Pendo Community

Pendo is Committed to Compliance with GDPR Regulations

Published May 23, 2018

UPDATE: Since this article was published Pendo has completed its GDPR readiness outlined below and was recently awarded SOC2 Type 2 Compliance in all 5 Trust principles. For more information on SOC2, please read this article.

As an extension of your product, we believe that security and privacy must be central to everything we do. As product people, we wouldn’t want to add anything to our product that erodes these core tenets. Pendo provides a robust security and privacy program that carefully considers data protection across our services.

The EU General Data Protection Regulation (GDPR) is a new set of data privacy regulations that are designed to harmonize various data privacy laws across Europe, and provide a common set of regulations that strengthen protection of the personal data of EU residents regardless of with which companies they do business. The new regulations dictate requirements for data collection and processing, how individuals may exercise their rights regarding personal data, and requirements for data security.

Our Approach to Security and Privacy

Our customers expect that Pendo will keep their information secure, ensure the integrity and performance of their applications, and maintain the confidentiality and privacy of their data.  In return, Pendo not only wants to meet these expectations, we want our customers to receive independent assurance that they can rely on our commitments.

To demonstrate our trust commitment, Pendo obtains relevant security certifications, and undergoes regular testing and audits to ensure continued compliance. Pendo is EU-US Privacy Shield Certified and has completed a SOC 2 Type 1 audit that included all five Trust Services Principles of Security, Availability, Processing Integrity, Confidentiality, and Privacy with no exceptions noted. We have taken the same proactive approach to the new GDPR regulations.

Pendo is committed to complying with GDPR standards before the May 25th 2018 enforcement date

At Pendo, we support the spirit of the regulations, and have decided to apply the same level of privacy protections to all of our customers and users – not just those located in the EU. As part of our compliance effort over the past several months we have:

  • Hired a Data Protection Officer to oversee all of our compliance and privacy efforts
  • Updated our privacy policy, terms & conditions, and cookie policies to improve transparency and better explain our relationship with customers and their users
  • Implemented policies to support data access and erasure requests across our product and systems that store customer information

Our commitment to enterprise-grade security, availability, and performance is one reason why  leading software companies such as Salesforce, Marketo, Citrix, Zendesk, and Cisco rely on Pendo to help them improve their product experiences. We’re proud of the work we’ve done, and happy to be able to offer peace of mind to our customers – many of whom have been on this compliance journey with us.

For additional information please see our security FAQ page, or contact us at [email protected] for specific data privacy-related questions.