Security Designed to Protect You

Innovation is built on trust; trust starts with transparency. You can trust Apptio to deliver world-class applications while handling your data with the utmost care and security. We design every aspect of our business to deliver on that trust.

Physical Locations

Apptio recognizes that data location is an important consideration for businesses with a global presence. All Apptio data centers are world-class Tier 3 and Tier 4 data centers providing advanced security and environmental protection. Some of our products utilize Amazon Web Services (AWS). Apptio data center providers (including both colocation facilities and AWS) hold industry certifications that include SOC1 Type II, SOC2 Type II, ISO27001:2013, Cloud Security Alliance STAR, among others.

Data center map
  • US West Region
  • US East Region
  • EU (Frankfurt) Region
  • EU (Amsterdam) Region
  • EU (Ireland) Region
  • Asia Pacific (Sydney) Region

Technology

Apptio implements technical controls towards ensuring that customer data is protected from compromise and unauthorized access, such as:

  • Connection Security
  • Network Security
  • Data Segregation
  • Authentication
  • Authorization
  • Disaster Recovery & Backup

Penetration Testing

Apptio regularly conducts penetration testing and vulnerability scanning in order to ensure our systems are maintained in a secure state at all times. Penetration testing is conducted by our dedicated internal Information Security team, as well as by leading third party security firms. Summary reporting for such third party penetration testing and web application vulnerability scans is available to customers upon request.

Please report any suspected malicious activity or potential undiscovered security vulnerabilities to infosec@apptio.com for prompt attention.

The protection of your data is a top priority at Apptio, and the development and operation of our service revolves around that commitment. This includes our people, security policies, and dedication to helping you implement secure practices when using our products.

Confidentiality & InfoSec

Apptio requires all employees and contractors to sign and abide by non-disclosure confidentiality agreements, and to comply with our information security policies.

Training

Apptio provides training to all employees on our information security handling practices and policies during their new hire orientation, with refresher courses given annually to keep staff current. In addition, Apptio developers are required to take specific secure coding practice training on an annual basis.

Access to Data

The principle of "least privilege" is adhered to and data is accessible only to authorized Apptio personnel as required to operate the service. Customer data is only disclosed to third parties in connection with the provision of services to you, and only in accordance with your commercial agreements with Apptio.

Apptio, Inc., its affiliates and subsidiaries (“Apptio,” “us” or “we”) respect your privacy and are committed to protecting your Personal Information as described in this privacy policy (“Policy”). This Policy describes: (1) the types of Personal Information we may collect; (2) the purposes for which we collect Personal Information; (3) the parties with whom we may share this information; (4) your rights and choices; (5) how to contact us with your questions or concerns; (6) and the measures we take to protect Personal Information.

We reserve the right to modify this Policy as described in Section 12.

1. Scope

This Policy applies to the Processing of Personal Information by Apptio in the context of its publicly available websites, including www.apptio.com, explore.apptio.com, respond.apptio.com, and community.apptio.com (collectively, our “Website”) and in connection with its customer, partner, and vendor relationships (“Business Data”). Apptio is the data controller for the processing of Personal Information on our Website and for the processing of Business Data. In addition, Apptio obtains, processes and hosts Personal Information via its commercial hosted software applications (collectively, the “Software Services”) provided to its customers who subscribe to those Software Services (“Customers”). When providing the Software Services, Apptio is a data processor and only processes Personal Information on behalf and instructions of our Customers, which are data controllers. The agreement between Apptio and our Customers defines the roles and responsibilities of the parties for the processing of Personal Information in the context of the Software Services. For the purpose of this Policy, “Personal Information” means “any information relating to an identified or identifiable natural person.” Please review the Technology Business Management Council, LLC (“TBM Council”) privacy policy to learn more about how we process information we collect through the TBM Council. By accessing and continuing to use the Website or the Software Services you consent to the terms and conditions of our Policy. If you do not agree with any part of this Policy, please do not access or continue to use any of our services or otherwise submit your Personal Information.

2. Personal Information We May Collect or Receive

Depending on the context in which you interact with us, we may collect or receive the following types of information, including Personal Information, from and about you:

  • When you submit requests or post materials or inquiries on our Website (including when registering for content such whitepapers and requesting additional information, services, or support from us), we may collect your name, job title/level, company name, address, phone number, e-mail address, country, and certain company information.
  • When you correspond with us via email, we may collect the Personal Information included in your e-mail.
  • Any Personal Information you submit in a bulletin board or chat room on our Website. Please note that any Personal Information you submit there will be posted online and can be read, collected, or used by other visitors to these forums. We are not responsible for third party use of the Personal Information you choose to submit in these forums. We also reserve the right, at our sole discretion, to remove any content you may post on our Website.
  • When you visit our Website we collect certain information automatically. This includes device information such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, and browser type, and information about the actions you take on our Website, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Website. We also use session replay technologies to visualize how visitors interact with our Website.
  • Like many websites, we use “cookies” to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser. If you have provided your name or other contact information to us via a web form, we are able to link that information back to the cookie. Using cookies makes it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Website previously. This information may also be used to provide you with information that we believe to be relevant to you based on your actions on our Website. Please review the “Cookies and Web Beacons” section below to learn more.
  • We may also infer or derive information about you from the other information we collect. For example, we may infer your approximate location from your IP address.

We may collect Personal Information from our existing and prospective Customers, vendors, and partners:

  • When Customers register to use the Software Services (and related services, such as training and customer support), we require them to provide us with contact information (such as name, company name, phone number, and e-mail address). They may voluntary decide to communicate additional Personal Information (such as title, department name, fax number, and additional company information, such as mailing address, annual revenues, number of employees, or industry). We will use the email address provided during the registration process to generate a username and temporary password for Customers. Customers will be invited to log-in to change their password.
  • We collect information about Customers’ use of the Software Services including in a log file (e.g;, when a user logs, its use of the system).
  • With Customers’ consent, we may post Customers’ testimonials, which may include Personal Information such as their name, on the Website about their use of the Software Services.
  • Customers contact details to send them information about our products or services.
  • Personal Information of Vendors’ and Partners’ Employees as provided by Vendors or Partner for purposes of the vendor’s services or in furtherance of the relevant partner relationship.

We also receive information from other sources, including the contact details of prospects and sale leads from the Technology Business Management Council, LLC and business partners like our resellers.

3. How We May Use Personal Information

We may use the information that we collect about you or that you provide to us, including any Personal Information, in the following ways:

  • We use data we collect to provide the Website and Software Services that we offer. This includes operating, maintaining, and providing you with all the content and features of the Website and Software Services.
  • To inform you about Apptio and our products, services and partners, including to send, analyze, and improve marketing promotions and campaigns.
  • To diagnose and resolve issues with and otherwise improve our Website or Software Services.
  • To protect the security of our Website, services, employees and users, detect and prevent fraud, and to resolve disputes.
  • To send administrative information to you, for example, information regarding the services and changes to our terms, conditions, and policies of our Website and Software Services.
  • To carry out our obligations and enforce our rights arising from any agreements between you and us.
  • To understand usage patterns on the Website and Software Services and optimize performance.
  • To set up the Software Services for individuals and their organizations.
  • To target advertisements to you on third-party platforms and websites.
  • To generate de-identified data that we will not attempt to re-identify unless permitted by law.
  • In connection with prospective service engagements, partnerships or vendor relationships.

4. How We May Share Personal Information

We may disclose your Personal Information as follows:

  • To our affiliates or subsidiaries as necessary to provide our products and services.
  • To our vendors, service providers, contractors, and consultants (“Service Providers”) in support of our business. We do not authorize these Service Providers to use or disclose your Personal Information except as necessary to perform certain services on our behalf or comply with legal requirements. We require these Service Providers to safeguard the privacy and security of Personal Information they process on our behalf.
  • To other third parties for marketing and advertising purposes.
  • To our professional advisors such as lawyers and accountants in connection with obtaining guidance.
  • To an acquirer, successor, or assignee in connection with or during negotiations of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
  • We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the company, or (v) protect our property or other legal rights (including, but not limited to, enforcement of Apptio’ s Terms of Use), or the rights, property, or safety of others.
  • We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

We do not share your Personal Information with third parties or unaffiliated companies for their marketing purposes unless you opt in to that sharing.

5. Your Rights and Choices

We seek to provide you with choices regarding the Personal Information you provide to us.

  • Marketing communications from Apptio. If you do not wish to receive e-mail marketing communication from us, you can opt-out by sending an email to unsubscribe@apptio.com. You can also unsubscribe from e-mail marketing communications by following the instructions contained in the marketing messages you receive. Even if you opt-out or unsubscribe, we can send you certain communications relating to the Service, such as administrative messages that are considered part of your account membership. You cannot opt-out of receiving those messages. Where required under applicable law, we will only send you marketing communications with your consent
  • Right of access, deletion, correction of your Personal Information. Subject to applicable law, you may have the rights to request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, and have the information blocked or deleted, as appropriate. These rights may be limited in some circumstances by local law. To exercise these rights, please contact us as set forth below in the how to contact us section.
  • Customers account information. You can update, edit or remove your account information at any time by logging into the Website.
  • If you are a California Resident, see Your California Privacy Rights below at section 7.
  • If you are in the EU, see the GDPR below at section 6

You can choose not to provide us with your Personal Information, but if you do not provide us with your Personal Information when we request it, we may not be able to provide you with our full range of products and services, or provide a service appropriately tailored to you.

Cookies

If you do not want us to collect cookies on the Website, you may set your browser to refuse cookies, or to alert you when cookies are being sent. You can opt out of the collection and use of certain information, which we collect about you by automated means, including cookies, when you visit our websites or update your browser settings. Your browser may tell you how to be notified and opt out of receiving certain types of cookies. If you do so, please note that some parts of our Website may then be unavailable or not function properly. Cookies must be enabled in order to use the Software Services.

6. GDPR

This section applies to individuals in the European Economic Area (“EEA”), the United Kingdom, and Switzerland.

Where we process Personal Information as a data controller, we do so in reliance on the following lawful bases:

  • To perform our responsibilities under our contract with you (e.g., granting you access to and providing the products and services you requested).
  • When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
  • To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
  • When we have your consent to do so (e.g., to send you marketing communications). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.

Please see the “Your Rights and Choices” section above for information about your privacy rights and how to exercise them. In addition, you can object to certain processing or request that we restrict certain processing by contacting us as described in the “How to Contact Us” section below. You can also lodge a complaint with the data protection authority as follows:

We retain Personal Information as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Policy.

Where we process Personal Information as a data processor in connection with providing the Software Services, we have added EU General Data Protection Regulation provisions to our contractual commitments to our customers. Among other things, these terms obligate Apptio to:

  • Process personal data based on customer instructions or applicable laws
  • Ensure that personnel accessing personal data are subject to confidentiality duties
  • Apply technical and administrative measures to protect personal data
  • Assist customers in responding to requests from individuals about their personal data
  • Assist customers in fulfilling their legal duties including regarding notification of data breach
  • Delete personal data at the conclusion of the contracted services except where retention is required or permitted by law
  • Provide customers with information required to fulfill regulatory and audit obligations
  • Obtain customer consent when engaging a subprocessor to process personal data in connection with the Apptio branded products. If you are a current customer you are invited to review the list of subprocessors available and obtain updates via the mechanism described on that page.

We encourage you to review these commitments. They represent a coordinated effort within Apptio to ensure we not only comply with applicable regulation, but also that we maintain our ongoing compliance, security and privacy efforts in general. We consider the GDPR to be a welcome development and look forward to our continued collaboration with our customers and suppliers towards ensuring the regulations and principals they represent are observed.

7. Your California Privacy Rights

This section provides additional details about the Personal Information we may collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA”.

Additional Disclosures

The categories of information we collect include identifiers, commercial information, internet activity information, professional information, and inferences. The categories of sources from which we collect such information are from you and from third party business partners. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Information We May Collect or Receive (Section 2) above.

We collect this information for the following business and commercial purposes (described in more detail in the “How We May Use Personal Information” section of this Policy): providing the Website and Software Services; performing marketing and advertising; conducting analytics and Website/Software Services improvement; and for security/compliance. We share this information with the categories of third parties described in the How We May Share Personal Information (Section 4) above. In particular, we have shared information as follows:

Category of Personal InformationCategories of Recipients
IdentifiersAffiliates; Service Providers; Professional Advisors; Advertising Partners.
Commercial InformationAffiliates; Service Providers; Professional Advisors; Advertising Partners.
Internet Activity InformationAffiliates; Service Providers; Advertising Partners.
Professional InformationAffiliates; Service Providers; Professional Advisors; Advertising Partners.
InferencesAffiliates; Service Providers; Professional Advisors; Advertising Partners.

Apptio does not knowingly sell or share (as those terms are defined in the CCPA) the Personal Information of individuals younger than 16.

Privacy Rights

Subject to certain limitations, the CCPA provides California consumers a number of rights, specifically:

  1. the right to request to know more details about the categories Personal Information we collect (including how we use and disclose this information) or access specific pieces of Personal Information we have about them;
  2. to delete their Personal Information;
  3. to correct inaccurate Personal Information;
  4. to opt out of any “sales” or “sharing” that may be occurring through our use of third-party cookies for advertising as described in section 15 below by disabling targeting and social media cookies through the cookie settings portal [(you can also opt out by visiting our Website while using a legally-recognized universal choice signal (such as the Global Privacy Control) enabled but please note that our processing of the signal may be limited to the specific browser or device you are using)]; and
  5. to not be discriminated against you for exercising these rights.

California consumers may make a request to know, access, correct, or delete pursuant to their rights under the CCPA by contacting us as set out in the How to Contact Us section below or via our CPRA consumer access request form. We will verify your request using the information we currently hold about you, including email address. Further information may be required in order to identify you. Consumers can also designate an authorized agent to exercise these rights on their behalf. Authorized agents can submit requests in the same manner as consumers but must include proof of authorization to make the request.

We retain Personal Information as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Policy.

8. Data Security

We take reasonable steps given the context of the engagement in which data is provided to protect your Personal Information from loss, misuse, interference, unauthorized access, disclosure, alteration, and destruction. However, the security of information transmitted through the Internet can never be guaranteed and is not entirely within our control. Where you receive a password for access to certain parts of our Website or the Software Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

9. Cross-Border Data Transfers

We may transfer your Personal Information to countries other than the country in which the data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided that information. When we transfer your Personal Information to other countries, we will protect it as described in this Privacy Policy. To offer our services, we may need to transfer your personal information among several countries where we have employees, facilities or service providers, including the United Sates, where we are headquartered. By using the Software Services or otherwise providing Personal Information to us, you consent to the transfer of Personal Information to countries outside of your country of residence, including the U.S. If you are located in the EEA, we comply with applicable legal requirements providing adequate protection for the transfer of Personal Information to countries outside of the EEA.

We recognize that the Court of Justice of the European Union ruled in July 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR transfer personal data to jurisdictions outside the EEA. We also recognize Switzerland’s announcement that the Swiss-US Privacy Shield Framework does not provide an adequate level of protection to transfer personal data from Switzerland to the U.S. We now rely on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission (or other relevant governmental authority) to transfer personal data from the EEA, the UK, and Switzerland.

10. Applicant Information

When you apply for a position with Apptio, we collect the information that you provide in connection with your application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). This may also include demographic or diversity information. We may also conduct background checks and receive related information.

We use applicants’ information to facilitate our recruitment activities and process applications, including evaluating candidates and monitoring recruitment statistics. We use successful candidates’ information to administer the employment or independent contractor relationship. We may also use and disclose applicants’ information (a) to improve our Website, (b) as otherwise necessary to comply with relevant laws, (c) to respond to subpoenas or warrants served on Company, and (d) to protect and defend the rights or property of Apptio or others.

In addition, we may disclose applicants’ information to IBM Corporation and applicant tracking service providers, for administration, research, database development and business operation purposes, in line with the terms of this Privacy Policy. IBM may process your Personal Information on the basis of its legitimate interests in overseeing the recruitment process and, if applicable, your employment relationship with Apptio.

11. Links to Other Websites

Our website may contain links to websites of third parties who: (1) are not affiliated with us; (2) are outside our control; or (3) are not covered by this Policy (“Third-Party Websites”). Links provided to Third-Party Websites on our Website are provided only as a convenience to you. The inclusion of any link does not imply its reliability or an endorsement by us of the content or security. We are not responsible for the privacy practices of Third-Party Websites, which may collect and use information from you in a manner different than how we do so. Accordingly, the use of such Third-Party Websites is entirely at your own risk. For relevant information, you should review the privacy statements or policies of any Third-Party Websites before using them. Other parties may collect information about your online activities over time and across different websites when you use our Site or Services.

12. Changes to Our Policy

We reserve the right to modify this Policy at any time, so please review it frequently to see when the Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on our Website or via the Software Services. Your continued use of the Website or Software Services is deemed to be acceptance of such changes, to the extent permitted under applicable law.

13. Children

This Site is not designed to collect Personal Information from children who are under 13 years of age. We do not intend to or knowingly collect such information.

14. Do Not Track Disclosures

Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. When a user turns on DNT, the browser sends a message to website operators requesting them not to track the user’s website activities. At this time, we do not respond to DNT signals. We do not change our practices, described elsewhere in this Policy, in response to DNT settings or signals. In particular, even if you have turned on a DNT signal, we and others will continue to collect information about you and your website activities through the use of cookies, tracking pixels, and other Tools. For more information about DNT, visit www.allaboutdnt.org.

15. Cookies and Web Beacons

This section applies to the Apptio Website and describes the information we collect by automated means using information-gathering tools, such as cookies and web beacons. Cookies are small pieces of information or text that are issued to your computer when you visit a website and are used to store or track information about your use of the site.

Apptio uses cookies for several reasons.

Some cookies are strictly necessary to enable core site functionality. We refer to these as “required” cookies. For example, we may use required cookies to authenticate your access to various secure areas of our Website that may contain content for registered users.

Other cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with our Website more meaningful. We refer to these as “performance” cookies. For example, performance cookies may be used to determine whether you have visited our Website before and inform us about site features in which you have interest, thereby permitting us to better tailor the site to our users.

In addition to required and performance cookies, some third parties issue cookies through our Website to serve ads that are relevant to your interests based on your browsing activities. Targeting cookies also allow us to analyze Website traffic so we can measure and improve performance. These third parties may also collect your browser history or other information to determine how you reached our Website and the pages you visit when you leave our Website. Information gathered through these automated means may be associated with the Personal Information you previously submitted on our Website.

“Social Media” cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests.

Web Beacons

Web beacons (also known as internet tags, pixel tags, and clear GIFs) are clear electronic images that can recognize certain types of information on your computer, such as the type of browser used to view a website page, when you viewed a particular site linked to the Web beacon, and a description of a site tied to the Web beacon. Certain pages on our Website may contain such Web beacons, which Apptio uses to operate and improve the Website.

How to Control Cookies?

Apptio complies with privacy laws that control cookies for users throughout the world, including the EU & California. Those users can modify their cookie settings when they first visit our website, or by accessing their cookie settings.  For all other users, by using this Website, you agree that we can place cookies on your computer or device as explained above. However, you can stop cookies being downloaded to your computer by selecting the appropriate settings on your browser. Most browsers will allow you to see what cookies you have and delete them on an individual basis or block cookies from particular or all websites. Be aware that any preference you have set will be lost if you delete all cookies, including your preference to opt-out from cookies as this itself requires an opt-out cookie to have been set. For more information on how to modify your browser settings to block or filter cookies, see http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. Please bear in mind that removing or blocking cookies can affect your user experience and without cookies, you may not be able to take full advantage of our Website features. We may modify or amend this Cookie information from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended information shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Cookie section to be informed about how we are using cookies.

16. How to Contact Us

If you have questions about this Policy, the Website or the Software Services, would like to opt out from certain service, or to exercise your rights, contact us at:

  • Via email at privacy@apptio.com;
  • Via mail at Apptio, Inc., 11100 NE 8th Street, #600, Bellevue, WA 98004; or
  • Via Telephone on the contact number(s) set out on our Website.

Table of Contents

Apptio’s Information Security team, Legal department, and Internal Compliance/Audit department all work together to ensure that industry best security practices are met. Apptio’s Software-as-a-Service (SaaS) environment follows stringent guidelines to protect the confidentiality, integrity, privacy, and availability of your data.

Compliance and Certifications

We also work with independent auditors and penetration testers to validate that Apptio has the appropriate security controls in place to protect customer data entrusted to us.

SOC2 Type II Report and SOC3 Report​

System and Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Apptio achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Apptio controls established to support operations and compliance. Apptio cloud services have been successfully audited in accordance with the Trust Services Criteria for design and operational security. To learn more about the AICPA and the SOC standards, see the following link: http://www.aicpa.org/soc4so

For a copy of our SOC3 report, click on the link below:
Download Apptio’s SOC3 Report

ISO27001:2013 Certification

Apptio is ISO27001:2013 certified and is aligned with all associated requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). This alignment ensures that Apptio cloud services have the requisite and appropriate security controls and management program in place as defined in the ISO/IEC 27001 standard.

Download Apptio’s ISO27001:2013 Certificate

FedRAMP Certification

Apptio is one of a select group of SaaS providers who have received FedRamp certification under the Joint Authorization Board (JAB) Authorization to Operate (ATO). Apptio’s FedRAMP environment provides a continental United States (CONUS)-based and dedicated infrastructure (facilities, servers, databases, networking devices) for Federal Government agencies subscribing to our SaaS Technology Business Management (TBM) solutions.

Learn more about FedRamp certification

Cloud Security Alliance – STAR Level One Certification

Our Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response details how Apptio cloud services fulfill the security, privacy, compliance, and risk management requirements defined in the CSA CCM version 3.0.1.

See our Cloud Security Alliance Certification

General Data Protect Requirements (EUGDPR)

Apptio meets the compliance requirements for the EU GDPR. Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (EU GDPR) was approved in Spring 2016 and the new rules came into effect on May 2018. The rights of EU citizens to control their personal details is respected by Apptio.

Learn more about the EUGDPR

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Apptio complies with the California Consumer Privacy Act. Apptio provides additional rights to California Consumers which are fully set out in our privacy policy and in the agreements we put in place with our Vendors and our Customers. The rights of California Consumers to control their personal details is respected by Apptio.

Learn more about the CCPA

EU-US Privacy Shield

Apptio complies with the EU-U.S. Privacy Shield Framework as set forth and certified to the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

See our Privacy Shield certification

ITIL Alignment

Apptio adheres to ITIL principles and practices for managing and supporting our SaaS environment. Leveraging process automation and other ITIL best practices, we are well-positioned to enforce IT service management for our cloud services and customers.

Learn more about ITIL-ISO 20000