Terms & Policies
Intercom European Data Hosting Addendum
- These Intercom European Data Hosting Terms of Service (“EDH Terms”) entered into by and between Intercom R&D Unlimited Company, an Irish company with offices at 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland ("Intercom" “us” or “we”) and the entity or person placing an order via an applicable Order Form for or accessing any EDH Services ("Customer" or "you"). “EDH Services” are defined as the European Data Hosting features and services set forth in these EDH Terms. In order to use EDH Services, you must agree to these EDH Terms.
- By agreeing to these EDH Terms, you represent that your registered address is located in one of the following locations: a member state of the European Economic Area (“EEA”), Switzerland, or the United Kingdom.
- You may use EDH Services only upon approval by Intercom. The Intercom Terms of Service (https://www.intercom.com/legal/terms-and-policies) (“Terms”) are incorporated by reference and will control for any provisions not addressed in these EDH Terms. The Terms continue to apply with regard to your use of the Services (as defined in the Terms) and use of any Services. In the event that you are no longer a customer in good standing of Intercom, your use of the EDH Services will be terminated.
- All capitalized terms not defined in the EDH Terms have the meanings set forth in the Terms.
- Unless stated otherwise, in the event of a conflict between these EDH Terms, including any attachments herein, and any other applicable terms including the Terms, the provisions of these EDH Terms will control but only with respect to the subject matter hereof. For the avoidance of doubt, these EDH Terms will control in the event of a conflict with either the Terms or a Master SaaS Subscription Agreement (MSSA).
2. EDH Services
- The EDH Services may be a separate, stand-alone Service (as defined in the Terms) or may be a feature of existing Services. By agreeing to and complying with these EDH Terms we grant you a non-exclusive, revocable, non-transferable, limited license to use the EDH Services.
- Description of the EDH Services:
- European Data Hosting (“EDH”) is a stand-alone instance of Intercom, running in Dublin, Ireland.
- Under EDH, the vast majority of data associated with an EU-based (or United Kingdom or Switzerland based) Intercom workspace stays local to that Dublin datacenter. This includes:
- All Visitor and Contact data collected by the Messenger for a workspace
- All the Conversation data that happens via the Messenger for a workspace
- All the data attributes or events a Customer collects on their workspace
- The only personal data that may leave the EU will be:
- The Intercom Customer’s name, email, credit card data. We require this for processing in our US-based billing systems.
- Workspace administrative data like name, email, etc., that Intercom collects in providing customer services such as support to our Customers—please see Section 2(b)(vi) below for more details.
- EDH will provide the following functionality in comparison to the US instance of Intercom:
- Business Messenger, including Live Chat, in-product messages, outbound emails, banners, mobile carousels, product tours, video tours and push notifications;
- Bots, including lead qualification bot, custom bots, apps in bots;
- Customization, including customizable Messenger, Messenger visibility, unbranded Messenger, multi-brand support and message versioning;
- Conversation Management, including team inboxes, conversation tags, snooze notifications, office hours, Inbox Views, inbound email, conversation ratings, saved replies, articles in conversations, multiple teams, automated assignment rules, round-robin assignment, priority rules, team-level office hours, agent inactivity, SLA rules and workload management;
- Ticket Workflows, including ticket IDs & titles, data collection bot, conversation data routing rules, duplicates & merging;
- Help Center, including help center, multilingual help center and private help center;
- Outbound Messaging, including Series, A/B testing & goals, Message control groups and account-based marketing;
- Reporting, including conversation volume report, leads report, report sharing (beta), effectiveness report and team performance report;
- Security & Permissions including 2-factor authentication, permissions, custom role permissions, activity logs and single sign-on / SAML;
- Customer Data Platform, including people & company list, standard & custom data attributes, custom events, user & company segments;
- API access
- The following features will explicitly not be supported for EDH: https://www.intercom.com/help/en/articles/5778275-additional-details-on-intercom-european-data-hosting. Please note that over time, this list may change as more features are added to EDH availability.
- As per our Support policy, Support is provided 24 hours per day, 7 days per week. Intercom has a globally distributed team that provides this level of coverage. The main customer support team is based in the EU and the vast majority of support issues are responded to and resolved by EU-based employees. However, incident submissions made outside of EU working hours may be initially responded to by non-EU based employees. As sensitive data can not leave the EU, there may be times when the resolution of certain support issues will need to be escalated to an EU based employee.
3. Customer Obligations
- As part of using the EDH Services, you may be asked to provide feedback regarding your use of the EDH Services. You acknowledge that we own any feedback provided, and you hereby grant to us, if for any reason it is further needed, a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any of our products or services at any time at our sole discretion. If we choose to publish such feedback, we will either do so in a way that does not identify you or seek your consent in the event we do wish to identify you. We may also monitor how you use the EDH Services and use that information to improve the EDH Services or our other products and services.
- You understand that even with these EDH Services enabled, Intercom cannot control or be held responsible for errors in transmission, third-party access (unauthorized or otherwise), third country transfers, or other causes beyond Intercom’s control. This includes but is not limited to your use of third-party tools or integrations in conjunction with the EDH Terms.
Sections 1b, 2, 3, and 4 will survive the expiration or termination of the EDH Terms.
Intercom may discontinue the EDH Services at any time, in its sole discretion, with or without notice. With respect to the EDH Services and in the event of a conflict with the Agreement or elsewhere in these EDH Terms, this paragraph will supersede any other terms and conditions contained herein or in the Terms or other applicable terms.
Project Europe Data Processing Addendum
The Data Processing Addendum located at https://www.intercom.com/legal/data-processing-agreement is hereby incorporated by reference but with the following modifications:
- Section 7. i. “Authorization for Sub-processing” is replaced as follows: Customer agrees that Intercom engages Amazon Web Services, Inc. (“AWS”) for hosting and storage and this occurs in Dublin, Ireland. Intercom’s use of Sub-processors including Intercom Affiliates) may be updated from time to time; and (b) such Affiliates and Sub-processors respectively may engage third party processors to process Customer Data on Intercom's behalf. Customer provides a general authorization for Intercom to engage onward sub-processors that is conditioned on the following requirements: (a) Intercom will restrict the onward sub-processor’s access to Customer Data only to what is strictly necessary to provide the Services, and Intercom will prohibit the Sub-processor from processing the Personal Data for any other purpose. (b) Intercom agrees to impose contractual data protection obligations, including appropriate technical and organizational measures to protect personal data, on any sub-processor it appoints that require such sub-processor to protect Customer Data to the standard required by Applicable Data Protection Legislation; and (c) Intercom will remain liable and accountable for any breach of this DPA that is caused by an act or omission of its sub-processors.
- Section 7. ii. “Current Sub-processors and Notification of Sub-processor Additions” is replaced as follows:
- Customer understands that effective operation of the Services may require the transfer of Customer Data to Intercom Affiliates, such as Intercom, Inc., or to Intercom's Sub-processors. Customer hereby authorizes the transfer of Customer Data to locations outside Europe (as outlined in Section 2. b. (Description of the EDH Service) of the EDH Terms), including to Intercom Affiliates and Sub-processors, subject to continued compliance with this DPA throughout the duration of the Agreement. Customer hereby provides general authorization to Intercom engaging additional third-party Sub-processors to process Customer Data within the Services for the Permitted Purposes. Intercom may, by giving reasonable notice to the Customer add or replace Sub-processors at least 10 days prior to any such changes. If Customer objects to the appointment of an additional Sub-processor within thirty (30) calendar days of such notice on reasonable grounds relating to the protection of the Personal Data, then Intercom will work in good faith with Customer to find an alternative solution. In the event that the parties are unable to find such a solution, Customer may terminate the Agreement at no additional cost.
- Section 12. i. “Location of Processing” is replaced as follows: Location of Processing is governed by Section 2. b. (Description of the EDH Service) of the EDH Terms.
- “Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring physical security of locations at which personal data are processed” is replaced as follows: Physical Access Control. Intercom’s services and data are hosted in AWS’ facilities in Ireland and protected by AWS in accordance with their security protocols. Access only to approved personnel. All personnel who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires.
- “Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services: All Customer Data is permanently stored in the USA and is backed up for disaster recovery. ” is replaced as follows: All Customer Data is permanently stored in Ireland and is backed up for disaster recovery.
- “Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services: Intercom’s data security, high availability, and built-in redundancy are designed to ensure application availability and protect information from accidental loss or destruction. Intercom’s Disaster Recovery plan incorporates geographic failover between its 3 U.S. data centers. Subscription Service restoration is within commercially reasonable efforts and is performed in conjunction with AWS’ ability to provide adequate infrastructure at the prevailing failover location. All of Intercom recovery and resilience mechanisms are tested regularly and processes are updated as required. ” is replaced as follows: Intercom’s data security, high availability, and built-in redundancy are designed to ensure application availability and protect information from accidental loss or destruction. Intercom’s Disaster Recovery plan incorporates geographic failover across multiple isolated availability zones in the region. Subscription Service restoration is within commercially reasonable efforts and is performed in conjunction with AWS’ ability to provide adequate infrastructure at the prevailing failover location. All of Intercom recovery and resilience mechanisms are tested regularly and processes are updated as required.
- “Schedule 3 LIST OF SUB-PROCESSORS Annex III” is replaced as follows:
- Security, Privacy and Compliance Information for Intercom
Intercom is a data processor and engages certain onward subprocessors that may process personal data submitted to Intercom’s services by the controller. These subprocessors are listed below, with a description of the service and the location where data is hosted. This list may be updated by Intercom from time to time.
Please visit https://www.intercom.com/legal/security-third-parties and scroll down to “EU Data Hosting”.
- Security, Privacy and Compliance Information for Intercom