Trust FAQ's

What personal data is processed by Proofpoint products?

The details of the processing for each Proofpoint Product are captured in a table available here:

How long are personal data retained by Proofpoint?

The retention period is detailed for each Proofpoint Product in the last column of the right of the table accessible here:

How are personal data processed by Proofpoint?

Additional information on personal data processing for each Proofpoint product has been detailed in Personal Data Sheets and Data Maps which are available here:

Are there any international data transfers with Proofpoint Products?

YES all details are available on this page, in the last column on the right:

Where are the servers hosting Proofpoint’s SaaS products located?

Location of servers for each Proofpoint product is detailed in the last column of the table available here:

If Proofpoint is relying upon subprocessors, who are they?

Subprocessors are listed per Proofpoint product in the table available here:

Where are the subprocessors located?

Location of the subprocessors for each Proofpoint Product are detailed in the last column of the table available here:

Is Proofpoint subject to governmental queries? If yes, how are they handled?

Proofpoint may indeed be subject to governmental queries from the US government, as well as from European agencies. Proofpoint has set up comprehensive statement on how those queries are handled, which is available here.

Has Proofpoint set-up technical and organizational measures?

Proofpoint has gathered all technical and organizational measures in an appendix to its proposed DPA, which is available for download and counter signature here (several languages available).

Are Proofpoint Products ISO certified?

Proofpoint’s strategy hasn’t encompassed ISO certification for any of Proofpoint Products. All certifications of the Proofpoint’s products are available here (SOC 2, FedRAMP, etc…)

Does Proofpoint make a DPA available to its customers?

YES, Proofpoint has a DPA available for signature by customers, in a pre-signed version, in several languages and ready for download and counter signature. Please visit this page:

Which transfer mechanism does Proofpoint provide for it its DPA?

Within the Proofpoint DPA, international transfers are relying upon the signature of the CCs as the legal basis of the transfer, under the model of the European Union enacted under EU European Commission Decision (EU) 2021/914.

How does Proofpoint notify Customers of new sub-processors or changes to its then-current sub-processors?

Customer is invited to subscribe to the automated notification process by entering a corresponding email at the bottom of this webpage:

How do customers enter into the 2021 Standard Contractual Clauses?

The Standard Contractual Clauses are attached as a schedule 2 to the Proofpoint DPA, which is available pre-signed here in several language and ready for download and countersignature.

How Proofpoint has organized compliance with non-EU data protection legislations?

As a global organization, Proofpoint has established a global compliance framework to help ensure compliance with applicable data protection laws. All related documents, agreements, and addenda are available for download and counter signature (unless already pre-signed) here:

What if I have additional questions not addressed in this FAQ?
Additional questions may be directed to

© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated May 15, 2024.

Proofpoint Trust

Proofpoint helps companies protect their people from the ever-evolving threats in the digital ecosystem.