// Trust & Security Report

    Freshworks Inc. logo

    Freshworks Inc.

    Freshdesk (AI-powered customer service / help desk) — part of the Freshworks platform alongside Freshservice, Freshchat, Freshsales, Freshmarketer, Freshdesk Omni and Freddy AI

    Certifications held

    12

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Freshworks Trust Center (SafeBase) lists "SOC 2 Type 2" among its available attestations; vendor security copy states Freshworks is "audited as per the SOC 2 Type II framework covering the security, confidentiality, and availability of trust service principles."

    Verify on trust.freshworks.com
    SOC 1 Type II
    HELD

    Trust Center lists "SOC 1 Type 2" as an available document.

    Verify on trust.freshworks.com
    SOC 3
    HELD

    Trust Center lists "SOC 3" as a publicly available report.

    Verify on trust.freshworks.com
    ISO/IEC 27001:2022
    HELD

    Trust Center lists "ISO/IEC 27001:2022" and "ISO/IEC 27001 SoA" (Statement of Applicability).

    Verify on trust.freshworks.com
    ISO/IEC 27701:2019 (Privacy Information Management)
    HELD

    Trust Center lists "ISO/IEC 27701:2019" among certifications.

    Verify on trust.freshworks.com
    CSA STAR Level 1
    HELD

    Trust Center lists "CSA STAR Level 1".

    Verify on trust.freshworks.com
    Cyber Essentials / Cyber Essentials Plus
    HELD

    Trust Center lists "Cyber Essentials" and "Cyber Essentials Plus".

    Verify on trust.freshworks.com
    TX-RAMP
    HELD

    Trust Center lists "TX-RAMP" (Texas Risk and Authorization Management Program).

    Verify on trust.freshworks.com
    EU-U.S. / Swiss-U.S. / UK Data Privacy Framework
    HELD

    Privacy Notice: "While processing Personal Data we comply with the principles and rules of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)..."

    Verify on freshworks.com
    GDPR (compliance posture, not a certification)
    HELD

    Privacy Notice references EEA/UK/Swiss rights, GDPR controller obligations, a DPA, sub-processors list and TOMs (technical and organizational measures). GDPR is a regulation, not a certifiable standard, but Freshworks demonstrates an active GDPR program.

    Verify on freshworks.com
    HIPAA
    HELD

    Not listed as a certification on the Trust Center cert index. Third-party reviews state HIPAA support is available on enterprise-tier Freshdesk plans (with a BAA), but no direct vendor-domain certification quote was confirmed during this review. Treat as a paid/enterprise add-on, not a held certification.

    Verify on trust.freshworks.com
    VAPT (independent penetration testing / vulnerability assessment)
    HELD

    Vendor and partner documentation state Freshdesk is "audited annually by independent audit firms for ISO 27001, ISO 27701, SOC 2 Type 2, and VAPT." Trust Center also exposes vulnerability assessment documents.

    Verify on trust.freshworks.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multi-region. Freshworks Inc. (US) is the controller; processing occurs in the US, UK, EEA (Germany, Netherlands, France) and India. Customer data hosted in dedicated AWS VPCs; data center region selectable per account (US, EU, India, Australia historically offered).

    Freddy AI: Freshworks does NOT use customer data to train third-party hosted generative LLMs (e.g. Azure OpenAI); under contract those providers do not retain data long-term or use it for training/fine-tuning. However, Freshworks' OWN proprietary models can be trained on CONSENTING customer data inside its secured AWS environment — split into Custom Models (your data, your account only) and Collaborative Models (de-identified, cross-customer). This is consent/opt-in based and customers can opt out at any time by emailing support@freshworks.com, after which account-specific models are deleted. So 'trains_on_customer_data' is false by default for third-party LLMs, with an opt-out-able proprietary-model path. Procurement should confirm the AI data-use addendum for their plan.

    // Security controls

    Encryption at rest

    AES 256-bit encryption for data at rest

    freshworks.com

    Encryption in transit

    HTTPS with TLS 1.2

    freshworks.com

    Bug bounty

    Yes — HackerOne. "We have partnered with HackerOne to handle security vulnerabilities identified in our products."

    freshworks.com

    Penetration testing / VAPT

    Annual independent VAPT; vulnerability assessment reports available via Trust Center

    trust.freshworks.com

    Access control

    Role-based access via IAM, segregation of duties, two-factor authentication, end-to-end audit trails, IP allowlisting for admin (Teleport)

    freshworks.com

    Hosting & resilience

    Dedicated AWS VPCs, n+1 multi-AZ active-active, daily cloud snapshots retained 7 days, 24x7 security operations monitoring, cross-geo DR

    freshworks.com

    // Products & data scope

    FreshdeskCustomer service / help desk (ticketing, omnichannel)

    data: Processes customer support tickets, contact info, and conversation content as a Processor on behalf of the buyer; buyer is controller of end-customer data

    Core product. Tiered plans (Free through Enterprise); HIPAA/BAA and advanced compliance gated to higher tiers.

    Freshdesk OmniOmnichannel customer service suite

    data: Same support-data scope as Freshdesk plus integrated chat/messaging channels

    Bundled omnichannel offering combining Freshdesk + Freshchat capabilities.

    Freddy AI (Agent / Copilot / Insights)Generative + predictive AI layer

    data: Reads ticket/knowledge-base content to generate replies, summaries, translations, insights; may use consenting customer data to train Freshworks proprietary models (opt-out available)

    Key data-governance differentiator. Distinct AI data-use FAQ; third-party LLMs are no-retention/no-train, proprietary models are consent-based and opt-out-able.

    Other Freshworks products (Freshservice, Freshchat, Freshsales, Freshmarketer)ITSM, live chat, CRM/sales, marketing

    data: Separate data scopes per product but share the same platform security controls, Trust Center, and compliance certifications

    Same overarching Freshworks compliance umbrella; evaluate per-product DPA if used.

    // What to watch

    • AI data-use nuance: third-party LLMs do NOT train on customer data, but Freshworks proprietary Freddy models CAN train on consenting customer data (opt-out via support@freshworks.com). Buyers should review the AI addendum and set their consent preference.
    • HIPAA is not a Trust Center-listed certification; it is described as an enterprise-tier capability (BAA). Could not confirm a held HIPAA attestation with a direct vendor-domain quote — verify for healthcare use cases.
    • Trust Center documents (SOC reports, ISO certs, CAIQ/HECVAT/SIG) require login/NDA via SafeBase; this assessment relied on the public document index plus vendor security/privacy pages.

    // At a glance

    Pricing model

    Subscription SaaS, tiered per-agent plans (Free tier through Enterprise); Freddy AI and advanced compliance/HIPAA gated to higher tiers; free trial, no card required

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Freshworks Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.freshworks.com

    > Browse all vendor trust reports