Building a Foundation of Trust

Security

Alteryx Information Security Program utilizes an overarching framework to address enterprise information security governance, protecting information assets and systems against attacks and incidents while ensuring appropriate security is a priority at all levels of the product development process. It is a risk-based program that aligns with industry-standard frameworks, such as NIST CF and SIRT, to incorporate those security principles applicable to our regulatory and contractual obligations.

Read the Whitepaper

Privacy

Alteryx has implemented a global privacy program to address the needs of its users, customers, and partners. With respect to any personal data collected and used by Alteryx in our relationship with users (e.g., via Alteryx Community, events or certification training), Alteryx will comply with applicable data protection law, including the GDPR and CCPA, consistent with the obligations and representations set out in its published Privacy Policy and, with respect to customer data, our DPA.

Data Transfers

Alteryx complies with its obligations under data protection law with respect to all restricted, cross-border transfers of personal data. Access to customer content through hosting, support, or professional services is managed as a data transfer subject to the standard contractual clauses outlined in Alteryx’s standard data processing agreement (DPA). Internal data transfers between Alteryx entities utilize a comprehensive intra-company DPA and standard contractual clauses.

Data Practices

Alteryx’s privacy program aligns to the NIST Privacy framework using a data lifecycle approach to both product development and our data practices. To comply with applicable law in the jurisdictions in which we do business, as well as to ensure alignment with industry best practices and customer obligations, Alteryx applies a consistent set of privacy principles based on those outlined by the GDPR and any additional requirements for privacy and marketing by state, province, country, or region.

Data Subject Rights

Alteryx has implemented the means of responding to data subject requests under both the GDPR and the California Consumer Protection Act (CCPA). The option to make a do-not-sell request under the CCPA is easily accessible in the cookie preference settings on our websites and using our data request form, either online or via the designated toll-free telephone number. Other types of data subject requests may also be made using our consolidated request form. For detailed information and link to the request form, see our Privacy Policy.

Usage Data

As further described in the Privacy Policy and our terms of use, Alteryx may collect data attributable to an individual through a few primary sources: directly from the individual or his/her employer, from Alteryx partners and data processors, and in a limited manner through use of Alteryx products and services. Protecting the confidentiality of personal data, including usage data, is our first priority and Alteryx follows best practices to maintain oversight where usage data is collected.

Ethics

Alteryx is committed to promoting high standards of honest and ethical business conduct and compliance with applicable laws, rules and regulations. We lead the company guided by our Code of Business Conduct and Ethics and a set of core values that shape our behaviors and maintain our culture. Our shared values of Customer First, Accountability, Equality, Integrity, and Empowerment inform the development of our products, the service of our customers, and the achievement of our business objectives.

Compliance

Alteryx maintains a comprehensive information security program designed to protect the confidentiality, integrity, and availability of customer and user data in accordance with all applicable industry standards and practices. Our security program includes measures intended to meet or exceed data protection requirements for personal data, including those outlined by the GDPR and CCPA.

Trust

Alteryx provides a desktop analytics and server environments that meet the thresholds for Federal Information Processing Standards (FIPS) compatibility as established by the National Institute of Standards and Technology (NIST) and in accordance with the Federal Information Security Management Act (FISMA) and as approved by the Secretary of Commerce.

Reliability

Alteryx strives to deliver stable solutions that customers can operate with confidence, and we take defects and downtimes seriously. Alteryx follows ISO 22301 guidelines for managing and maintaining plans for continuity of operations. This includes identifying critical processes, reviewing their components, and verifying response times in line with the company’s recovery time objectives.

ESG/Sustainability

We recently released our 2022 Global Impact Report, which provides an overview of our impact initiatives: how we are protecting and fostering diversity and wellbeing on our teams, engaging our customers in giving back, and building sustainability into our development strategy with an aim towards a greener, brighter future for everyone.

Private Data Handling

The ISO 27001 certified Alteryx Analytics Cloud Platform enhances security, isolates permissions, and manages risk by separating application control planes and data planes. The control plane orchestrates workloads, provides the user interface, and manages application usage data. The data plane gives customers self-service access to their data to run analytic workloads. To further enhance security, customers can keep the data plane in their own cloud environment using Private Data Handling.

Governance

Alteryx offers product functionality to help IT teams comply with internal governance policies and procedures, including connectivity, security, audit logs, and versioning. Alteryx recommends a comprehensive and modern reference framework for analytics governance. This framework maintains flexibility to enable rapid prototyping and quick analysis while outlining how additional controls can be applied to routinely executed, high-risk processes.

Responsible AI Principles
Alteryx’s Responsible AI Principles reflect a commitment to ethical and inclusive AI innovation, emphasizing transparency and explainability to help ensure users understand AI outcomes. The principles advocate for human agency and oversight, enabling informed decision-making while protecting rights. Trust and accountability are prioritized, with Alteryx implementing robust security and privacy measures. Reliability and safety are central, with rigorous testing of AI models to help ensure accurate and intended results.