Data lifecycle at Gorgias

Last revised on May 5th, 2018

At Gorgias we are committed to keeping YOUR data safe and secure while we provide the best service we can for you.

This page describes everything we do with your data. How we use it and for what purpose. How long we keep it and how can you take control of it.

First, we have a few services that we offer to our customers, and we collect information about their activity on these services:

What information do we collect?

There are also two ways we collect and store data about your activity:

  • Using tracking scripts (aka pixels) in the browser, that makes use of cookies to persist the data between your website visits or between pages. These tracking scripts are usually made by a 3rd party processor (Google Analytics for example).
  • Using our HTTP based backend (for example when you login/register). On the backend, we usually store them in our own database and/or send them to 3rd party processors similar to tracking scripts described above.

Why do we need to collect information on our customers in the first place?

We are a data-driven company meaning that we try to make rational decisions based on what we measure. This hopefully puts us on a good path to implement our customers needs (what feature to build, what bug to fix first, etc..) and ultimately provides them with more value. This is why we're using tools like Google Analytics to collect and analyze this data.

3rd party processors

Below you can find the tables of the services we use, what data we collect, its purpose and for how long.

This website (gorgias.io)

Processor Data collected Purpose of data collection How long the data is stored
Google Analytics Data collected Number of visits, browser languages, general geographical location. Data retention policy
VWO Page views A/B testing Data retention policy GDPR compliance
Clearbit Page views, IP address Enrich customer profiles N/A
Segment Custom events on our website. Clicks, input field values. Event tracking aggregator used to distribute the event data to other sources. Data retention policy
Adroll Cookies Re-targeting advertising Privacy policy (contains data retention policy)
Facebook Data policy Advertising Data policy
Zapier Email addresses Analysis of our onboarding process GDPR compliance
Hubspot Cookies Track visits from prospects on the website Privacy policy containing data retention policy , GDPR compliance
Customer.io Email addresses & custom events Drip campaigns, onboarding emails Privacy policy containing data retentions policy , GDPR compliance

Gorgias Templates for Chrome

Processor Data collected Purpose of data collection How long the data is stored
Google Analytics Data collected Number of visits, browser languages, general geographical location. Data retention policy
Amplitude Usage events, clicks, length of the template, how many times templates are used. We use it to observe the usage of the chrome extension. How many templates are created on average, their length. No identifiable information is collected. Privacy policy (contains data retention policy)

Gorgias Helpdesk

Processor Data collected Purpose of data collection How long the data is stored
Facebook Data policy Advertising Data policy
Segment Custom events on our website. Clicks, input field values. Event tracking aggregator used to distribute the event data to other sources. Data retention policy
Sentry Javascript and Python errors In order to catch and debug errors in our production environment Data retention
Hotjar Mouse clicks and navigation events Observe user sessions when they encounter errors. Use heatmaps to understand our user’s behavior and improve the product accordingly. Data retention
Smooch Chat data, including chat messages, and email address (if provided) This chat system is used to communicate with our customers 24h
Adwords Cookies Advertising Data retention
Hubspot Events sent when something happens in our backend Track customer activity (if they purchase, if they upgrade their plan) on the website Privacy policy containing data retention policy , GDPR compliance
Zapier Email addresses Analysis of our onboarding process GDPR compliance
Customer.io Email addresses & custom events Drip campaigns, onboarding emails Privacy policy containing data retentions policy , GDPR compliance
Adroll Cookies Re-targeting advertising Privacy policy (contains data retention policy)

Gorgias Helpdocs

Processor Data collected Purpose of data collection How long the data is stored
Google Analytics Data collected Number of visits, browser languages, general geographical location. Data retention policy
Smooch Chat data, including chat messages, and email address (if provided) This chat system is used to communicate with our customers 24h
Helpdocs Visits, likes and dislikes Analytics - how effective are our helpcenter articles. Privacy policy including data retention policy

Chrome Web Store Page

Processor Data collected Purpose of data collection How long the data is stored
Google Analytics Data collected Number of visits, browser languages, general geographical location. Data retention policy

Shopify Store Page

Processor Data collected Purpose of data collection How long the data is stored
Google Analytics Data collected Number of visits, browser languages, general geographical location. Data retention policy

How & where we store your data

Below you can find the list of cloud service that we’re using to store and serve your data.

Data type Processor Purpose of data collection Location
Helpdesk ticketing data. Customer messages, email addresses, phone numbers, and other personal information. Google Cloud Platform We store emails/facebook messages & comments and end-user data (the customers of our customers) so that we can provide the core of our service. We do however automatically obfuscate (or remove) Credit Card numbers, IBAN, SSN and other sensitive private information. US East
Helpdesk attachments - our customers' and end-users' file attachments. Google Cloud Platform When you send an email we store the attachment in Google Cloud's object storage so we can serve it to the end-user and vice-versa for the our own customers. US East
Gorgias Templates for Chrome: Only data for paying customers such as Users/Templates/Tags/Teams Google Cloud Platform All Gorgias Templates for Chrome data is stored in our main database US East
Backups for Gorgias Templates for Chrome and Gorgias Helpdesk Amazon Web Services If experience a catastrophic data loss we can recover our main database from continuous backups. The data is stored in the S3 object storage US East

Data retention policy or How long do we store your data and why

We try to store data for our paying customers only (with a few exceptions).

For paying customers, if they stop paying for a given period of time, or ask us to delete their account and their data we do it no questions asked. In fact we have a money saving incentive to get rid of their data: storing Terabytes of data costs us a lot of money and since we’re not in the business of selling your data - and will never be - we’ll just simply delete it to reduce our hosting bills.

The exceptions of keeping the personal data includes law enforcement cases, billing/accounting information, etc..

So what exactly is our policy for data removal in our products?

Gorgias Helpdesk

IF customer in free trial THEN
    IF customer free trial expires THEN
        start data deletion process
    ELSE IF paying customers asks us to delete their account or stops paying THEN
        start data deletion process
                        

Gorgias Templates

IF free user THEN
    do nothing as we don't store anything
ELSE IF paying customers asks us to delete their account or stops paying THEN
    start data deletion process
                        

Data deletion process

The deletion process starts when an account (associated with a company usually) is marked as deactivated. 30 days after the deactivation we’re marking the data with “soft” delete flag. 10 days after the “soft” delete we’re permanently deleting the data from our database and other storages. 7 days after the permanently deleted database and storage records we delete our backups as well.

The reason it takes 47 days to completely remove the data from our storage is to protect our customers from accidental account deactivation/deletion.

The above deletion process is the default behavior, but on our customer’s request we can accelerate their data removal for up to a few hours + 7 days for the backups to be removed. If you need an accelerated deletion process please contact us using the address at the bottom of this page.

Security

We've created a dedicated page specificly to answer what is our security policy and how we keep your data secure. Read more here.

GDPR

Even though we think that this page should answer most of the issues raised by GDPR we've created a dedicated page it here.

EU-U.S. Privacy Shield

We've applied for self-certification and are awaiting their approval. More details to come soon.

Feedback

If there are any questions regarding this page, please contact us: support@gorgias.io