While Rescue doesn’t store your user’s personally identifiable information (PII) by default, there are certain fields you can choose whether or not to store, based on your organization’s requirements. Storing these may pose a privacy risk without realizing. 

Here are a few examples of areas you could choose whether or not to store in Rescue: 

1. Chat logs – While it might be helpful, or even critical, to store chat logs to keep a record of previous customer interactions, customers may reveal PII in chat conversations. Should those chat conversations be exposed in any scenario, whether it be a data breach or even a legal battle, you would be subject to time consuming and costly penalties and data breach notification requirements. If you do need to store chat logs, it’s a good idea to audit them regularly via a chat log report, to make sure there isn’t any PII. You can also choose to have Rescue not store chat logs, and send them to your data lake instead (see the Exporting Data and Using the API Securely section of this module for more). 

2. IP addresses – In some settings, IP addresses are considered personally identifiable information. But even if they aren’t legally bound to the same requirements as other PII, with a little digging, a malicious actor can learn a lot about someone from their IP address. In some cases, like with internal IT support, you may need to collect this information for auditing purposes, but as with chat logs, if you don’t have a specific reason to store them, opting out of it poses less risk. The best way to ensure you aren’t putting your end user's data at risk is by not storing it in the first place.  

3. Custom fields – Depending on your specific company workflows, you can add custom fields to support request forms. Depending on the field you choose, this may result in storing PII, such as email address or telephone number.  

In general, a good rule of thumb (and sometimes the legal requirement) is to only store the minimum amount of data needed.