Data Manager Privacy Policy

Effective Date: May 31, 2026

This Privacy Policy describes how Agile Plan Group ("we," "us," "our") handles information when you use the Data Manager app ("Data Manager," "the App"), a Zendesk Marketplace application. This policy applies only to Data Manager. Other Agile Plan Group products have their own separate privacy policies.

Data Manager is offered in three tiers — Free, Pro, and Auditor. The Free and Pro tiers run entirely client-side inside your Zendesk account. The Auditor tier additionally connects to a backend service we operate on Amazon Web Services to enable rule drill-down (showing which tickets each trigger, automation, or macro fired on). Where this policy distinguishes between tiers, it says so explicitly.

1. What Data Manager Accesses

Across all tiers, Data Manager reads the following data from your Zendesk Support account to display it in sortable, searchable tables:

User records — name, email, role, phone, organization membership, tags, timestamps, last login, and any active custom user fields.
Organization records — name, domain names, details, notes, tags, timestamps, and any active custom organization fields.
Custom field definitions — the metadata describing your custom user and organization fields (titles, keys, types).

On the Pro and Auditor tiers, Data Manager additionally reads:

Triggers, Automations, and Macros — the rule definitions (titles, conditions, actions, active/inactive status, last-modified timestamps) needed to display the audit tabs.

On the Auditor tier only, Data Manager additionally processes:

Ticket audit data — when you click a rule for drill-down, our backend uses your stored OAuth token to fetch the audit log of recent tickets (last 7 days) from Zendesk's API. From those audits we extract ticket IDs, the IDs of the triggers/automations/macros that fired, ticket status, requester name, organization name, and timestamps — only what's needed to populate the drill-down table.

On the Free and Pro tiers, Data Manager does not access ticket data of any kind. On the Auditor tier, Data Manager accesses ticket-level information only in the context of drill-down — see Section 3 for details on what is and isn't included. Data Manager never accesses end-user personal data within ticket conversations, ticket comments, attachments, private agent notes, or any data beyond what is explicitly listed in this policy.

2. How Data Manager Uses Data — Free and Pro Tiers

    On the Free and Pro tiers, Data Manager runs entirely inside your Zendesk instance in the agent's browser. Data is fetched in real time through the Zendesk App Framework (ZAF), displayed in the App, and discarded when the agent closes it. We do not store or transmit your Zendesk data to any external server.
  

All data access on these tiers happens client-side using the logged-in agent's existing Zendesk session. No credentials, tokens, or raw Zendesk data leave your Zendesk account through Data Manager.

3. How Data Manager Uses Data — Auditor Tier

The Auditor tier adds rule drill-down — the ability to click any trigger, automation, or macro and see the actual tickets it fired on. To enable this feature, Auditor uses a backend service we operate on Amazon Web Services (AWS) in the US West (N. California) region.

When you upgrade to Auditor, the App initiates a standard OAuth authorization flow with Zendesk. You are shown a Zendesk consent screen listing the scopes the App requests. If you approve, the following happens:

Zendesk issues an OAuth access token and refresh token scoped to your account.
These tokens are sent to our backend over TLS and stored in an encrypted Amazon DynamoDB table. Tokens are encrypted at rest using AWS Key Management Service (KMS) with a key dedicated to Data Manager.

Drill-down is fetched on demand. When you click a rule in the App, your browser calls our backend. The backend uses your stored OAuth token to query Zendesk's standard ticket audit API for recently updated tickets, extracts the rule-fire events for the rule you selected, and returns the list of matching tickets (ID, subject, status, requester name, organization, fire timestamp, and a direct link to the ticket).

To keep the experience responsive, drill-down results are cached in a DynamoDB table for 5 minutes per (account, rule) pair, then automatically purged via DynamoDB time-to-live (TTL). We do not maintain a long-term database of your ticket events. The data returned to your browser and briefly cached includes: ticket ID, ticket subject, ticket status, requester name, organization name, the timestamp of the rule fire, and a link back to the ticket in Zendesk. We do not receive ticket comments, attachments, end-user replies, internal notes, or any other ticket content beyond the fields listed.

Auditor's backend is read-only with respect to your Zendesk data. The OAuth scopes the App requests do not grant write permissions, and our backend never modifies tickets, users, organizations, triggers, automations, or macros in your account.

4. What We Store Locally in Your Browser

On all tiers, Data Manager stores the following in the agent's browser localStorage, scoped to your Zendesk subdomain:

Column preferences (which columns are visible, their order, their sort)
Saved view configurations (names and their associated layouts)

This data never leaves the agent's browser and is not transmitted to our backend. It persists until the agent clears their browser data or uninstalls the App.

5. Sub-Processors and Third-Party Services

Data Manager relies on the following service providers:

Zendesk — provides the App Framework, the OAuth authorization flow, and the API our backend calls. Zendesk's own Privacy Notice governs how Zendesk processes this data.
Amazon Web Services (AWS) — hosts our Auditor-tier backend (Lambda, API Gateway, DynamoDB, KMS) in the US West (N. California) region. AWS's Privacy Notice governs their handling of data on our behalf.
Stripe — processes payment information for Pro and Auditor subscriptions, billed through the Zendesk Marketplace. We do not see or store your full payment card details. Stripe's Privacy Policy governs payment data.
Formspark — processes bug report submissions made through the App. Formspark's Privacy Policy governs their handling of submissions.

Data Manager does not use third-party analytics, advertising, or tracking services.

6. Data Security

Data Manager uses Zendesk's authenticated App Framework for all in-browser data access, which inherits the security protections of your Zendesk account, including TLS encryption in transit. Browser-stored preferences live in localStorage scoped to your Zendesk subdomain.

For the Auditor tier:

All communication between your browser, our backend, and Zendesk is over TLS.
OAuth tokens are encrypted at rest with AWS KMS using a dedicated customer-managed key.
Backend access is limited to a narrowly scoped IAM role used by our Lambda functions; there are no human standing-credentials with access to your stored tokens.
Drill-down cache entries expire automatically after 5 minutes.
The OAuth scopes Data Manager requests are read-only; our backend cannot modify any data in your Zendesk account.

7. Data Retention

Free and Pro tiers retain no Zendesk data after the agent closes the App; browser preferences persist in the agent's browser until cleared.

For Auditor:

OAuth tokens — retained for the duration of your subscription and deleted within 30 days of uninstall or cancellation.
Subscription metadata (your Zendesk subdomain, plan tier, install date) — retained for the duration of your subscription and deleted within 30 days of cancellation.
Drill-down cache — automatically deleted 5 minutes after it is written.
Operational logs (CloudWatch Logs from our Lambdas) — retained for 30 days.
Bug-report submissions — retained in Formspark and our email until you request deletion.

8. Your Rights and Choices

You have the right to:

Uninstall Data Manager at any time through your Zendesk admin panel. Uninstalling immediately ends all client-side data access. For Auditor customers, uninstalling also triggers deletion of stored OAuth tokens within 30 days.
Revoke our backend's access at any time from your Zendesk admin panel under "OAuth Clients." Revocation immediately disables Auditor-tier features.
Request export or deletion of any Auditor data we hold about your account by emailing support@agileplangroup.com. We will respond within 30 days.
Clear browser-stored preferences by clearing localStorage for your Zendesk domain.
Contact us with any privacy-related concerns.

9. International Data Transfers

Auditor-tier data is processed and stored in the United States (AWS US West region). If you access Data Manager from outside the United States, you consent to the transfer of your data to the United States for processing as described in this policy.

10. Children's Privacy

Data Manager is an administrative tool intended for use by Zendesk agents and administrators. It is not directed to children under 13 and we do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised effective date. Your continued use of Data Manager after changes are posted constitutes acceptance of the updated policy. Material changes will be communicated through the Marketplace listing or by email to active subscribers.

12. Contact Us

Agile Plan Group

Email: support@agileplangroup.com

Website: agileplangroup.com