At Pendo, performance, security, and data privacy are first-order considerations, around which we design our products and policies as an organization. We understand that artificial intelligence (AI) is a new and unfamiliar technology, and that you, a Pendo customer, might have questions about our 2023 launch of AI-powered products and features.
This article provides information about our security and privacy practices related to AI. As our practices evolve, we will strive to continue to provide you with such transparency.
AI technologies used in Pendo
Pendo has both developed its own AI technology and uses third-party service providers like OpenAI and Google Cloud Platform (GCP). In developing our own AI technology, we partnered with a small group of customers on a voluntary basis, each of whom we ensured met our security and privacy standards and our data processing terms. Pendo’s use of third-party service providers like OpenAI and GCP is without submitting any of our own or our customers’ data to such providers’ model training and development.
When we refer to Pendo AI, we’re referring to our internal Machine Learning (ML) systems, which train one model for each application belonging to each customer. This means that we don’t comingle customer data. For more information, see Model training in this article.
Pendo AI is different from internal AI code, which doesn’t use any models. Our internal AI code is rule-based artificial intelligence, which relies on simple statistics that result in the same outputs given the same inputs.
The following table lists the AI technology providers used for each Pendo AI-powered feature.
Product Area | Pendo Feature | AI technology |
Guides | AI guide creation | Google Generative AI |
Guide writing assistant | Google Generative AI | |
AI localization | Google Generative AI | |
NPS insights | Theme suggestions | Pendo AI |
Theme names | Google Generative AI | |
Theme summaries | Google Generative AI | |
Email summaries | Google Generative AI | |
Analytics | Workflow suggestions | Internal AI code; no models used |
Behavioral insights | Internal AI code; no models used | |
Listen | Feedback summaries |
|
Suggested ideas |
Google Generative AI |
|
Session Replay | Suggested replays | Internal AI code; no models used |
Platform | Tag assist | Internal AI code; no models used |
Ask Pendo | Google Generative AI |
Model training
To serve you, our customers, we train models using your product usage data. Typically, we train one model for each customer. In some cases, we train one model for each product feature for each customer. This is to surface insights about your visitors’ usage of your applications.
We don’t train models that run across all of our customers’ data.
If you prefer that your Pendo experience doesn’t rely on such models, admin users in Pendo can opt out in Settings > Subscription settings. For more information, see AI features in the Subscription settings article.
Pendo is neither developing, nor training, any large language models (LLM) or generative AI. While Pendo, as a product analytics platform, does collect a large amount of event and usage data, we don’t commingle any two customers’ data.
This means that, where there's any model training, all training data is scoped and trained separately for each customer. This applies to both the initial model and subsequent models. This is how Pendo is able to give you specific, relevant, and rich insights, and how we remain principled as a company. For more information about our principles, see Pendo's AI principles.
Privacy and security of AI systems
Pendo has Data Processing Agreements with each of our subprocessors, including those providing us with AI systems. By contract and by law, these subprocessors must maintain regulated standards for privacy and security, with enforcement on a commercial and legal basis available in the case of any neglect. For example, OpenAI has publicly committed that it won't use any information provided through their API to train its AI model unless the customer opts in to it. Pendo hasn't and won't opt in.
OpenAI and Google Cloud Platform only process your customers’ or end-users’ voluntarily generated content. This includes their feedback, questions, comments, and other textual communications made directly to you. Pendo’s proprietary models process your company’s event and usage data to contextualize and better serve you the outputs of such processing.
Pendo doesn’t own or operate an “AI engine” and so no data is being shared with it.
Google Cloud Platform (GCP)
Pendo is a cloud-based company and primarily runs on Google Cloud Platform (GCP). Pendo’s engineering team has helped to closely test many of GCP’s new technologies. After GCP tested and made their LLMs generally available to any of their cloud customers, Pendo’s security and privacy teams determined that the visibility we had into their product development was in accordance with preexisting, thorough, and regular due diligence of this long-time service provider. As such, Pendo decided that Google Cloud Platform’s LLMs could run by default on Pendo’s platform.
Our first-generation ChatBot tool, "Ask Pendo", is using Google’s DialogFlow (formerly, InfoBot) solely on Pendo’s own knowledge base. We didn't use customer data in training this chatbot.
OpenAI
While we at Pendo are excited to offer you our OpenAI-powered products, we understand that each of our customers has a different risk profile, tolerance, and determination around LLMs. Because OpenAI is currently under active investigation by a number of regulators, some of whom we believe our customers would find materially important, we give you the opportunity to use Pendo’s OpenAI-powered products only as best aligns with how you do business. As such, we provide you with a clear, conspicuous, and explicit opportunity to opt in to our OpenAI-powered products, and it’s entirely your choice whether you do so.
For more information, see opting in and out of AI-powered features in this article.
Opting in and out of AI-powered features
You can choose if and when you want to make use of Pendo’s AI-powered features. Admin users in Pendo can opt in and out of specific AI-powered features in Settings > Subscription settings. Here, you can see which AI technology you’re using and which third-party provider (if any) is providing this technology. For more information about these settings, see AI features in the Subscription settings article.
Pendo made the decision that products powered by Pendo’s own AI technology and Google's AI technology, which includes their LLM, are on by default. This decision was made after Pendo’s extensive security and privacy review, which concluded that these technologies could launch in accordance with our existing data practices.
Because OpenAI, however, is under active investigation by a number of regulators, especially those in the EU, we made the careful decision that, notwithstanding the opportunity to opt out given in the subprocessor notification, OpenAI would remain off by default. We further acted with caution with customers who have healthcare businesses (which are thus subject to the HIPAA Business Associate Agreement, BAA), and whose data is hosted in the EU or Japan. Where OpenAI features are available to you as part of your Pendo experience, you can opt in under AI features in Settings > Subscription settings. For more information, see Subscription settings.
The following table summarizes the models that are on and off by default for different groups of customers.
Pendo customer segment | Model | Default settings |
Customers who aren’t hosted in the EU and who haven’t executed a BAA with Pendo | Google Generative AI | On |
Customers who aren’t hosted in the EU and who haven’t executed a BAA with Pendo | OpenAI | Off, with opt-in available |
Customers who aren’t hosted in the EU and who haven’t executed a BAA with Pendo | Pendo AI | Off, with opt-in available |
Customers with BAA (healthcare) | Google Generative AI | On |
Customers with BAA (healthcare) | OpenAI | Off and can’t be turned on |
Customers with BAA (healthcare) | Pendo AI | Off, with opt-in available |
Customers in the EU or Japanese data environments | Google Generative AI | Off, with opt-in available |
Customers in the EU or Japanese data environments | OpenAI | Off and can’t be turned on |
Customers in the EU or Japanese data environments | Pendo AI | Off and can’t be turned on |
The only AI features enabled for customers hosted in our Japanese data environment are those that don’t require training. These are labeled as “internal AI code” in the AI technologies used in Pendo section of this article.
Data security and privacy
Through maintenance of a comprehensive privacy program, which includes yearly training, consistent reviews with impact assessments conducted as prudent, and ongoing auditing by both our customers and reputable third-party organizations, Pendo ensures compliance with evolving privacy and security laws and standards. In specific reference to our AI-powered features, for example, any calls made to our third-party service providers in relation to providing Pendo’s AI-powered features are routed through a common internal application programming interface to ensure that we can enforce appropriate security and privacy checks for each call.
Pendo also maintains GDPR compliance across all customers with additional protections afforded based on applicable privacy laws. Additionally, Pendo has self-regulated limitations on where some AI services can be used based on country-specific and industry-specific recommendations.
Data storage and processing
Your data remains in your existing chosen cloud environment.
To maintain privacy and security, your data is segmented and stored separately from other customers’ data. We use logical separation techniques, enforced through unique namespaces for each customer, to ensure that our customers’ data isn't commingled. For more information, see Data collection and compliance.
Your data and models only exist in your own dedicated cloud container, ensuring its isolation from any other Pendo customer’s data. This is kept secure by Pendo’s Information Security program and GCP’s safeguards and mechanisms. This means that your data and your associated PendoAI models remain separate from any other Pendo customer’s data. For each customer, we train a unique model or set of models using their own data. For more information, see Model training in this article.
Data recall
If you change your mind about opting in to AI-powered features in Pendo, you can’t recall any data that's already been processed by any of the LLMs. It’s technically impossible in the current field and study of machine learning to recall the inputs to (data that's been sent to and is received by) LLMs.
As such, Pendo can't retrieve the inputs that are entered into any LLM. However, Pendo does maintain GDPR compliance and is committed to trust and safety. You can delete all the AI models that exist in your cloud container (whether GCP, OpenAI, or Pendo AI). For more information about how to do this, see our Privacy Policy.