ThoughtSpot Trust Center

Privacy

Our privacy and data protection program only uses data in
ways that are consistent with current data protection laws
and your wishes as a customer.

Travis Guerre
ThoughtSpot
Head of Legal

At ThoughtSpot, we view privacy as a fundamental
right and a core pillar of our product design. We are committed to protecting our users’ data with transparency, accountability, and the highest standards of security.

GDPR Compliance

The General Data Protection Regulation (“GDPR”) regulates the use and protection of personal data originating from the European Economic Area (“EEA”) and provides individuals rights with regard to their personal data. ThoughtSpot is committed to supporting our customers in their GDPR compliance efforts. See ThoughtSpot’s Data Processing Addendum (“DPA”).

CCPA Compliance

The California Consumer Privacy Act (“CCPA”) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. ThoughtSpot is committed to supporting its customers in their CCPA compliance efforts. The ThoughtSpot DPA addresses both GDPR and CCPA requirements.

Enterprise-Grade AI
& Privacy

ThoughtSpot’s robust privacy and security commitments outline how we protect user data and prioritize privacy apply equally to our use of AI. ThoughtSpot is committed to preserving our customers' privacy with ThoughtSpot Cloud AI-powered analytics and to supporting our customer’s privacy compliance efforts. See under “Enterprise-Grade AI” for more information on how ThoughtSpot utilizes AI in ThoughtSpot Cloud.

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) regulates protecting the privacy and security of health information. ThoughtSpot can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with ThoughtSpot. For more information on how ThoughtSpot Cloud provides security controls to meet the requirements of HIPAA, please see the Security Infrastructure and HIPAA Whitepaper.

Data Privacy Framework

For transfers to the United States, ThoughtSpot has self-certified to, and we are participants in, the new Data Privacy Framework (“DPF”). The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. ThoughtSpot’s continued adherence to the DPF can be found at the Data Privacy Framework site and in the Data Privacy Framework Policy.

International Personal Data Transfers

ThoughtSpot continues to use Standard Contractual Clauses (“SCCs”), which remain valid under the Schrems II decision by the European Court of Justice, as a legal mechanism for transferring personal data of its customers from the EEA to applicable jurisdictions. Our DPA includes the new EU Standard Contractual Clauses to support these transfers where applicable. We also offer ‘Supplementary Measures’ to our customers – these are technical and operational measures (including encryption controls and disclosures regarding government requests for access to data) to provide data protection controls for our EU data transfers. For more information, See our Transfer Impact Assessment Whitepaper.

Law Enforcement Guidelines

ThoughtSpot has published guidelines describing our practices for responding to Third- Party Authority Requests. The ThoughtSpot Law Enforcement Guidelines describe our practices and procedures for responding to any Third-Party Authority requests.

Transparency Report

Annually, ThoughtSpot publishes its Transparency Report, which outlines the number of requests from Third-Party Authorities that ThoughtSpot has received for customer data. Up to December 31st, 2024, ThoughtSpot has not received any Third-Party Authority Requests.

Privacy Statement

At ThoughtSpot, we create trust with our customers through transparency. We are committed to providing customers with clear information about the data we handle and how we use it. ThoughtSpot maintains a Privacy Statement detailing the collection, use, and disclosure of Personal Information obtained through the ThoughtSpot websites; in connection with your purchase and use of our products and related support and professional services; and in connection with events hosted by us where we collect information from registrants and attendees.

Cookie Policy

ThoughtSpot uses both session‑based and persistent‑based cookies. Session‑based cookies exist only during your web session and expire when you close your internet browser. Persistent-based cookies are files that stay in one of your browser's subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie's file. You can read more about ThoughtSpot’s use of cookies in our Cookie Policy.

We Don’t Sell Your Data

ThoughtSpot does not sell your data, and does not mine or access your data for advertising purposes. ThoughtSpot also contractually commits that ThoughtSpot employees and authorized, verified contractors will only have access to customer data on a need-to-know basis.

ThoughtSpot
Sub-processors

We hold our subprocessors to rigorous standards to protect privacy and personal data. ThoughtSpot has processes in place designed to verify that subprocessors have implemented appropriate technical and organizational measures to safeguard privacy. See the ThoughtSpot-authorized sub-procesors at our Sub-processors page.

ThoughtSpot Trust Center

We lead with transparency, ethics, deep listening and delivering on our commitments.
 

Learn more

Enterprise-Grade AI

Trusted, enterprise-grade AI enables faster, better decision-making.
 

Learn more

Security

Rest easy knowing that our procedures, processes, and secure cloud infrastructure keep your data secure at all times.

Learn more