We at Pendo.io, Inc. (“Pendo,” “we,” “us,” “our”) know that our users (“you,” “your”) care about how your personal information is used and shared, and we take your privacy seriously. This privacy policy (the “Privacy Policy”) describes how Pendo.io, Inc. collects and uses the personal information you provide on our Website and Service. By visiting or using the Website or Service in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent to us collecting, using, and sharing your information in the following ways. Any capitalized terms used, but not defined have the meaning given to them in the Pendo Terms of Service (www.pendo.io/terms-of-service).
USER CONSENT
By submitting or making available Application Data or any information by which you can be identified, including without limitation, your name, address, phone number, location data or other online identifier, (the “Personal Data”) through our Website, Service or related services, you agree to the terms of this Privacy Policy and you expressly consent to the processing of your Application Data and Personal Data in accordance with this Privacy Policy. Your Personal Data may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of Personal Data may be less stringent than the laws in your country.
THIRD PARTY PROVIDERS AND CHILDREN UNDER 13
While the Website may link to third party websites or other third party provided content, this Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. The collection and use of your information by such third parties is governed by their terms of use and privacy policies. We encourage you to learn about the privacy practices of those third parties. We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for the Service. No one under age 13 should provide any Personal Data to us or via the Website or Service.
PRIVACY SHIELD
Pendo complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland. Pendo has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”) and commits to subject all personal data received from the EU or Switzerland to the Principles. If there is any conflict between the terms in this privacy policy and the Principles, the Principles will govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
Pendo remains responsible for any of your Personal Data that is shared under the onward transfer principle with third parties for external processing on our behalf, as described in the “DOES PENDO SHARE MY PERSONAL INFORMATION?” section below.
In compliance with the Principles, Pendo commits to resolve complaints about our collection or use of your personal information. If you are a resident of the European Union or Switzerland with inquiries or complaints regarding your personal data within the scope of Privacy Shield, you should contact Pendo’s Data Protection/Compliance Officer at [email protected]. Under Privacy Shield, organizations must respond to individuals within 45 days of receiving a complaint. Pendo will endeavor to respond to your inquiry promptly.
If we are unable to resolve any complaint related to Privacy Shield or if we fail to acknowledge your complaint in a timely fashion you may refer a complaint to your local data protection authority. Pendo has committed to cooperate with the panel established by the EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU or Switzerland. We will work with them to address complaints and provide appropriate recourse free of charge to you. In certain circumstances, Privacy Shield provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Principles.
Pendo’s Privacy Shield compliance is subject to the investigatory and enforcement powers of the Federal Trade Commission. We may be required to disclose Personal Data that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
WHAT INFORMATION DOES PENDO COLLECT?
We gather various types of Personal Data from our users to personalize and improve the Service, to allow our users to set up a user account and profile, to contact users, to fulfill users’ requests for Service, to analyze how users utilize the Website and as otherwise set forth in this Privacy Policy. We collect the following types of information:
A. Personal Data You Provide to Us: We receive and store any information you provide to us. For example, we collect Personal Data such as your name, email address, and browser information. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. We may anonymize your Personal Data so that you cannot be individually identified and provide that information to our partners.
B. Your customers’ Personal Data: In order to provide you with the Service, if you install certain software code provided by us on your website, we also receive and store any information you choose to provide to us with respect to your customers (“Your Customers”). For more information on how we collect and compile Your Customers’ information, please refer to our Terms of Service (www.pendo.io/terms-of-service).
In order to provide the Service to you, you must provide us with a unique identifier for each of Your Customers. We encourage you to use a unique identifier that does not include Your Customers’ Personal Data; however, your information with respect to the Service will consist of any information, including any of Your Customers’ Personal Data, you choose to provide to us. Pendo does not collect any user-entered form field text in the application.
You should avoid sending any of the following types of sensitive personal information to Pendo on behalf of yourself or Your Customers: government-issued identification numbers; financial information (such as credit or debit card numbers, any related security codes or passwords, or bank account numbers); information related to an individual’s physical or mental health and information related to the provision of health care or payment for health care services. Remember, you are responsible for ensuring you comply with local laws and regulations regarding Your Customers’ Personal Data and other privacy and security obligations, including without limitation, as applicable, maintaining a privacy policy, sending appropriate notices to Your Customers, obtaining any necessary consent and providing opt-out opportunities.
C. Information Collected Automatically: Whenever you interact with our Website, we automatically receive and record “cookie” information on our server logs. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when you visit pages in our Website. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our Website’s features. To learn more about our use of cookies please review our Cookie Policy (www.pendo.io/cookiepolicy). If you click on a link to a third party website, such third party may also transmit cookies to you. This Privacy Policy does not cover the use of cookies by any third parties.
When you visit the Website, whether as a registered Pendo customer or a non-registered user just browsing, our servers automatically record certain information from your browser (“Log Data”). For example, Log Data may include information such as your computer’s internet protocol address, browser type, the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates and other statistics. We use this information to monitor and analyze use of the Website and the Service, for the Website’s technical administration, to increase our Website’s functionality and user-friendliness and to better tailor the Website to our visitors’ needs.
D. E-mail and Other Communications: We may contact you, by email or other means; for example, we may communicate with you about your use of the Website or Service. If you do not want to receive email or other mail from us, please indicate your preference by adjusting the settings on your account screen in the Website. Please note that we will send you legal notices governing your use of the Website and any other legally required notices for as long as you are a user of the Website or Service, even if you elect not to receive other kinds of communications from us.
DOES PENDO SHARE MY PERSONAL INFORMATION?
We share customer information only as described below:
A. Third-Party Service Providers: We provide personal information to a limited number of third-party providers (“Providers”) to process it for us or to perform functions on our behalf, based on our instructions, and pursuant to the Onward Transfer Principle of Privacy Shield. Our Providers perform their services for us in compliance with our Privacy Policy and other appropriate confidentiality and security measures. We enter into contracts with our Providers which limit data processing to processing only for specified purposes and require our Providers to provide the same level of confidentiality protection as Pendo. We may have liability under Privacy Shield if both (i) the provider processes the personal data in a manner inconsistent with Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
B. Third-Party Business Partners: Pendo partners with a variety of businesses and works closely with them to market or sell products or services (“Partners”). We may disclose Personal Data to our Partners for the purposes described above. Some of our Partners may co-sponsor events and other offerings with Pendo. We may share Personal Data you provide to us when you sign up for events or other offering with these Partners so they can send you marketing communications and information that may interest you, as permitted under applicable law. You will be notified, prior to sharing any Personal Data, that the event for which you are signing up is co-sponsored and that our Partner may use the information shared to communicate with you or market to you. At such time, you may elect not to provide your Personal Data to us or to our Partner for such purposes.
C. Blog and Social Media Pages: You may disclose Personal Data through the Pendo website, on message boards, chat, profile pages, blogs and other services to which you are able to post information and materials (including, without limitation, our Pendo Blog, at http://blog.pendo.io, the ProductCraft site at http://www.productcraft.com and the Pendo’s social media pages). This information may appear publicly, such as through search engines or other publicly available platforms and may be “crawled” or searched by third parties. Please do not post any information that you do not want to reveal to the public at large.
D. Legal Reasons: We may share Personal Data outside of Pendo if reasonably necessary to (i) comply with applicable laws, regulations, legal process or enforceable governmental requests; or (ii) protect against harm to the rights, property, or safety of Pendo, our customers, or the public as permitted by law.
E. With Consent: Pendo does not sell your information and will not use customer data for any reason beyond those described in this Privacy Policy without your explicit consent.
WHERE DOES PENDO STORE MY PERSONAL INFORMATION?
Data submitted to Pendo and Pendo’s application are hosted and stored in a secure, multi-tenant environment provided by Google’s Cloud Platform. Data is stored for each customer using separate Google AppEngine namespaces and a variety of techniques for logical separation to ensure that no data is co-mingled. The Google physical architecture that hosts Pendo is located in the United States. By submitting information, you agree to its transfer, storage or processing in the United States. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.
IS THE PERSONAL INFORMATION SECURE?
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but we cannot guarantee complete security. The transmission of information via the internet is not completely secure. Unauthorized entry or use, hardware or software failure and other factors may compromise the security of user information at any time.
All data hosted by Pendo is encrypted. Pendo uses industry-accepted encryption products to protect data at rest, with 256 bit AES encryption. All data transfers within the data center are secured by SSL. If the Service is accessed via SSL, then all of the customer data Pendo collects is transmitted over SSL.
HOW DOES PENDO USE MY PERSONAL INFORMATION?
We use your data and, if applicable, Your Customers’ data to provide you Service. We may also use your data for our own purposes related to the performance and maintenance of the Service and our documentation, for marketing for purposes and to otherwise communicate with you including, without limitation, for the following:
-
To respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters, as well as information and materials regarding our products and services.
-
To send administrative information to you, for example, information regarding the services and changes to our terms, conditions and policies.
-
To provide you with customer service, which may include, pursuant to your specific request, use of Your Customer data in a de-aggregated, identifiable form.
-
To send you marketing communications, including via email, mobile and in-application messages and SMS in compliance with applicable laws that we believe may interest you.
-
To personalize your experience of the Service and our marketing websites by presenting products and offers tailored to you.
- For our business purposes, such as data analysis; audits; fraud monitoring and prevention; developing new products; enhancing, improving or modifying our Website and Service; identifying usage trends; determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
Such use may include subscriber data used in testing, but we will mask or replace all confidential or private data before loading to a test environment. Any use of unmasked subscriber data in testing must be appropriately authorized in writing by the customer.
We do not use Your Customer data in a de-aggregated or identifiable form, except with your consent to provide you customer service. We do not use data that identifies a customer for marketing or advertising without explicit consent.
HOW CAN I ACCESS, CORRECT, AMEND OR REMOVE INFORMATION ABOUT ME?
Through your account settings, you may access and, in some cases, edit or delete the following information you’ve provided to us:
- name and password
- email address
- company name
- location or time zone
The information you can view, update and delete may change as the Website changes. If you would like to access, correct, amend, remove or limit the use or disclosure of any of your Personal Data that has been collected and stored by Pendo, including without limitation, pursuant to Privacy Shield, please notify us at [email protected] so that we may consider and respond to your request. We will respond to your request within 10 days. Please be aware that because Pendo has limited ability to identify Your Customers’ individually, we will refer any requests from Your Customers to you and support you as needed in responding to Your Customer’s request.
Testimonials: We post customer testimonials, comments and reviews on our Website that may contain Personal Data. We obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your personal information from testimonials or comments please contact us at [email protected].
HOW LONG DOES PENDO KEEP MY DATA?
We will retain your information in the Pendo application for up to seven years or as long as your account is active or is needed to provide you the Service in accordance with Pendo’s Terms of Service. You may request deletion of your account by contacting us at [email protected]. Please note that some information may remain in our private business records after deletion of such information from your account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
If a request to delete Your Customer’s Personal Data is received by Pendo directly from a data subject, we will log the request for tracking, but will not confirm the request until you approve it.
For non-registered visitors to our website, we will retain your information for up to three years after your last contact with Pendo. You may request deletion of your Personal Data, as described in “HOW CAN I ACCESS, CORRECT, AMEND OR REMOVE INFORMATION ABOUT ME?” above.
WHAT CHOICES DO I HAVE?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features. You may be able to add, update or delete information by contacting us at [email protected]. When you update any information we may maintain a copy of the unrevised information in our records.
Our Website offers publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at [email protected]. In some cases, there may be legal or business record reasons, including maintenance of internal customer service records, that we may not remove your Personal Data, in which case we will notify you.
Neither the Website, nor the Service respond to do not track signals.
CHANGES TO THIS PRIVACY POLICY
We may amend this Privacy Policy from time to time. Use of information we collect is subject to the Privacy Policy in effect at the time such information is used. If we make material changes to this Privacy Policy or changes in the way we use Personal Data, we will post an announcement on our Website. You are bound by any changes to the Privacy Policy when you use the Website after such changes have been first posted.
QUESTIONS OR CONCERNS
If you have any questions or concerns regarding our privacy policies, please send us a detailed message at [email protected]. We will make every effort to resolve your concerns.
150 Fayetteville St.
Raleigh, NC 27601
United States of America
Effective: April 5, 2018