SPRINKLR SECURITY & PRIVACY

Our platform is developed internally by Sprinklr employees who receive regular training on secure coding practices. When we create a product, our security team works closely with engineering to inject security throughout every step of the development process – and the job is never “finished.” Sprinklr follows the Open Web Application Security Project (OWASP) standard security controls and other industry-standard control systems for application security.

Sprinklr’s dedicated Detection & Response team is focused on threat detection engineering, vulnerability management, incident response and crisis communication management in order to support our customers in security incidents and beyond. Within scope are product operations, business system, and all corporate assets.

Sprinklr’s production environment is completely virtual, running in an Infrastructure-as-a-Service (IaaS) third-party cloud environment. We also leverage additional IaaS providers’ security controls. Sprinklr partners with AWS, Microsoft, and Google data centers in the United States and Europe for data hosting.

Sprinklr has implemented both reactive and proactive network security controls. We monitor network activity for anomalies 24/7 and respond to security events within minutes. Proactive controls such as firewalls, cloud security posture management, and network penetration tests ensure a very high degree of protection. All sensitive data is encrypted during transit.

At Sprinklr, we believe our employees are our first and strongest defense against cyber threats. Our employees are trained annually and regularly presented with security education and best practices in order to drive awareness, reduce risk and remain vigilant against potential threats. Annual tabletop exercises are also conducted to test our incident response plans.

Sprinklr utilizes a third-party Vulnerability Disclosure Program (VDP) for managing security vulnerabilities reported by the security community. For more information, please visit Sprinklr’s Vulnerability Disclosure Program

As a processor and service provider for our customers, Sprinklr processes customer data only as needed to provide our services. Sprinklr has internal policies, processes, and controls to manage data processing activities in accordance with applicable global data protection laws. You can read more about Sprinklr’s approach to data protection here.

Sprinklr’s Data Processing Addendum (DPA) governs how we process data on behalf of our customers. It defines Sprinklr’s role as a processor, incorporates data transfer mechanisms, and outlines the technical & organizational measures in place to protect data from unauthorized access or loss.

Sprinklr is committed to ensuring all of our employees understand their obligations under applicable data privacy laws. All new hires that join Sprinklr are trained on privacy and security during onboarding, and Sprinklr conducts annual refresher training, as well as tailored training for specific teams throughout the year.

Sprinklr is committed to securing data transferred across geographic borders and leverages Standard Contractual Clauses, as well as additional technical and organizational measures, for such transfers. For more details, please refer to our White Paper on Data Transfers, available here, which you can use to inform your Data Transfer Impact Assessment.

Sprinklr conducts careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. All of our sub-processors must agree to and sign data protection agreements that include terms that are at least as protective as those that Sprinklr commits to with its customers. You can find our list of subprocessors here.

Sprinklr puts customers in control through our in-product Privacy Center, which is available in the Sprinklr platform. Through the Privacy Center, customers can manage their data subject requests, such as access, deletion, and rectification, in real-time. Sprinklr also provides a privacy request form to assist with data subject requests directed at Sprinklr.

Sprinklr’s Privacy Policy provides details on how Sprinklr collects, uses, and shares information when you use our products, services, and website.

The DPA governs how Sprinklr processes data on behalf of our customers.

If you have any questions about Sprinklr’s approach to privacy, please submit your question.