linked to User?

Purpose

Product Interaction
Such as app launches, taps. clicks, scrolling information, music listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app

All end-user session events are collected.
Brands may, optionally, choose to pass additional usage details through the Helpshift service.

No

Active usage calculation for analytics and billing

Advertising Data
Such as information about the advertisements the user has seen

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No

Not applicable

Other Usage Data
Any other data about user activity in the app

THE HELPSHIFT PLATFORM
IS NOT DESIGNED TO COLLECT OR STORE THIS INFORMATION FOR ANY PURPOSE.
(See Appendix A.)

No


NOTE: Most brands prefer to store usage details of this type in a dedicated CRM.
However, we do not prevent brands from collecting or updating such details via custom issue fields. In the event that they do so, such details is linked to their associated customer service request.

Not applicable

DIAGNOSTICS

Collected?

Linked to User?

Purpose

Crash Data
Such as crash logs

Collected

No

  • Analyzing product stability

  • Improving product stability

Performance Data
Such as launch time, hang rate, or energy use

Not Collected

No

Not applicable

Other Diagnostic Data
Any other data collected for the purposes of measuring technical diagnostics related to the app

Collected

No

  • Logging internal errors

  • Analyzing product stability

  • Improving product stability

OTHER DATA

Collected?

Linked to User?

Purpose

Other Data Types*

Any other data types not mentioned

We collect a unique ID for vendor* (IDFV) value to identify the combination of

(A.) each Helpshift SDK-integrated app that operates on a mobile device and

(B.) the app's developer.

No

IDFV values help us to exchange messages correctly with the specific app instance in which an end-user requested customer service.

 

  • For troubleshooting purposes after an end-user requests customer service, we identify their device model, operating system, and installed browser. In addition, we identify the type of network their mobile device is connected to, and we identify their network carrier.

  • NOTE: We neither access nor collect an end-user’s browser history beyond what may happen directly within an SDK-integrated app where (A.) the end-user exchanges messages with a customer service agent regarding a customer service request, and (B.) one of these messages includes a web link, which the end-user clicks. In this case exclusively, Helpshift analytics does capture and store the record of that single click.

    • For troubleshooting purposes after an end-user requests customer service, we collect language data from their mobile device, which helps us to communicate with them in their preferred language.

    • App developers can configure their Helpshift SDK implementation to collect custom data. When this custom data includes any personally identifiable information, we ask them to apply a special flag — enableFullPrivacy — to the data and thereby prevent Helpshift from ever receiving it. Our iOS and Android developer documentation describes in full the process to accomplish this data suppression.

    • Although Helpshift engages with certain third-party data processors, we impose data protection terms on each of them to maintain high security and enforce data privacy.

Appendix A - Unsolicited PIl

It is technically possible for a Helpshift brand-customer to pass unsolicited values to Helpshift through the customer’s integration of a Helpshift SDK, alongside the customer’s implementation of custom issue fields within an SDK-integrated app.

It is also possible for a brand-customer’s end-user to transmit file attachments through the Helpshift platform while exchanging messages with customer service agents either (A.) within an SDK-integrated app or (B.) through a brand-customer’s implementation of a Helpshift web chat widget.

  • File attachment types may possibly include photographs, screenshots, screencasts, audio recordings, compressed file archives, portable documents, or other file types as supporting material for a customer service request.

  • File attachments may contain personally identifiable information.

Any file attachments that an end-user may pass through the Helpshift platform are sent voluntarily and at the end-user’s sole discretion.

It is further possible that a Helpshift brand-customer’s end-user may compose and send ordinary text messages through the Helpshift platform voluntarily and for whatever purpose, into which they have entered personally identifiable information in plaintext, also at their sole discretion.

In many cases, customer service agents can redact personally identifiable details after resolving an issue whose conversational history may incidentally contain them.

 

Additional information

Helpshift takes additional to maintain privacy, and to protect yours and your end-users’ data:

  • Helpshift does not share any information shared or provided by the end-users, which may include PII, with third parties.
  • Developers can configure a special flag (enableFullPrivacy) within the Helpshift SDK, which prevents Helpshift from receiving any custom data. See Helpshift iOS and Android documentation to learn more about enableFullPrivacy.
  • Helpshift does not use customer data for our internal purposes, such as testing product features and functionality. We develop custom scripts to create test data to run test cases so that no production data is used in Helpshift UAT systems.

PII Storage and Encryption

Helpshift hosts its infrastructure on the cloud. PII collected from End Users are stored in cloud storages. Helpshift has implemented and acquired solutions as per the guidance of ISO 27001/17 and 18 to safeguard its infrastructure and data including PII. Helpshift uses various encryption mechanisms to protect its data, including PII data, in rest, motion and transit.

Encryption of Data at Rest

Helpshift encrypts data stored in its infrastructure which includes PII. We use encryption solutions provided by the CSPs, like KMS and LUKS, to encrypt data at rest.

Encryption of Data in Transit

Helpshift uses SSL/TLS encryption to transfer data over public networks.

Deletion of PII and Data Backups

Helpshift maintains data backup for a period of a month. Data at rest in backups are encrypted. Data backup is on an incremental basis and data older than a month is deleted. The entire data backup process is automated.

Access Controls to PII

Helpshift implemented access control to restrict access to PII, production data, and office premises. These controls are verified internally and by 3rd party such as the British Standards Institution for ISO and others. Access to production is not given by default. Access to production is granted based on need to know and with the principle of least privilege after proper approval.

Employee Training and awareness

Helpshift conducts information security training and awareness sessions on a regular basis and monitors the awareness of employees. The training and awareness session includes confidentiality and privacy of data which includes PII.

Reporting of Security and Privacy Incidents

Helpshift developed internal channels to report security and privacy incidents. Incidents can be reported via security@helpshift.com and privacy@helpshift.com. Helpshift conducts awareness session internally for internal employees on how to report incidents.

Tools for Redaction

In the event that PII is collected or accidentally shared and you’d like to remove it after the support interaction, Helpshift provides redaction tools to remove the data to protect you and your users.

Helpshift offers both dashboard tools and APIs to redact a specific or group of messages and attachments from the support conversation.

If you have any questions or concerns, please feel free to write to our support team.