Trust & Compliance

We continuously invest in the security of customer data, enabling organizations to maintain the highest level of choice and control over their data.

Protecting Your
Personal Data

At Tenon, we are deeply committed to protecting your privacy and ensuring the security of your and your customers’ personal data. Our business adheres to stringent data protection standards, including GDPR, CCPA, and other global privacy laws. We carefully manage and safeguard your information through secure data handling practices, robust security measures, and responsible data processing protocols.

Tenon DPA
GDPR
CCPA
Compliant
CAN-SPAM
Act Compliant
Built on
ServiceNow
FedRAMP


Our Commitments

Our GDPR Commitment

We are committed to ensuring GDPR compliance and safeguarding our customers' data with the highest standards of privacy and security. Built entirely on the ServiceNow platform, our software stores your data within your ServiceNow instance, allowing you to benefit from the robust data protection measures already established by ServiceNow.

How we adhere to GDPR

We uphold Data Subject rights by assisting with requests for access, rectification, erasure, restriction, and data portability, as required by GDPR Articles 15-22. To protect personal data, we leverage ServiceNow's industry-leading security protocols, including encryption, access control, and pseudonymization, in line with GDPR Article 32. Any Sub-Processors we engage are required to maintain GDPR compliance and meet the same stringent security standards. In the event of a data breach, we will notify our customers promptly, within a 96-hour period. This approach reflects our commitment to providing secure, reliable, and transparent data handling practices on the trusted ServiceNow platform.

Our CCPA Commitment

Tenon is dedicated to ensuring compliance with the California Consumer Privacy Act (CCPA) and upholding the privacy and security of our customers' data. Our software is built entirely on the ServiceNow platform, ensuring that your data remains securely within your ServiceNow instance and benefits from the robust protections inherent to the platform.

How we adhere to CCPA

In alignment with CCPA, we respect consumer rights by supporting requests for access, deletion, and transparency regarding data collection and usage. Data security is a top priority; we leverage ServiceNow’s strong security protocols, including encryption and access control, to safeguard personal information. Any third-party Sub-Processors we engage adhere to the same security standards and are required to comply with CCPA regulations. In the unlikely event of a data breach, we are committed to notifying affected customers promptly and taking all necessary steps to mitigate any impact. With your data exclusively on the ServiceNow instance, it is protected by the same compliance standards ServiceNow employs, ensuring a consistent level of privacy and security under CCPA.

Our CAN-SPAM Commitment

Tenon is fully committed to complying with the CAN-SPAM Act to ensure responsible and lawful email communications. Our Data Processing Agreement (DPA) includes measures that align with CAN-SPAM requirements, helping to ensure that all email marketing and communication activities respect recipients’ preferences and protect their privacy.

How we adhere to CAN-SPAM

We work with carefully vetted Sub-Processors to support email delivery, and we mandate that these partners also comply with CAN-SPAM guidelines. Our practices include honoring opt-out requests promptly and using accurate sender information, demonstrating our commitment to transparent, respectful, and lawful email interactions.

How ServiceNow Protects Your Data

Since Tenon is built on ServiceNow, their position on data processing is essential to our success. ServiceNow provides strong data protection measures for its customers, particularly through its Data Processing Addendum (DPA), which outlines responsibilities for data privacy and security in line with global data protection laws. Acting as a Data Processor, ServiceNow ensures that any Personal Data processed within its services is handled in strict compliance with customer instructions and applicable legal standards. ServiceNow's DPA includes comprehensive technical and organizational safeguards to secure customer data, such as encryption, access controls, and data breach notifications, reinforcing a secure environment for data privacy. By enabling customers to manage data subject requests and by supporting data transfers through standardized mechanisms, ServiceNow prioritizes transparency and adherence to data protection regulations.

ServiceNow DPAServiceNow GDPR

ServiceNow & FedRAMP

The Tenon application is built on the robust and secure infrastructure of ServiceNow, which is FedRAMP certified. This means our customers benefit from the high standards of security and compliance ServiceNow adheres to as a FedRAMP-certified platform, ensuring that data is handled with the utmost protection and reliability. While our organization itself does not hold FedRAMP certification, leveraging ServiceNow’s FedRAMP-authorized infrastructure allows us to deliver solutions that align with federal security requirements and standards. This provides peace of mind for our clients, knowing that their data is supported by ServiceNow’s trusted, government-approved environment.

Common FAQs

What is the purpose of the Data Processing Addendum (DPA)?

The DPA governs the processing of personal data by Tenon to provide marketing, web tracking, and secure data hosting services to customers, ensuring compliance with data protection laws like GDPR and CCPA.

What personal data is processed under this agreement?

The types of data processed include names, contact information (e.g., email, phone numbers), IP addresses, browsing behavior, and responses to surveys/forms, used primarily for marketing and web tracking.

What are the responsibilities of the Data Controller and Data Processor?

The Data Controller must obtain data collection consents and ensure lawful processing, while the Data Processor follows the Controller's instructions, maintains security measures, and safeguards personal data during processing.

How does Tenon protect personal data?

We implement security measures such as encryption, access control, and regular vulnerability assessments. We also operate an Information Security Program based on industry standards to maintain data integrity and confidentiality.

Are Sub-Processors used, and what data do they handle?

Yes, authorized Sub-Processors include: BeeFree, Sinch, and Mailgun are used to support specific services like email marketing, SMS, and content creation. Each Sub-Processor follows GDPR compliance and adheres to security protocols.

What happens in the event of a data breach?

The Data Processor will notify the Data Controller within 96 hours if a data breach occurs, providing relevant details to aid compliance efforts. Measures to mitigate the breach's impact will also be taken promptly.