Intercom is a subprocessor to LemonadeLXP that can be disabled from the administrative area. It enables agent-to-learner support, as well as messaging campaigns that are often used to motivate behavior.
Intercom is:
SOC2 compliant
EU-US Privacy Shield compliant
CSA compliant
Security Highlights:
Uses PBKDF function to store credentials
Enforces password complexity standards
Are hosted in us-east-1 (AWS)
Operate within their own VPC on AWS
Produce audit logs for all activity; logs are shipped to Graylog and S3 is used for archival purposes.All actions taken on production consoles or in the Intercom application are logged.
Access to customer data is limited to authorized employees who require it for their job
Intercom is served 100% over https
All data sent to or from Intercom is encrypted in transit using 256 bit encryption
API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests
If you have additional security questions or concerns, you can direct them to [email protected].
Information Shared with Intercom
For end users: nothing is automatically shared. During the support cycle, the user might be asked to volunteer an email address to Intercom in order to receive reply notifications. The user reserves the right to decline sharing their email address and in such a case can receive support within the Intercom widget.
For administrators: first name, last name and email are automatically shared. This is done to help us provide better assistance to instance administrators, and to help us validate advanced support requests under the umbrella of our MSA.