Gorgias - Data lifecycle

What information do we collect?

There are also two ways we collect and store data about your activity:

Using tracking scripts (aka pixels) in the browser, that makes use of cookies to persist the data between your website visits or between pages. These tracking scripts are usually made by a 3rd party processor (Google Analytics for example).
Using our HTTP based backend (for example when you login/register). On the backend, we usually store them in our own database and/or send them to 3rd party processors similar to tracking scripts described above.

Why do we need to collect information on our customers in the first place?

We are a data-driven company meaning that we try to make rational decisions based on what we measure. This hopefully puts us on a good path to implement our customers needs (what feature to build, what bug to fix first, etc..) and ultimately provides them with more value. This is why we're using tools like Google Analytics to collect and analyze this data.

End-customers data

Data about customers (people who buy or contact Gorgias' customers) is not shared with any third party. It is stores on Google Cloud as outlined in the How & where we store your data section. Below is the list of end-customer data that we collect, along with the source:

Source

End-customer data collected

Gorgias

- Conversations through chat, messenger, email, phone, smooch_inside, facebook, instagram, aircall, tickets created via the API
- Email address, phone number

Shopify

- Address
- Order history
- Sex, age

ReCharge

- Address
- Order history
- Sex, age

Aircall

- Phone number

Smile.io

- Name

3rd party processors

Below you can find the tables of the services we use, what data we collect, its purpose and for how long.

This website (gorgias.com)

Below you can find the tables of the services we use, what data we collect, its purpose and for how long.

Processor

Data collected

Purpose of data collection

How long the data is stored

Google Analytics

Data collected

Number of visits, browser languages, general geographical location.

Data retention policy

VWO

Page views

A/B testing

Data retention policy
GDPR compliance

Clearbit

Data retention policy
GDPR compliance

Segment

Custom events on our website. Clicks, input field values.

Event tracking aggregator used to distribute the event data to other sources.

event data to other sources.Data retention policy

Adroll

Re-targeting advertising

Facebook

Data policy

Advertising

Data policy

Zapier

Email addresses

Analysis of our onboarding process

GDPR compliance

Hubspot

Track visits from prospects on the website

customer.io

Email addresses & custom events

Drip campaigns, onboarding emails‍

Gorgias Templates for Chrome

Processor	Data collected	Purpose of data collection	How long the data is stored
Google Analytics	Data collected	Number of visits, browser languages, general geographical location.	Data retention policy
Amplitude	Usage events, clicks, length of the template, how many times templates are used.	We use it to observe the usage of the chrome extension. How many templates are created on average, their length. No identifiable information is collected.	Privacy policy (contains data retention policy)

Gorgias Helpdesk

Processor	Data collected	Purpose of data collection	How long the data is stored
Facebook	Data policy	Advertising	Data policy
Gmail	Account's metadata, all emails received and sent of Gmail accounts connected to our product as an integration.	Manage and send emails from our product.	Google data retention
Segment	Custom events on our website. Clicks, input field values.	Event tracking aggregator used to distribute the event data to other sources.	Data retention policy
Sentry	Javascript and Python errors	In order to catch and debug errors in our production environment	Data retention
Hotjar	Mouse clicks and navigation events	Observe user sessions when they encounter errors. Use heatmaps to understand our user’s behavior and improve the product accordingly.	Data retention
Smooch	Chat data, including chat messages, and email address (if provided)	This chat system is used to communicate with our customers	24h
Adwords	Cookies	Advertising	Data retention
Hubspot	Events sent when something happens in our backend	Track customer activity (if they purchase, if they upgrade their plan) on the website	Privacy policy containing data retention policy , GDPR compliance
Zapier	Email addresses	Analysis of our onboarding process	GDPR compliance
Customer.io	Email addresses & custom events	Drip campaigns, onboarding emails	Privacy policy containing data retentions policy , GDPR compliance
Adroll	Cookies	Re-targeting advertising	Privacy policy (contains data retention policy)

Gorgias Helpdocs

Processor	Data collected	Purpose of data collection	How long the data is stored
Google Analytics	Data collected	Number of visits, browser languages, general geographical location.	Data retention policy
Smooch	Chat data, including chat messages, and email address (if provided)	This chat system is used to communicate with our customers	24h
Helpdocs	Visits, likes and dislikes	Analytics - how effective are our helpcenter articles.	Privacy policy including data retention policy

Chrome Web Store Page

Processor	Data collected	Purpose of data collection	How long the data is stored
Google Analytics	Data collected	Number of visits, browser languages, general geographical location.	Data retention policy

Shopify Store Page

Processor	Data collected	Purpose of data collection	How long the data is stored
Google Analytics	Data collected	Number of visits, browser languages, general geographical location.	Data retention policy

How & where we store your data

Below you can find the list of cloud service that we’re using to store and serve your data.

Data type	Processor	Purpose of data collection	Location
Helpdesk ticketing data. Customer messages, email addresses, phone numbers, and other personal information.	Google Cloud Platform	We store emails/facebook messages & comments and end-user data (the customers of our customers) so that we can provide the core of our service. We do however automatically obfuscate (or remove) Credit Card numbers, IBAN, SSN and other sensitive private information.	US East
Helpdesk attachments - our customers' and end-users' file attachments.	Google Cloud Platform	When you send an email we store the attachment in Google Cloud's object storage so we can serve it to the end-user and vice-versa for the our own customers.	US East
Gorgias Templates for Chrome: Only data for paying customers such as Users/Templates/Tags/Teams	Google Cloud Platform	All Gorgias Templates for Chrome data is stored in our main database	US East
Backups for Gorgias Templates for Chrome and Gorgias Helpdesk	Amazon Web Services	If experience a catastrophic data loss we can recover our main database from continuous backups. The data is stored in the S3 object storage	US East

Data retention policy or How long do we store your data and why

We try to store data for our paying customers only (with a few exceptions).

For paying customers, if they stop paying for a given period of time, or ask us to delete their account and their data we do it no questions asked. In fact we have a money saving incentive to get rid of their data: storing Terabytes of data costs us a lot of money and since we’re not in the business of selling your data - and will never be - we’ll just simply delete it to reduce our hosting bills.

The exceptions of keeping the personal data includes law enforcement cases, billing/accounting information, etc..

So what exactly is our policy for data removal in our products?

Gorgias Helpdesk

IF customer in free trial THEN
    IF customer free trial expires THEN
        start data deletion process
    ELSE IF paying customers asks us to delete their account or stops paying THEN
        start data deletion process

Gorgias Templates

IF free user THEN
    do nothing as we don't store anything
ELSE IF paying customers asks us to delete their account or stops paying THEN
    start data deletion process

Data deletion process

The deletion process starts when an account (associated with a company usually) is marked as deactivated. 60 days after the deactivation we’re marking the data with “soft” delete flag. 30 days after the “soft” delete we’re permanently deleting the data from our database and other storages. 7 days after the permanently deleted database and storage records we delete our backups as well.

The reason it takes 47 days to completely remove the data from our storage is to protect our customers from accidental account deactivation/deletion.

The above deletion process is the default behavior, but on our customer’s request we can accelerate their data removal for up to a few hours + 7 days for the backups to be removed. If you need an accelerated deletion process please contact us using the address at the bottom of this page.

Security

We've created a dedicated page specificly to answer what is our security policy and how we keep your data secure. Read more here.

GDPR

Even though we think that this page should answer most of the issues raised by GDPR we've created a dedicated page it here.

EU-U.S. Privacy Shield

We've applied for self-certification and are awaiting their approval. More details to come soon.

Feedback

If there are any questions regarding this page, please contact us: support@gorgias.io.

Data lifecycle at Gorgias

Related links

What information do we collect?

Why do we need to collect information on our customers in the first place?

End-customers data

3rd party processors

This website (gorgias.com)

Gorgias Templates for Chrome

Gorgias Helpdesk

Gorgias Helpdocs

Chrome Web Store Page

Shopify Store Page

How & where we store your data

Data retention policy or How long do we store your data and why

Gorgias Helpdesk

Gorgias Templates

Data deletion process

Security

GDPR

EU-U.S. Privacy Shield

Feedback

‍