๐ฉบ Vitals
- ๐ฆ Version: Not Versioned
- ๐ Velocity: Active (Last commit 2026-05-05)
- ๐ Community: 5.6k Stars ยท 982 Forks
- ๐ Backlog: 465 Open Issues
๐๏ธ Profile
- Official: zammad.com
- Source: github.com/zammad/zammad
- License: AGPL-3.0
- Deployment: Docker | SaaS (Zammad Cloud)
- Data Model: PostgreSQL + Elasticsearch
- Jurisdiction: Germany ๐ฉ๐ช (Zammad GmbH, Berlin)
- Compliance (SaaS): GDPR Ready
- Compliance (Self-Hosted): Self-Hosted (User Managed)
- Complexity: Moderate (3/5) โ Ruby on Rails application requiring PostgreSQL, Redis, and Elasticsearch; official DEB/RPM packages and Docker Compose simplify initial deployment
- Maintenance: Moderate (3/5) โ Regular Rails stack patching; Elasticsearch version compatibility requires attention during upgrades
- Enterprise Ready: High (4/5) โ Unlimited agents, unlimited tickets, LDAP and SAML included in the free Community Edition; no enterprise paywall on core IAM features
1. The Executive Summary
What is it? Zammad is an open-source helpdesk and customer support platform developed and maintained by Zammad GmbH (Berlin, Germany). It consolidates support channels โ email, telephone, social media, live chat, and web forms โ into a unified ticket management interface backed by PostgreSQL and Elasticsearch. The self-hosted Community Edition is feature-complete: unlimited agents, unlimited tickets, LDAP/SAML authentication, SLA management, full-text search, and a GDPR Privacy Panel are all included at no cost. Revenue generation is limited to Zammad Cloud (managed SaaS, โฌ7โโฌ27+/agent/month) and optional annual support contracts (โฌ2,999โโฌ5,999/yr) for self-hosted organisations requiring vendor-backed SLAs.
The Strategic Verdict:
- ๐ด For Teams Needing a Lightweight Shared Inbox: Caution. The Ruby on Rails + PostgreSQL + Redis + Elasticsearch stack carries significant infrastructure overhead for simple email-to-ticket workflows โ lighter alternatives offer a lower operational floor for minimal requirements.
- ๐ข For Regulated European Organisations Replacing Zendesk: Strong Buy. German jurisdiction eliminates US CLOUD Act exposure for self-hosted deployments; unlimited agents, LDAP/SAML, and built-in GDPR automation are available without an enterprise paywall โ a structural advantage over per-agent SaaS pricing at scale.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | Zendesk Suite (SaaS) | Zammad (Self-Hosted) |
|---|---|---|
| Per-Agent Fee | $19โ$55/agent/mo | $0 (Unlimited Agents) |
| SSO / SAML | Enterprise tier only | Included (Default) |
| GDPR Erasure Tooling | Manual via API | Built-in Privacy Panel |
| Data Residency | Zendesk US-managed cloud | Operator-controlled infrastructure |
| Vendor Support SLA | Bundled | โฌ2,999โโฌ5,999/yr (optional) |
3. The "Day 2" Reality Check
๐ Deployment & Operations
- Infrastructure: Zammad requires four services: PostgreSQL (primary datastore), Redis (caching and background jobs), Elasticsearch (full-text search), and the Rails application server. Official DEB/RPM packages target Ubuntu/Debian and RHEL/CentOS; Docker Compose deployments are supported via the official repository. Elasticsearch is the most operationally demanding dependency โ heap sizing, JVM tuning, and index management are ongoing responsibilities as ticket volume grows. Production deployments should plan for dedicated Elasticsearch nodes or a managed Elasticsearch service.
- Backups: Built-in backup scripts produce full system snapshots (database + attachments). Standard PostgreSQL tooling (
pg_dump, streaming replication) integrates cleanly for disaster recovery pipelines.
๐ก๏ธ Security & Governance (Risk Assessment)
- Jurisdiction & Geopolitics (Germany ๐ฉ๐ช): Zammad GmbH is incorporated in Berlin under German law โ no US parent entity, no CLOUD Act exposure for self-hosted deployments. All customer and ticket data resides in operator-controlled infrastructure; Zammad GmbH holds zero access. Zammad Cloud runs on Hetzner (German-incorporated, cleanly outside US jurisdiction) and AWS EU regions โ AWS EU infrastructure inherits Amazon's US parent CLOUD Act exposure, a relevant consideration for EU government or regulated-sector workloads requiring strict data residency guarantees.
- The Compliance Shift: Self-hosted Zammad carries no vendor-issued certifications โ SOC 2, ISO 27001, and HIPAA readiness are entirely the operator's responsibility at the infrastructure layer. Zammad's built-in Data Privacy Panel automates GDPR "Right to Erasure" workflows and S/MIME encryption for ticket communications, reducing manual compliance burden. Zammad Cloud's hosting providers (Hetzner, AWS) hold ISO 27001 at the infrastructure layer; Zammad GmbH does not hold a direct ISO 27001 certification as of this assessment โ all ISO 27001 posture on the SaaS tier is inherited from the underlying cloud provider, not issued to Zammad GmbH directly.
- License Risk (AGPL-3.0 โ Network Copyleft): AGPL-3.0 closes the SaaS loophole: any party operating a modified Zammad instance accessible over a network must open-source those modifications. For standard internal corporate helpdesk deployments, AGPL-3.0 is operationally neutral โ no distribution occurs and the copyleft trigger is not activated. Risk is specific to managed service providers or SaaS resellers wishing to white-label a modified Zammad; those operators must either release source modifications under AGPL-3.0 or negotiate a commercial licence with Zammad GmbH.
4. Market Landscape
๐ข Proprietary Incumbents
- Zendesk: The category leader for enterprise customer support SaaS โ mature workflow automation and AI-assisted routing, but per-agent pricing ($19โ$55/mo) scales directly with headcount and all customer and ticket data resides in Zendesk's US-managed infrastructure. SSO/SAML is gated behind the enterprise tier.
- Intercom: Positioned around conversational customer engagement and AI-driven support with a strong product messaging surface, but the per-resolution AI billing model and US data residency make it a structurally poor fit for regulated European environments or high-ticket-volume support operations.
๐ค Open Source Ecosystem
- Chatwoot: A conversational customer support platform unifying live chat, email, and social channels โ the natural comparison for teams evaluating Zammad's multi-channel approach but preferring a lighter, inbox-first interface over a full ticketing engine.
- Twenty: A modern open-source CRM covering the full customer relationship lifecycle โ a logical companion deployment for organisations that want both helpdesk ticketing and customer relationship history in sovereign infrastructure.