ThoughtSpot ® Privacy Statement

 

Effective as of June 20, 2024

ThoughtSpot’s mission is to enable anyone in an organization to quickly uncover insights hidden in their data, and make fact-based decisions, leading to a more data-driven culture. This mission is underpinned by our commitment to be transparent about the data we collect about you, how we use that data, and with whom it is shared.

Processing Activities Covered 

This Privacy Statement describes how we collect, use, share or otherwise process information relating to individuals (“Personal Data”) and the rights that may be associated with that processing of Personal Data collected by us when you: 

  • Visit our websites that display or link to this Privacy Statement ("Website");

  • Visit our offices; 

  • Visit our branded social media pages;

  • Receive communications or otherwise communicate with us such as through emails, phone calls, texts, messaging platforms, or faxes;

  • Use our software-as-a-service and software products (“Products”) and related support and consulting services (“Services”) where we act as a controller of your Personal Data;

  • Register for, attend, or participate in our events, webinars, programs, or trainings (“Events”);

  • Are employed by a customer of our Products and Services where your information has been shared with us in our capacity as a controller (for example, during the contracting process); 

  • Participate in the ThoughtSpot Community site focused on exchanging ideas and best practices, and collaborating with other customers, partners, and ThoughtSpot employees; or

  • Participate in surveys, research, or other similar data collection facilitated by us.

In some circumstances, we collect, or our partners provide us with, publicly available information that may contain Personal Data that you have published or that has been made available online. The way in which our partners collect this is detailed in their own privacy policies, available on their websites.

This Privacy Statement does not apply to third-party products, services, or businesses subject to separate terms, agreements, or privacy disclosures, or that are otherwise not offered under ThoughtSpot’s express agreements, regardless of whether they integrate with or interact with our Products (e.g., a Customer’s on-site repository, cloud data warehouse, or a connected platform) (“Third-Party Services”). Product delivery, access, and use will be governed by separate terms signed between us and each Customer, under which the Customer will control its deployment of our Product and any data hosted therein. If you have any questions about specific Product settings or privacy practices, please contact the administrator assigned to that role in the related Product.

DEFINITIONS

For the purposes of this Privacy Statement:

  • Authorized User” means an individual who was provided access credentials to access and use the Product by Customer, or otherwise using Customer’s account. 

  • Customer” means the entity that purchases our Product or Services, or if a Product is offered for free, the entity or individual that is subject to the applicable terms of use. 

  • Mobile Applications” means our applications you have downloaded to a mobile device.

  • Partner” means an entity that is a participant in a ThoughtSpot channel sales, technology, or other program to offer ThoughtSpot Products and Services for sale, or provide services, or technology to ThoughtSpot Customers.

This Privacy Statement is meant to help you understand what information we collect, why we collect it, and how you can exercise certain rights with respect to your Personal Data. If you have any questions about our use of your Personal Data, please contact us using the contact details provided at the bottom of this Privacy Statement and we will respond accordingly. 

What Personal Data We Collect

The types of Personal Data we collect depend upon your interactions with us. We may collect information directly from you when you visit our Websites, attend our Events, or purchase or use our Products and Services. We may also collect information from trusted third-party sources and may engage select third-parties to collect Personal Data to assist us in operating our business (for example, to assist us with registering you for our Events or in connection with sending you ThoughtSpot merchandise). The types of information we collect from you may include the following:

  • Contact Information and Personal Details. Authorized User credentials, full name, employer, job title and related employment information, email address, physical address, phone number, and other information such as your voice if you contact us by phone. We process your Personal Data, including recording phone calls (in accordance with applicable laws) for training, quality assurance, uncovering customer insights, and administration purposes. If required under applicable law, we will give you the option to object to a call being recorded.

  • Authorized User Profiles. For some Products (e.g., ThoughtSpot Mode), we may enable Authorized Users to create profiles. This may include a photo of you, a short bio, links to your presence on social media sites, and other information you choose to include about yourself. The information you submit for display in your profile, including any Personal Data, may be viewable by other Authorized Users of ThoughtSpot Mode based on the type and configuration of your account. We encourage you to review your configurations periodically to ensure you remain comfortable with your chosen settings. 

  • Payment, Billing, and Shipping Information. Financial information in connection with billing including, without limitation, billing, and shipping address. 

  • Demographic Information. On rare occasions, we may collect demographic information, such as gender, race, ethnicity, or veteran status. Where Personal Data is deemed “sensitive” under applicable data privacy laws, we will only process it with your consent unless a recognized exception applies. For example, if you give your explicit consent and only for specified Events, your biometric information, such as an image of your facial features, may be collected for identification purposes.

  • Event Information. Information related to your attendance at Events, including travel details and contact information, scheduling information, food preferences or allergies and accessibility requests, clothing sizes (for t-shirts, hats, jackets, etc.), and session ratings or other feedback you voluntarily provide to us.

  • Online Identifiers and Interactions. Device and user identifiers, Internet protocol address or location data when you access the Website, Products, or Mobile Applications and related user actions.

  • Device Information. Information relating to settings, attributes, identifiers, and interactions when you access the Website, Products, or Mobile Applications. 

  • Search Query Data and Feedback. The search text submitted by Authorized Users of the Products when using our natural language processing functionality and user submitted feedback as described in the ThoughtSpot documentation and applicable terms of use. 

  • Predictive Search Setup. Upon purchase and subject to Customer selection, a Customer may choose to store limited, selected information via search suggestion indexing and search cache features provided in the Products.

  • Mode Uploaded Content. For Authorized Users of ThoughtSpot Mode, you may upload data to the platform or post various queries, comments, analyses, and other content on the data or work made available on the platform by other Authorized Users. This content you provide  (“Your Content”) will be viewable by other Authorized Users of the platform in accordance with the privacy settings you specify when uploading, posting, or otherwise creating Your Content on the platform in either Mode’s public or private function, as described in the ThoughtSpot Mode documentation. If you choose to post Your Content in Mode’s public function, Your Content is deemed a contribution to the community, and Mode will treat such information as public information. Please review these to ensure you are comfortable with your selections.

  • Products Operations Data and Usage Data. Information from our software or systems comprising our Products and from Customer systems, applications, and devices that are used to access the Products. 

  • Authentication and Access Information. Information that provides access to the Products, such as username, passwords, and device identifiers. In addition, the Personal Data we collect to provide our Products may include location information from third parties, which helps us offer features like identity management and multi-factor authentication.

  • Diagnostic Information. Diagnostic information may be contained in log files, event files, and other trace and diagnostic files, which helps us to provide support and maintain the integrity of the Products and Services. 

  • Third-Party Services Information. A Customer can choose to permit or restrict Third-Party Services for its Product(s) and ThoughtSpot can receive Personal Data from such Third-Party Services. 

Third Party Services

Please note, Third-Party Services are typically software that integrate with our Product, and a Customer can permit its Authorized Users to enable and disable these integrations. ThoughtSpot may also develop and offer extensions that connect the Products with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with ThoughtSpot. For example, if a cloud storage application you are using is enabled to permit files to be imported to a Product, that Product may host the username and email address of Authorized Users, along with additional information that the extension makes available to ThoughtSpot to facilitate the integration. 

Customers should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to ThoughtSpot. When a Third-Party Service is enabled, ThoughtSpot is authorized to connect and access the information made available to ThoughtSpot in accordance with our agreement with the provider of the Third-Party Service and any permission(s) granted by our Customer (including, by its Authorized User(s)). Examples of information which ThoughtSpot may receive in this manner include whether you successfully created a new account or interacted with a third-party application in a way that is attributable to ThoughtSpot usage activity.

How We Use Your Personal Data

We may use your Personal Data for the purposes of operating our business, delivering, improving, and customizing our Websites, Products and Services, selling our Products and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law. Some ways we may use Personal Data include:

  • To understand your preferences so we may enhance your experience with the Website, Products, and Services;

  • To send our Customers and Partners ThoughtSpot-related information, including confirmations, account verification, invoices, technical notices, updates, security alerts, and support and administrative messages;

  • To communicate with you about promotions, upcoming events, or contact you for marketing purposes (in accordance with your marketing preferences), and provide you news about ThoughtSpot and our selected Partners’ products and services;

  • To help understand your needs by linking or combining information about you with other Personal Data we get from third-parties, to provide you with better and more personalized Website experience. We may collect Personal Data from other sources for the purposes of tailored advertising including identifiers, professional or employment-related information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. We collect this from third party providers of business contact information, including job titles, email addresses, phone numbers, IP addresses, social media profiles, LinkedIn URLs, and custom profiles for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. You can edit your communication preferences at any time. See Controlling Your Personal Data below;

  • To enforce our terms and conditions or protect our business, Partners, or Authorized Users; 

  • To operate, maintain, and provide the features and functionality of the Website;

  • To register you for Events you sign up for and populate profiles for you in our records; 

  • For industry analysis, benchmarking, analytics, and marketing purposes; 

  • For billing and contracting purposes; 

  • To make recommendations to customers regarding their use of the Products; 

  • To improve the Products and Services;  

  • For tracking entitlements, providing support, monitoring, and ensuring the performance, integrity, and stability of the Products infrastructure and preventing or addressing service or technical issues;

  • For other legitimate business purposes when necessary, such as protecting ThoughtSpot’s confidential and proprietary information; and 

  • To comply with legal obligations and operate our business.

If you are from the European Economic Area (“EEA”), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you.

How We Share Your Personal Data

We may share your Personal Data with third-parties for the purposes of operating our business, selling, delivering, and improving our Products and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law, or otherwise with your consent. 

We may share Personal Data in the following ways:

  • Within ThoughtSpot, Inc. and any of our global subsidiaries. Subsidiaries will use your Personal Data in the same way as we can under this Privacy Statement.

  • With third-party vendors, contractors, consultants, and other service providers that perform services on our behalf. Examples include but are not limited to: processing of orders and credit card transactions, hosting our Websites, hosting Event registration, assisting with sales-related efforts or post-sales support, and providing our Products and Services.

  • Your profile information, Your Content, and other technical information relevant to your use of ThoughtSpot Mode may be shared with other Authorized Users of the Product depending on the type and configuration of your ThoughtSpot Mode account, and your designation of Your Content. 

  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.

  • In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process.

  • With law enforcement officials, government authorities, or other third-parties as necessary to comply with legal process or meet national security requirements; protect the rights, property, or safety of ThoughtSpot, its business partners, you, or others; or as otherwise required by applicable law.

  • In aggregated, anonymized, or de-identified form, which cannot reasonably be used to identify you.

  • We do not sell Personal Data nor do we rent or trade Personal Data collected through the Website with third-parties for their promotional purposes. 

  • Google API data - Use and transfer of information received from Google APIs will adhere to the  Google API Services User Data Policy, including the Limited Use requirements.  Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

Mobile Applications

We may obtain additional information through Mobile Applications that you download to your mobile device (“Device”). Our Mobile Applications may obtain, collect, or access information from your Device in connection with your use of the Products, and are designed to interoperate with the Products; for instance, to provide you with access to information within the Products.

To provide and operate the Mobile Applications, we need certain information from you. For example, we ask you to provide some Personal Data, such as login credentials to access and use the Products through the Mobile Applications. We may only be able to collect or access this information if the Device settings allow it, so you should always review our Mobile Applications settings under the Device settings menu to determine the access restrictions for the Mobile Applications. 

Our Mobile Applications may also provide us with information regarding your Device, such as the Device model, manufacturer, and operating system. We may also collect Device event information, such as error logs and crashes related to our Mobile Applications, which allows us to improve our Mobile Application for a better user experience. In addition, we may use information collected by our Mobile Applications to enforce our rights arising from contracts we enter into with you.

In addition, to provide Mobile Applications, we work with our group companies and certain partners and service providers who may have access to your information.

How We Secure Your Personal Data

We implement physical, administrative, and technical safeguards designed to protect your Personal Data from unauthorized access, use, or disclosure. We also contractually require that our service providers protect such information from unauthorized access, use, and disclosure. In addition, we limit access to Personal Data to those employees, agents, contractors, and other third-parties that have a legitimate business need for such access. For more information about our security practices, please visit the Trust Center at https://www.thoughtspot.com/trust

How Long We Retain Your Personal Data

We will retain your Personal Data as needed to fulfill the purposes for which it was collected. We will retain and use your Personal Data as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. When we have no ongoing legitimate business need to process your Personal Data, we will either delete it, anonymize it, or securely store your Personal Data and isolate it from any further processing until deletion is possible.

Controlling Your Personal Data

Our marketing emails permit you to "opt-out" of or “unsubscribe” from receiving further marketing emails. Certain jurisdictions, for example the EEA and California, also provide their residents certain privacy rights under applicable law. Subject to local law, you may have the right to access, delete, receive a copy of or object to or restrict the processing of, to data portability, or to request that we correct any inaccuracies or otherwise update your Personal Data.

You may contact us to exercise your rights using the contact details in the section titled “How to Contact Us” below. We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that to fulfill your request, we may need you to provide certain information to verify your identity. When you or your authorized agent contacts us in connection with your Personal Data under applicable local law, we may ask you to validate your identity before fulfilling your request. Authorized agents may also be required to provide a copy of the consumer’s signed permission authorizing the agent to submit requests on the consumer’s behalf. 

These choices do not apply to service notifications or other required communications that are considered part of the Products or Services, which you may receive periodically unless you stop using or cancel your rights to access the Product or Services in accordance with their terms and conditions. Moreover, these rights may be limited or denied in some circumstances. For example, we may retain your Personal Data where required or permitted by applicable law. In such situations we will put in place appropriate measures to prevent any further processing or use of your Personal Data. 

Event registrants and attendees may update their profiles for ThoughtSpot hosted Events by logging into the applicable Event website or registration page while the Event registration and related website remain active.

Cookies and Web Beacons

Like many websites, ThoughtSpot uses automatic data collection tools, such as cookies, embedded web links, and web beacons. “Cookies” are small text files that we and others may place in users' computer browsers to store their preferences. "Web beacons" or “pixel tags” are small pieces of code placed on a web page or within the body of an email to monitor the behavior and collect data about the users viewing a web page or viewing or opening an email.

While ThoughtSpot attempts to honor do not track (“DNT”) instructions we receive from a user’s browser, we cannot guarantee that ThoughtSpot will always respond to such signals, in part, because of the lack of common industry standard for DNT technology. We continue to monitor developments in DNT technology and stay apprised of DNT industry standards as they evolve.

To manage the use of targeting and advertising cookies on our Website, click the Cookie icon at the bottom left footer of the page or consult your individual browser settings for cookies. 

In addition, our Products may use cookies in furtherance of the purposes described in this Privacy Statement. Some of these technologies are essential for the provision of the Product, such as account access/authentication; others assist with the performance and functionality of the cloud service, such as recognizing returning users, remembering preferences or facilitating in-product educational content; and others enable us to analyze usage to improve our Products and Services well as trouble-shoot issues. 

See our  Cookie Policy for more information. 

International Data Transfers

ThoughtSpot stores and processes any information collected in: (a) any country where we have facilities, (b) any country in which we engage service providers; or (c) any country where our hosted Events are held. A list of ThoughtSpot global offices is available here.

International transfers between ThoughtSpot AffiliatesTo conduct our operations, we transfer information to ThoughtSpot Affiliates in their respective countries of operation for the purposes described in this Privacy Statement. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where our Customers and Authorized Users are based. When we disclose information about you within and among ThoughtSpot corporate affiliates, we will rely on the EU-U.S. Data Privacy Framework to receive personal data transfers from the EEA to the U.S. (see “EU-U.S. Data Privacy Framework Notice” section below), and the Standard Contractual Clauses, to safeguard the transfer of information we collect from the EEA, the United Kingdom ("UK"), and Switzerland.   

International transfers to Third PartiesSome of the third-parties described in this Privacy Statement, which provide services to us under a written contract, are based in countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we disclose Personal Data of customers in the EEA, the UK, or Switzerland, we make use of the Standard Contractual Clauses or will implement other appropriate legal mechanisms to safeguard the transfer.

EU-U.S. Data Privacy Framework NoticeOn July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) entered into force. ThoughtSpot adheres to the Data Privacy Framework Principles regarding the collection, use, and retention of Personal Data that is transferred from the EEA, UK, and Switzerland to the United States. 

ThoughtSpot has self-certified its commitment to comply with the EU-U.S. DPF Principles (as defined below), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. ThoughtSpot has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF.   

ThoughtSpot has self-certified its commitment to comply with the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”). If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “Principles”), the Principles shall govern. To view ThoughtSpot’s certifications, please visit this page and search for ”ThoughtSpot.”  To view ThoughtSpot’s Data Privacy Framework Policy, please click here

If you require further information about our international transfers of Personal Data, please contact us using the contact details in the section titled “How to Contact Us” below.

California Privacy Disclosures

The California Consumer Privacy Act (“CCPA”) requires businesses to provide additional disclosures of California consumer rights relating to the sharing of, access to, and deletion of Personal Data that is collected. We may share Personal Data with third-parties or allow them to collect Personal Data as described in this Privacy Statement. We may share or disclose the Personal Data listed in the section above titled “How We Share Your Personal Data.”

California consumers have a right to request information about the collection of your Personal Data, and access to and deletion of your Personal Data under the CCPA. We do not sell the Personal Data of California consumers and do not discriminate in response to privacy rights requests. Further, we do not collect or process “sensitive” data or protected characteristics under applicable law for the purpose of inferring characteristics about an individual.

If you are a California consumer and you or your authorized agent would like to exercise your privacy rights, please contact us using the contact details in the section titled “How to Contact Us” below. We may need to verify your identity and place of residence before completing your rights request.

General

Linked Websites

Our Websites may contain links to other websites, applications, platforms, and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy policies, which we encourage you to review to better understand their privacy practices.

Forums and Chat Rooms

As discussed above, we offer you the ability to post information and exchange ideas through our Websites, certain Product offerings (e.g., ThoughtSpot Mode), and other services such as the ThoughtSpot Community Website.

If you participate in the ThoughtSpot Community or other discussion forum or chat feature on a ThoughtSpot Website, be aware that the information you provide there (i.e., your public profile) will be made broadly available to others, and could be used to contact you, send you unsolicited messages, or for purposes neither ThoughtSpot nor you have control over. ThoughtSpot will not be responsible if you disclose Personal Data in your posts, through our public services, or during any other communication with other Website users. Please be thoughtful of what you disclose and post. 

Children's Privacy

We do not knowingly collect Personal Data from children without appropriate parental or guardian consent. If you believe that we may have collected Personal Data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the How to Contact Us section and we will take appropriate measures to investigate and address the issue promptly.

Changes to this Privacy Statement

ThoughtSpot may modify or update this Privacy Statement from time to time to reflect the changes in our business and practices, and so you should review this page periodically. When we make a material change to the Privacy Statement, we will post the revised version with an updated ‘effective date’ as provided at the bottom of this page. 

You acknowledge that your continued use of our Website, Products, or Services or attendance at our Events after we publish or send a notice about our changes to this Privacy Statement means that the collection, use, and sharing of your Personal Data is subject to the updated Privacy Statement, as of the above effective date.

How to Contact Us

If you have any questions about this Privacy Statement or our privacy practices, or wish to exercise applicable rights regarding your data, please email us at [email protected], call us at (800) 508-7008, or write to us at:ThoughtSpot, Inc.

Attn: Legal Department
444 Castro Street, Suite 1000
Mountain View, CA 94041