Skip to main content
Gainsight Inc.

How Gainsight PX complies with GDPR and Enterprise grade security

What is GDPR   

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which govern the processing and monitoring of EU data. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.

Gainsight products are GDPR compliant: 

Meeting your GDPR requirements

It’s easy to meet your GDPR requirements

  • Right of access by the data subject: Lead, User and Account data can be exported using CSV or REST API
  • Right to erasure (‘right to be forgotten’): Deletion of user data can be done via REST API or by reaching out to
  • Right to restriction of processing & Right to object: PX supports user-preferences as part of its user model. this allows you to configure tracking and engagement preferences such as do-not-track by the end-user or comply with your application user preferences.

Data Processing Agreements (DPAs): 

Data protection commitments are a key part of GDPR’s requirements. Gainsight's data processing agreement shares the privacy commitments and sets out the terms for Gainsight and our customers to meet GDPR requirements. 

Personally identifiable information

Usage tracking can capture user, account, UI events, in-app engagement, email, and click tracking.

  • User and account attributes are tracked as part of the user identify() SDK call performed by your developers. the minimal data required by PX is a consistent user-id. the recommended user-id should be GUID or hashed id.
  • The IP address which is passed via the HTTP protocol can be disabled through the SDK settings in the UI.
  • PII that might exist in the application URLs can be masked or excluded 


Security is a priority for us. We have regular external audits, pen-tests, and bug bounties. Gainsight is SOC2 Typ II compliant and has the processes in place to ensure the right people have access to the right level of customer data.

Enhanced security configuration and features:

Under Administration > SDK settings

  • Enable IP tracking
  • Disable Page title tracking
  • Was this article helpful?