Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Help Scout is a cloud based customer support platform providing shared inboxes, live chat (Beacon), knowledge base, and customer management features. Developed by Help Scout PBC (US), the Beacon widget sets cookies on visitor browsers and the platform stores conversation data, customer profiles, and email interactions on US infrastructure.
Help Scout is a cloud based customer support platform developed by Help Scout PBC, headquartered in Boston, Massachusetts. It provides shared email inboxes, a live chat widget (Beacon), an embeddable knowledge base, customer profiles, automated workflows, and reporting dashboards. Help Scout is designed for support teams and is widely used by SaaS companies, e commerce businesses, and service organisations. The Beacon widget can be embedded on any website to provide live chat, knowledge base search, and contact forms.
The Help Scout Beacon widget sets cookies for session management, visitor identification, and chat history persistence. Cookies include session tokens, visitor identifiers for recognising returning users, and chat state cookies. Help Scout collects customer email addresses, conversation content, file attachments, customer profile metadata, and browsing context (page URL, browser type) when Beacon is active. Email conversations may include open tracking pixels. The Help Scout dashboard uses authentication and analytics cookies for team members.
Help Scout processes customer support data that can be sensitive, including complaints, personal circumstances, health related queries, and financial details shared in support conversations. Help Scout PBC acts as a data processor and provides a DPA with SCCs. The company is certified under the EU US Data Privacy Framework and holds SOC 2 Type II certification. The Beacon widget sets cookies on visitor browsers, triggering ePrivacy consent requirements. Email open tracking pixels also constitute personal data processing. Organisations must ensure their support workflows comply with GDPR principles including data minimisation, purpose limitation, and storage limitation.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Customer support operations typically rely on legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)) when the support request relates to an existing contractual relationship. The Beacon widget cookies require consent under the ePrivacy Directive before being set on visitor browsers. Organisations should implement a cookie consent banner that blocks Beacon loading until consent is given, or configure Beacon to load without cookies initially. Email open tracking should be disclosed in the privacy policy.
Help Scout is US based with data hosted on AWS in the United States. No EU data residency option is available. Transfers are covered by SCCs in the DPA and Help Scout''s EU US Data Privacy Framework certification. All conversation data, customer profiles, and Beacon interaction data is stored on US infrastructure. Organisations should document these transfers in their Records of Processing Activities.
Execute Help Scout''s DPA. Implement cookie consent for the Beacon widget on your website. Configure Beacon to respect consent settings. Establish data retention policies for closed conversations and delete old support tickets containing personal data. Disable email open tracking if not essential. Train support agents on data minimisation. Review third party integrations connected to Help Scout. Include Help Scout in your DPIA if processing sensitive support queries. Update your privacy policy to describe Help Scout''s role and the US data transfers involved.
Websites using Help Scout must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Help Scout processes customer support data at scale. Key areas: customer conversation content (potentially sensitive complaints, medical or financial queries), Beacon widget cookie tracking on website visitors, email open tracking pixels, customer profile data aggregation, third party integrations (Slack, Salesforce, Zapier), and US hosted infrastructure.
Sample consent text
This site uses Help Scout Beacon for live chat and support. The widget sets cookies to maintain your chat session and identify returning visitors. Data is processed on Help Scout servers in the United States. By using the chat widget, you consent to this data processing. You can manage cookies via our cookie settings.
Third-party domains contacted
beacon-v2.helpscout.netapi.helpscout.netsecure.helpscout.netdocs.helpscout.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| hs-beacon-session | functionality | Session | Maintains the live chat session state in the Help Scout Beacon widget. |
| hs-beacon-visitor | functionality | 1 year | Identifies returning visitors to maintain chat history and customer context across visits. |
| hs-beacon-state | functionality | Session | Tracks whether the Beacon widget is open, minimised, or closed. |
| hs-auth | authentication | Session | Authentication cookie for the Help Scout team dashboard. |
Help Scout uses cookies for user preferences — inform visitors with a consent banner.
The Beacon widget sets session cookies, a visitor identifier cookie for recognising returning users, and a chat state cookie. The Help Scout dashboard sets authentication cookies. No third party analytics cookies are set by Beacon by default.
Consent is required for the Beacon widget cookies under the ePrivacy Directive. Customer support operations themselves typically rely on legitimate interest or contract performance. Email open tracking should be disclosed.
Legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)) for support operations. Consent (Art. 6(1)(a)) for Beacon cookies on public websites.
Yes. US based (AWS). No EU residency. DPA with SCCs and Data Privacy Framework certification cover transfers.
Recommended if processing sensitive support data at scale (health, financial complaints). Assess conversation content sensitivity, Beacon tracking, and email pixel usage.
Execute DPA. Implement cookie consent for Beacon. Set data retention policies. Disable email tracking if unneeded. Train agents on data minimisation. Audit integrations.
Zammad (open source, self hosted), osTicket (open source), Chatwoot (open source, self hosted), FreeScout (open source Help Scout alternative). EU SaaS: Crisp (France), Freshdesk (EU data center option).
Document Beacon cookies (session, visitor ID, chat state). Describe data collected during chat. Reference Help Scout as processor and the DPA. Provide opt out for Beacon.