Pendo is committed to data protection, privacy, and security, and has designed its cloud architecture to enable customers to securely protect their data, maintain privacy and hosting obligations with their own customers, and adhere to local data governance laws. Our infrastructure leverages a globally distributed public cloud architecture that provides built-in reliability, security, and redundancy. Pendo also observes the requirements of the Global Data Protection Regulation (GDPR) in all of its environments.
Pendo's cloud architecture
Pendo uses Google Cloud Platform (GCP) as the underlying platform for storing and processing customer data. GCP is SOC 2, SOC 3, ISO 27001, FISMA, and PCI compliant. Google is committed to fully complying with GDPR regulations. For more information, see Google's article: Google Cloud & the General Data Protection Regulation (GDPR).
For information about security and privacy audits and certifications received by GCP, see the Google Cloud Services compliance site. Pendo periodically obtains and reviews relevant security certifications and reports from Google to verify that their security controls are effective.
Pendo's data-hosting environments
Pendo separates data into several different environments hosted in the following GCP geographic areas:
- United States (US)
- European Union (EU)
- Japan
- Australia
It's up to you as the customer to decide which environment you want to be hosted in. While the environments are completely independent from each other, in that data isn't replicated between environments, all Pendo environments provide reliability and business continuity offered by a distributed architecture. Within each environment Pendo data is persisted into multiple regions.
US environment
Pendo’s default environment stores data in the United States (US).
In the US environment, Pendo stores data in GCP’s US Multi-Region. As of April 10, 2025, this region includes the following locations: Iowa, South Carolina, Northern Virginia, Columbus, Dallas, Oregon, Los Angeles, Salt Lake City, and Las Vegas.
For the most up-to-date details on specific regions and their locations, see the US multi-region location code in GCP’s document, Bucket Locations.
EU environment
If you're a customer with business or regulatory requirements to store data in the European Union (EU), Pendo can provide a separately managed environment, hosted entirely within the EU, to comply with applicable data protection regulations or business requirements. This is a separate instance of the Pendo product designed to meet the needs of European customers and regulations. The Pendo EU environment ensures that no personal data is stored outside of the EU.
In the EU environment, Pendo stores data in GCP’s EU multi-region. As of April 10, 2025, this includes the following locations: Warsaw, Finland, Madrid, Belgium, Frankfurt, Netherlands, Milan, Paris, Berlin, and Turin.
For the most up-to-date details on the specific regions and their locations, see the EU multi-region location code in GCP’s document, Bucket Locations.
Japan environment
If you're a customer with business or regulatory requirements to store data in Japan, Pendo can provide a separately managed environment, hosted entirely within Japan, to comply with applicable data protection regulations or business requirements. This is a separate instance of the Pendo product designed to meet the needs of Japan customers and regulations.
In the Japan environment, Pendo stores data in GCP’s ASIA1 dual-region. As of April 10, 2025, this includes the following locations: Tokyo and Osaka.
For the most up-to-date details on the specific regions and their locations, see the ASIA1 predefined dual-region location code in GCP’s document, Bucket Locations.
Australia environment
If you're a customer with business or regulatory requirements to store data in Australia, Pendo can provide a separately managed environment, hosted entirely within Australia, to comply with applicable data protection regulations or business requirements. This is a separate instance of the Pendo product designed to meet the needs of Australia customers and regulations.
In the Australia environment, Pendo stores data in a GCP dual-region comprised of AUSTRALIA-SOUTHEAST1 and AUSTRALIA-SOUTHEAST2. As of April 10, 2025, this includes the following locations: Sydney and Melbourne.
For the most up-to-date details on the specific regions and their locations, see the AUSTRALIA-SOUTHEAST1 and AUSTRALIA-SOUTHEAST2 location codes in GCP’s document, Bucket Locations.
Summary of Pendo’s storage environments in GCP
| US | EU | Japan | Australia |
| Multi-Region: US | Multi-Region: EU | Predefined Dual-Region: ASIA1 | Dual-Region: AUSTRALIA-SOUTHEAST1 and AUSTRALIA-SOUTHEAST2. |
For details on the specific regions and their locations, see GCP’s document, Bucket Locations.