// Trust & Security Report
Freshworks Inc.
Freshdesk (AI-powered customer service / help desk) — part of the Freshworks platform alongside Freshservice, Freshchat, Freshsales, Freshmarketer, Freshdesk Omni and Freddy AI
Certifications held
12
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.freshworks.com“Freshworks Trust Center (SafeBase) lists "SOC 2 Type 2" among its available attestations; vendor security copy states Freshworks is "audited as per the SOC 2 Type II framework covering the security, confidentiality, and availability of trust service principles."”
Verify on trust.freshworks.com“Trust Center lists "SOC 1 Type 2" as an available document.”
Verify on trust.freshworks.com“Trust Center lists "ISO/IEC 27001:2022" and "ISO/IEC 27001 SoA" (Statement of Applicability).”
Verify on trust.freshworks.com“Trust Center lists "ISO/IEC 27701:2019" among certifications.”
Verify on trust.freshworks.com“Trust Center lists "Cyber Essentials" and "Cyber Essentials Plus".”
Verify on trust.freshworks.com“Trust Center lists "TX-RAMP" (Texas Risk and Authorization Management Program).”
Verify on freshworks.com“Privacy Notice: "While processing Personal Data we comply with the principles and rules of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)..."”
Verify on freshworks.com“Privacy Notice references EEA/UK/Swiss rights, GDPR controller obligations, a DPA, sub-processors list and TOMs (technical and organizational measures). GDPR is a regulation, not a certifiable standard, but Freshworks demonstrates an active GDPR program.”
Verify on trust.freshworks.com“Not listed as a certification on the Trust Center cert index. Third-party reviews state HIPAA support is available on enterprise-tier Freshdesk plans (with a BAA), but no direct vendor-domain certification quote was confirmed during this review. Treat as a paid/enterprise add-on, not a held certification.”
Verify on trust.freshworks.com“Vendor and partner documentation state Freshdesk is "audited annually by independent audit firms for ISO 27001, ISO 27701, SOC 2 Type 2, and VAPT." Trust Center also exposes vulnerability assessment documents.”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multi-region. Freshworks Inc. (US) is the controller; processing occurs in the US, UK, EEA (Germany, Netherlands, France) and India. Customer data hosted in dedicated AWS VPCs; data center region selectable per account (US, EU, India, Australia historically offered).
Freddy AI: Freshworks does NOT use customer data to train third-party hosted generative LLMs (e.g. Azure OpenAI); under contract those providers do not retain data long-term or use it for training/fine-tuning. However, Freshworks' OWN proprietary models can be trained on CONSENTING customer data inside its secured AWS environment — split into Custom Models (your data, your account only) and Collaborative Models (de-identified, cross-customer). This is consent/opt-in based and customers can opt out at any time by emailing support@freshworks.com, after which account-specific models are deleted. So 'trains_on_customer_data' is false by default for third-party LLMs, with an opt-out-able proprietary-model path. Procurement should confirm the AI data-use addendum for their plan.
// Security controls
Bug bounty
Yes — HackerOne. "We have partnered with HackerOne to handle security vulnerabilities identified in our products."
freshworks.comPenetration testing / VAPT
Annual independent VAPT; vulnerability assessment reports available via Trust Center
trust.freshworks.comAccess control
Role-based access via IAM, segregation of duties, two-factor authentication, end-to-end audit trails, IP allowlisting for admin (Teleport)
freshworks.comHosting & resilience
Dedicated AWS VPCs, n+1 multi-AZ active-active, daily cloud snapshots retained 7 days, 24x7 security operations monitoring, cross-geo DR
freshworks.com// Products & data scope
data: Processes customer support tickets, contact info, and conversation content as a Processor on behalf of the buyer; buyer is controller of end-customer data
Core product. Tiered plans (Free through Enterprise); HIPAA/BAA and advanced compliance gated to higher tiers.
data: Same support-data scope as Freshdesk plus integrated chat/messaging channels
Bundled omnichannel offering combining Freshdesk + Freshchat capabilities.
data: Reads ticket/knowledge-base content to generate replies, summaries, translations, insights; may use consenting customer data to train Freshworks proprietary models (opt-out available)
Key data-governance differentiator. Distinct AI data-use FAQ; third-party LLMs are no-retention/no-train, proprietary models are consent-based and opt-out-able.
data: Separate data scopes per product but share the same platform security controls, Trust Center, and compliance certifications
Same overarching Freshworks compliance umbrella; evaluate per-product DPA if used.
// What to watch
- AI data-use nuance: third-party LLMs do NOT train on customer data, but Freshworks proprietary Freddy models CAN train on consenting customer data (opt-out via support@freshworks.com). Buyers should review the AI addendum and set their consent preference.
- HIPAA is not a Trust Center-listed certification; it is described as an enterprise-tier capability (BAA). Could not confirm a held HIPAA attestation with a direct vendor-domain quote — verify for healthcare use cases.
- Trust Center documents (SOC reports, ISO certs, CAIQ/HECVAT/SIG) require login/NDA via SafeBase; this assessment relied on the public document index plus vendor security/privacy pages.
// At a glance
Pricing model
Subscription SaaS, tiered per-agent plans (Free tier through Enterprise); Freddy AI and advanced compliance/HIPAA gated to higher tiers; free trial, no card required
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Freshworks Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.freshworks.com