Digital-first, omnichannel platform built for enterprises
Khoros is committed to protecting the data that our customers entrust to us and ensuring compliance with a myriad of regulations and laws on a global scale. We can keep these commitments because privacy has long been part of our DNA.
In 2018, following the advent of the Global Data Protection Regulation (GDPR), privacy became a salient topic for all global companies. In developing our privacy program, we decided to draw upon one of the GDPR’s core tenets as our north star — transparency.
Transparency is why so much of our privacy practices are public facing. We have no problem earning your trust and have no issue being clear (and public!) about how we will process your data. Does your vendor do that?
Some of our publicly listed practices:
We explain how Khoros complies with relevant regulations like GDPR, CCPA, and other important privacy legislation.
We list our subprocessors (third-party entities with whom we contract to help perform services and who process personal data). We also require our subprocessors to comply with security and data privacy standards and sign processor-to-processor standard contractual clauses (as mandated in 2021 by the GDPR). Because we are confident in our subprocessors, we also agree to defend and indemnify our customers for any acts or omissions of our subprocessors.
We provide an inventory of personal data categories collected by our platform. Not only do we list what personal information we process, we state why, and list retention and deletion timeframes.
Our Cookies Datasheet (cookies are small data files stored in web browsers that track usage on websites. Khoros harnesses cookies to enable useful services and features on Khoros’s website and its product) gives insight into the types of cookies we use, their classification, and a description of how we optimize them. We also provide information on how to disable or remove cookies.
Our DSAR request form and portal empowers customers to update, access, and delete personal data stored in Khoros.
In addition to these practices, we do the following:
A TIA is a risk assessment that assesses the risk of transferring personal information outside of the European Economic Area. We conduct these assessments for every country to which we transfer data.
Since data security is inextricably woven with privacy, our legal and product teams work hand-in-hand with our security team to ensure we employ industry standard measures to protect personal information.
We routinely monitor and assess our platform. We don’t set-it and forget-it.
To the extent we can, we have in-zone teams — such that for our European customers, their data is processed mostly by Khoros employees in Europe and for our US customers, their data is processed mostly by our US employees. Unnecessary data transfers increase opportunities to compromise data…we don’t want to do that.
You can contact our DPO directly by emailing: email@example.com.
These listed practices are not exhaustive. And that, in part, is because we haven’t reached finality in the privacy landscape. As the landscape shifts, new laws get passed, and best practices become table stakes, we evolve. This is no small task. In the US alone, four new privacy state laws were enacted last year, with several states contemplating new regulations and the federal government beginning to wade deeper towards national regulation.
These continuous developments expose companies to new business risk and newfound expectations. They require that providers like Khoros put privacy first.
As we show you that we are privacy-first, we won’t blind you with shiny objects and multiple features (although we have those too). We aren’t trying to distract you from what is important to you, your customers, your brand, and your reputation. Instead, we will show you, up-front, what we do, how we do it, and why you can trust us. From there, we can build together.