Stay Compliant 
with Tenon

Yes, Tenon is fully GDPR compliant. We act as a Data Processor under GDPR, processing personal data strictly according to our customers' instructions. Our Data Processing Agreement (DPA) incorporates the 2021 Standard Contractual Clauses for international data transfers. We support all data subject rights including access, rectification, erasure, and portability. Since Tenon operates within your ServiceNow instance, your data benefits from ServiceNow's robust GDPR compliance framework.

Tenon supports CCPA compliance by enabling our customers to fulfill California residents' privacy rights. We provide mechanisms for managing access requests, deletion requests, and opt-out preferences directly within the ServiceNow platform. Our DPA includes CCPA-supporting provisions, and we maintain transparency about our sub-processors. Importantly, we do not sell personal information and process data solely as a service provider under CCPA definitions.

In the unlikely event of a data breach affecting personal data, Tenon commits to notifying affected customers within 72 hours of becoming aware of the incident. Our notification will include the nature of the breach, categories of data affected, measures taken to address the breach, and recommended mitigation steps. Since your data resides within your ServiceNow instance, you also benefit from ServiceNow's enterprise-grade security monitoring and incident response capabilities.

As a native ServiceNow application, Tenon inherently has many of the same security benefits of ServiceNow's extensive compliance certifications, including SOC 2 Type II, ISO 27001, ISO 27018, and FedRAMP authorization. Your Tenon data never leaves your ServiceNow instance without being encrypted at rest and in transit, meaning it's protected by the same security controls, encryption standards, and access management systems that protect your other ServiceNow data.

All Tenon application data remains exclusively within your ServiceNow instance, stored in the data center region you've selected for your ServiceNow deployment. We do not replicate or store your data in any external systems. The only exceptions are when you explicitly configure integrations with authorized sub-processors (like Mailgun for email delivery or Sinch for SMS), where only the minimum necessary data is shared for service delivery. ServiceNow's data residency commitments fully apply to your Tenon data.

While Tenon does not currently hold independent SOC 2 or ISO 27001 certifications, your data resides within your ServiceNow instance which maintains these certifications.  The only exceptions are when you explicitly configure integrations with authorized sub-processors (like Mailgun for email delivery or Sinch for SMS), where only the minimum necessary data is shared for service delivery. This means your data is protected by ServiceNow's certified security controls, though Tenon as an application has not undergone separate certification audits. We maintain our own Information Security Program aligned with industry standards, including encryption, access controls, vulnerability assessments, and security training for all personnel with data access.

Tenon includes built-in CAN-SPAM compliance features for all email marketing activities. Every marketing email can automatically includes an unsubscribe link, your physical mailing address, and accurate sender information. Opt-out requests are processed immediately, with suppressions applied across all campaigns. Our platform prevents sending to unsubscribed contacts and maintains detailed audit logs of all consent changes. We also ensure proper email header information and prohibit misleading subject lines.

Tenon provides comprehensive TCPA compliance tools for SMS marketing, including mandatory opt-in capture with timestamp recording, automatic STOP/HELP keyword processing, time-zone aware sending to respect quiet hours (8 AM - 8 PM local time), and complete consent audit trails. We support the latest FCC requirements including processing of additional opt-out keywords (END, CANCEL, UNSUBSCRIBE, QUIT). Our SMS features integrate with Sinch, which maintains its own TCPA compliance standards.

Unsubscribe requests are processed immediately upon receipt. For email, clicking the unsubscribe link and confirming on the respective page instantly updates the contact's subscription status in your ServiceNow instance, preventing any further marketing emails. For SMS, STOP keywords are processed automatically by our SMS provider (Sinch) and synchronized back to ServiceNow in real-time. All unsubscribe actions are logged with timestamps and source information for compliance auditing. Re-subscription requires explicit opt-in consent from the contact.

Tenon captures consent through multiple channels including web forms, landing pages, API integrations, and manual entry. Each consent record includes the timestamp and specific purpose data. Consent data is stored directly in your ServiceNow instance with full audit trails. We support granular consent for different communication types (email, SMS) and purposes (marketing, transactional), allowing contacts to customize their preferences rather than requiring all-or-nothing consent.

Yes, Tenon fully supports double opt-in (confirmed opt-in) workflows. When enabled, new subscribers receive an automatic confirmation email requiring them to verify their subscription before receiving marketing communications. This feature is particularly important for compliance in countries like Germany where double opt-in is effectively required. The confirmation process includes customizable emails and detailed tracking of both the initial sign-up and confirmation timestamps.

Yes, customers have the right to object to new sub-processors on reasonable data protection grounds. We provide at least 10 days advance notice of any additions or replacements to our sub-processor list via our trust page (tenonhq.com/trust). If you object, we'll work with you to address your concerns or provide alternative solutions.

Tenon leverages ServiceNow's robust role-based access control (RBAC) system, allowing granular permission management. Administrators can create custom roles defining access to specific features, data fields, and actions. For example, marketing managers might have full campaign creation rights while analysts have read-only access to performance data. Field-level security enables hiding sensitive information from certain roles. All access is logged and auditable, with regular access reviews recommended as part of security governance.

Tenon provides multiple data export options to support portability requirements. Since all data resides in your ServiceNow instance, you can use ServiceNow's native export capabilities including CSV downloads, Excel exports, and API access. Exports can be scheduled, filtered, and formatted to meet various compliance and operational needs. All export activities are logged for audit purposes.

Tenon does not impose its own data retention periods – you maintain full control over retention within your ServiceNow instance. We provide tools to implement automated retention policies including scheduled deletion of inactive contacts, automatic purging of old campaign data, and consent expiration management. Upon contract termination, we assist with data export or deletion as requested.