Data privacy and security have always been top priorities for Palo Alto Software. As we have built our small business software tools, maintaining user privacy has always been a key part of our product development, marketing, and company culture.
As you’ve probably heard, in 2018 the EU enacted the General Data Protection Regulation (GDPR). This new regulation gives EU citizens additional rights and protections to ensure that their personal data is protected, secure, and theirs to control.
We believe that the regulations that come with the GDPR are a good thing. The more that end-users have control over their own data, the better off both businesses and users will be. GDPR also gives us an opportunity to re-evaluate and strengthen our commitment to user privacy and security.
How we’re complying with GDPR
Palo Alto Software makes several subscription software products and also manages several web sites. Our GDPR activities cover all of our products, including LivePlan and Outpost.We are also ensuring that any data we collect through our websites is secure, private, and that users have complete control over it. This includes sites such as Bplans, Mplans, PaloAlto.com, and other sites that we own and operate.
In accordance with the EU GDPR regulations of 2018, we have updated the following policies, completed data and security audits, and made the required changes to our products.
- Terms of Service: All of our products will have an updated Terms of Service which will include a new Data Processing Agreement (DPA) with Model Clauses, as well as a list of the service providers (sub-processors) that we use to help us deliver our products and services to you.
Data and Security Audits:
- Comprehensive Data Audit: We’ve completed an audit of the data we collect from our users, how we use it, and how we store it to ensure that all data is collected securely, only used for the purposes that users have allowed us to use it, and that we purge data we are no longer using.
- Security Audit: We have set up regular security scans to automatically scan all of our websites and products to ensure that they are safe and secure. In addition, we have reviewed annual penetration tests to ensure that all vulnerabilities are closed and have planned additional, ongoing penetration tests to ensure that our products continue to be secure. We are PCI compliant and all of our vendors also follow secure practices.
- Employee Training: We have completed GDPR training with all employees and will continue to do regular training for security and privacy, as well as require all new employees to go through the same training.
- Data Access, Portability, and Deletion: We’ve ensured that we can access, modify, and delete all personal data should you request your data.
- Data Security: We’ve audited our products to ensure that all data is collected and stored securely.
Palo Alto Software is committed to your privacy and security. We can promise that we will never, ever, sell or rent your personal information to anyone. We want you to know that you can trust us with your small business information and be confident that you can grow your business using our products. We actually use our own products to run our business, so it’s just as critical to us as it is to you that our products are safe and secure.
If you have any questions, please feel free to contact us.