Sugar and Pendo Analytics - deactivating it

Thanks for mentioning this "issue". I am curious: how does Sugar define "anonymized metadata" (as stated in the blog entry Say Hello to Sugar 9 | SugarCRM Blog )?

What kind of data is transferred in detail?

If it is not "anonymized" in terms of GDPR, we would need a DPA (data processing agreement) with Pendo. And we would need to keep all users of our Sugar instance informed about the fact that their data is collected and their "movements" are tracked.

Besides the aspects of EU's GDPR, there is something called "information security" or "trade/business secret". As Julia already mentioned, I too do not want to share the information when, why and how often I, my coworkers or our customers use Sugar. It's none of your business, Sugar.

Hi Julia Weinhold.  Thanks for your feedback. 

As you mention in your post above, Sugar included Pendo, a usage analytics tool, in this year's Spring release.  Pendo gives new insight into product functions and usability.  Pendo data will help prioritize the bugs we fix, and the new features we build.  Being able to see how our customers interact with Sugar will help us respond more quickly to your needs.  Pendo will also give customers the ability to receive educational content, product tours, and guides directly.  Users will be alerted to new features and changes in functionality, and guided through new processes step-by-step. Ultimately, using Pendo will result in a better product, a more intuitive and streamlined user experience, and a direct channel for empirical feedback from Sugar customers.

Gathering analytics using a tool like Pendo is standard operating procedure in modern application development.  In order to deliver innovative new features and respond to the needs of customers, it is important to understand how products are used.  Pendo provides visibility while protecting the privacy of users and complying with data privacy regulations like GDPR as well as Sugar’s privacy policy.  All user data is anonymous, we're not collecting any personally identifiable information, and we do not share collected data with other parties.

While it is possible to disable Pendo through code customization, we sincerely ask that you don't.   Pendo is an extremely efficient channel to give anonymous product feedback to Sugar.  Disabling Pendo will disrupt this feedback loop and interfere with Sugar's ability to deliver the most impactful new features and solve your most important problems, including our ability respond quickly to resource and load issues that can affect system availability.

 Hi Drew McDaniel, 

Thank you very much for your answer! But for us (meaning the CRM team at my company), it raises some doubts as to the usefulness of the feature – at least for on-premise-customers.  

Being able to see how our customers interact with Sugar will help us respond more quickly to your needs. Pendo will also give customers the ability to receive educational content, product tours, and guides directly.  Users will be alerted to new features and changes in functionality, and guided through new processes step-by-step. 

There are reasons why we are on premise customers. We want to have control over our data and more freedom of design. In consequence we have customized a lot and are probably using some modules and features a bit differently than intended by SugarCRM. Guiding our users and informing them about new features and changes is our job as Sugar admins, because Sugar can’t know how we are exactly using those features in our own customized environment or even if we do at all (as they might not fit in our specific business processes). To not confuse my users with information they don’t need, I prefer channeling the information/documentation for them and communicating only what is really relevant to them. 

Disabling Pendo will disrupt this feedback loop and interfere with Sugar's ability to deliver the most impactful new features and solve your most important problems, including our ability respond quickly to resource and load issues that can affect system availability. 

This might make sense in a cloud-environment, but not on-premise. Because you’d practically had to analyze our whole database structure and server configurations to identify those issues. It is also our job as the responsible persons for Sugar in our company to maintain the infrastructure in a way that it works smoothly. We don’t see how anonymized data might help on that front – in the end you have no (and shouldn't have any)  influence on our database and servers if problems are caused there. 

If you want to really support us in that process, you should make Pendo an optional analyzing feature, which we can activate with our own Pendo-account and ID (preferably in the system settings). If Pendo is that good, we would have no problem paying for it ourselves. (Maybe we can get a SugarCRM group discount from Pendo ;-D ) In that way we would have access and control over our own data and could share it with you if we thought it necessary. We as the hosting party would directly benefit from the data and could make changes and improvements to our systems and configurations right away. The impact would be much greater.   

We can understand that analysis like that is important for your cloud-hosted instances and will help you a lot on that front. But even if it can't be optional for all customers it should at least be communicated in a proper and transparent way. The least thing to do would be mentioning it in the release notes or the “What to expect when upgrading”-documentation. Even if your customers aren’t all able to make the choice (ideally based on information they received from you!) then at least I’m sure they want to and should be informed about it.  

In the end Udo Siebrasse is right: We’ll always be beating around the bush as long as you (meaning SugarCRM) don't give examples or specify (i.e. make transparent!), what kind of data you gather through Pendo. And as long as that’s the case we won’t even consider re-activating it. We want to know: What exactly is tracked? Log-Ins, clicks, queries, settings? Our users should know about that! I mean, every website is nowadays telling you that it uses cookies and tracks you and consequently, so should SugarCRM. Another alternative: If the data is so widely anonymized, maybe there would be no problem in making a summary of it available for all customers (maybe once a year or so) and communicating at least roughly which conclusions were drawn from it for further improving the system. Fact is: even if it’s anonymized, it’s still our data - the data of our users - and we want to know what happens with it and comes out of it. Maybe this is just a very European or German point of view, but that’s how we see it.

Last but not least: Another and maybe even the biggest reason for us hosting the system on-premise (and for mentioning Pendo in the developer notes) is security. We have our system only available via VPN – the Pendo integration opens a big hole into that strategy and (according to their own demo-video) allows them to change the UI and therefore inject code into our system. We believe that you, of course, wouldn’t abuse this feature but if your Pendo-account or Pendo themself would be hacked, it would also leave our systems open to code injection attacks.  

So, understand, that we also have the following questions: Do you intend to use the features that have an impact on the UI and therefore could be used to inject third-party code? What measures are you taking to prevent that?   

Sorry for the novel here, but I hope you understand, that this is important for us ;-) 

Best wishes

Julia

Does SugarCRM includes other "backdoors" besides Pendo?

I only know about the license validation which is calling home.

Are there more hidden "services"?

Does SugarCRM includes other "backdoors" besides Pendo?

I only know about the license validation which is calling home.

Are there more hidden "services"?