How can I be sure that my data is safe with Freshdesk? Where is the data hosted?


We take matters of data security very seriously at Freshdesk. We are hosted on the highly reliable Amazon AWS servers, that promise optimal uptime, and data security for all our customers and ticket data. 


Our hosting partner is AWS and our servers are hosted in a world-class AWS data center, that is protected by biometric locks and 24-hour surveillance. We ensure that our application is always up to date with the latest security patches. All Freshdesk plans include SSL encryption to keep your data safe.


How is the data stored?


The product is built on multi-tenant cloud architecture and every customer's data is logically segregated with a unique tenant ID so that one customer cannot access another customer data.



What information security controls are available / deployed?


Data Segregation:

Freshworks uses a multi-tenant data model to host all its applications. Each application is serviced from an individual virtual private cloud and each customer is uniquely identified by a tenant ID. The application is engineered and verified to ensure that it always fetches data only for the logged-in tenant. Per this design, no customer has access to another customer’s data.


Access control:

Freshworks has an in-built authentication module where it provides the ability for customers to define user names and assign access roles. Users can be authenticated either using the authentication module within Freshworks products or via the customer’s SSO. In case customers are using our own authentication module (SSO, AD, etc..), the password rules for authentication & password policy configured by them will be applied. In addition, customers can restrict support agents and customers who can log in to their support portal to certain IP addresses.


Encryption:

All data at rest is encrypted using AES-256-bit standards with the keys being managed using AWS Key Management Service. All data in transit is encrypted. We support only TLS 1.2 and lower versions are deprecated.


Logs:

All the events and activities are logged and monitored on a monthly basis. Application Audit Logs within the Admin console (Admin >Account > Audit Log) captures the user activities and configuration changes or all agents. These logs are read-only and also encrypted for protection.



Can the data hosting region be moved? How long will the process take?


The hosting region can only be selected at the time of account creation, and if the data center needs to be moved to a different , you can raise a support ticket to support@freshdesk.com. The duration of the migration process depends on the amount of data that needs to be transferred.


Where is the data backed up? Will we lose any data?


All data stored and handled in Freshdesk can be backed up in two ways:

1. A continuous backup is maintained in different data centers to support a system failover if it were to occur in the primary data center. 

2. Data is backed up to persistent storage every day and retained for the last seven days.


Application logs are backed up and are maintained for a duration of one year.


All backups are encrypted using AES 256-bit encryption and keys being managed through AWS Key Management Services (KMS).


What is the encryption type used in FD?


All data at rest is encrypted using AES-256-bit standards with the keys being managed using AWS Key Management Service. All data in transit is encrypted using HTTPS with TLS 1.2 and above.


What data does Freshdesk have access to? What data of ours does Freshdesk Analyze?


By Default, Freshdesk does not have access to any of the customer's data. In case a customer wants a Freshdesk representative to work on their account, they have to add them as an occasional agent. 


Freshdesk stores and processes customer data, where data refers to all electronic data, messages, or other material submitted to Freshdesk by the customer through the customer’s account in connection with the customer’s use of Freshdesk’s service(s). This data is processed in compliance with applicable laws and regulations for the purpose of providing services in the Freshworks product suite. As a data processor, Freshdesk performs operations or set of operations on this data in relation to services offered.

 

 ‘Data hosted’ means data stored for the delivery of services we provide as a data processor and includes data stored for backup. ‘Data’ stated hereby is with reference to definitions specified in the provided link.


How do I erase all the data in my helpdesk?


Data Deletion post account termination: Any data deleted will be erased 90 days post date of termination


Do you process personal data/PII?


Being the data controller, the customer gets to decide what data to host/process in Freshdesk. Freshdesk processes data in accordance with your terms of service


What is Freshdesk’s Data Retention Policy


Data is retained as long as the customer is active and using our products. If any delete is performed by the users (agents, admin, etc…) - then the delete is immediate. However, logs will be retained. These logs would be retained for 3 months and then archived in a secure environment with no access unless explicitly approved by the senior management to comply with applicable laws. These archived logs would also be purged automatically after 21 days. The log will just contain only information about the action or event and associated details. Logs will not have any data including PII.


Upon Account Termination, all account data will be deleted after 90 days from the date of termination. Logs will be retained as mentioned above.

To know about Freshworks’ Data Retention Policies, refer these pages:




You can also refer to these links for more details: Third party data sharingFreshworks SecurityFreshworks Data Hosting and Freshworks on GDPR.