We are excited to announce Trustpage has been acquired by Vanta!

Read the press release →
Company logo


Your product will change the future, but first it must adapt to the present. Drive product adoption, customer loyalty, and team innovation with Pendo.
  • Website
  • Trust Center

  • Compliance

    • CCPA

      Please refer to this page to learn about California Resident Rights.

    • CSA STAR - Level 1

      Pendo is a corporate member of the Cloud Security Alliance (CSA) and is part of CSA's Trusted Cloud Provider program. Pendo maintains a copy of its CSA Consensus Assessment Initiative Questionnaire (CAIQ) in the CSA Star Registry

    • 5 more topics

  • Product Security

    • Audit Logs

      Pendo logs and stores every change, every action and every event, including the deletion of data, for easy auditing and root cause analysis.

    • Multi-Factor Authentication

      Pendo customers can choose to use multi-factor authentication for their access to Pendo's service by either using SAML to integrate with their own identity management system, or by using Google SSO.

      Also note that Pendo employees use multi-factor authentication for access to all systems containing customer and other sensitive data.

    • 3 more topics

  • Data Security

    • Data Encrypted At-Rest

      All data hosted by Pendo is encrypted. Pendo uses industry-accepted encryption products to protect data at rest, with 256-bit AES encryption.

    • Data Encrypted In-Transit

      TLS 1.2/1.3, and HTTPS are used to protect data in transit.

  • Privacy

    • Privacy Policy
    • Data Retention Policy

      By default, we retain Personal Data about you for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

    • 3 more topics

  • Incident Management & Response

    • Data Breach Notification
    • Incident Response Plan (IRP)

      Policies and procedures for operational and incident response management require incidents to be logged and reviewed with appropriate action (e.g. system changes) taken if necessary.

      A formal incident response plan and standard incident reporting form are documented to guide employees in the procedures to report security failures and incidents. The incident response plan enforces a process of resolving and escalating reported events. Its provisions include consideration of needs to inform internal and external users of incidents and advising of corrective actions to be taken on their part as well as a “post mortem” review requirement.

  • Availability & Reliability

    • Auto Scaling

      Pendo is designed for uninterrupted uptime and enterprise scale, processing millions of events per hour and billions per day, with no degradation of performance.

    • Service Monitoring

      Pendo utilizes tools that measure processing queues to verify the timeliness of processing incoming data while monitoring real-time results. Data lost during processing is detected, and automatically creates an alert to the Engineering team. Alerts are addressed by the Engineering team. Upon occurrence of processing errors within Pendo’s application, the change management process is followed with a change ticket initiated and the error investigated and resolved.

    • 1 more topic

  • Organizational Security

    • Confidentiality Agreements
    • Employee Background Checks

      Members of the Pendo workforce that may have access to data that customers submit to Pendo's services (e.g., operations engineers) are background checked as permitted by applicable law and sign confidentiality agreements.

    • 6 more topics

  • Business Continuity

    • Business Continuity Plan

      Pendo maintains a written Business Continuity Plan that documents the organization’s processes for triaging, remediating, and recovering from catastrophic incidents or disasters that may affect critical business processes.

    • Data Backups

      Pendo services are deployed into multiple physically separate zones within Google Cloud Platform (GCP) regions. Data is replicated in near real time across multiple zones. Any zone can fail and the service continue to operate normally.

      In addition, critical settings and customer subscription configurations are backed up on at least a daily basis. Backup system settings are reviewed and monitored on a weekly basis to ensure this is operating effectively.

  • Infrastructure

    • Multi-Tenant Architecture

      Data submitted to Pendo and Pendo’s application are processed and stored in a secure, multi-tenant environment. Logical segmentation techniques, such as having separate namespaces for each customer, are used to prevent co-mingling of customer data.

    • ISO 27001 - Data Center
    • 3 more topics

  • Threat Management

    • Penetration Testing

      On at least an annual basis, Pendo undergoes third-party penetration testing using well established consulting firms. Management addresses all vulnerabilities identified within defined timeframes based on severity level, which is determined using the Common Vulnerability Scoring System (CVSS). A summary of the annual penetration test report can be provided under NDA.

    • Vulnerability Scanning

      On at least a weekly basis, Pendo executes vulnerability scan to detect vulnerabilities in Pendo’s application. Dynamic and Static Application Security Testing (DAST and SAST) tools are used to conduct these scans.

    • 2 more topics

  • Subprocessors

    • Sign up to view Pendo's Subprocessors

Sign up to see the rest of Pendo's posture and unlock unlimited access.

Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.

Sign Up
Join the community:
Copyright © 2023 Trustpage. All rights reserved.
Logos provided in part by Clearbit.