Data Privacy and Security Information Sheet:
Proofpoint Targeted Attack Protection

View Data Map

The purpose of this document is to provide customers of Proofpoint’s Targeted Attack Protection (TAP) module with the information necessary to assess how the service can support and enhance their data privacy strategy.

TAP – Product Statement

TAP, a module that integrates with Email Protection and certain cloud-based services, detects and defends against threats that occur through URLs, attachments, and email SaaS applications.  Powered by Proofpoint’s advanced email security and cloud platforms, TAP uses static and dynamic techniques to continually learn, adapt, and detect new cyber-attack patterns early in the attack chain.

Email Data Processed by TAP

TAP helps to prevent email attacks by processing, filtering, and analyzing the data and content contained in message content, URLs, and attachments to the emails that flow into Proofpoint’s secure email gateway. This includes limited personal data.

The following is an example of a dangerous email that could be sent to your employees. Though TAP’s analytic capabilities, this email would be flagged for investigation and mitigation.  The text in the blue boxes is representative of the steps taken to determine if the email is safe and is not a comprehensive review.

Figure 1: Proofpoint Targeted Attack Protection

Cloud-Based Account Information Processed by TAP

TAP SaaS Defense’s advanced analysis and threat detection features continuously monitor customer cloud applications to defend against malicious activity. The SaaS Defense feature is available to all TAP customers.  Customers have full control over its use. The text in the blue box is representative of the type of queries applied against SaaS applications and is not a comprehensive review.

Figure 2: Proofpoint Targeted Attack Protection

Customer Access to TAP Data and Privacy Options

Organizational, user, and threat specific analysis results are available to the customer’s authorized users through the TAP Dashboard.

How Proofpoint Retains Records

To protect organizations from on-going threats, Proofpoint analyzes the data collected through TAP and applies the results to the TAP’s scanning and filtering process. All data collected is retained in an aggregated form until securely deleted.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.


Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • A 24-7 network operation center receives and responds to security alerts, escalating to on-call security personnel.
  • Proofpoint’s information security program undergoes an annual third-party audit in the form of a SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated November 03, 2022.