Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Zendesk's privacy policy, explaining what personal information the company collects about people who visit its website, sign up for its products, or interact with Zendesk marketing, and how that information is used and shared. The most important thing to know is that if you are an end user contacting a business through Zendesk's support software, your data is controlled by that business, not Zendesk, meaning you must go to the business to exercise rights like deletion or access rather than contacting Zendesk. If you are a direct Zendesk customer or website visitor, you can submit privacy rights requests including data deletion or access at https://www.zendesk.com/company/agreements-and-terms/privacy-notice/ or through Zendesk's designated privacy contact.
This document is Zendesk's Privacy Notice, governing how Zendesk collects, uses, discloses, and retains personal data about visitors to its websites, prospective and current customers, and end users of its services, with stated legal bases including consent, legitimate interests, and contractual necessity. The notice states that Zendesk collects a broad range of data categories including contact information, usage data, device and log data, payment information, and inferred data, and the terms authorize sharing this data with service providers, business partners, advertising networks, analytics providers, and in the context of corporate transactions such as mergers or acquisitions. Notably, the notice draws a clear operational distinction between data Zendesk processes as a controller (its own marketing and website interactions) and data it processes as a processor on behalf of its business customers (service data submitted through Zendesk products), with the latter governed by separate data processing agreements rather than this notice; this distinction is operationally significant because end users whose data appears in a customer's Zendesk instance must direct privacy requests to that business customer, not to Zendesk directly. The notice engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, and references adequacy mechanisms including Standard Contractual Clauses for international data transfers; Zendesk also references its participation in the EU-U.S. Data Privacy Framework. Material compliance considerations include the adequacy of cross-border transfer mechanisms post-Schrems II, the sufficiency of consent mechanisms for cookie-based advertising, and the clarity of the controller-processor boundary for enterprise customers subject to their own regulatory obligations.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trial1 important change detected
3 versions captured · Last updated: May 2026
Monitoring
Zendesk has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Dual Controller-Processor Role Structure and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.