Trust Center
Security at Pendo
At Pendo, security, and data privacy are first-order considerations, the north star for how we design our products and policies as an organization.
Compliance
Last updated Fri, Apr 22, 2022- CCPA
Please refer to this page to learn about California Resident Rights.
- CSA STAR - Level 1
Pendo is a corporate member of the Cloud Security Alliance (CSA) and is part of CSA's Trusted Cloud Provider program. Pendo maintains a copy of its CSA Consensus Assessment Initiative Questionnaire (CAIQ) in the CSA Star Registry
- GDPR
Pendo is in full support of the General Data Protection Regulation (GDPR).
Please see this page to learn about European Union Data Subject Rights.
For any GDPR requests, please reach out to gdpr@pendo.io
- HIPAA
Pendo has been assessed by an independent auditor for HIPAA Criteria that is addressed by the AICPA Trust Services Criteria. The HIPAA Criteria that is address by the AICPA Trust Services Criteria are as follows:
- HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164)
- HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164)
- HIPAA Breach Notification Rule (45 CFR Part 164.400-414)
Under NDA, Pendo can provide a SOC2 Type II + HIPAA audit report.
- SOC 2 Type II
Pendo conducts an annual SOC 2 Type II audit that includes all 5 Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. This report can be provided under NDA.
Pendo's most recent SOC2 Type II report was issued in February 2022 and covers the audit period of January 1, 2021 through December 31, 2021. Our auditors have not identified any control deficiencies.
Pendo can also provide a SOC3 report, which is an abbreviated version of our SOC2 Type II report, without an NDA being in place. Please contact your Pendo account executive or customer service manager for assistance with obtaining a copy of our SOC2 Type II and SOC3 reports.
- SOC 3
Product Security
Last updated Sun, Oct 31, 2021- Audit Logs
Pendo logs and stores every change, every action and every event, including the deletion of data, for easy auditing and root cause analysis.
- Multi-Factor Authentication
Pendo customers can choose to use multi-factor authentication for their access to Pendo's service by either using SAML to integrate with their own identity management system, or by using Google SSO.
Also note that Pendo employees use multi-factor authentication for access to all systems containing customer and other sensitive data.
- Role-Based Access Control (RBAC)
Pendo lets you set granular access controls to grant and restrict capabilities based on specific roles and authorities.
- Google SSO
In addition to SAML SSO, Pendo also supports Google Authentication. If a user's Google email and Pendo login addresses match, authentication may be required through Google. Authentication through Google also supports two-factor authentication.
- SAML SSO
Note that while SAML support is not provided by default with entry level service tier plans, it is available as a relatively low cost add on to any service plan.
Data Security
Last updated Fri, Apr 8, 2022- Data Encrypted At-Rest
All data hosted by Pendo is encrypted. Pendo uses industry-accepted encryption products to protect data at rest, with 256-bit AES encryption.
- Data Encrypted In-Transit
TLS 1.2/1.3, and HTTPS are used to protect data in transit.
Privacy
Last updated Thu, May 19, 2022- Privacy Policy
- Data Retention Policy
By default, we retain Personal Data about you for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
- Data Processing Addendum
- Data Removal Requests
Pendo supports data deletion requests for both the data we control and the data we process.
- Data Protection Officer (DPO)
Kate Helin is Pendo’s DPO. A licensed lawyer who was introduced to data protection at the Department of Defense, Kate is responsible for defining and enforcing Pendo’s privacy policies across the company.
Incident Management & Response
Last updated Tue, Oct 19, 2021- Data Breach Notification
- Incident Response Plan (IRP)
Policies and procedures for operational and incident response management require incidents to be logged and reviewed with appropriate action (e.g. system changes) taken if necessary.
A formal incident response plan and standard incident reporting form are documented to guide employees in the procedures to report security failures and incidents. The incident response plan enforces a process of resolving and escalating reported events. Its provisions include consideration of needs to inform internal and external users of incidents and advising of corrective actions to be taken on their part as well as a “post mortem” review requirement.
Availability & Reliability
Last updated Thu, Mar 31, 2022- Auto Scaling
Pendo is designed for uninterrupted uptime and enterprise scale, processing millions of events per hour and billions per day, with no degradation of performance.
- Service Monitoring
Pendo utilizes tools that measure processing queues to verify the timeliness of processing incoming data while monitoring real-time results. Data lost during processing is detected, and automatically creates an alert to the Engineering team. Alerts are addressed by the Engineering team. Upon occurrence of processing errors within Pendo’s application, the change management process is followed with a change ticket initiated and the error investigated and resolved.
- Status Page
See the current status of Pendo, be informed of any downtime, and subscribe to updates.
Organizational Security
Last updated Fri, Apr 22, 2022- Confidentiality Agreements
- Employee Background Checks
Members of the Pendo workforce that have access to customer data are required to undergo background checks.
- Employee Security Training
Pendo employees receive training in data privacy concepts and responsibilities, as well as Pendo commitments on privacy, within two weeks of hire and refresher training on an annual basis.
In addition, Pendo personnel are required to read and accept the Pendo’s Code of Conduct and the statement of confidentiality and privacy practices upon their hire and to formally reaffirm them annually thereafter
- Employee Workstations Automatically Locked
- Employee Workstations Encrypted
- Limited Employee Access (Principle of Least Privilege)
- Personnel Screening
- Physical Access Control
Access to Pendo’s office location is monitored by a receptionist during business hours. Doors are locked outside business hours and when a receptionist is not present. Visitors to Pendo’s office location are required to sign in and are provided a temporary identification badge. Physical keys and card access to areas where critical equipment is located is restricted to authorized individuals. Pendo management reviews holders of keys and access cards annually.
Business Continuity
Last updated Fri, Apr 22, 2022- Business Continuity Plan
Pendo maintains a written Business Continuity Plan that documents the organization’s processes for triaging, remediating, and recovering from catastrophic incidents or disasters that may affect critical business processes.
- Data Backups
Pendo services are deployed into multiple physically separate zones within Google Cloud Platform (GCP) regions. Data is replicated in near real time across multiple zones. Any zone can fail and the service continue to operate normally.
In addition, critical settings and customer subscription configurations are backed up on at least a daily basis. Backup system settings are reviewed and monitored on a weekly basis to ensure this is operating effectively.
Infrastructure
Last updated Fri, Apr 22, 2022GCP and AWS employ industry-leading security controls and are extensively audited. Both hold multiple certifications, including SOC2 Type II, ISO 27001, PCI, and FedRAMP. For more information about their security practices, see below:
- Multi-Tenant Architecture
Data submitted to Pendo and Pendo’s application are processed and stored in a secure, multi-tenant environment. Logical segmentation techniques, such as having separate namespaces for each customer, are used to prevent co-mingling of customer data.
- ISO 27001 - Data Center
- SOC 2 Type I - Data Center
- SOC 2 Type II - Data Center
- SOC 3 - Data Center
Threat Management
Last updated Fri, Apr 22, 2022- Penetration Testing
On at least an annual basis, Pendo undergoes third-party penetration testing using well established consulting firms. Management addresses all vulnerabilities identified within defined timeframes based on severity level, which is determined using the Common Vulnerability Scoring System (CVSS). A summary of the annual penetration test report can be provided under NDA.
- Vulnerability Scanning
On at least a weekly basis, Pendo executes vulnerability scan to detect vulnerabilities in Pendo’s application. Dynamic and Static Application Security Testing (DAST and SAST) tools are used to conduct these scans.
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
Subprocessors
Last updated Tue, May 17, 2022Refer to this page for the most current list of Pendo's subprocessors, and to subscribe to updates. The list below is current as of May 17, 2022.
- NamePurposeLocationAmazon Web ServicesContent Delivery Network (CDN) and email routingGlobal (CDN), EU and US (email routing)Google CloudHosting providerEU or US at customers designationMammoth GrowthSupport ServicesUSSendGridEmail routingUSZendeskSupport ticket managementUS