Skip to main content

WalkMe Security and Data Privacy

We take security very seriously. WalkMe applies a robust approach to maintain privacy and security controls, and is committed to the highest market standards and compliance regulations to ensure the continued trust of our customers around the globe.

Our Security

Securing our customer’s information is our top priority. We believe that great privacy rests on great security.

We use technical, contractual, and operational safeguards to protect your data, taking into account the nature of the personal data, and the threats posed. We are constantly working to improve on these safeguards to help keep our customer’s personal data secure.

  • Confidentiality

    WalkMe utilizes best-of-breed authentication, encryption, access control systems and configurations to protect against unauthorised access.

  • Integrity

    At WalkMe we verify that all information remains intact, and ensure it is kept in its original accurate and complete form. We monitor checks and control data integrity across the data’s entire lifecycle.

    We support Subresource Integrity (SRI) to ensure that even data resources hosted on third-party servers have not been tampered with.

  • Availability and Performance

    WalkMe ensures content, at any scale and capacity, is resilient to all changes that may occur, and is being delivered at speed and accessible to the end user seamlessly at any time, anywhere on the globe.

Your Privacy

Your Data. Your choice.

At WalkMe, we respect your rights to your own data, giving you full control over data collection to support your data rights.
You choose what level of data will be collected - and corresponding controls.
Read our privacy policy
  • Data Residency

    Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.

  • Data Protection

    WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.

  • Data Retention

    WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.

  • Data Processing Addendum (DPA)

    WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.

  • Data Residency

    Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.

  • Data Protection

    WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.

  • Data Retention

    WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.

  • Data Processing Addendum (DPA)

    WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.

Global Compliance

WalkMe maintains extensive compliance standards aligned with industry best practices, regulatory, federal/state rulings, international/regional laws, and industry-specific requirements.

WalkMe adheres to the most extensive data privacy standards set by global regulations.

  • Certifications and Attestations

    WalkMe attained compliance certifications and attestations (listed below) assessed by third- parties and independent auditors.

  • Laws and Regulations (GDPR, CCPA)

    WalkMe is committed to comply with global laws and regulations, including EU- GDPR as a data processor, and US- CCPA, as Service Provider, in the provision of WalkMe’s services to its customers.

  • Alignments and Frameworks

    WalkMe follows compliance alignments and frameworks' requirements for specific purposes or industries, such as NIST, CSA, GxP (FDA CFR 21 Part 11) or MPAA.

  • FedRAMP-Ready

    WalkMe achieved FedRAMP- Ready approval from the US federal government after passing standardized security assessments, authorization, and monitoring procedures. WalkMe is available on the FedRAMP Marketplace.

Report an issue

WalkMe continuously monitors the threat landscape, resolving incidents and applying changes to ensure the highest levels of security protection across all products and services.

  • privacy-icon
    Privacy Reporting

    WalkMe meets privacy-policy and practices by ISO 27701. If you have found a security issue, please contact the WalkMe Privacy Team: [email protected]

  • report-icon
    Security Reporting

    WalkMe takes security issues seriously and is committed to protecting our customers’ data. If you have found a security issue, please contact the WalkMe Security Team: [email protected]

  • bounty-icon
    Bug Bounty Program

    To improve our security perimeters, WalkMe invites individual security researchers to help us find security vulnerabilities. Reach out: Bug Bounty Program.

Certifications and attestations

  • Fedramp

    FedRAMP-Ready Approval

    Available on FedRAMP Marketplace

    Available upon request

  • ISO-logo

    ISO/IEC 27001

    Information Security Management System (ISMS)

    Download Certificate
  • ISO-logo

    ISO/IEC 27701

    Privacy Information Management System (PIMS)

    Download Certificate
  • ISO/IEC 27017 logo

    ISO/IEC 27017

    Security Controls for the Provision and Use of Cloud Services

    Download Certificate
  • ISO-logo

    ISO/IEC 27018

    Protection of Personally Identifiable Information (PII)

    Download Certificate
  • ISO

    ISO 27799

    Security Management in Health (PHI)

    Download Certificate
  • ISO

    ISO/IEC 27032

    Guidelines for Cybersecurity

    Download Certificate
  • ISO

    ISO/IEC 20243:2018 (O-TTPS)

    Mitigating maliciously tainted and counterfeit products (Supply Chain security management)

    Download Certificate
  • soc2

    SOC 2 Type II 5 Trust TSCs

    Security, Availability, Processing Integrity, Confidentiality, and Privacy.

    Available for WalkMe customers
  • soc3

    SOC 3 (SSAE-18)

    AICPA’s Trust Security Principles

    Download Report
  • DPF logo

    UK EU/Swiss-U.S. Data Privacy Framework

    Active Participant

    View Certification
  • cyber-essential

    Cyber Essentials

    UK NCSC Cyber Threat Protection

    Download certificate
  • HIPAA

    Health Insurance Portability & Accountability Act (HIPAA)

    Third-party attestation for HIPAA-compliance.
    BAAs available upon request

  • GxP

    GxP

    Good Clinical, Laboratory, and Manufacturing Practices

  • mpaa

    Motion Picture Association of America (MPAA)

    Content security best practices frameworks guidelines

  • CSA

    CSA STAR Self-Assessment

    Biennial Self-Assessment CAIQ Questionnaire

    Download Questionnaire
  • SIG

    Shared Assessments Standardized Information Gathering (SIG)

    Biennial Self-Assessment Questionnaire

    Download SIG Questionnaire
  • mcafree

    McAfee CloudTrust (Formerly Skyhigh) Enterprise-Ready

    Third-party cloud application validation

    View Rating
  • aws

    Amazon Web Services (AWS) Advanced Technology Partner

    Member of the APN (Amazon Partner Network)

    Learn about our Partnership
  • FIPS

    FIPS 140-2

    Validated cryptographic modules

  • cyberGRX

    CyberGRX

    Third party risk management

    Available upon request