SPRINKLR SECURITY & PRIVACY

A relentless commitment to security and privacy.

At Sprinklr, we know that security, compliance, and privacy are the cornerstones of the trust that our customers and investors place in us. We’re fiercely committed to safeguarding our information assets – and to maintaining and continuously improving the security and privacy of our customers’ data.

Main Header

Security & Data Privacy

Explore Sprinklr’s certifications, assessments, and industry compliance status and dive deeper into the processes and features behind our platform and product security and privacy features. Discover how Sprinklr processes and safeguards information provided to us by our customers and get more details on our data transfer mechanisms, subprocessors, and find answers to frequently asked questions.

Sprinklr Platform SecuritySprinklr Data privacy

Sprinklr Platform Security

Safeguarding our customer information is of the utmost importance to Sprinklr. To demonstrate that commitment — and reduce customer exposure to risk — we’ve implemented the most comprehensive security standards, including web applications, optimized infrastructure, governance across all modern channels, network security, and more.

Product screen - trust portal

Product Security Features

We offer a number of features and support industry-standard controls in order to help protect your brand. Security features include role-based access permissions, access controls, single sign-on, two-factor authentication, IP restricted access, and more.

Product Security Features
Secure Development Lifecycle Process

Our platform is developed internally by Sprinklr employees who receive regular training on secure coding practices. When we create a product, our security team works closely with engineering to inject security throughout every step of the development process – and the job is never “finished.” Sprinklr follows the Open Web Application Security Project (OWASP) standard security controls and other industry-standard control systems for application security.

Detection & Response

Sprinklr’s dedicated Detection & Response team is focused on threat detection engineering, vulnerability management, incident response and crisis communication management in order to support our customers in security incidents and beyond. Within scope are product operations, business system, and all corporate assets.

Infrastructure Security

Sprinklr’s production environment is completely virtual, running in an Infrastructure-as-a-Service (IaaS) third-party cloud environment. We also leverage additional IaaS providers’ security controls. Sprinklr partners with AWS, Microsoft, and Google data centers in the United States and Europe for data hosting.

Network Security

Sprinklr has implemented both reactive and proactive network security controls. We monitor network activity for anomalies 24/7 and respond to security events within minutes. Proactive controls such as firewalls, cloud security posture management, and network penetration tests ensure a very high degree of protection. All sensitive data is encrypted during transit.

Security Awareness & Training

At Sprinklr, we believe our employees are our first and strongest defense against cyber threats. Our employees are trained annually and regularly presented with security education and best practices in order to drive awareness, reduce risk and remain vigilant against potential threats. Annual tabletop exercises are also conducted to test our incident response plans.

Vulnerability Disclosure Program

Sprinklr utilizes a third-party Vulnerability Disclosure Program (VDP) for managing security vulnerabilities reported by the security community. For more information, please visit sprinklr.com/responsible-disclosure.

For more information and to request access to view compliance reports and more, visit and subscribe to the Sprinklr Trust Portal.

Security Governance

Sprinklr has aligned configuration, policies, procedures, and processes in place, which are reviewed annually, to help our organization achieve business objectives, address uncertainty, and act with integrity.

Sec Givernance - 01

Security Certifications & Assessments

Sec Governance - 02

Sprinklr is regularly audited by third-party assessments, evaluating internal controls that protect the security, confidentiality, integrity, availability, and privacy of the information entrusted to us by our customers. Sprinklr maintains SOC1 Type II, SOC2 Type II, PCI-DSS, and ISO 27001 certifications as well as FedRAMP authorization.

Security FAQs

Visit our Security & Privacy Trust Portal at trust.sprinklr.com.

Build stronger customer trust on a foundation of robust data privacy measures

Sprinklr recognizes the importance of safeguarding the personal information we handle — including the information provided to us by customers, the personal information we leverage from various sources to power our products, and the information we gather from and about consumers. We’re committed to protecting this data and only using it to provide our customers with our services. Our Data Processing Addendum and Privacy Policy provide additional information.

Privacy - 01

Our compliance with privacy laws

Data protection and information security are part of the culture, values, and everyday conduct at Sprinklr and are key to our strong and long-lasting customer relationships. As a service provider and data processor for our customers, Sprinklr sees privacy as fundamental to our services and we are committed to supporting our customers in their compliance with data protection requirements. Sprinklr’s legal and compliance team, in partnership with our security and product teams, closely monitors evolving data privacy regulations – managing and supporting Sprinklr’s ongoing compliance with applicable laws (GDPR, CCPA, CPRA, LGPD, etc.).  

Sprinklr’s Data Protection Principles

Proportionality and Accountability

As a processor and service provider for our customers, Sprinklr processes customer data only as needed to provide our services. Sprinklr has internal policies, processes, and controls to manage data processing activities in accordance with applicable global data protection laws. You can read more about Sprinklr’s approach to data protection here.

Contractual Commitments

Sprinklr’s Data Processing Addendum (DPA) governs how we process data on behalf of our customers. It defines Sprinklr’s role as a processor, incorporates data transfer mechanisms, and outlines the technical & organizational measures in place to protect data from unauthorized access or loss.

Privacy Training

Sprinklr is committed to ensuring all of our employees understand their obligations under applicable data privacy laws. All new hires that join Sprinklr are trained on privacy and security during onboarding, and Sprinklr conducts annual refresher training, as well as tailored training for specific teams throughout the year.

Data Transfer Mechanisms

Sprinklr is committed to securing data transferred across geographic borders and leverages Standard Contractual Clauses, as well as additional technical and organizational measures, for such transfers. For more details, please refer to our White Paper on Data Transfers, available here, which you can use to inform your Data Transfer Impact Assessment.

Sharing Data

Sprinklr conducts careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. All of our sub-processors must agree to and sign data protection agreements that include terms that are at least as protective as those that Sprinklr commits to with its customers. You can find our list of subprocessors here.

Data Subject Rights

Sprinklr puts customers in control through our in-product Privacy Center, which is available in the Sprinklr platform. Through the Privacy Center, customers can manage their data subject requests, such as access, deletion, and rectification, in real-time. Sprinklr also provides a privacy request form to assist with data subject requests directed at Sprinklr.

Privacy Resources

For more information and to view documentation related to Sprinklr’s privacy program, visit and subscribe to the Sprinklr Trust Portal.

Product screen - trust portal

Sprinklr’s Privacy Policy provides details on how Sprinklr collects, uses, and shares information when you use our products, services, and website.

REVIEW NOW

For more information and to request access to view compliance reports and more, visit and subscribe to the Sprinklr Trust Portal.

Data Privacy FAQs

Yes. Sprinklr’s Data Processing Addendum (DPA) is available here.  Our DPA governs how Sprinklr processes and safeguards the data we process to provide you with our services. During contract negotiations, the DPA will be referenced in your Master Services Agreement (MSA) with Sprinklr and will become an addendum to the MSA. Sprinklr’s DPA is global and covers all processing activities between Sprinklr and our customers.  We make regular updates to our DPA, as needed, to ensure ongoing compliance with data protection requirements.

How can we help you?

Supplier Code of ConductPrivacyLegalDo Not Sell or Share My InfoCookiesModern Slavery StatementIndex EgalitéTerms©2024, Sprinklr Inc.