As an extension of your product, we believe that performance and security must be central to everything we do. As product people, we wouldn't want to add anything to our product that erodes these core tenets. This is why we have continuously focused on ensuring that our solution doesn't impact the integrity of your data, your users, or your application.
Data submitted to Pendo, and Pendo’s application are hosted and stored in a secure, multi-tenant environment provided by Google’s Cloud Platform. Data is stored for each customer using separate Google AppEngine namespaces, and a variety of techniques for logical separation, to ensure that no data is co-mingled. Currently, the Google physical architecture that hosts Pendo is located in the United States.
All data hosted by Pendo is encrypted. Pendo uses industry-accepted encryption products to protect data at rest, with 256 bit AES encryption. All data transfers within the data center are secured by SSL. All of the Customer Data collected by Pendo is transmitted over SSL if the customer application is accessed via SSL.
The only identifying information that Pendo requires is a unique user ID for your end users. All other information is optional (but will provide for richer analysis and segmentation). Pendo does not collect any user-entered form field text in your application. You should avoid sending any of the following types of sensitive personal information to Pendo: government-issued identification numbers; specific financial information (such as credit or debit card numbers, any related security codes or passwords, and bank account numbers); information related to an individual’s physical or mental health; and information related to the provision or payment of health care.
Pendo retains all customer data as long as you are an active subscriber. All data will be removed from Pendo starting 90 days after a subscription is cancelled. Pendo customers can request that specific records in their data be removed based on the request of an individual who is the subject of that data. Specific record removal may incur additional charges depending on your plan level.
You are in control of and responsible for user authentication. Access to Pendo requires an email address and password combination. We encourage you to use strong passwords. Alternatively, depending on your plan level, you can choose SAML for single sign-on or Google-based logins. Administrators can disable password-based logins, and require authentication through Google. Authentication through Google supports two factor authentication, as do many SAML implementations.
Pendo has completed a SOC 2 Type 1 audit that included all five Trust Services Principles: Security, Confidentiality, Processing, Integrity, Availability, and Privacy with no exceptions in related controls. In addition, Google AppEngine is SOC 2, SOC 3, ISO 27001, FISMA, and PCI compliant.
Pendo undergoes third-party penetration testing on an annual basis.
Pendo is designed to minimize the impact on your application. The client-side agent is only about 50 Kb and loads asynchronously. Data transmissions are queued and sent to the server every 2 minutes. Data is compressed before sending so that each transmission is less than 2 Kb.
Guides load with the Pendo agent. They will not be displayed until the current page is finished loading. The typical response time for guides is sub-second with guides almost always delivered in less than half a second.
Download our engineering guide for best practices on deploying, configuring, and managing Pendo within your application for maximum performance and security.Download Now