How Gainsight PX complies with GDPR and Enterprise grade security
What is GDPR
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which govern the processing and monitoring of EU data. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
Gainsight products are GDPR compliant:
https://www.gainsight.com/policy/gdpr/
https://support.gainsight.com/PX/Security/Policies/SOC-2_Type_II_Compliant
Meeting your GDPR requirements
It’s easy to meet your GDPR requirements
- Right of access by the data subject: Lead, User and Account data can be exported using CSV or REST API
- Right to erasure (‘right to be forgotten’): Deletion of user data can be done via REST API or by reaching out to privacy@gainsight.com
- Right to restriction of processing & Right to object: PX supports user-preferences as part of its user model. this allows you to configure tracking and engagement preferences such as do-not-track by the end-user or comply with your application user preferences.
Data Processing Agreements (DPAs):
Data protection commitments are a key part of GDPR’s requirements. Gainsight's data processing agreement shares the privacy commitments and sets out the terms for Gainsight and our customers to meet GDPR requirements.
Personally identifiable information
Usage tracking can capture user, account, UI events, in-app engagement, email, and click tracking.
- User and account attributes are tracked as part of the user identify() SDK call performed by your developers. the minimal data required by PX is a consistent user-id. the recommended user-id should be GUID or hashed id.
- The IP address which is passed via the HTTP protocol can be disabled through the SDK settings in the UI.
- PII that might exist in the application URLs can be masked or excluded
Security
Security is a priority for us. We have regular external audits, pen-tests, and bug bounties. Gainsight is SOC2 Typ II compliant and has the processes in place to ensure the right people have access to the right level of customer data.
Enhanced security configuration and features:
Recommended
- Apply role-based access control
- Using PX with Content Security Policy (CSP)
- Enable Slack integration to be notified in real-time for any in-app engagement updates
- JavaScript is blocked by PX engagement-editor and serving layer by default. Please reach out to your client outcome manager for more info
- Disable 'remember me' option in the PX login page. Please reach out to your client outcome manager for more info
Under Administration > SDK settings
- Enable IP tracking
- Disable Page title tracking
Enterprise
- Enable Single-sign-on, SAML 2.0
- Preventing impersonating other tracked users using HMAC
- Hosting and serving PX web SDK
- Setup a proxy for controlling tracked data
Gainsight's security team is happy to address any concerns or questions you might have via security@gainsight.com