Tell me if this sounds familiar: you and your product team are excited to leverage Pendo MCP, but your security team has questions. Now it's sitting in a queue somewhere waiting for an approval that nobody has quite figured out how to give.

I'm the person at Pendo who evaluates tools like this and helps our teams get things approved or explain why they can't be. So when customers tell me they're struggling to get Pendo's AI features approved internally, I have a lot of empathy for both sides of the conversation. 

Remember: Security teams are trying to answer questions they're responsible for, with documentation they haven't seen yet. Your job is to point people in the right direction. 

Think of this blog as:

 1) Your step-by-step guide to working as a partner with your security team

 2) My little gift to you 😀

The conversation to have with your security team

If you're the one trying to get this approved and you're not sure how to frame the ask, here's a simple way to structure it:

  1. Send them to trust.pendo.io first. Most security teams will start with the SOC 2 report and work from there. Let them pull what they need rather than front-loading them with documents.
  2. Lead with the data question. The training-on-customer-data concern is almost always the first thing that comes up. Address it proactively: Pendo does not train on your data, and here's the documentation that says so.
  3. Frame MCP as a data access extension, not a new vendor. You're adding a new interface to data you already own and already approved Pendo to process.
  4. Offer the opt-out. If your security team wants to approve AI features with the ability to turn them off, that control exists. Showing that you've thought about the off-ramp often makes the on-ramp easier.

Still stuck in the queue? Here’s more detailed information. 

What to hand your security team

The most common reason customers get stuck is that the Pendo user trying to get approval doesn't know which artifacts to pull, and their security team doesn't know where to look. 

Here's the complete package:

The Trust Center (your first stop for security artifacts) 

SOC 2 Type II reports, subprocessor list, penetration testing documentation, and attestations for HIPAA and PCI DSS all live at trust.pendo.io. If your security team has a standard artifact request list, this is where they'll find most of it.

The Contract Center (for legal and procurement) 

Our DPA, Security Exhibit, Terms of Service, and Acceptable Use Policy are all publicly available at pendo.io/contract-center/customers. If your legal team is reviewing AI data handling specifically, the DPA FAQ covers how Pendo uses customer data, where it's hosted, and GDPR compliance in plain language. The short answer on data use: Pendo uses customer data only to provide the services, comply with the agreement, and meet legal requirements. Aggregated and anonymized data may be used to improve the platform, but never in a way that identifies you or your users.

AI-specific documentation 

Pendo has a dedicated support article on AI at Pendo that answers the questions your legal and privacy team will ask: 

  • Which AI providers are used for which features?
  • What data gets sent where?
  • How are models trained?
  • What opt-in and opt-out controls exist?
  • How data is stored and isolated?

If anyone on your team needs to complete an AI impact assessment or vendor AI questionnaire, this is the document to cite.

Data isolation specifics 

Your data and models only exist in your own dedicated cloud container, ensuring isolation from any other Pendo customer's data. Each customer owns their own data. For teams in regulated industries or government, that isolation model is meaningful as it's the same architecture that underpins Pendo's GovRAMP authorization.

Opt-in/opt-out controls 

Admin users in Pendo can opt in and out of specific AI-powered features in Settings > Subscription settings, where they can see which AI technology is in use and which third-party provider (if any) is providing it. If your security policy requires that AI features be explicitly enabled rather than on by default, that control exists.

Why security teams get stuck on MCP specifically

MCP is a new category, and most security review processes weren't built for it. The standard vendor checklist assumes a SaaS vendor with a legal entity, a support team, and a procurement contract. MCP feels different because the protocol is open source, and a lot of security teams aren't sure what questions to ask yet.

But here's the thing: Pendo's MCP server is an officially maintained, vendor-backed product built on the same security and compliance foundation as the rest of Pendo. The questions your security team needs to ask already have answers, and they're all documented and accessible.

The other thing that gets in the way is the training-on-customer-data concern. It's the first thing most security and legal teams ask about AI features, and it's a fair question. So let's address it directly:  

Pendo does not train on your customer data. Full stop.

Pendo is neither developing, nor training, any large language models (LLMs) or generative AI. Where Pendo's own AI models are involved, all training data is scoped and trained separately for each customer. Plainly speaking: Pendo does not commingle any two customers' data.

When Pendo uses third-party AI providers like OpenAI and Google Cloud Platform, your data is never submitted to those providers for model training or development.

If you need it in writing for an internal review (which you probably do), that documentation lives at trust.pendo.io.

What the Pendo MCP can and can't do

This is usually the second question security teams ask, right after the training one. The short version for your security reviewer: read-only by default, OAuth-authenticated, scoped to the user's existing permissions, regionally isolated, and write access requires an admin to deliberately turn it on.

It's read-only by default

When you connect the Pendo MCP, read-only tools are enabled meaning it can query and retrieve your Pendo data, but it cannot take actions in your account. Things like listing visitors, retrieving page and feature usage, querying analytics, and finding guides. That's it. 

Write tools are admin opt-in, not on by default

If your security team's concern is "what could this do to our Pendo data," the answer for most deployments is: nothing. Write tools require a subscription admin to turn them on deliberately in Settings > Subscription settings > AI access. You have to go looking for that toggle. It doesn't flip on automatically.

It's another way to see data you already have access to

This framing matters for security reviews. The Pendo MCP surfaces the same Pendo data that users already have permission to see through a different interface. 

OAuth means your existing permissions travel with you

When a user connects interactively through Claude, Cursor, or ChatGPT, they authenticate using OAuth through their existing Pendo login. Their Pendo role and permissions apply and there’s no way for the connection to access more than the user already can in the Pendo UI. 

Data stays in your region

Pendo data is regionally isolated. The MCP cannot access data across regions, and if you have subscriptions in multiple regions, each requires a separate connection. Your data doesn't leave its existing environment.

For automated or agent use cases, service account authentication is available and scoped to a single subscription. This is the path for teams building AI agents or backend integrations. Each service account is explicitly scoped, so there's no broad access by default.

What to tell IT and procurement

If the blocker is on the procurement or IT side rather than security, the conversation is simpler: the Pendo MCP is an extension of your existing Pendo subscription, not a new vendor relationship. You already have a contract, a DPA, and an established relationship with Pendo's security team. There's no new data sharing, no new subprocessor, and no new contractual relationship to establish.

For teams using Claude specifically: Pendo is available in Claude's official Connectors Directory and can be set up directly from Claude without manual configuration. That's a meaningful trust signal: Anthropic has its own vetting process for connectors in that directory.

For teams in regulated industries

If you're in healthcare, financial services, or government, you likely have additional requirements beyond the standard security review. Here's how those map:

Healthcare (HIPAA): Pendo supports HIPAA customers via a Business Associate Agreement. For customers who have executed a BAA with Pendo, Google Generative AI is on by default and OpenAI is off and cannot be turned on. The data handling constraints are built into the product configuration, not just the contract.

Government / FedRAMP: If your organization operates under FedRAMP-equivalent requirements, reach out to your Pendo account team to discuss your specific needs and available documentation.

EU data residency: For customers in the EU data environment, Google Generative AI, OpenAI, and Pendo AI features are all off by default with opt-in available. Your data doesn't leave your chosen environment without explicit configuration.

Allyson Kuegel is a Staff Security Compliance Engineer and Team Lead at Pendo, where she manages GRC along with her amazing colleagues. She is a proud dog mom and avid traveler. Connect the Pendo MCP to your AI tool at pendo.io/product/mcp.