Intercom Australia Data Hosting Addendum

Terms & Policies

Terms of Service
Definitions
Intercom Services
Customer Data and Customer Obligations
Security
Third-Party Platforms and Third Party Messaging Apps
Ownership
Subscription Term, Fees & Payment
Term and Termination
Limited Warranty
Availability and Service Credits
Support
Limitation of Remedies and Damages
Indemnification
Confidential Information
Publicity
General Terms
Privacy Policy
Purpose and Scope
Personal Data Collected by Intercom
How and Why We Use Your Personal Data
Sharing Your Personal Data
Retention of Your Personal Data
Transfers of Your Personal Data
Privacy Shield
How We Store and Safeguard Personal Data
Your Privacy Rights and Choices
Children’s Privacy
Changes to this Notice and Questions
Collection and Use of Personal Data of California Residents
Data Processing Addendum
Support Policy
Premier Services Policy
Cookie Policy
Introduction
Cookies and similar technologies and the processing of personal data
What are cookies?
Why do we use cookies?
What type of cookies do we use and what are they used for?
Security Policy
Overview
Security Team
Best Practices
Infrastructure
Data
Data Transfer
Authentication
Permissions and Admin Controls
Application Monitoring
Security Audits and Certifications
Customer Responsibilities
Subprocessors List
E.U. - U.S. and Swiss - U.S. Privacy Shield Policy
Intercom Website Terms of Use
Acceptance of Terms
Permission to Use the Site
User Content
Restrictions on User Content and Your Conduct
Intellectual Property Rights in User Content
User Content You Post Becomes Public
We Are Not Responsible for User Content
Proprietary Rights
Enforcement of Copyrights
Notify Us of Infringers
How to Communicate with Us
Site Availability
Links to Other Sites
Warranty Disclaimer
Limitation of Liability
Indemnity
Termination and Suspension
Governing Law and Dispute Resolution
General Terms
Academy Terms
Intercom Academy Terms
Access
Participant Responsibilities
Restrictions on Use
Badges
Ownership
Feedback
Privacy
Suspension and Termination
Disclaimer
Modifications
Independent Contractors
Service Level Agreement
Acceptable Use Policy
How We Bill
Billing Cycle
Overages and Credits
Estimating Your Upcoming Invoice
Code of Conduct
Humanity
Ethics
Reporting
Trademark Usage
Intercom Marks and License
Permissible Use of the Intercom Marks
Impermissible Use of the Intercom Marks
Termination
Ownership
No Warranties
Your Liability for Third-Party Claims
Additional Legal
Questions
Intercom Global Anti-Corruption Statement
Summary
Bribery and Kickbacks
Records and Reporting
Applicability and Enforcement
Intercom Partner Code of Conduct
Labor and Employment Laws
Anti Corruption Laws
Competition
International Trade and Export Controls
Recordkeeping, Financial Integrity, and Honest and Accurate Dealings
Intellectual Property and Confidential Information
Raising Issues and Concerns
Certification and Application
Intercom DMCA Policy
Law Enforcement Guidelines
Intercom European Data Hosting Addendum
Scope
EDH Services
Customer Obligations
Survival
Exhibit A
Intercom Australia Data Hosting Addendum
Intercom Additional Product Terms

Effective day 3 May 2022

1. Scope

These Intercom Australia Data Hosting Terms of Service (“ADH Terms”) entered into by and between Intercom R&D Unlimited Company, an Irish company with offices at 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland ("Intercom" “us” or “we”) and the entity or person placing an order via an applicable Order Form for or accessing any ADH Services ("Customer" or "you"). “ADH Services” are defined as the Australia Data Hosting features and services set forth in these ADH Terms. In order to use ADH Services, you must agree to these ADH Terms.
By agreeing to these ADH Terms, you represent that your registered address is located in the Commonwealth of Australia or New Zealand. Other jurisdictions may be allowed at Intercom’s sole discretion.
You may use ADH Services only upon approval by Intercom. The Intercom Terms of Service (https://www.intercom.com/legal/terms-and-policies) (“Terms”) are incorporated by reference and will control for any provisions not addressed in these ADH Terms. The Terms continue to apply with regard to your use of the Services (as defined in the Terms) and use of any Services. In the event that you are no longer a customer in good standing of Intercom, your use of the ADH Services will be terminated.
All capitalized terms not defined in the ADH Terms have the meanings set forth in the Terms.
Unless stated otherwise, in the event of a conflict between these ADH Terms, including any attachments herein, and any other applicable terms including the Terms, the provisions of these ADH Terms will control but only with respect to the subject matter hereof. For the avoidance of doubt, these ADH Terms will control in the event of a conflict with either the Terms or a Master SaaS Subscription Agreement (MSSA).

2. EDH Services

The ADH Services may be a separate, stand-alone Service (as defined in the Terms) or may be a feature of existing Services. By agreeing to and complying with these ADH Terms we grant you a non-exclusive, revocable, non-transferable, limited license to use the ADH Services.
Description of the ADH Services:
1. Australia Data Hosting (“ADH”) is a stand-alone instance of Intercom, running in Sydney, Australia.
2. Under ADH, the vast majority of data associated with an Australia-based Intercom workspace stays local to that Australian datacenter. This includes:
  1. All Visitor and Contact data collected by the Messenger for a workspace
  2. All the Conversation data that happens via the Messenger for a workspace
  3. All the data attributes or events a Customer collects on their workspace
3. The only personal data that may leave Australia will be:
  1. The Intercom Customer’s name, email, credit card data. We require this for processing in our US-based billing systems.
  2. Workspace administrative data like name, email, etc., that Intercom collects in providing customer services such as support to our Customers.
4. ADH will provide the following functionality in comparison to the US instance of Intercom:
  1. Business Messenger, including Live Chat, in-product messages, outbound emails, banners, mobile carousels, product tours, video tours and push notifications;
  2. Bots, including lead qualification bot, custom bots, apps in bots;
  3. Customization, including customizable Messenger, Messenger visibility, unbranded Messenger, multi-brand support and message versioning;
  4. Conversation Management, including team inboxes, conversation tags, snooze notifications, office hours, Inbox Views, inbound email, conversation ratings, saved replies, articles in conversations, multiple teams, automated assignment rules, round-robin assignment, priority rules, team-level office hours, agent inactivity, SLA rules and workload management;
  5. Ticket Workflows, including ticket IDs & titles, data collection bot, conversation data routing rules, duplicates & merging;
  6. Help Center, including help center, multilingual help center and private help center;
  7. Outbound Messaging, including Series, A/B testing & goals, Message control groups and account-based marketing;
  8. Reporting, including conversation volume report, leads report, report sharing (beta), effectiveness report and team performance report;
  9. Security & Permissions including 2-factor authentication, permissions, custom role permissions, activity logs and single sign-on / SAML;
  10. Customer Data Platform, including people & company list, standard & custom data attributes, custom events, user & company segments;
  11. API access
5. The following features will explicitly not be supported for ADH: https://www.intercom.com/help/en/articles/5778275-additional-details-on-intercom-regional-data-hosting. Please note that over time, this list may change as more features are added to ADH availability.

3. Customer Obligations

As part of using the ADH Services, you may be asked to provide feedback regarding your use of the ADH Services. You acknowledge that we own any feedback provided, and you hereby grant to us, if for any reason it is further needed, a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any of our products or services at any time at our sole discretion. If we choose to publish such feedback, we will either do so in a way that does not identify you or seek your consent in the event we do wish to identify you. We may also monitor how you use the ADH Services and use that information to improve the ADH Services or our other products and services.
You understand that even with these EDH Services enabled, Intercom cannot control or be held responsible for errors in transmission, third-party access (unauthorized or otherwise), third country transfers, or other causes beyond Intercom’s control. This includes but is not limited to your use of third-party tools or integrations in conjunction with the EDH Terms.

4. Survival

Sections 1b, 2, 3, and 4 will survive the expiration or termination of the ADH Terms.

Intercom may discontinue the ADH Services at any time, in its sole discretion, with or without notice. With respect to the ADH Services and in the event of a conflict with the Agreement or elsewhere in these ADH Terms, this paragraph will supersede any other terms and conditions contained herein or in the Terms or other applicable terms.

Exhibit A

ADH Data Processing Addendum

The Data Processing Addendum (“DPA”) located at https://www.intercom.com/legal/data-processing-agreement is hereby incorporated by reference but with the following modifications:

Section 7. i. “Authorization for Sub-processing” is replaced as follows: Customer agrees that Intercom engages Amazon Web Services, Inc. (“AWS”) for hosting and storage and this occurs in Sydney, Australia. Intercom’s use of Sub-processors including Intercom Affiliates) may be updated from time to time; and (b) such Affiliates and Sub-processors respectively may engage third party processors to process Customer Data on Intercom's behalf. Customer provides a general authorization for Intercom to engage onward sub-processors that is conditioned on the following requirements: (a) Intercom will restrict the onward sub-processor’s access to Customer Data only to what is strictly necessary to provide the Services, and Intercom will prohibit the Sub-processor from processing the Personal Data for any other purpose. (b) Intercom agrees to impose contractual data protection obligations, including appropriate technical and organizational measures to protect personal data, on any sub-processor it appoints that require such sub-processor to protect Customer Data to the standard required by Applicable Data Protection Legislation; and (c) Intercom will remain liable and accountable for any breach of this DPA that is caused by an act or omission of its sub-processors.
Section 7. Ii. “Current Sub-processors and Notification of Sub-processor Additions” is replaced as follows:

Customer understands that effective operation of the Services may require the transfer of Customer Data to Intercom Affiliates, such as Intercom, Inc., or to Intercom's Sub-processors. Customer hereby authorizes the transfer of Customer Data to locations outside Australia (as outlined in Section 2. b. (Description of the ADH Service) of the ADH Terms), including to Intercom Affiliates and Sub-processors, subject to continued compliance with this DPA throughout the duration of the Agreement. Customer hereby provides general authorization to Intercom engaging additional third-party Sub-processors to process Customer Data within the Services for the Permitted Purposes. Intercom may, by giving reasonable notice to the Customer add or replace Sub-processors at least 10 days prior to any such changes. If Customer objects to the appointment of an additional Sub-processor within thirty (30) calendar days of such notice on reasonable grounds relating to the protection of the Personal Data, then Intercom will work in good faith with Customer to find an alternative solution. In the event that the parties are unable to find such a solution, Customer may terminate the Agreement at no additional cost.

Section 12. i. “Location of Processing” is replaced as follows: Location of Processing is governed by Section 2. b. (Description of the ADH Service) of the ADH Terms.
“Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring physical security of locations at which personal data are processed” is replaced as follows: Physical Access Control. Intercom’s services and data are hosted in AWS’ facilities in Australia and protected by AWS in accordance with their security protocols. Access only to approved personnel. All personnel who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires.
“Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services: All Customer Data is permanently stored in the USA and is backed up for disaster recovery. ” is replaced as follows: All Customer Data is permanently stored in Australia and is backed up for disaster recovery.
“Schedule 2 TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES Annex II - Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services: Intercom’s data security, high availability, and built-in redundancy are designed to ensure application availability and protect information from accidental loss or destruction. Intercom’s Disaster Recovery plan incorporates geographic failover between its 3 U.S. data centers. Subscription Service restoration is within commercially reasonable efforts and is performed in conjunction with AWS’ ability to provide adequate infrastructure at the prevailing failover location. All of Intercom recovery and resilience mechanisms are tested regularly and processes are updated as required. ” is replaced as follows: Intercom’s data security, high availability, and built-in redundancy are designed to ensure application availability and protect information from accidental loss or destruction. Intercom’s Disaster Recovery plan incorporates geographic failover across multiple isolated availability zones in the region. Subscription Service restoration is within commercially reasonable efforts and is performed in conjunction with AWS’ ability to provide adequate infrastructure at the prevailing failover location. All of Intercom recovery and resilience mechanisms are tested regularly and processes are updated as required.
“Schedule 3 LIST OF SUB-PROCESSORS Annex III” is replaced as follows:
1. Security, Privacy and Compliance Information for Intercom
  Intercom is a data processor and engages certain onward subprocessors that may process personal data submitted to Intercom’s services by the controller. These subprocessors are listed below, with a description of the service and the location where data is hosted. This list may be updated by Intercom from time to time.
  
  Please visit https://www.intercom.com/legal/security-third-parties and scroll down to “Australia Data Hosting”.