WalkMe Security and Data Privacy

We take security very seriously. WalkMe applies a robust approach to maintain privacy and security controls, and is committed to the highest market standards and compliance regulations to ensure the continued trust of our customers around the globe.

Our Security

Securing our customer’s information is our top priority. We believe that great privacy rests on great security.

We use technical, contractual, and operational safeguards to protect your data, taking into account the nature of the personal data, and the threats posed. We are constantly working to improve on these safeguards to help keep our customer’s personal data secure.

  • Confidentiality

    WalkMe utilizes best-of-breed authentication, encryption, access control systems and configurations to protect against unauthorised access.

  • Integrity

    At WalkMe we verify that all information remains intact, and ensure it is kept in its original accurate and complete form. We monitor checks and control data integrity across the data’s entire lifecycle.

    We support Subresource Integrity (SRI) to ensure that even data resources hosted on third-party servers have not been tampered with.

  • Availability and Performance

    WalkMe ensures content, at any scale and capacity, is resilient to all changes that may occur, and is being delivered at speed and accessible to the end user seamlessly at any time, anywhere on the globe.

Your Privacy

Your Data. Your choice.

At WalkMe, we respect your rights to your own data, giving you full control over data collection to support your data rights.
You choose what level of data will be collected - and corresponding controls.
Read our privacy policy
  • Data Residency

    Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.

  • Data Protection

    WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.

  • Data Retention

    WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.

  • Data Processing Addendum (DPA)

    WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.

  • Data Residency

    Data is stored and accessed according to all legal jurisdictional considerations. WalkMe allows you to specify which of our geographic locations your data will be stored at.

  • Data Protection

    WalkMe encrypts everything, including any type of data, whether in rest or in transit. Following encryption best practices based on NIST and FISMA (CISA) standards.

  • Data Retention

    WalkMe is transparent about the data in use and allows customers to take full control of information collected. Analytics data can be deleted or anonymized by request. Requests to delete or anonymize analytics data are handled automatically in 90 days.

  • Data Processing Addendum (DPA)

    WalkMe Follows the Court of Justice of the European Union (CJEU) validated Standard Contractual Clauses (SCCs), as a mechanism for transferring data outside the European Union. Our customers can continue to rely on the SCCs and the WalkMe Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR.

Global Compliance

WalkMe maintains extensive compliance standards aligned with industry best practices, regulatory, federal/state rulings, international/regional laws, and industry-specific requirements.

WalkMe adheres to the most extensive data privacy standards set by global regulations.

  • Certifications and Attestations

    WalkMe attained compliance certifications and attestations (listed below) assessed by third- parties and independent auditors.

  • Laws and Regulations (GDPR, CCPA)

    WalkMe is committed to comply with global laws and regulations, including EU- GDPR as a data processor, and US- CCPA, as Service Provider, in the provision of WalkMe’s services to its customers.

  • Alignments and Frameworks

    WalkMe follows compliance alignments and frameworks' requirements for specific purposes or industries, such as NIST, CSA, GxP (FDA CFR 21 Part 11) or MPAA.

  • Privacy Shield

    WalkMe is accredited under the EU-US Privacy Shield. WalkMe remains committed to keeping its current EU/Swiss-US Privacy Shield certification as registered with the Federal Trade Commission and adhering to its principles.

Report an issue

WalkMe continuously monitors the threat landscape, resolving incidents and applying changes to ensure the highest levels of security protection across all products and services.

  • Walkme

    Privacy Reporting

    WalkMe meets privacy-policy and practices by TRUSTe verified international Privacy Assessment. For privacy feedback:

  • Walkme

    Security Reporting

    WalkMe takes security issues seriously and is committed to protecting our customers’ data. If you have found a security issue, please contact the WalkMe Security Team: [email protected]

  • Walkme

    Bug Bounty Program

    To improve our security perimeters, WalkMe invites individual security researchers to help us find security vulnerabilities. Reach out: Bug Bounty Program.

Certifications and attestations

  • Walkme

    ISO/IEC 27001

    Information Security Management System (ISMS)

    Download Certificate
  • Walkme

    ISO/IEC 27701

    Privacy Information Management System (PIMS)

    Download Certificate
  • Walkme

    ISO/IEC 27017

    Security Controls for the Provision and Use of Cloud Services

    Download Certificate
  • Walkme

    ISO/IEC 27018

    Protection of Personally Identifiable Information (PII)

    Download Certificate
  • Walkme

    ISO 27799

    Security Management in Health (PHI)

    Download Certificate
  • Walkme

    ISO/IEC 27032

    Guidelines for Cybersecurity

    Download Certificate
  • Walkme

    SOC 2 Type II 5 Trust TSCs

    Security, Availability, Processing Integrity, Confidentiality, and Privacy.
    Available upon request.

  • Walkme

    SOC 3 (SSAE-18)

    AICPA’s Trust Security Principles

    Download Report
  • Walkme

    EU/Swiss-U.S. Privacy Shield

    Active Participant.
    SCCs available upon request

    View Certification
  • Walkme

    TRUSTe Verified International Privacy Seal

    Active Participant

    View Certification
  • Walkme

    FIPS 140-2

    Validated cryptographic modules

  • Walkme

    Health Insurance Portability & Accountability Act (HIPAA)

    Third-party attestation for HIPAA-compliance.
    BAAs available upon request

  • Walkme

    General Data Protection Regulation (GDPR)

  • Walkme

    California Consumer Privacy Act (CCPA)

  • Walkme

    GxP

    Good Clinical, Laboratory, and Manufacturing Practices

  • Walkme

    Motion Picture Association of America (MPAA)

    Content security best practices frameworks guidelines

  • Walkme

    CSA STAR Self-Assessment

    Biennial Self-Assessment CAIQ Questionnaire

    Download Questionnaire
  • Walkme

    Shared Assessments Standardized Information Gathering (SIG)

    Biennial Self-Assessment Questionnaire

    Download SIG Questionnaire
  • Walkme

    McAfee CloudTrust (Formerly Skyhigh) Enterprise-Ready

    Third-party cloud application validation

    View Rating
  • Walkme

    Amazon Web Services (AWS) Advanced Technology Partner

    Member of the APN (Amazon Partner Network)

    Learn about our Partnership
  • Walkme

    Cyber Essentials

    UK NCSC Cyber Threat Protection

    Download certificate
  • Walkme

    CyberGRX

    Third party risk management

    Available upon request