GDPR and Data Privacy Settings
Configure data retention policies and ensure GDPR compliance for your support operations.
Data Processing Agreement
Before using SDesk, you need to accept the Data Processing Agreement (DPA):
- Go to Settings → GDPR & Privacy
- Read the DPA terms
- Click Accept DPA
- Your acceptance is logged with timestamp
Data Retention Policies
Control how long customer data is kept:
Auto-Delete Closed Tickets
- Go to Settings → GDPR & Privacy
- Enable Auto-delete closed tickets
- Set the retention period (e.g., 90 days, 1 year)
- Closed tickets older than this will be automatically deleted
Manual Deletion
To delete a specific ticket:
- Open the ticket
- Click the menu (three dots)
- Select Delete Ticket
- Confirm deletion
Customer Data Rights
SDesk supports GDPR customer rights:
Right to Access
Customers can view their tickets through the customer portal.
Right to Deletion
When a customer requests data deletion:
- Shopify sends a
customers/redactwebhook - SDesk automatically anonymizes the customer's data
- Personal information is removed from tickets
What Data We Store
- Customer Info: Email, name (from tickets)
- Ticket Content: Messages, attachments
- Order Links: References to Shopify orders
- Activity Logs: Agent actions on tickets
AI Copilot Privacy
When using AI features:
- Personal information (names, emails, addresses) is stripped before sending to AI
- AI responses have PII re-inserted afterward
- No customer data is stored by the AI provider
- All AI usage is logged (without PII)
Data Export
To export customer data for a subject access request:
- Search for tickets from that customer
- Export ticket data as needed
- Include only relevant information
Compliance Checklist
- Accept the Data Processing Agreement
- Set appropriate data retention periods
- Train team on handling data requests
- Review AI Copilot privacy settings