What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This notice engages GDPR and UK GDPR (applicable to EU and UK data subjects), CCPA and CPRA (applicable to California residents), and references compliance with regional frameworks in Australia, Brazil, Japan, and Singapore. The primary enforcement authorities include EU data protection authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. The dual controller/processor structure Zendesk asserts requires compliance with dis…

How does Zendesk's Zendesk Privacy Policy affect users?

The agreement establishes that Zendesk collects identifiers, device information, usage and log data, cookie and tracking data, and payment information from website visitors and customers, and authorizes sharing with advertising, analytics, affiliate, and subprocessor partners. Under these terms, individuals whose data is processed within the Zendesk platform as Service Data are directed to contact the relevant Zendesk business customer rather than Zendesk directly to exercise data subject right…

How often is Zendesk's Zendesk Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Zendesk updates this document?

Yes. Monitor subscribers ($19/month) can add Zendesk to their watchlist and receive same-day email alerts whenever this document or any other Zendesk document changes.

CA-D-000639

Zendesk Privacy Policy

Zendesk

Last change detected May 11, 2026 Privacy policy

SHA-256: 42a6755963d1b2ed7eb… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Zendesk ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

0 High severity

7 Medium severity

3 Low severity

Summary

This is Zendesk's Privacy Notice, describing how Zendesk collects and uses personal data from website visitors, prospective and existing customers, and end users of its support platform. The notice authorizes collection of identifiers, contact details, device and browser data, usage logs, cookie-based tracking data, payment information, and inferred interest or demographic data, and permits sharing with advertising, analytics, subprocessor, and affiliate partners. For data processed within the Zendesk platform on behalf of business customers, Zendesk states it acts as a data processor and directs individuals to contact the relevant Zendesk customer to exercise privacy rights over that data.

Technical / Legal Breakdown

This document is Zendesk's Privacy Notice, governing how Zendesk collects, uses, shares, and retains personal data of visitors to its websites, prospective and current customers, and end users of its customer service platform, with legal bases including contract performance, legitimate interests, consent, and legal obligation depending on the processing activity. The notice states that Zendesk collects identifiers, contact information, payment data, device and browser information, usage and log data, cookie and tracking data, and inferred demographic or interest data; the terms authorize sharing this data with affiliated entities, subprocessors, advertising and analytics partners, and third parties in the context of business transfers. The notice draws a structural distinction between Zendesk as a data controller for data collected through its own websites and marketing activities, and as a data processor acting on behalf of its business customers for Service Data processed within the platform, a distinction that has operational significance for data subject rights routing. The notice engages GDPR, UK GDPR, CCPA and CPRA, and other regional frameworks including those applicable in Australia, Japan, Brazil, and Singapore; EU and UK users are subject to specific rights and mechanisms including data subject access, erasure, and portability requests, while California residents receive separate disclosures on categories of personal information collected and sold or shared. Compliance teams should note that Zendesk's role as both controller and processor creates distinct obligations under each framework, and that the routing of data subject rights requests to the relevant Zendesk customer as controller for Service Data may affect how individuals can exercise those rights in practice.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

2 important changes detected

3 versions captured · Last updated: May 2026

May 11, 2026

low

What changed Zendesk updated its Privacy Policy on May 11, 2026, repositioning itself as an AI-first service platform. The company revised its core description from a service-first CRM to a platform powered by self-learning AI agents, updated its governing agreement reference from 'Main Services Agreement' to 'Zendesk Customer Agreement', and clarified that personal data collection powers 'intelligent resolutions' and improves service experience. The effective date on the policy moved from January 28, 2026 to May 6, 2026. These changes are primarily descriptive and organizational updates with no material change to data collection, retention, or user rights.

Why this matters Zendesk's updated Privacy Policy clarifies that personal data is collected and used to power AI-driven intelligent resolutions and improve service experience. The company's description changed from service-first CRM to AI-first platform powered by self-learning AI agents. The policy updated its reference governing agreement from 'Main Services Agreement' to 'Zendesk Customer Agreement', but this is an administrative correction with no change to substantive privacy protections or data handling practices. No new data collection authorities, retention periods, or user restrictions were introduced.

View full change record →

May 5, 2026

low

What changed Zendesk's Privacy Policy was updated on May 5, 2026 to add references to two new documents in its governance framework: the Zendesk Partner Agreement and the AI Services Addendum. These documents now appear in the policy's table of contents alongside existing agreements. The change itself is organizational—no substantive modifications to privacy rights or data handling practices are stated in the detected change.

Why this matters The updated Privacy Policy now references two additional governing documents: the Zendesk Partner Agreement and the AI Services Addendum. These documents may contain terms that apply to specific user groups, particularly those using partner services or AI-powered features. To understand how these new documents affect you, review the full text of both agreements, especially if you are a partner or use any AI-enabled Zendesk services.

View full change record →

Medium — 7 provisions

Controller vs. Processor Dual Role Compare →

Zendesk asserts that it acts as a data controller for data collected through its own websites and marketing activities, and as a data processor for Service Data submitted by business customers through the platform. Business customers are stated to be responsible for establishing a legal basis for processing Service Data.

Added May 20, 2026 Standard Seen across 284 platforms
Personal Data Categories Collected Compare →

The notice states that Zendesk collects identifiers, commercial records, internet activity, geolocation data, professional information, and inferences drawn from collected data, including profile inferences relating to preferences, psychological trends, and aptitudes.

Added May 20, 2026 Standard Seen across 284 platforms
Data Sharing with Third Parties Compare →

The notice states that Zendesk shares personal data with affiliated entities, subprocessors, advertising and analytics partners, and with third parties in asset sale or merger contexts, as well as when legally required.

Added May 20, 2026 Standard Seen across 252 platforms
Cookie and Tracking Technologies Compare →

The notice states that Zendesk and advertising partners use cookies, pixels, and tracking tags to collect browser type, OS, page visit data, duration, and referring URL, and use this data for cross-device recognition and personalized advertising.

Added May 20, 2026 Common Seen across 170 platforms
International Data Transfers Compare →

The notice states that Zendesk transfers personal data internationally and relies on standard contractual clauses approved by the European Commission and other legally recognized mechanisms as safeguards for cross-border transfers.

Added May 20, 2026 Standard Seen across 284 platforms
Data Subject Rights Compare →

The notice states that users may have rights to access, correct, delete, restrict, object to, or port their personal data depending on their jurisdiction, and provides a privacy request form and email address as the mechanism to exercise these rights.

Added May 20, 2026 Standard Seen across 284 platforms
California Privacy Rights (CCPA/CPRA) Compare →

The notice states that California residents have CCPA/CPRA rights to know, delete, correct, opt out of sale or sharing, and be free from discrimination, with requests submitted via the privacy request form or privacy@zendesk.com.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 3 provisions

Data Retention Compare →

The notice states that Zendesk retains personal data for as long as necessary for the stated purposes or as required by law, applying a multi-factor assessment to determine the appropriate retention period including sensitivity, risk, and purpose.

Added May 20, 2026 Standard Seen across 284 platforms
Use of Personal Data for Marketing Compare →

The notice states that Zendesk uses personal data to send marketing communications and provides an unsubscribe mechanism via email link or contact with privacy@zendesk.com, while retaining the right to send transactional or account-related communications regardless of marketing opt-out.

Added May 20, 2026 Standard Seen across 284 platforms
Children's Data Compare →

The notice states that Zendesk's services are not directed to children under 16 and that Zendesk does not knowingly collect personal data from that age group, with a mechanism to report and delete such data if discovered.

Added May 20, 2026 Standard Seen across 284 platforms