Terms & Policies
Privacy Policy
1. PURPOSE AND SCOPE
1.1 At Intercom, we respect your privacy and data protection rights and recognize the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.
1.2 When we refer to Intercom, we mean Intercom R&D Unlimited Company, a company registered in Ireland with offices at 124 St Stephen's Green, Dublin 2, DC02 C628; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA; Intercom Software UK Limited, a private limited company registered in the United Kingdom ("UK") with offices at Level 9, the Warehouse 207-211 Old St, London, EC1V 9NR UK; Intercom Software Australia Pty Ltd, a company registered in Australia with offices at 285A Crown St. Surry Hills NSW 2010, Australia, 1st Floor, Sydney, and Intercom's group companies ("Intercom", "we", "us", "our").
1.3 This Privacy Policy applies to you if you:
- interact with any of Intercom’s websites (including www.intercom.com and www.intercom.io) or our social media pages (collectively, the "Sites") ("website users");
- visit any of Intercom’s premises ("office visitors");
- attend an Intercom event or an event which Intercom sponsors ("event attendees");
- use Intercom's communication and messaging products, customer workspaces, mobile applications, and our other applications and services (collectively, the "Intercom Services") ("customers");
- are a marketing prospect, who is anyone whose data Intercom processes for the purposes of assessing customer eligibility ("marketing prospect"); or
- receive marketing communications from Intercom.
The below Privacy Policy applies to you irrespective of where you are based. There are certain additional parts of the Privacy Policy that will apply to you where you are a resident of the EEA, UK, Switzerland, or California. These additional parts do not apply to everyone.
1.4 For the purposes of the General Data Protection Regulation (or any successor or equivalent legislation in the UK) ("GDPR"), either Intercom R&D Unlimited Company or Intercom, Inc., Intercom Software UK Limited, Intercom Software Australia Pty Ltd, or any other Intercom group company from time to time, is the controller of your personal data.
2. PERSONAL DATA COLLECTED BY INTERCOM
2.1 PERSONAL DATA WE COLLECT AND RECEIVE
The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with the Intercom Services and Sites, or when you attend an event or visit our premises. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third party sources (as further described in the table).
We may collect the following personal data about:
- our website users;
- recipients of marketing communications; and
- marketing prospects.
Registration, contact, and company information:
- first and last names;
- email addresses;
- phone numbers;
- avatars;
- company name;
- your role in your company.
Payment information:
- credit card information;
- billing and mailing addresses;
- other payment-related information.
Device data:
- operating system type and version number, manufacturer and model;
- browser type;
- screen resolution;
- IP address;
- unique device identifiers.
Service data:
- the website you visited before browsing to the Intercom Services;
- how long you spent on a page or screen;
- how you interact with our emails;
- navigation paths between pages or screens;
- date and time;
- pages viewed;
- links clicked.
Third party source data:
- profile information gathered from social networking sites;
- information that you have viewed or interacted with our content;
- company information;
- job titles;
- avatars;
- email addresses;
- phone numbers;
- addresses;
- approximate geolocation data.
The sources of this third party personal data may include:
- contact enrichment and lead generation providers; and
- targeted online advertising providers
We may collect the following personal data about our office visitors:
Registration, contact and company information:
- first and last names;
- email addresses;
- phone numbers;
- company name;
Payment information:
- credit card information;
- billing and mailing addresses;
- other payment-related information.
Visitation Data
- time and date of arrival;
- photograph ID;
- signature;
- CCTV footage.
We may collect the following personal data about event attendees:
Registration, contact and company information:
- first and last names;
- email addresses;
- phone numbers;
- mailing addresses;
- company name;
- your role in your company.
Visitation Data
- time and date of arrival;
- photograph ID;
- signature;
- CCTV footage.
Third party source data:
- first and last names;
- email addresses;
- phone numbers;
- mailing addresses;
- company name;
- your role in your company.
The sources of this third party personal data may include:
- The event organizer
We may collect the following personal data about our customers and end-users (to the extent applicable):
Registration and contact information:
- first and last names;
- email addresses;
- phone numbers;
- mailing addresses;
- company name;
- your role in your company.
Payment information:
- credit card information;
- billing and mailing addresses;
- other payment-related information.
Device data:
- operating system type and version number, manufacturer and model;
- browser type and language;
- screen resolution;
- IP address;
- unique device identifiers.
Service data:
- the website you visited before browsing to the services;
- how long you spent on a page or screen;
- navigation paths between pages or screens;
- session date and time;
- activity status (including first seen, last seen, last heard from - and last contacted);
- pages viewed;
- links clicked;
- language preferences
- tags applied within customer accounts
- Intercom assigned user identifier.
Third party source data
- profile information gathered from social networking sites;
- information that you have viewed or interacted with our content;
- company information;
- job titles;
- avatars;
- email addresses;
- phone number;
- approximate geolocation data.
The sources of this third party personal data may include:
- Our identity resolution and insight management provider; and
- Our geolocation IP intelligence provider
2.2 COOKIES AND OTHER TRACKING TECHNOLOGIES
Some device data, service data and third party source data is collected through the use of first or third party cookies and similar technologies. The Intercom Messenger service (and specifically the domains widget.intercom.io and api-iam.intercom.io) does not collect, retain, or share data regarding a particular user's activity across multiple websites or applications that are not owned by Intercom. Intercom does assign each user a unique user ID within the scope of an individual website, but does not collect or retain IP or any information that would allow Intercom to identify the same particular user on more than one website. For more information, please see Intercom's Cookie Policy.
Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
3. HOW AND WHY WE USE YOUR PERSONAL DATA
3.1 We collect and process your personal data for the following purposes and, if you are from the European Economic Area (EEA), the UK or Switzerland, on the following legal bases:
- Providing and facilitating delivery of the Intercom Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the Intercom Services and Sites. For example, to create, administer and manage your account.
- Communicating with you about the Intercom Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the Intercom Services. For example, we may send you messages about the availability or security of the Intercom Services. We also process your personal data to respond to your comments and questions and to provide customer care and support. When we have entered into an agreement with you, we process your personal data as necessary to meet our contractual obligations to you.
- Improving the Intercom Services and Sites: We process your personal data to improve and optimize the Intercom Services and Sites and to understand how you use the Intercom Services and Sites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality in reliance on our legitimate interests or, where necessary, to the extent you have provided your consent.
- Sending marketing communications: We process your personal data to send you marketing communications via email, post or SMS about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent. Please see the "Your Privacy Rights and Choices" section below to learn how you can control your marketing preferences.
- Registering office visitors: We process your personal data for security reasons and for the purpose of hosting your visit to the extent such processing is necessary for our legitimate interests in protecting our premises and confidential information against unauthorized access and the safety of our staff and office visitors.
- Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you. This processing is based on our legitimate interest in ensuring the successful organization of the event, as well as providing you with relevant information regarding your participation.
- Maintaining security of the Intercom Services and Sites: We process your personal data to control unauthorized use or abuse of the Intercom Services and Sites, or otherwise detect, investigate or prevent activities that may violate Intercom policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the Intercom Sites and Services.
- Displaying personalized advertisements: We process your personal data to advertise to you and to provide personalized information, including by serving and managing advertisements on our Sites and on third party sites, in reliance on our legitimate interests to support our marketing activities and advertise our products and services or, where necessary, to the extent you have provided your consent.
- Carrying out other legitimate business purposes: including invoicing, audits, fraud monitoring and prevention. This processing is based on our legitimate interest in ensuring efficient business operations and on the necessity to comply with legal obligations.
- Complying with legal obligations: We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law.
3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which organizations can rely when processing personal data.
3.3 Please note these legal bases only apply to you if you are resident in the EEA, the UK or Switzerland.
3.4 If you have any questions about our legal bases for processing your personal data, please contact us through our Privacy Request Form.
4. SHARING YOUR PERSONAL DATA
4.1 We may disclose some or all of the personal data we collect to the following third parties:
To Intercom Group Companies:
- Intercom Inc.;
- Intercom R&D Unlimited Company;
- Intercom Software UK Limited;
- Intercom Software Australia Pty Ltd;
- Any such other group companies, as may be added to this list from time to time.
Service Providers:
- Consultants and vendors engaged by us to support our provision of the Intercom Services and Sites and the operation of our business;
- Any such other Service Providers, as may be added to the Subprocessor list, from time to time.
Advertising Partners:
Third party advertising companies may use cookies and similar technologies to collect information about your activity on the Intercom Services and other online services over time to serve you online targeted advertisements, including the companies listed in the third-party cookies section of our Cookie Policy.
Professional Advisors:
Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.
Compliance with Law Enforcement:
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- Enforce the terms and conditions that govern the Services; and
- Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Business Transfers:
- Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Intercom Group Companies (including, as part of a bankruptcy or similar proceeding).
4.2 Aggregated or anonymized information. We may also share aggregated or anonymized information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.
4.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third party websites for more information about how your personal data is processed by them.
5. RETENTION OF YOUR PERSONAL DATA
5.1 We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy.
5.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.
6. TRANSFERS OF YOUR PERSONAL DATA
6.1 The Intercom Services and Sites, and our messenger domains are provided and hosted in the United States. If you are located outside the United States, we may transfer, and process, your personal data outside of the country in which you are resident to other Intercom Group Companies and our service providers including to, Ireland, the UK, Australia and other such countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Privacy Policy wherever it is processed.
6.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.
6.3 If you are a resident of the EEA, the UK or Switzerland, we will protect your personal data when it is transferred outside of the EEA, the UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data; or otherwise ensuring appropriate safeguards are in place to protect your personal data. For transfers of your personal data to:
- Intercom Group Companies based in the US, we rely on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/;
- other Intercom Group Companies based outside of the US, we rely on the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA); and
- recipients who are located outside of the EEA, the UK or Switzerland, we rely on the EU-U.S. DPF, UK-U.S. DPF or Swiss-U.S. DPF where those recipients are located in the US or for onward transfers from the US, and otherwise we rely on the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
6.4 Intercom, Inc. complies with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. Intercom, Inc. has certified to the U.S. Department of Commerce that it adheres to (i) the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK-U.S. DPF and (ii) the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
6.5 In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Intercom, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF should first contact Intercom through our Privacy Request Form.
6.6 In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Intercom, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs“), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (“GRA“) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC“) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, it may be possible to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, see here for additional information.
Intercom, Inc. remains responsible if its service provider, when acting on its behalf, processes personal data in a manner inconsistent with the DPF Principles, unless it is not responsible for the event giving rise to the damage.
The Federal Trade Commission has jurisdiction over Intercom, Inc.’s compliance with the EU-U.S. Data Privacy Framework EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
7. HOW WE STORE AND SAFEGUARD PERSONAL DATA
We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards on our Security page: https://www.intercom.com/security.
8. YOUR PRIVACY RIGHTS AND CHOICES
8.1 Depending on your location and subject to applicable laws, you may have certain data protection rights. If you are a resident of the EEA or the UK you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
- You have the right to opt-out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the "unsubscribe" or "opt-out" link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us on the Intercom Messenger or by contacting us using the contact details below.
- Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here.
8.2 You can exercise any of these rights by submitting a request through our Privacy Request Form.
8.3 If you are a California resident, you can find information about how we use your personal data and about your privacy rights in Section 11 of this notice.
9. CHILDREN'S PRIVACY
Our Services and Sites are not intended for use by anyone under the age of 16. Intercom does not knowingly collect personal data from anyone under the age of 16. If you are under 16, you may not attempt to register for our Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal data from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal data, please contact us through our Privacy Request Form.
10. CHANGES TO THIS NOTICE AND QUESTIONS
10.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy.
10.2 We have appointed a Data Protection Officer responsible for managing and addressing inquiries related to this Privacy Policy. If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by Intercom, please contact us through our Privacy Request Form or by using the Contact Us link in the footer of this page.
11. COLLECTION AND USE OF PERSONAL DATA OF CALIFORNIA RESIDENTS
11.1 SCOPE
Except as otherwise provided, this Section 11 applies only if you are a California resident. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act of 2020 ("CPRA"), and any regulations promulgated under either law, in each case, as amended from time to time.
This Section 11 does not apply to;
- information exempted from the scope of the CCPA;
- activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or
- Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA.
11.2 YOUR CALIFORNIA PRIVACY RIGHTS
You have the following rights:
- Right to Information/Know You can request whether we have collected your Personal Information, and in certain cases, the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information we have collected.
- The categories of sources from which we collected the Personal Information.
- The business or commercial purpose for collecting, sharing, and/or selling Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom Personal Information was sold, shared, or disclosed for a business purpose.
- Right to Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Right to Correction. You can request that we correct inaccurate Personal Information that we have collected about you.
- Right to Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Right to Opt-Out of Tracking for Targeted Advertising Purposes. While we do not sell Personal Information for money, like many companies, we use services that help deliver targeted ads (also known as interest-based ads) to you, as we have described in the “How and Why We Use Your Personal Data” section above. The CCPA classifies our use of some of these services as “sharing” your Personal Information with the advertising partners that provide the services, from which you have the right to opt-out.
- Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.
11.3 HOW TO EXERCISE YOUR RIGHTS
- Right to Information/Know, Access, Correction, and Deletion. You can exercise any of these rights by submitting a request through our Privacy Request Form or by mailing us at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA, Attention: Compliance.
- Right to Opt-Out of Tracking for Targeted Advertising Purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by using our . Your request to opt-out will apply only to the browser and the device from which you submit the request.
Verification of Identity. We will need to verify your identity to process your information/know, access, correction, and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require you to log into an Intercom online account (if applicable), provide government identification, give a declaration as to your identity under penalty of perjury, and/or provide additional information. These rights are not absolute, and in some instances, we may decline your request as permitted by law.
Authorized Agents. Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of the valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.
11.4 PERSONAL INFORMATION THAT WE COLLECT, USE AND DISCLOSE
The table below describes our Personal Information practices by reference to the categories in the “Personal Data Collected by Intercom” section above and the categories described in the CCPA (Cal. Civ. Code Section 1798.140(v)) and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. Note that:
- We do not “sell” personal information as defined by the CCPA and have not sold Personal Information in the preceding 12 months.
- We do not use or disclose sensitive personal information for purposes that California residents have a right to limit under the CCPA.
CCPA statutory category Personal Information “PI” we collect in this category |
Business/commercial purpose for collection | Categories of third parties to whom we “disclose” PI for a business purpose | Categories of third parties with whom we “share” PI |
---|---|---|---|
Identifiers
|
|
|
Advertising partners (to facilitate online advertising) |
Professional or employment- related data
|
|
|
Advertising partners (to facilitate online advertising) |
Financial information
|
|
|
None |
Internet or network information
|
|
|
Advertising partners (to facilitate online advertising) |
Sensory information
|
|
|
None |
Inferences
|
|
|
Advertising partners (to facilitate online advertising) |