Transparency: A fundamental data privacy principle

Stacy Pila, Senior Assistant General Counsel & Head of Global Data Protection at Khoros


Khoros is committed to protecting the data that our customers entrust to us and ensuring compliance with a myriad of regulations and laws on a global scale. We can keep these commitments because privacy has long been part of our DNA.

In 2018, following the advent of the Global Data Protection Regulation (GDPR), privacy became a salient topic for all global companies. In developing our privacy program, we decided to draw upon one of the GDPR’s core tenets as our north star — transparency.

Transparency is why so much of our privacy practices are public facing. We have no problem earning your trust and have no issue being clear (and public!) about how we will process your data. Does your vendor do that?

Khoros’s publicly listed practices: A testament to transparency

Some of our publicly listed practices:

 Comprehensive compliance documentation

We explain how Khoros complies with relevant regulations like GDPR, CCPA, and other important privacy legislation. 


We list our subprocessors (third-party entities with whom we contract to help perform services and who process personal data). We also require our subprocessors to comply with security and data privacy standards and sign processor-to-processor standard contractual clauses (as mandated in 2021 by the GDPR). Because we are confident in our subprocessors, we also agree to defend and indemnify our customers for any acts or omissions of our subprocessors. 

PII processing data inventory

We provide an inventory of personal data categories collected by our platform. Not only do we list what personal information we process, we state why, and list retention and deletion timeframes. 


Our Cookies Datasheet (cookies are small data files stored in web browsers that track usage on websites. Khoros harnesses cookies to enable useful services and features on Khoros’s website and its product) gives insight into the types of cookies we use, their classification, and a description of how we optimize them. We also provide information on how to disable or remove cookies. 

Data subject access request (DSAR)

Our DSAR request form and portal empowers customers to update, access, and delete personal data stored in Khoros. 

Privacy policy and certifications

We proudly display our TRUSTe and TRUSTe APEC Processor certifications alongside our clearly defined, and annually updated, privacy policy.

Our transparent approach encompasses additional protective measures

In addition to these practices, we do the following: 

Data transfer impact assessments (TIA)

A TIA is a risk assessment that assesses the risk of transferring personal information outside of the European Economic Area. We conduct these assessments for every country to which we transfer data. 

Employ supplementary organizational and technical measures

Since data security is inextricably woven with privacy, our legal and product teams work hand-in-hand with our security team to ensure we employ industry standard measures to protect personal information. 

Continuously assess the privacy health of our platform 

We routinely monitor and assess our platform. We don’t set-it and forget-it.  

We have local teams to limit unneeded data transfers

To the extent we can, we have in-zone teams — such that for our European customers, their data is processed mostly by Khoros employees in Europe and for our US customers, their data is processed mostly by our US employees. Unnecessary data transfers increase opportunities to compromise data…we don’t want to do that. 

We have a registered and dedicated Data Protection Officer

You can contact our DPO directly by emailing:

We recognize that transparency and trust are paramount

These listed practices are not exhaustive. And that, in part, is because we haven’t reached finality in the privacy landscape. As the landscape shifts, new laws get passed, and best practices become table stakes, we evolve. This is no small task. In the US alone, four new privacy state laws were enacted last year, with several states contemplating new regulations and the federal government beginning to wade deeper towards national regulation.

These continuous developments expose companies to new business risk and newfound expectations. They require that providers like Khoros put privacy first.

As we show you that we are privacy-first, we won’t blind you with shiny objects and multiple features (although we have those too). We aren’t trying to distract you from what is important to you, your customers, your brand, and your reputation. Instead, we will show you, up-front, what we do, how we do it, and why you can trust us. From there, we can build together.

    Would you like to learn more about Khoros?