ConsentMark
Free Scan
Intercom logo
Chat & SupportHigh complexity

Intercom

by intercom

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Functional
Cookies
intercom-id-XXXXXintercom-session-XXXXXintercom-device-id-XXXXX

Overview

Governance classification of this tag is complicated by its dual nature. The same JavaScript snippet serves both customer support (potentially essential, no consent required) and marketing automation (behavioural targeting, product tours, requiring consent). Collects visitor behaviour data including page views, session duration, and custom events, transmitting it to US-based servers. Organisations must carefully delineate which Intercom features are active to determine the correct legal basis.

Detection capabilities

Signature count
2
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Script size
250 KB
Requests per page
2

Common mistakes

  • 1Treating Intercom as purely a customer support tool exempt from consent requirements, when it also collects behavioural data for marketing segmentation and automated messaging
  • 2Loading the Intercom messenger widget on all pages without assessing whether the behavioural tracking it performs is proportionate - Intercom tracks page views and session data even when the chat is not used
  • 3Not configuring Intercom's identity verification, which can allow impersonation of logged-in users through the client-side API
  • 4Failing to assess the data stored in Intercom's platform against data retention policies - conversation histories and user profiles can accumulate significant personal data over time
  • 5Using Intercom's product tours and targeted messaging features without recognising that these involve behavioural profiling that may require separate consent

Compliance considerations

Intercom sets first-party cookies and transmits visitor behaviour data to Intercom servers in the United States. The governance classification depends on how Intercom is used: if limited to essential customer support, it may qualify for legitimate interest or contractual necessity; if used for marketing automation, behavioural targeting, or product tours, explicit consent is typically required under GDPR. Intercom is self-certified under the EU-US Data Privacy Framework. Organisations should carefully define the boundary between support and marketing functionality in their CMP configuration, ensure conversation data is subject to appropriate retention policies, and include Intercom in their Record of Processing Activities. Intercom's integration with CRMs and email platforms may create additional data flows requiring assessment.

Related services

Drift

drift

Chat & SupportLow risk

2 detection signatures

Genesys Cloud

genesys-cloud

Chat & SupportLow risk

1 detection signature

Qualified

qualified

Chat & SupportLow risk

2 detection signatures

Zendesk

zendesk

Chat & SupportLow risk

2 detection signatures

Scan your site for intercom

Run a free Consentmark scan to see how intercom is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan