Overview
Pendo’s solutions function by collecting user activity within a customer’s software application. This data is used to analyze user behavior, capture feedback, and guide users within the application.
Privacy and security are fundamental components of Pendo’s software and services. Pendo provides a robust security and privacy program that carefully considers data protection across all services.
Pendo has historically been installed by our customer inserting a JavaScript snippet into the web applications they developed. The release of the Pendo Launcher, a browser Extension, allows a customer to install Pendo into third party applications they are running, allowing them to understand the usage of those applications and train users on them via in-app messaging.
This documents provides information on security items related to the implementation and use of the Pendo Launcher (“the Extension”). The goals are two-fold:
-
Answer the question “what has Pendo done to ensure the Extension is secure and can’t be compromised?”
-
Provide security-related information about the Extension that may differ or be additional things to consider compared to the snippet installation.
Installation
Refer to the follow links for instructions on how to deploy the Extension using various methods:
Just as with the snippet installation, a key thing to consider with the Extension installation is what metadata fields should be configured and if the resulting values sent to Pendo would contain any Personally Identifiable Information (PII) or other confidential information. Pendo has excellent controls in place to safeguard all data we receive, but the decision of what metadata to send is entirely up to the customer.
Security of the Extension
Security and scale are foremost principles in the design and deployment of all Pendo products.
Recall that with the normal snippet installation when the snippet runs it then loads the Pendo agent from our Content Delivery Network (CDN) provided by Amazon Web Services (AWS) CloudFront. In order to mitigate the possibility of interception, customers who are concerned about this remote possibility can host the agent themselves.
In contrast, the agent is bundled as part of the Extension. The Extension is then privately published through the Chrome and Edge web stores. Internal to Pendo, development and change management of the Extension follow a strict and secure process, in line with our security certifications. Furthermore, as it is privately published on the Chrome and Edge web stores, the Extension is fully compliant with the respective vendors’ privacy and security policies.
Man in the middle attacks and cross-site scripting are avoided as the Extensions need to be installed directly from the respective browsers’ web stores, and attackers do not have access to the Extension code.
Data Security
Beyond ensuring the Extension itself is secure, data security is critical important to Pendo. This paper does not cover everything we do, but here we call out a couple things specific to the Extension that differs from the default behavior of Pendo when installing via the snippet.
-
Code Blocks cannot be turned on:
-
Pendo provides a robust User Interface(UI) for our customers to quickly build impactful guides without the needs for any coding.
-
While a robust array of building blocks, configuration and styling is available, some customers want the ability to write specific code (HTML/CSS/JavaScript). This functionality is provided via Code Blocks.
-
As Code Blocks provide the ability to write code that will execute in a user’s browser, they could be used maliciously so they are not allowed with the Extension.
-
-
Text capture disabled by default:
-
When Pendo is installed in a web application, whether via the snippet or the Extension, when a user clicks on an element we collect standard attributes associated with it.
-
The attributes gathered are largely innocuous, but the text inside an element has a chance to contain PII.
-
We thus turn off the collection of text attributes by default, but it can be turned on if the customer requires it.
-
Other Considerations
Encryption:
-
Data in Transit – is encrypted via Transport Layer Security (TLS) 1.2/1.3 if the application into which Pendo is installed uses HTTPS.
-
Data at Rest – is encrypted using AES-256.
Global Data Protection Regulation:
-
By default Pendo captures the IP address and geolocation information for the browser sending the page and event data.
-
As part of our commitment to the Global Data Protection Regulation (GDPR) this can be disabled.
Pendo has a SOC 2 Type 2 audit completed every year, covering all five Trust Service Principles. Additional information on our Data Privacy and Security can be found here.