Pluralsight's mission is to create progress through technology that lifts the human condition. Central to that mission is our commitment to be transparent about how we protect our customer's data.
We recognize the trust and responsibility granted to us, and are committed to a robust compliance program with domestic and international privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
To strengthen the security and protection of European Union (EU) citizens’ personal data, businesses who collect and handle an EU citizen's personal data must comply with the GDPR. Similarly, businesses who collect and handle a California resident's personal data must comply with the CCPA.
Pluralsight's responsibilities
Along with continually updating our own internal business processes, here is how we support our business customers with these privacy regulations:
- We ensure compliant data processing controls and reflect such controls in agreements with our customers and our vendors.
- We have robust product capabilities and processes that allow us to quickly respond to requests to erase or access user data.
- We continually refine how we gather and track consent to perform certain types of data processing.
- We perform vendor risk assessments to ensure that the data we share is properly protected by our vendors.
- We embed privacy-by-design principles into our product-development lifecycle and train employees on data-privacy best practices.
- We have a form Data Processing Agreement (DPA) tailored to the services that Pluralsight provides that ensures compliant data transfer and storage.
- We implement technical and organizational security measures to secure data in transit and at rest, as well as continuously monitoring for intrusions.
- We maintain a solid incident response plan that includes prompt notification of breaches involving customer data.
Capabilities for our customers
Pluralsight provides our customers with several options for managing and protecting their personal data, including:
- Right of access: All users have a right to access their personal data and may do so from their account profile.
- Right of rectification: All users have the right to correct any personal data that is inaccurate or incomplete. Corrections may be made by a user in the account profile or by contacting Pluralsight support.
- Right to data portability: In addition to being able to get all learner data from within the account, learners may request their data by contacting Pluralsight customer support.
- Clear transparency and consent: Upon account creation, learners receive legally compliant notification regarding the data we collect and the purposes of collection. Additionally, learners must "opt in" to receive specific types of communications. After an account is created, learners have the ability to easily change those preferences regarding communications in their Communications preferences dashboard (opens in new tab).
- Notification of cookie use: When you visit our website and log in to your account, we display notification and consent banners that direct you to our Privacy notice (opens in new tab), which describes the types of cookies we use.
- Support for erasure requests: We made it easier to honor requests to be forgotten by adding a "Delete my personal data" feature to your account profile. When we receive a request to delete an account, all personal data associated with that account will no longer be retrievable.
Our commitment
At Pluralsight we are committed to maintaining an effective security and privacy program. We are dedicated to ensuring customers have the highest confidence in our data protection practices. We see the privacy standards being adopted around the world as an opportunity to strengthen this devotion.