Sharing sensitive information on chat

The short explanation

You really shouldn’t share sensitive or personal information on chat.

The longer explanation

While the chat widget is installed on your website, the chat takes place in several locations; your website, your agent’s computer, our servers, and the visitor’s browser. There are several steps to take to ensure security along the message path, but some are out of our (and your) control.

You’ve likely taken steps to use the latest encryption technology, kept up on security patches, and do a regular audit of your features and plugins. For your employees' computers, you also keep security patches up-to-date, use good password management practices, and train employees on social hacking.

Olark is careful with your data every step of the way. Chats are encrypted, and all data storage is handled with the utmost care. Our RFO has more specifics on our security policy. We have a long-running responsible disclosure program.

Beyond our control is the visitor’s browser and computer. There is no easy way to ensure information sent to and from their side is secure enough to recommend sending sensitive information. While we try our best at Olark to make sure your data is safe we cannot guarantee end to end encryption.

And finally, in order to make your transcripts and records as valuable as possible, we allow for transcripts to be emailed, shared with webhooks and other extensions, and to be reviewed right from the dashboard. The transcripts are stored securely, but all of these actions would allow for sensitive information to be passed as plain text.

This brings us back to the short answer: we strongly recommend against sharing secure information over chat