AttachmentFlow

Privacy Policy

Last updated: July 15, 2026

This policy describes the current beta design. It will be reviewed before the public Marketplace release and updated whenever the product's data handling materially changes.

1. About AttachmentFlow

AttachmentFlow is an independent Zendesk application developed under the SteelLace27 product brand. SteelLace27 is not affiliated with, endorsed by or operated by Zendesk.

Privacy and security questions can be sent to support@steellace27.com.

2. Scope

This policy explains how AttachmentFlow processes information when a Zendesk administrator installs the application or an authorised Zendesk agent uses it to copy attachments between a ticket and a side conversation.

The organisation operating the relevant Zendesk account remains responsible for its own use of Zendesk and the underlying ticket data.

3. Information processed

Installation and authentication data

AttachmentFlow may process the Zendesk subdomain, installation and tenant records, OAuth authorisation information, access and refresh credentials, cryptographic token hashes, temporary authorisation states and related timestamps.

AttachmentFlow does not ask customers to provide their Zendesk password or a Zendesk API token.

Ticket, side-conversation and attachment data

To display available files and complete an agent-requested transfer, AttachmentFlow may process ticket identifiers, side-conversation identifiers, message or event identifiers, attachment identifiers, filenames, file types, file sizes, timestamps and Zendesk-provided file URLs.

Attachment content

When an agent starts a copy operation, the selected file is transmitted through AttachmentFlow's server infrastructure so it can be downloaded from Zendesk and uploaded to the selected destination.

AttachmentFlow is not designed to create a permanent external archive of attachment content. Attachment content is not used for advertising, profiling or AI-model training.

Operational information

AttachmentFlow may process limited technical information needed to operate and secure the service, such as whether an operation succeeded, the direction of the transfer, timestamps, relevant object identifiers, error codes and application version information.

Operational records are not intended to contain complete ticket-message bodies or permanent copies of attachments.

Support information

If you contact us, we may process your name, email address, organisation, Zendesk subdomain and the information you voluntarily include in the request.

4. How information is used

  • Authenticate authorised AttachmentFlow installations.
  • Display available attachments.
  • Carry out agent-initiated file transfers.
  • Maintain OAuth connections.
  • Prevent incorrect duplicate actions.
  • Protect the service and investigate errors.
  • Provide support and measure basic product reliability.

5. What we do not do

  • Sell Zendesk data or personal information.
  • Use ticket or attachment content for advertising.
  • Share one customer's Zendesk data with another customer.
  • Use attachment or ticket content to train general AI models.
  • Automatically send files without an authorised agent action.

6. Retention

AttachmentFlow retains information only for as long as reasonably necessary to provide, secure and troubleshoot the service or meet legal obligations.

Temporary authorisation states and codes are short-lived. Installation credentials and tenant records are needed while an installation remains active. Operational records may be retained for a limited period for reliability, security and support.

Specific retention limits and automated deletion procedures will be finalised and published before the public beta accepts external installations.

7. Service providers

AttachmentFlow relies on Zendesk for the ticketing platform and APIs, and Cloudflare for serverless hosting, network services and database infrastructure. These providers may process technical and application data on our behalf under their own contractual and security arrangements.

8. Security

Security measures include OAuth-based authorisation, HTTPS, cryptographic hashing of installation tokens, access controls, limited-purpose credentials, removal of production diagnostic routes and efforts to minimise logged data.

No online service can guarantee absolute security. Suspected incidents should be reported promptly to support@steellace27.com.

9. Uninstalling and deletion

A Zendesk administrator can stop future use by uninstalling AttachmentFlow and revoking its authorisation. An authorised customer representative may request deletion of AttachmentFlow tenant records by emailing support and identifying the relevant Zendesk subdomain.

Requests concerning an individual's underlying Zendesk ticket data may need to be handled by the organisation that controls the Zendesk account.

10. Your rights

Depending on applicable law, individuals may have rights to request access, correction, deletion, restriction or objection, and to complain to a competent data-protection authority. We may need to verify identity and authority before responding.

11. Changes

This policy may be updated when AttachmentFlow's functionality, infrastructure or legal obligations change. The current version and update date will be published on this page.

12. Contact

SteelLace27
Email: support@steellace27.com
Website: https://steellace27.com