Contact Us


Pendo Help CenterInstallationSecurity and privacy

Security and privacy


Security and privacy questions are often top of mind anytime information is shared with a third party. User data and other identifying information can be highly sensitive. Pendo hosts your application data in a secure multi-tenant environment, and is designed to give you full privacy control with your user data. To work effectively, the only critical information that Pendo needs is a unique identifier for each user in your application. This does not have to include any personally identifiable information for the user or the account, merely a unique identification. As noted earlier, most Pendo users do end up passing additional information such as an email or account name which makes tracking easier, along with other demographic information to help build out segments, but this is not required.

The Pendo platform does not collect any user-entered text or information within form fields in your application. By default the names of fields, buttons, and other elements within the page are captured with the application data which makes for easier tracking, but no user-supplied information is included.

note: While it is possible to disable all text capture within the API, this can potentially limit the use of historical data for Feature tagging.

Pendo’s application and data are hosted and stored in Google’s AppEngine where they share the same infrastructure as Google’s primary services. The AppEngine allows Pendo to operate in a robust, fully multi-tenant infrastructure with the same reliability, performance, and security characteristics as Google’s own offerings. Google AppEngine is SOC 2, SOC 3, ISO 27001, FISMA, and PCI compliant, and Google completes multiple independent security audits annually.

All of the application data collected by Pendo is transmitted over SSL, encrypted, and stored for each customer using separate AppEngine namespaces to ensure that no data is co-mingled. By default, access to Pendo Services requires an email address and password combination. Users may alternatively request Pendo disable password-based logins and require authentication via either (a) SAML based authentication (e.g., Okta, Azure AD, Duo), or (b) Google-based logins or if their Google email and Pendo login addresses match. Both (a) and (b) support two factor authentication via the chosen identify provider.

Pendo conducts independent 3rd-party security audits annually as well, and has passed stringent internal security audits from all companies when asked. On request, we can also provide the results of our audit.

What Data Does Pendo Collect?


We allow our customers to pass us metadata for each visitor and account. Once these attributes are passed, they can be used to create segments for guide targeting, as well as general analysis. Common attributes customers can pass include: User Role, Price Plan, E-mail Address, Account Creation Date, etc. It is important to note that these fields will reflect the most recent attribute passed to Pendo. For example, if a user’s role changes, it will reflect their most recent role passed to Pendo. More information on metadata.

Page Views

Pendo tracks page view events from end users. Upon pageview, Pendo will collect the URL of the page, some browser information (such as language and browser version), and the title of the page.

Click and Focus Events

More information on what HTML attributes Pendo tracks within click and focus events can be found here.

note: Click and Focus events are not collected for Pendo Vox customers.

Performance Impact

Pendo’s Javascript files are hosted and served on Amazon’s Cloudfront CDN utilizing state-of-the-art edge caching. The javascript file is minified to only 54K bytes and loads asynchronously. Data is securely transmitted via SSL from each user’s browser to our server every two minutes and when a page is ‘unloaded.’ Data is compressed prior to sending and each transmission is less than 2K bytes.

The JavaScript code is hosted and deployed in Amazon’s Cloudfront Content Distribution Network (CDN), with an extremely broad network of servers and edge caching to ensure rapid loading times. Amazon service level agreements guarantee 99.9% uptime for the agent delivery.

Guides load with the Pendo agent. They will not be displayed until the current page is finished loading. The typical response time for guides is sub-second with 99% of guides delivered in less than half a second.

Content Security Policy (CSP)

If you or your users are running into an issue with your Content Security Policy (CSP), you may need to make an adjustment to allow our product. More information on CSP here.

© 2019 Pendo  |  Terms of Service  |  Privacy Policy