Access and availability
Does my plan include Data connectors for Fin?
Data connectors can be used by Fin on all pricing plans and you’ll be charged per resolution.
Can Fin use Data connectors on regionally hosted workspaces?
Data connectors are available on all US and EU hosted workspaces. Availability on AU hosted workspaces is coming soon.
Data privacy and security
How is sensitive data handled in conversations with Fin?
Intercom offers a PAN redaction feature which scans conversation content for numbers that look like credit card numbers and that pass a Luhn check. If a matching number is found, it will be masked up to the last 4 digits of the number, and customers will see a redacted version in web Messenger and both iOS and Android SDKs. The number will also appear redacted in the conversation in the Inbox.
For additional control, you can install the Strac app to detect and redact sensitive data from Intercom messages and attachments. This allows you to configure a list of sensitive data elements (SSN, DoB, Drivers License, Passport, Credit Card, Debit Card, API Keys, etc.) to redact.
How do I prevent bad actors from impersonating?
Before setting a Data connector live for your logged in users, you are required to set up Identify Verification. Data is only exposed to users whose identity has been verified.
With Identity Verification, you generate a unique user hash for each of your users based on their email address or user_id and your workspaces’s identity verification secret (available from your Intercom security settings). Your integration will generate and send these hashes along with every Messenger request, which avoids bad actors from impersonating your users and Fin delivering a personalized answer using someone else's data.
How do I ensure Fin doesn't share personal data with someone who isn't the user?
There are two potential ways that this could happen. See the table for the recommended settings to best mitigate this risk:
Use Case | Risk | Best practice to mitigate |
Fin retrieves personalized data for a customer based off a user ID stored in an Intercom CDA. | A bad actor could manipulate the CDA value in order to get Fin to retrieve data from another account. | We recommend that you prevent the ability for users to make updates to these attributes via the Messenger. This helps to ensure that bad actors cannot access data not belonging to them. To set this up, navigate to Settings > Data > People, select the relevant attribute and toggle on "Prevent updates via the Messenger".
|
Fin retrieves personalized data for a customer based off a data value collected by Fin. | A bad actor could provide a value to Fin for an account that they should not have access to. | We recommend that you perform checks on the API server side to ensure that the user has access control for the data requested. |
Fin retrieves personalized data for a customer based off a data value collected by Fin. | Fin hallucinates a value for another customer, retrieving the wrong data. | The risk of this hallucination, while not zero, is low.
However we do recommend that you perform checks on the API server side to ensure that the user has access control for the data requested. |
How do I ensure that Fin doesn't accidentally share information from another user?
Fin will only be able to read data you’ve given access to in the Preview tab. Fin will use this data to generate responses based on a user’s question. If there’s sensitive internal data you do not want Fin to access, select Restricted data access and only give access to fields you want Fin to use to generate responses.
Additionally, you can transform the response data with customer facing names and values. For example, instead of application status “Pending four eyes check” you can transform the value to something language you would use with your customer such as “Pending review”.
Storage, authorization, and execution
How are tokens stored in Data Connectors?
Tokens are stored as part of the header configuration. For these values, we encrypt data at rest. Read more about security at Intercom here.
What authentication options do Data Connectors support?
Data connectors support both fixed and dynamic tokens for authentication. You can set up and manage your authentication tokens that you want to use in the request, which can then be added to the header.
How are requests executed in Data Connectors?
All request configurations (Body, URL and Headers) are encrypted at rest.
Our backend sends all requests. Which means we do not make any API calls from the browser. For example, when a user triggers an action, this action is triggered by the Intercom system and not the UI.
Important: Third-party data is not validated by Intercom, and your Data connector may overwrite data you've stored in Intercom. You should ensure that you trust the data returned from a Data connector.
What IP addresses does Intercom send Data connector requests from?
You may need to allowlist the following Intercom IP addresses (which we send Data connector, Canvas Kit and webhook requests from) in order to accept Intercom requests on your side. These are as follows:
USA:
34.231.68.152
34.197.76.213
35.171.78.91
35.169.138.21
52.70.27.159
52.44.63.161
Europe:
54.217.125.63
54.246.173.113
54.216.9.3
Australia:
52.63.36.185
3.104.68.152
52.64.2.165
Fin’s behavior using Data connectors
When does Fin use a Data connector instead of other available content?
Fin AI Agent doesn't distinguish between using content vs Data connectors. It looks for the most relevant answer to resolve the conversation and sends this to the customer.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts