Does your website use third-party services? Get GDPR compliant in minutes.

Zammad

PreferencesWebsite

What does Zammad do?

Zammad is an open source helpdesk and ticketing system developed by Zammad Foundation (Berlin, Germany). Available as self hosted or EU hosted SaaS (Hetzner, Germany). It provides email, chat, phone, and social media ticketing. As an EU based, open source solution, Zammad is one of the most privacy friendly helpdesk tools available.

What Is Zammad?

Zammad is an open source helpdesk and customer support ticketing system developed by Zammad Foundation in Berlin, Germany. It supports email, chat, phone, and social media channels. Available as self hosted (open source) or hosted SaaS on Hetzner in Germany. Zammad processes ticket content, customer profiles, email integrations, and file attachments. As an EU based open source solution with EU hosting, it offers excellent GDPR foundations. Session cookies for authenticated users. Legal basis: contract or legitimate interest for support. Steps: configure HTTPS, RBAC, data retention, email integration security. Self hosted option provides maximum data control.

GDPR consent category

Preferences

Websites using Zammad must obtain user consent under GDPR regulations.

Legal basisContract performance (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f)) for support operations

Risk levellow

Applicable regulationsGDPR, ePrivacy, UK GDPR

DPIA considerations

DPIA recommended if processing sensitive support data. Zammad is EU based and EU hosted (Germany). Self hosted option provides maximum control. Assess: ticket content sensitivity, email integration data, user profiles, file attachments.

Sample consent text

This site uses Zammad for customer support. Data is processed in Germany by Zammad Foundation. Please refer to our privacy policy for details about your rights.

Technical details

Tracking methodself hosted web application, session cookies, authentication tokens, ticket content storage, email integration (self hosted or SaaS)

Server locationSelf hosted: customer controlled. SaaS: EU (Germany, Hetzner)

Cookieless tracking availableYes

Third-party domains contacted

zammad.comzammad.org

Cookies placed

Name	Type	Duration	Purpose
_zammad_session	authentication	Session	Rails session cookie for authenticated helpdesk access.
_zammad_csrf	security	Session	CSRF protection for ticket submissions and admin actions.

Zammad uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

Cookies?

Session cookie (_zammad_session) for authenticated users. CSRF token. No third party cookies.

Consent?

Not for internal use. If public facing, session cookie may need ePrivacy notice.

Legal basis?

Contract performance or legitimate interest for support operations.

Transfers?

No for self hosted or SaaS (Germany, Hetzner). EU based foundation.

DPIA?

Recommended if processing sensitive support data. Self hosted provides maximum control.

Compliance?

HTTPS, RBAC, data retention, email integration security. Self hosted option for maximum sovereignty.

Alternatives?

osTicket (open source), FreeScout (open source), OTRS (open source), Help Scout (US SaaS), Chatwoot (open source).

Cookie policy?

Document _zammad_session if public. No third party processing. EU hosting simplifies everything.

Get compliant — Try FlowConsent free

Free plan · 10-min setup