Certain information should never be shared through support. Certain actions should not be done by us on behalf of any third parties.
1. Sharing sensitive information
Do not give out information about account details in chat. You can only do that on some level, if the email address in Intercom matches the users’ email in Patchstack App and Intercom shows the status of the user is “User”. If this person does not have any email written, then we can’t give out any information about any accounts.
For example, if someone asks to post a screenshot of their site settings from Patchstack App.
Or someone is asking for an API key of their site.
2. Doing changes in Patchstack App on behalf of the user
Don’t make changes in any users accounts settings (like toggling security features etc). Sometimes, third-party site visitors turn to Patchstack support directly.
For example, someone visits example.com website, and is shown Patchstack’s error 23 page (country blocking). And then they ask us to remove the block.
We must not do that, because the person who wrote to us is not the site owner. If you can validate that the site owner is connecting with such issue, we can toggle some of the minor settings on thier behalf – e.g turn off OWASP firewall if they ask us to. However, we should try to avoid switching any settings, for security reasons.
If you absolutely have to do it, make sure to check that the email who wrote to us (check from right side in Intercom App), matches the real users’ email. You can ask additional questions like how many sites you have on your account; or name 3 domains you have on your account.
EXCEPTIONS ⁉️
We should only change our users site settings, if it fixes something that is currently broken.
For example, if a user has a typo in their site URL, so Patchstack is not synced.
Or if they have tried to whitelist an IP address, but have written it a wrong way.
3. Sharing vulnerability details
If someone asks for specific details of vulnerability (like report page PIN code), never share any details. Only share the details that are available in our public database.
Everything related to vulnerabilities should be taken very cautiously.
4. Talking about upcoming deals or future plans
Never talk about any upcoming plans which are still internally discussed in the team. If someone asks anything specific, like when are we planning to implement X and Y features, you can thank them for the idea and let them know we are considering it, in case we are, but never give exact ETA for that, unless our team is 100% sure about it.
It’s to protect ourselves from possible backlash if we can’t deliver on promised dates. Always good to ask from Slack if we can publish any details about any upcoming deals or planned features.
5. Consider everything we say in chat as public information
Everything we say in chat, can easily become public information in the matter of seconds. Any sort of information needs to be taken very seriously. If we promise something we cannot deliver, or say something negative to someone, they will post it to public groups and we get bad reputation.
6. Revealing account email addresses
Sometimes users have forgotten which email they have used to register in Patchstack. In these cases, we must help them as much as possible without revealing any information about the email address we have.
Example: “Under which account is my site example.com added to?”
We should validate then, if the person we are talking to, is the real owner of this site:
- Ask if they could have any other sites under this account. If so, then name some.
- Ask, what year they may have signed up (we can check this)
- Ask them to make sure they have tried every single email address they remember ever having
- They can also add the site again to Patchstack App.
Add a bogus site URL first, and then change it to the one they want to connect; Then, copy the new API key to WordPress site. - If they still need to perform certain actions on their old account, but don’t remember the address, we can give some hints, like write it in such format ********@*****stack.com
7. Do not edit user accounts
Support team members have access to super-admin of Patchstack. That means, we can manipulate users email addresses, remove their sites and change other sensitive things.
Do not edit any user accounts or modify any custom rules which you can access from Patchstack App.
8. Never leave any customer hanging
Never leave any customers hanging around in chat if you have already talked to them. When workday is over or lunch-time is coming, finish the chat before leaving to do your other things.
If you absolutely have to leave (emergencies do happen), politely let the customer know about it, and give them an expected time of when they hear back from you.
9. Make sure the office hours are correctly set
In case you are on a leave, make sure you’ll find someone to replace you during that time.
If there is no-one to replace you, make sure to change the default office hours to avoid situations, for example:
Customer writes to support, chatbot says “Our usual reply time is 15 minutes”, while actually there is no-one to respond.
Always find a replacement or change the available office hours from Intercom Settings > Office hours.