Data flow overview
When a ticket arrives, raum processes it through the following path:Ticket received from Zendesk
Zendesk delivers the ticket to raum via webhook or the Zendesk app. The raw ticket content — subject, body, conversation history, attachments — is received by raum’s processing layer.
PII redaction
Before any ticket content is passed to the AI, raum’s redaction pipeline scans the text and replaces personally identifiable information with typed placeholders. The original values are held in memory only for the duration of the request.
AI processing
The redacted ticket content is sent to your AI provider (OpenAI, Anthropic, or Gemini) using your own API key. raum’s AI accounts are never involved. The AI receives only the redacted text.
Response construction
The AI returns a response. raum restores the redacted values where the AI has referenced them by placeholder, producing a natural reply with the correct customer details.
PII redaction pipeline
raum’s redaction runs on every ticket before AI processing. It uses pattern matching to identify common PII types and replaces each occurrence with a consistent typed placeholder.| Data type | Placeholder |
|---|---|
| Full name | [REDACTED_NAME] |
| Email address | [REDACTED_EMAIL] |
| Phone number | [REDACTED_PHONE] |
| Credit card number | [REDACTED_CC] |
Redaction happens in memory on raum’s servers. The original PII values are never written to disk or stored in any database during processing. They exist only in the memory of the request handler for the duration of the pipeline execution.
What gets stored vs. what’s ephemeral
| Data | Stored | Ephemeral |
|---|---|---|
| Ticket content (raw PII) | No | Held in memory during request only |
| Ticket content (redacted) | Yes, in audit logs | — |
| AI responses | Yes, for analytics and response cache | — |
| API keys and credentials | Yes, encrypted at rest | — |
| Token usage and cost metrics | Yes, for dashboard analytics | — |
| Session tokens (JWT) | No | Expire per session |
Encryption details
Field-level encryption for credentials
Your AI provider API keys, Zendesk credentials, and any other secrets you store in raum are encrypted at the field level using AES-256-GCM. Encryption is managed through AWS KMS, which handles key storage, access control, and rotation.- Each sensitive field is encrypted individually, not at the row or table level
- Encryption keys are rotated automatically by AWS KMS on a regular schedule
- Access to KMS decrypt operations is controlled by IAM policies following least-privilege principles
- Encryption keys are never stored alongside the data they protect
Data in transit
All data in transit between raum, Zendesk, and your AI provider uses TLS. API calls from the Zendesk app to raum’s backend use Bearer token authentication over HTTPS.Audit log contents
Every AI operation and administrative action produces an audit log entry. A log entry records:- Timestamp: when the action occurred
- Operation type: for example,
generate,translate,rewrite,admin_settings_change,api_key_rotation - User or system identity: which user or automated process performed the action
- Source IP address: the IP of the authenticated requester
- Change summary: for settings changes, what was changed and from what value to what value
Admin impersonation is logged with both the admin’s identity and the user being impersonated. This means every action taken under impersonation is fully attributable.
BYOK data sovereignty
When you connect your own AI provider key, your customer data flows directly from raum to your provider — not through any raum-owned AI account. This has important implications for data sovereignty:- Your provider’s data policies apply: OpenAI, Anthropic, and Google each have their own data processing terms. When you use your own key, you have a direct relationship with the provider you’ve chosen and can negotiate DPAs or use enterprise plans that meet your compliance requirements.
- raum never holds a copy of AI-processed content: The AI call goes from raum’s server (with redacted content) to your provider’s API. The response comes back to raum for post-processing and delivery to Zendesk.
- No AI markup or aggregation: Because you pay your AI provider directly, raum has no commercial incentive to retain or aggregate your AI traffic.
Data retention
| Data type | Retention period |
|---|---|
| AI-processed ticket data | 90 days, then automatically purged |
| Audit logs | 90 days |
| Account and configuration data | Duration of subscription + 30 days after termination |
| Analytics metrics | Duration of subscription |
Can I request earlier deletion?
Can I request earlier deletion?
Yes. Contact [email protected] to request deletion of your data before the standard retention period. We will respond within 30 days. Enterprise customers can request a Data Processing Agreement (DPA) that formalizes deletion timelines.
What data does raum store about my customers?
What data does raum store about my customers?
raum stores redacted ticket content in audit logs (names, emails, and phone numbers are masked). It stores derived analytics data — resolution times, CSAT scores, token counts — that is not linked to individual customer identities. Raw personally identifiable information is never stored at rest.
Where is data hosted?
Where is data hosted?
raum runs on AWS infrastructure in the United States. Data is processed in real time and is not transferred to additional regions. If you require specific data residency, contact our team to discuss your requirements.