Privacy Policy

Last updated: February 2026

1. Introduction

Configly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at configly.app and use our Zendesk configuration management platform (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide, including:

  • Name and email address (when joining our waitlist, requesting beta access, or creating an account)
  • Company name
  • Number of Zendesk instances you manage
  • Payment information (when subscribing to paid plans)

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website addresses
  • Geographic location (country/city level)

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service. We use Google Analytics (measurement ID G-EHFS0GXXGM) to understand how visitors use our website. You can instruct your browser to refuse all cookies or indicate when a cookie is being sent.

2.4 Zendesk Configuration Data

When you connect your Zendesk instance to Configly, we access and store configuration metadata including: trigger definitions, automation rules, macro actions, view conditions, field definitions, and SLA policies.

Specifically, we store:

  • Versioned snapshots of your configuration state for comparison and analysis
  • Dependency mappings between configuration objects
  • Virtual changes created in What-If simulation mode

Incidental personal data in configuration metadata: Zendesk configuration objects may incidentally contain personal or business-sensitive data embedded by your organisation. This includes:

  • Agent names and email addresses in created_by and updated_by fields
  • Organisation names in trigger conditions (e.g. "if organisation is Acme Corp")
  • Tags that may reference customers or segments (e.g. vip_customer_acme, churn_risk)
  • Custom field options that may contain client names or identifiers
  • SLA policy names referencing specific clients
  • Macro content with business-specific information

We treat all stored configuration data with the same level of protection — encryption at rest, encryption in transit, and tenant isolation — regardless of whether specific fields contain incidental personal or business-sensitive data.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your waitlist registration and account creation
  • Provide configuration version control, comparison, and impact simulation
  • Generate dependency mappings and What-If analysis for your Zendesk configuration
  • Send you updates, marketing communications, and other information (with your consent)
  • Respond to your comments, questions, and support requests
  • Monitor and analyse usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

Legal basis for processing Zendesk configuration data: We process your configuration data on the basis of contractual necessity — it is required to provide the version control, comparison, and simulation services you have signed up for.

4. Information Sharing and Sub-processors

We may share your information in the following circumstances:

  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition, your information may be transferred.
  • With Your Consent: We may share information with your consent or at your direction.

We use the following sub-processors to deliver our Service:

  • Digital Ocean (London, LON1 region) — Infrastructure hosting, including servers and databases
  • Google Workspace — Email services for our configly.app domain
  • Google Analytics (measurement ID G-EHFS0GXXGM) — Website analytics and usage measurement
  • Sentry (Functional Software, Inc., EU region — Germany) — Error tracking and performance monitoring

We do not sell your personal information to third parties.

5. Error Monitoring and Diagnostics

We use Sentry (Functional Software, Inc.) for error tracking and performance monitoring to ensure the reliability and quality of our Service. When errors occur in our application:

  • Error logs may contain your IP address and user identifiers
  • Technical diagnostic information about the error is collected
  • No sensitive personal data (passwords, payment information, API keys) is included in error reports
  • Data is stored in Sentry’s EU region (Germany)
  • Error data is retained for 90 days
  • Data is processed under our Data Processing Agreement with Sentry, compliant with GDPR and Standard Contractual Clauses

For more information about how Sentry processes data, see Sentry’s Privacy Policy.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption in transit via TLS 1.2+ on all connections
  • Encryption at rest via AES-256 for all stored data
  • OAuth tokens encrypted with AES-256-GCM
  • Tenant isolation at the database level
  • Role-based access controls with minimum required OAuth scopes
  • Automated SSL/TLS certificate management

No method of transmission over the Internet or electronic storage is 100% secure, but we take the protection of your data seriously and continuously review our security practices.

7. Data Retention

  • Zendesk configuration data: Retained for the duration of your active subscription. Configuration snapshots are retained while your account is active.
  • On account deletion: All stored configuration data, snapshots, authentication tokens, and virtual changes are deleted. AI analysis cache data is purged within 30 days.
  • Waitlist and marketing data: Retained until you request removal.
  • Automatically collected data: Retained in accordance with our analytics provider's standard retention periods.

8. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to deletion: Request deletion of your account and all associated data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to withdraw consent: Where we rely on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International Data Transfers

Your data is stored and processed exclusively within the United Kingdom on Digital Ocean infrastructure in the London (LON1) region. We do not transfer your personal data outside the UK.

If this changes in the future, we will update this policy and ensure appropriate safeguards (such as UK International Data Transfer Agreements) are in place before any transfer occurs.

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

11. Third-Party Links

Our Service may contain links to third-party websites, including Zendesk. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will notify you by email where possible.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

14. UK Specific Information

Data controller: Configly.

Our legal bases for processing personal information are:

  • Contractual necessity: Processing required to provide the Service you have signed up for, including storing and analysing your Zendesk configuration data.
  • Legitimate interests: Service improvement, security monitoring, and fraud prevention, where these interests are not overridden by your rights.
  • Consent: Marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: Where we are required to process data to comply with the law.

Supervisory authority: The Information Commissioner's Office (ICO) — ico.org.uk

Data Processing Agreement: Enterprise customers can request a Data Processing Agreement — available at configly.app/dpa.