Overview
Intercom is a customer messaging and engagement platform that provides live chat, chatbots, product tours, and targeted in-app messages. Its JavaScript snippet loads a messenger widget on the website and collects visitor behaviour data including page views, session duration, and custom events, which are used to trigger automated messages and segment users. Intercom is widely deployed on SaaS products, fintech platforms, and customer-facing portals where real-time support is valued. From a governance perspective, Intercom occupies a complex position because it straddles customer support (which may be essential) and marketing automation (which requires consent), and the same tag often serves both purposes simultaneously.
Detection Capabilities
- Signature count
- 2
- Detection methods
- network
Performance Impact
Performance Impact
- Script size
- 250 KB
- Requests per page
- 2
Common Mistakes
- 1 Treating Intercom as purely a customer support tool exempt from consent requirements, when it also collects behavioural data for marketing segmentation and automated messaging
- 2 Loading the Intercom messenger widget on all pages without assessing whether the behavioural tracking it performs is proportionate - Intercom tracks page views and session data even when the chat is not used
- 3 Not configuring Intercom's identity verification, which can allow impersonation of logged-in users through the client-side API
- 4 Failing to assess the data stored in Intercom's platform against data retention policies - conversation histories and user profiles can accumulate significant personal data over time
- 5 Using Intercom's product tours and targeted messaging features without recognising that these involve behavioural profiling that may require separate consent
Compliance Considerations
Intercom sets first-party cookies and transmits visitor behaviour data to Intercom servers in the United States. The governance classification depends on how Intercom is used: if limited to essential customer support, it may qualify for legitimate interest or contractual necessity; if used for marketing automation, behavioural targeting, or product tours, explicit consent is typically required under GDPR. Intercom is self-certified under the EU-US Data Privacy Framework. Organisations should carefully define the boundary between support and marketing functionality in their CMP configuration, ensure conversation data is subject to appropriate retention policies, and include Intercom in their Record of Processing Activities. Intercom's integration with CRMs and email platforms may create additional data flows requiring assessment.
Related Services
Drift
Med Drift
Conversational marketing platform (now part of Salesloft) providing live chat, chatbots, and meeting scheduling. Embeds a chat widget that collects visitor data and enables real-time engagement with sales teams.
2 detection signatures
Qualified
Med Qualified
Conversational marketing platform for B2B pipeline generation. Provides live chat, AI chatbots, and account-based visitor identification using Salesforce integration. Identifies website visitors and routes them to sales representatives.
2 detection signatures
Zendesk
Med Zendesk
Customer service and support platform. The Zendesk Web Widget provides live chat, help centre search, and support ticket creation. Embeds a persistent widget that collects visitor information and conversation data.
2 detection signatures
Need help governing Intercom?
Our governance diagnostic identifies compliance gaps across your entire tag estate.
Start your Governance Diagnostic