Does a DPA have to be signed?
If you have agreed to freshworks terms of service, which is available online on our website, it also covers the data processing addendum and does not require to be signed additionally. You can find the documentation on the Freshworks security page.
Do I need to execute a signed copy of the DPA for legal/audit records?
In case you want an e-version (instead of online terms) to be executed, contact us at email@example.com
Need to sign an NDA, details?
If you are an existing customer of Freshworks, by using our products, Freshworks terms of service available online on our website applies by default. In case you want a physical signed copy with special terms included from your side, contact us at firstname.lastname@example.org
What is the audit and compliance process in Freshdesk?
Freshdesk is audited annually by independent audit firms for ISO 27001, ISO 27701, SOC 2 Type 2, and VAPT. One of the objectives of getting these certifications or attestations is to be able to provide the necessary information to our customers through the audits reports by reputed and independent auditors.
Therefore, we will only be able to support security evaluations by means of Security questionnaires, 3rd party audit reports, certification requests, and evaluation calls.
Further, On a case to case basis where it's mandated by the law/regulations, audits and assessments shall be discussed and agreed in the contract
Is Freshdesk PCI Compliant?
Yes, Freshdesk is PCI Compliant. Freshworks has data security controls in line with the ISO 27001 standards and is audited as per the SOC 2 Type II framework covering the security, confidentiality, and availability of trust service principles.
Further, for running PCI compliant workloads, we work with our customers to satisfy specific use cases where we obfuscate card data that is structured in nature. Examples such as a card data on an email title( using card data masker integration), or providing encrypted fields over a form.
What is CCPA Compliance? Is Freshdesk CCPA Compliant?
To an extent, Freshdesk account holders are ‘consumers’ as defined under the California Consumer Privacy Act of 2018 (“CCPA”) and Freshdesk is a ‘business’ as defined under CCPA. Thus, the following applies to every Freshdesk account holder:
Subject to the provisions of the CCPA, you have the right to request in the manner provided herein, for the following:
a. Right to request for information about the:
- Categories of Personal Data Freshworks has collected about you.
- Specific pieces of Personal Data Freshworks has collected about you.
- Categories of sources from which the Personal Data is collected.
- Business or commercial purpose for collecting Personal Data.
- Categories of third parties with whom the business shares Personal Data.
b. Right to request for deletion of any Personal Data collected about you by Freshdesk.
If you seek to exercise the foregoing rights to access or delete Personal Data which constitutes ‘personal information’ as defined in CCPA, please contact us at email@example.com or write to us here. We respond to all requests we receive from you wishing to exercise your data protection rights within a reasonable timeframe in accordance with applicable data protection laws.
By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Data from and such other information as reasonably required to enable us to honor your request.
The list of categories of Personal Data collected and disclosed about consumers are enlisted under the head ‘What Personal Data does Freshworks collect and why?’ and the list of categories of third parties to whom the Personal Data was or maybe made disclosed are enlisted under the head ‘Sharing of Personal Data’. Separately, Freshworks does not sell your Personal Data