Data privacy and security have always been top priorities for Palo Alto Software. As we've built our software, maintaining user privacy has always been a key part of our product development, marketing, and company culture.
In 2018, the European Union enacted the General Data Protection Regulation (GDPR). This new regulation gives EU citizens additional rights and protections to ensure that their personal data is protected, secure, and theirs to control.
We believe that the regulations that come with the GDPR are a good thing. The more that end-users have control over their own data, the better off both businesses and users will be. GDPR also gives us an opportunity to re-evaluate and strengthen our commitment to user privacy and security. And, we've made sure that we are GDPR compliant.
How we comply with GDPR
Palo Alto Software makes several subscription software products and also manages several web sites. Our GDPR activities will cover all of our products, including LivePlan and Outpost. We are also ensuring that any data we collect through our websites is secure, private, and that users have complete control over it. This includes sites such as Bplans, Mplans, PaloAlto.com, and other sites that we own and operate.
In accordance with the EU GDPR regulations of 2018, we updated our policies, completed data and security audits, and made the required changes to our products.
- Terms of Service: Each of our products now has an updated Terms of Service, which includes the new Data Processing Agreement (DPA) with Model Clauses, as well as a list of the service providers (sub-processors) that we use to help us deliver our products and services to you.
Data and Security Audits:
- Comprehensive Data Audit: We’ve completed an audit of the data we collect from our users. This audit examined how we use this data, and how we store it to ensure that all data is collected securely. The audit also verified that data is only used for the purposes that users have allowed us to use it. We also purge data we are no longer using.
- Security Audit: We've set up regular automatic security scans on all of our websites and products to ensure that they're safe and secure. In addition, we have reviewed annual penetration tests to ensure that all vulnerabilities are closed. We have also planned additional ongoing penetration tests to ensure that our products continue to be secure. We are PCI compliant and all of our vendors also follow secure practices.
- Employee Training: We have completed GDPR training with all current employees and will continue to do regular training for security and privacy. All new employees will undergo the same training.
- Data Access, Portability, and Deletion: We ensure that we can access, modify, and delete all personal data should you request it.
- Data Security: We audit our products to ensure that all data is collected and stored securely.
Palo Alto Software is committed to your privacy and security. We can promise that we will never, ever, sell or rent your personal information to anyone. We want you to know that you can trust us with your small business information, and be confident that you can grow your business using our products. We actually use our own products to run our business, so it’s just as critical to us as it is to you that our products are safe and secure.
If you have any questions, please feel free to contact us.