Privacy Policy

Last updated: February 2026

1. Introduction

Configly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at configly.app and use our Zendesk configuration management platform (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide, including:

  • Name and email address (when joining our waitlist, requesting beta access, or creating an account)
  • Company name
  • Number of Zendesk instances you manage
  • Payment information (when subscribing to paid plans)

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website addresses
  • Geographic location (country/city level)

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. We use Google Analytics (measurement ID G-EHFS0GXXGM) to understand how visitors use our website. Analytics cookies are only set after you provide consent via our cookie banner. You can change your preferences at any time using the "Manage Cookies" link in the footer.

Cookies We Use

Cookie Category Duration Purpose
configly_consent Essential 12 months Stores your cookie consent preference (all or essential)
_ga Analytics 2 years Google Analytics — distinguishes unique users. Only set with your consent.
_ga_EHFS0GXXGM Analytics 2 years Google Analytics — maintains session state. Only set with your consent.

We also use sessionStorage (not cookies) to temporarily store UTM campaign parameters during your visit. These are automatically cleared when you close your browser tab and are disclosed here for transparency.

2.4 Zendesk Configuration Data

When you connect your Zendesk instance to Configly, we access and store configuration metadata including: trigger definitions, automation rules, macro actions, view conditions, field definitions, and SLA policies.

Specifically, we store:

  • Versioned snapshots of your configuration state for comparison and analysis
  • Dependency mappings between configuration objects
  • Virtual changes created in What-If simulation mode

Incidental personal data in configuration metadata: Zendesk configuration objects may incidentally contain personal or business-sensitive data embedded by your organisation. This includes:

  • Agent names and email addresses in created_by and updated_by fields
  • Organisation names in trigger conditions (e.g. "if organisation is Acme Corp")
  • Tags that may reference customers or segments (e.g. vip_customer_acme, churn_risk)
  • Custom field options that may contain client names or identifiers
  • SLA policy names referencing specific clients
  • Macro content with business-specific information

We treat all stored configuration data with the same level of protection — encryption at rest, encryption in transit, and tenant isolation — regardless of whether specific fields contain incidental personal or business-sensitive data.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your waitlist registration and account creation
  • Provide configuration version control, comparison, and impact simulation
  • Generate dependency mappings and What-If analysis for your Zendesk configuration
  • Send you updates, marketing communications, and other information (with your consent)
  • Respond to your comments, questions, and support requests
  • Monitor and analyse usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

Legal basis for processing Zendesk configuration data: We process your configuration data on the basis of contractual necessity — it is required to provide the version control, comparison, and simulation services you have signed up for.

4. Information Sharing and Sub-processors

We may share your information in the following circumstances:

  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition, your information may be transferred.
  • With Your Consent: We may share information with your consent or at your direction.

We use the following sub-processors to deliver our Service:

  • Zendesk — your Zendesk instance, where Configly reads configuration and (via Apply Changes) writes configuration
  • GitHub — if you enable GitHub Sync, Configly commits your Zendesk configuration as YAML to a repository you nominate
  • Anthropic (Claude) — powers AI analysis features and the in-product support assistant. For AI analysis: receives configuration object names, conditions, and actions for the items you submit for analysis. For the support assistant: receives the messages you send to the assistant and your account identity (name, email, plan tier) so the assistant can answer in context
  • Sentry (Functional Software, Inc., EU region — Germany) — Error tracking and performance monitoring
  • Stripe — Billing. Receives your billing email address and account identifier; payment cards are entered directly into Stripe and never traverse Configly
  • Brevo — Transactional email delivery (welcome emails, password resets, billing notifications)
  • Google and Microsoft — if you sign in with these providers, they handle authentication and return your name and email to Configly
  • Google Workspace — hosts the [email protected] mailbox. Inbound support emails are received by Google Workspace before being forwarded to our Zendesk instance. Google Workspace therefore processes the content of any email you send to [email protected]
  • DigitalOcean (London, LON1 region) — Infrastructure hosting, including servers and databases
  • Google Analytics (measurement ID G-EHFS0GXXGM) — Analytics on our marketing site (configly.app) to understand visitor patterns. Google Analytics is not loaded inside the Configly application itself

We do not sell your personal information to third parties.

5. Error Monitoring and Diagnostics

We use Sentry (Functional Software, Inc.) for error tracking and performance monitoring to ensure the reliability and quality of our Service. When errors occur in our application:

  • Error logs may contain your IP address and user identifiers
  • Technical diagnostic information about the error is collected
  • No sensitive personal data (passwords, payment information, API keys) is included in error reports
  • Data is stored in Sentry’s EU region (Germany)
  • Error data is retained for 90 days
  • Data is processed under our Data Processing Agreement with Sentry, compliant with GDPR and Standard Contractual Clauses

For more information about how Sentry processes data, see Sentry’s Privacy Policy.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption in transit via TLS 1.2+ on all connections
  • Zendesk OAuth access tokens, OAuth refresh tokens, Zendesk API tokens, and GitHub OAuth tokens encrypted at rest with AES-256-GCM
  • Application data (configuration metadata, snapshots, dependency data) stored in PostgreSQL on isolated infrastructure that is not exposed to the public internet
  • Tenant isolation enforced at the application layer; each customer’s data is scoped by user on every query
  • Automated SSL/TLS certificate management

No method of transmission over the Internet or electronic storage is 100% secure, but we take the protection of your data seriously and continuously review our security practices.

7. Data Retention

  • Zendesk configuration data: Retained for the duration of your active subscription. Configuration snapshots are retained while your account is active.
  • On account deletion: All stored configuration data, snapshots, authentication tokens, virtual changes, and AI analysis cache data are deleted. A billing audit record is retained for accounting purposes.
  • Waitlist and marketing data: Retained until you request removal.
  • Automatically collected data: Retained in accordance with our analytics provider's standard retention periods.

8. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to deletion: Request deletion of your account and all associated data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to withdraw consent: Where we rely on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International Data Transfers

Your data is stored and processed exclusively within the United Kingdom on Digital Ocean infrastructure in the London (LON1) region. We do not transfer your personal data outside the UK.

If this changes in the future, we will update this policy and ensure appropriate safeguards (such as UK International Data Transfer Agreements) are in place before any transfer occurs.

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

11. Third-Party Links

Our Service may contain links to third-party websites, including Zendesk. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will notify you by email where possible.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

14. UK Specific Information

Data controller: Configly.

Our legal bases for processing personal information are:

  • Contractual necessity: Processing required to provide the Service you have signed up for, including storing and analysing your Zendesk configuration data.
  • Legitimate interests: Service improvement, security monitoring, and fraud prevention, where these interests are not overridden by your rights.
  • Consent: Marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: Where we are required to process data to comply with the law.

Supervisory authority: The Information Commissioner's Office (ICO) — ico.org.uk

Data Processing Agreement: Enterprise customers can request a Data Processing Agreement — available at configly.app/dpa.

See also: Terms of Service · Data Processing Agreement