Palo Alto Software’s GDPR Compliance

Data privacy and security have always been top priorities for Palo Alto Software. As we have built our small business software tools, maintaining user privacy has always been critical to our product development, marketing, and company culture.

As you’ve probably heard, the EU enacted the General Data Protection Regulation (GDPR) in 2018. This regulation gives EU and UK citizens additional rights and protections to ensure their personal data is protected, secure, and theirs to control.

We believe that the regulations that come with the GDPR are a good thing. The more end-users have control over their data, the better off both businesses and users will be. GDPR also gives us an opportunity to re-evaluate and strengthen our commitment to user privacy and security. 

How we’re complying with GDPR

Palo Alto Software makes LivePlan and also manages several web sites. Our GDPR activities cover all of our products. We are also ensuring that any data we collect through our websites is secure and private and that users have complete control over it. This includes sites such as Bplans, PaloAlto.com, and others we own and operate.

In accordance with GDPR, we have updated the following policies, completed data and security audits, and made the required changes to our products.

Policy Updates:

  • Terms of Service: All of our products have updated Terms of Service, which include a Data Processing Agreement (DPA) with Model Clauses and a list of the service providers (sub-processors) that we use to help us deliver our products and services to you.
  • Privacy Policy: Our Privacy Policy has been updated to explicitly explain how we use your personal data and how you can control it.
  • Cookie Policy: We’ve created a cookie policy that explains how we use cookies. If you’re in the EU or UK, you’ll also be presented with a banner on our websites allowing you to opt in or out of cookie usage.
  • EU-U.S. and Swiss-US Data Privacy Framework Principles: We have completed our EU-U.S. and Swiss-US Data Privacy Framework Principles certification for international data transfers. Our privacy policy provides more details.

Data and Security Audits:

  • Comprehensive Data Audit: We’ve completed an audit of the data we collect from our users, how we use it, and how we store it to ensure that all data is collected securely and only used for the purposes that users have allowed us to use it and that we purge data we are no longer using.
  • Security Audit: We have set up regular security scans to automatically scan all our websites and products to ensure they are safe and secure. In addition, we have reviewed annual penetration tests to ensure that all vulnerabilities are closed and have planned additional, ongoing penetration tests to ensure that our products remain secure. We are PCI-compliant, and all of our vendors follow secure practices.
  • Employee Training: We have completed GDPR training with all employees and will continue to provide regular security and privacy training. We also require all new employees to undergo the same training.

Product Updates:

  • Data Access, Portability, and Deletion: We’ve ensured we can access, modify, and delete all personal data should you request your data.
  • Data Security: We’ve audited our products to ensure that all data is collected and stored securely.

Palo Alto Software is committed to your privacy and security. We promise never to sell or rent your personal information to anyone, ever. We want you to know that you can trust us with your small business information and be confident that you can grow your business using our products. We use our products to run our business, so it’s just as critical to us as it is to you that our products are safe and secure.

If you have any questions, please don't hesitate to contact us.

Important Links:

Terms of Service: LivePlan
Privacy Policy: Palo Alto Software Privacy Policy

Was this article helpful?
3 out of 4 found this helpful