Trust Center

Security at Pendo

At Pendo, security, and data privacy are first-order considerations, the north star for how we design our products and policies as an organization.

  • Compliance

    Last updated Fri, Apr 22, 2022
    • CCPA

      Please refer to this page to learn about California Resident Rights.

    • CSA STAR - Level 1

      Pendo is a corporate member of the Cloud Security Alliance (CSA) and is part of CSA's Trusted Cloud Provider program. Pendo maintains a copy of its CSA Consensus Assessment Initiative Questionnaire (CAIQ) in the CSA Star Registry

    • GDPR

      Pendo is in full support of the General Data Protection Regulation (GDPR).

      Please see this page to learn about European Union Data Subject Rights.

      For any GDPR requests, please reach out to gdpr@pendo.io

    • HIPAA

      Pendo has been assessed by an independent auditor for HIPAA Criteria that is addressed by the AICPA Trust Services Criteria. The HIPAA Criteria that is address by the AICPA Trust Services Criteria are as follows:

      • HIPAA Security Rule (45 CFR Part 160 and Subparts A and C of Part 164)
      • HIPAA Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164)
      • HIPAA Breach Notification Rule (45 CFR Part 164.400-414)

      Under NDA, Pendo can provide a SOC2 Type II + HIPAA audit report.

    • SOC 2 Type II

      Pendo conducts an annual SOC 2 Type II audit that includes all 5 Trust Services Principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. This report can be provided under NDA.

      Pendo's most recent SOC2 Type II report was issued in February 2022 and covers the audit period of January 1, 2021 through December 31, 2021. Our auditors have not identified any control deficiencies.

      Pendo can also provide a SOC3 report, which is an abbreviated version of our SOC2 Type II report, without an NDA being in place. Please contact your Pendo account executive or customer service manager for assistance with obtaining a copy of our SOC2 Type II and SOC3 reports.

    • SOC 3
  • Product Security

    Last updated Sun, Oct 31, 2021
    • Audit Logs

      Pendo logs and stores every change, every action and every event, including the deletion of data, for easy auditing and root cause analysis.

    • Multi-Factor Authentication

      Pendo customers can choose to use multi-factor authentication for their access to Pendo's service by either using SAML to integrate with their own identity management system, or by using Google SSO.

      Also note that Pendo employees use multi-factor authentication for access to all systems containing customer and other sensitive data.

    • Role-Based Access Control (RBAC)

      Pendo lets you set granular access controls to grant and restrict capabilities based on specific roles and authorities.

    • Google SSO

      In addition to SAML SSO, Pendo also supports Google Authentication. If a user's Google email and Pendo login addresses match, authentication may be required through Google. Authentication through Google also supports two-factor authentication.

    • SAML SSO

      Note that while SAML support is not provided by default with entry level service tier plans, it is available as a relatively low cost add on to any service plan.

  • Data Security

    Last updated Fri, Apr 8, 2022
    • Data Encrypted At-Rest

      All data hosted by Pendo is encrypted. Pendo uses industry-accepted encryption products to protect data at rest, with 256-bit AES encryption.

    • Data Encrypted In-Transit

      TLS 1.2/1.3, and HTTPS are used to protect data in transit.

  • Privacy

    Last updated Thu, May 19, 2022
    • Privacy Policy
    • Data Retention Policy

      By default, we retain Personal Data about you for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

    • Data Processing Addendum
    • Data Removal Requests

      Pendo supports data deletion requests for both the data we control and the data we process.

    • Data Protection Officer (DPO)

      Kate Helin is Pendo’s DPO. A licensed lawyer who was introduced to data protection at the Department of Defense, Kate is responsible for defining and enforcing Pendo’s privacy policies across the company.

  • Incident Management & Response

    Last updated Tue, Oct 19, 2021
    • Data Breach Notification
    • Incident Response Plan (IRP)

      Policies and procedures for operational and incident response management require incidents to be logged and reviewed with appropriate action (e.g. system changes) taken if necessary.

      A formal incident response plan and standard incident reporting form are documented to guide employees in the procedures to report security failures and incidents. The incident response plan enforces a process of resolving and escalating reported events. Its provisions include consideration of needs to inform internal and external users of incidents and advising of corrective actions to be taken on their part as well as a ‚Äúpost mortem‚ÄĚ review requirement.

  • Availability & Reliability

    Last updated Thu, Mar 31, 2022
    • Auto Scaling

      Pendo is designed for uninterrupted uptime and enterprise scale, processing millions of events per hour and billions per day, with no degradation of performance.

    • Service Monitoring

      Pendo utilizes tools that measure processing queues to verify the timeliness of processing incoming data while monitoring real-time results. Data lost during processing is detected, and automatically creates an alert to the Engineering team. Alerts are addressed by the Engineering team. Upon occurrence of processing errors within Pendo’s application, the change management process is followed with a change ticket initiated and the error investigated and resolved.

    • Status Page

      See the current status of Pendo, be informed of any downtime, and subscribe to updates.

  • Organizational Security

    Last updated Fri, Apr 22, 2022
    • Confidentiality Agreements
    • Employee Background Checks

      Members of the Pendo workforce that have access to customer data are required to undergo background checks.

    • Employee Security Training

      Pendo employees receive training in data privacy concepts and responsibilities, as well as Pendo commitments on privacy, within two weeks of hire and refresher training on an annual basis.

      In addition, Pendo personnel are required to read and accept the Pendo’s Code of Conduct and the statement of confidentiality and privacy practices upon their hire and to formally reaffirm them annually thereafter

    • Employee Workstations Automatically Locked
    • Employee Workstations Encrypted
    • Limited Employee Access (Principle of Least Privilege)
    • Personnel Screening
    • Physical Access Control

      Access to Pendo’s office location is monitored by a receptionist during business hours. Doors are locked outside business hours and when a receptionist is not present. Visitors to Pendo’s office location are required to sign in and are provided a temporary identification badge. Physical keys and card access to areas where critical equipment is located is restricted to authorized individuals. Pendo management reviews holders of keys and access cards annually.

  • Business Continuity

    Last updated Fri, Apr 22, 2022
    • Business Continuity Plan

      Pendo maintains a written Business Continuity Plan that documents the organization’s processes for triaging, remediating, and recovering from catastrophic incidents or disasters that may affect critical business processes.

    • Data Backups

      Pendo services are deployed into multiple physically separate zones within Google Cloud Platform (GCP) regions. Data is replicated in near real time across multiple zones. Any zone can fail and the service continue to operate normally.

      In addition, critical settings and customer subscription configurations are backed up on at least a daily basis. Backup system settings are reviewed and monitored on a weekly basis to ensure this is operating effectively.

  • Infrastructure

    Last updated Fri, Apr 22, 2022

    GCP and AWS employ industry-leading security controls and are extensively audited. Both hold multiple certifications, including SOC2 Type II, ISO 27001, PCI, and FedRAMP. For more information about their security practices, see below:

    • Multi-Tenant Architecture

      Data submitted to Pendo and Pendo’s application are processed and stored in a secure, multi-tenant environment. Logical segmentation techniques, such as having separate namespaces for each customer, are used to prevent co-mingling of customer data.

    • ISO 27001 - Data Center
    • SOC 2 Type I - Data Center
    • SOC 2 Type II - Data Center
    • SOC 3 - Data Center
  • Threat Management

    Last updated Fri, Apr 22, 2022
    • Penetration Testing

      On at least an annual basis, Pendo undergoes third-party penetration testing using well established consulting firms. Management addresses all vulnerabilities identified within defined timeframes based on severity level, which is determined using the Common Vulnerability Scoring System (CVSS). A summary of the annual penetration test report can be provided under NDA.

    • Vulnerability Scanning

      On at least a weekly basis, Pendo executes vulnerability scan to detect vulnerabilities in Pendo’s application. Dynamic and Static Application Security Testing (DAST and SAST) tools are used to conduct these scans.

    • Dynamic Application Security Testing (DAST)
    • Static Application Security Testing (SAST)
  • Subprocessors

    Last updated Tue, May 17, 2022

    Refer to this page for the most current list of Pendo's subprocessors, and to subscribe to updates. The list below is current as of May 17, 2022.

    • Name
      Purpose
      Location
      Amazon Web Services
      Content Delivery Network (CDN) and email routing
      Global (CDN), EU and US (email routing)
      Google Cloud
      Hosting provider
      EU or US at customers designation
      Mammoth Growth
      Support Services
      US
      SendGrid
      Email routing
      US
      Zendesk
      Support ticket management
      US