Security
Security and trust for Zendesk customer data.
Auditrak is designed to handle sensitive support conversations with access, minimization and reporting guardrails.
Last updated: May 16, 2026.
01
Zendesk access
Auditrak connects to Zendesk through permissions approved by the customer's Zendesk administrator. Customers should not share Zendesk passwords with Auditrak.
02
Data minimization
Auditrak is designed to process the tickets selected for the audit, not everything in Zendesk by default. Reports focus on patterns, recommendations, caveats and reviewable examples rather than unnecessary personal data.
- Zendesk internal notes are excluded by default.
- PII-aware preparation reduces unnecessary sensitive detail before analysis and reporting.
- Customer-facing reports are designed to preserve decision evidence without exposing more detail than needed.
03
Encryption
Auditrak uses HTTPS/TLS for data in transit. Managed service providers are expected to provide encryption at rest for systems that store customer data.
04
Service providers
Auditrak uses managed providers to host the product, store data, run analysis, generate reports and support the service. The public Subprocessors page lists the current provider set at a practical level.
05
Access control
Internal access should be limited to people who need it for development, support, operations or security. Access should be restricted and reviewed where practical.
06
Logs and support
Auditrak uses service logs to troubleshoot reliability and customer-support issues. Logs should avoid secrets, unnecessary ticket content and unnecessary personal data.
07
AI processing
Some analysis and report-generation workflows use AI providers. Auditrak aims to send only the material required for the selected workflow after PII-aware preparation.
08
Retention and deletion
Generated results, reports and support records are retained only as needed for service delivery, support, security, legal and backup purposes, or as agreed with the customer. Customers can request deletion or offboarding through support@auditrak.ai.
09
Incident contact
Security reports, suspected compromise, vulnerability notices or urgent data concerns should be sent to support@auditrak.ai with enough context to reproduce or investigate the issue.
10
Current status
Auditrak does not currently claim SOC 2, ISO 27001, HIPAA, PCI or equivalent third-party certification. This page describes current product and operational controls and will be updated if formal certifications or regulated-industry commitments become available.