When Adobe is providing software and services to an enterprise, Adobe is acting as a data processor for any personal data it processes. As a data processor, Adobe only processes personal data in accordance with your company’s permission and instructions (for example, as set out in your agreement with Adobe).
If you use our Adobe Experience Cloud solutions, Adobe may host personal data for you depending on the solutions you use and the information you choose to send to your Adobe Experience Cloud account. Detailed examples can be found here.
Adobe complies with generally recognised and industry-recognised standards, certifications and statutory requirements. Moreover, suitable technical and organisational measures have been taken (TOMs), and hundreds of security processes and control mechanisms implemented (Link).
We have developed the Adobe Common Controls Framework, a foundational framework of security processes and controls to protect Adobe infrastructure, applications and services. More information on Adobe’s Common Controls Framework can be found here.