Traditional product analytics solutions capture clicks, page views, and funnels. But AI agent analytics capture something more sensitive and complex: conversations with your end-users.

Those prompts often contain sensitive information: personal details, confidential business data, and other proprietary information that could make your legal team break out in hives.

If you’re analyzing AI agent usage, you need a secure tool that treats your data with the utmost care. That’s why Pendo Agent Analytics has been carefully designed to protect and preserve your company information.

How Agent Analytics captures and protects data

To help you measure AI’s impact on workflows, productivity, and ROI, Agent Analytics captures user-submitted prompts across agent interactions within your application.

That includes the agents you’ve built and sold (just like “traditional” product analytics), and the ones you’ve bought for your employees (like Gemini, Claude, and ChatGPT).

At Pendo, we treat data security and privacy as key tenets in the design of our platform. Agent Analytics is built on the same secure foundation as all our products.

Due to the increased sensitivity of the data collected by Agent Analytics, we’ve implemented additional layers of protection.

Pendo’s core data security and privacy practices 

All data collected through Agent Analytics is stored using the same infrastructure and security practices as other Pendo product data.

Pendo uses managed services provided by Google Cloud Platform (GCP) to host customer data in a secure, multi-tenant environment hosted across multiple geographic regions. These services lean on the extensive security capabilities of Google to provide a secure infrastructure for Pendo services.

One key feature provided by Google is that data is always encrypted when stored at rest. GCP services also meet industry standards for security and compliance, including SOC 2 Type II and ISO 27001.

An entire team focused on security and compliance 

As Pendo's Chief Information Security Officer (CISO), I lead a cybersecurity team dedicated to product security, security operations, and compliance.

Since 2018, we’ve undergone an annual third-party SOC 2 Type II audit that covers all five Trust Services Principles: Security, Privacy, Confidentiality, Processing Integrity, and Availability.

We also conduct an annual third-party penetration test and maintain a bug bounty program to proactively identify potential security issues.

In addition to encrypting all data transmitted across public networks and when stored in our systems, customer data collected through Agent Analytics is never commingled with data from other subscriptions.

For details about data storage, encryption, and compliance certifications, see Data collection and compliance and Security and privacy at Pendo.

Preventing sensitive data capture

We’ve applied multiple layers of protection to help prevent the capture and processing of sensitive or Personally Identifiable Information (PII). 

Agent Analytics doesn’t capture file contents or attachments, keeping the data your employees are sharing with agents focused (and reducing privacy risks).

Plus, Agent Analytics automatically redacts data at the point of capture when collecting prompt inputs from AI agents. Redaction uses regular expressions (regex) to detect and mask common data types, including:

  1. Email addresses
  2. Phone numbers
  3. Credit card numbers
  4. Social Security numbers
  5. IP addresses
  6. Physical addresses
  7. Dates of birth

Note: Because regex-based redaction only detects common formatting patterns, sensitive information entered in non-standard formats might not be sanitized.

Redaction occurs before Pendo processes data, but this only applies to content entered into the AI prompt input (i.e., what your users type into an agent).

Some event metadata (like IP addresses) may still be collected automatically when a prompt is submitted as part of standard Pendo event collection.

Additional steps you can take to mitigate risk

You should also be taking steps to actively discourage users from entering sensitive information into AI agents.

Within your Agent’s UI, add prompts like "Please don't include personal information" or "Avoid sharing confidential data." Once someone shares this information with AI agents, even the best filters might miss creative ways people share sensitive information.

For more information about how Pendo uses AI and protects customer data, check out Artificial intelligence at Pendo. For general information about Pendo’s security and data privacy practices, see our Trust Center.

If you're ready to see what your AI agents are really doing, get in touch.