Security and trust for Zendesk customer data.
Auditrak is designed to handle sensitive support conversations with access, minimization and reporting controls.
Last updated: May 21, 2026.
Zendesk access
Auditrak connects to Zendesk through a read-only OAuth authorization approved by the customer's Zendesk administrator. Access is limited to reading the data in the selected scope: Auditrak never changes Zendesk configuration and never sends replies. Customers never share Zendesk passwords with Auditrak.
Data minimization
Auditrak is designed to process the Zendesk conversations in scope for the audit, not the whole Zendesk account by default. Reports focus on patterns, recommendations, review points and reviewable examples rather than unnecessary personal data.
- Zendesk internal notes are excluded by default.
- PII-aware preparation reduces unnecessary sensitive detail before analysis and reporting.
- Customer-facing reports preserve decision evidence without exposing more detail than the report needs.
Encryption
Auditrak uses HTTPS/TLS for data in transit. Where customer data is stored, Auditrak relies on managed providers that offer encryption at rest and operational security controls.
Service providers
Auditrak uses managed providers to host the product, store data, run analysis, generate reports and support the service. The public Subprocessors page lists the current provider set at a practical level.
Access control
Internal access to production systems is limited to authorized people who need it for development, support, operations or security. Access is reviewed as the operational process matures.
Logs and support
Auditrak uses service logs to troubleshoot reliability and customer-support issues. Logs are designed to avoid secrets, unnecessary ticket content and unnecessary personal data.
AI processing
Some analysis and report-generation steps use AI providers. Auditrak aims to send only the material required for the audit and report flow after PII-aware preparation and reduction of unnecessary sensitive detail.
Retention and deletion
Generated results, reports and support records are retained only as needed for service delivery, support, security, legal and backup purposes, or as agreed with the customer. Customers can request deletion or offboarding through support@auditrak.ai.
Incident contact
Security reports, suspected compromise, vulnerability notices or urgent data concerns should be sent to support@auditrak.ai with enough context to reproduce or investigate the issue.
Current status
Auditrak does not currently claim SOC 2, ISO 27001, HIPAA, PCI or equivalent third-party certification. This page describes current product and operational controls and will be updated if formal certifications or regulated-industry commitments become available.