Pendo is committed to data protection, privacy, and security, and has designed its cloud architecture to enable customers to securely protect their data, maintain privacy and hosting obligations with their own customers, and adhere to local data governance laws. Our infrastructure leverages a globally distributed public cloud architecture that provides built-in reliability, security, and redundancy. Pendo also observes the requirements of the Global Data Protection Regulation (GDPR) in all of its environments.
Pendo's cloud architecture
Pendo uses Google Cloud Platform (GCP) as the underlying platform for storing and processing customer data. GCP is SOC 2, SOC 3, ISO 27001, FISMA, and PCI compliant. Google is committed to fully complying with GDPR regulations. For more information, see Google's article: Google Cloud & the General Data Protection Regulation (GDPR).
For information about security and privacy audits and certifications received by GCP, see the Google Cloud Services compliance site. Pendo periodically obtains and reviews relevant security certifications and reports from Google to verify that their security controls are effective.
Pendo's data-hosting environments
Pendo separates data into several different environments hosted in the following GCP geographic areas:
- United States (US)
- European Union (EU)
- Japan
It's up to you as the customer to decide which environment you want to be hosted in. While the environments are completely independent from each other, in that data isn't replicated between environments, all Pendo environments provide reliability and business continuity offered by a distributed architecture. Within each environment Pendo data is persisted into multiple regions.
US environment
Pendo’s default environment stores data in the United States (US).
In the US environment, Pendo stores data in GCP’s US Multi-Region. As of February 2, 2024, this region includes the following locations: Iowa, South Carolina, Northern Virginia, Columbus, Dallas, Oregon, Los Angeles, Salt Lake City, and Las Vegas.
For the most up-to-date details on specific regions and their locations, see US multi-region code in GCP’s document, Bucket Locations.
EU environment
If you're a customer with business or regulatory requirements to store data in the European Union (EU), Pendo can provide a separately managed environment, hosted entirely within the EU, to comply with applicable data protection regulations or business requirements. This is a separate instance of the Pendo product designed to meet the needs of European customers and regulations. The Pendo EU environment ensures that no personal data is stored outside of the EU.
In the EU environment, Pendo stores data in GCP’s EU multi-region. As of February 2, 2024, this includes the following locations: Warsaw, Finland, Madrid, Belgium, Frankfurt, Netherlands, Milan, and Paris.
For the most up-to-date details on the specific regions and their locations, see EU multi-region code in GCP’s document, Bucket Locations.
Japan environment
If you're a customer with business or regulatory requirements to store data in Japan, Pendo can provide a separately managed environment, hosted entirely within Japan, to comply with applicable data protection regulations or business requirements. This is a separate instance of the Pendo product designed to meet the needs of Japan customers and regulations.
In the Japan environment, Pendo stores data in GCP’s Asia1 dual-region. As of February 2, 2024 this includes the following locations: Tokyo and Osaka.
For the most up-to-date details on the specific regions and their locations, see Asia1 predefined dual-region name code in GCP’s document, Bucket Locations.
Summary of Pendo’s storage environments in GCP
US | EU | Japan |
US Multi-Region | EU Multi-Region | Asia1 Dual-Region |
For details on the specific regions and their locations, see GCP’s document, Bucket Locations.