Effective as of September 1, 2023
ThoughtSpot, Inc., together with its corporate affiliates, including Mode Analytics, Inc. (collectively “ThoughtSpot”, “we” or “us”), respects the privacy of its customers, business partners, event attendees, and website visitors. This Privacy Statement describes our privacy practices with respect to the collection, use, and disclosure of Personal Data (as defined below) obtained: (a) through the ThoughtSpot websites that link to this Privacy Statement ("Website"); (b) in connection with your purchase and use of our software-as-a-service and software products (“Products”) and related support and consulting services (“Services”); and (c) in connection with events hosted by us where we collect information from registrants and attendees (“Events”).
This Privacy Statement does not apply to third-party products, services, or businesses governed under separate terms, agreement, or privacy policy, or that are otherwise not offered under ThoughtSpot’s express agreements, regardless of whether they integrate with or interact with our Products (e.g., a Customer’s on-site repository, chosen cloud data warehouse, or a connected platform) (“Third-Party Services”). Product delivery, access, and use will be governed by separate terms signed between us and each Customer, under which the Customer will control its deployment of our Product and any data hosted therein. If you have any questions about specific Product settings or privacy practices, please contact the administrator assigned to that role in the related Product.
For the purposes of this Privacy Statement:
If you have any questions or concerns about our use of your Personal Data, please contact us using the contact details provided at the bottom of this Privacy Statement.
The types of Personal Data we collect will depend upon your interactions with ThoughtSpot. We may collect information directly from you when you use our Websites, attend our Events, or purchase or use our Products and Services. We may also collect information from trusted third-party sources and engage third-parties to collect Personal Data to assist us. The types of information we collect from you may include the following:
Please note, Third-Party Services are typically software that integrate with our Product, and a Customer can permit its Authorized Users to enable and disable these integrations. ThoughtSpot may also develop and offer extensions that connect the Products with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with ThoughtSpot. For example, if a cloud storage application you are using is enabled to permit files to be imported to a Product, that Product may host the username and email address of Authorized Users, along with additional information that the extension makes available to ThoughtSpot to facilitate the integration.
Customers should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to ThoughtSpot. When a Third-Party Service is enabled, ThoughtSpot is authorized to connect and access the information made available to ThoughtSpot in accordance with our agreement with the provider of the Third-Party Service and any permission(s) granted by our Customer (including, by its Authorized User(s)). Examples of information which ThoughtSpot may receive in this manner include whether you successfully created a new account or interacted with a third-party application in a way that is attributable to ThoughtSpot usage activity.
We may use your Personal Data for the purposes of operating our business, delivering, improving, and customizing our Websites and Products, selling our Products and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law. Some of the ways we may use Personal Data include:
If you are from the European Economic Area (“EEA”), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you.
You can edit your communication preferences at any time. See Controlling Your Personal Data below.
We may share your Personal Data with third-parties for the purposes of operating our business, selling, delivering, and improving our Products and Services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law, or otherwise with your consent.
We may share Personal Data in the following ways:
We may obtain additional information through Mobile Applications that you download to your mobile device (“Device”). Our Mobile Applications may obtain, collect or access information from your Device in connection with your use of the Products, and are designed to interoperate with the Products; for instance, to provide you with access to information within the Products.
To provide and operate the Mobile Applications, we need certain information from you. For example, we ask you to provide some Personal Data, such as login credentials to access and use the Products through the Mobile Applications. We may only be able to collect or access this information if the Device settings allow it, so you should always review our Mobile Applications settings under the Device settings menu to determine the access restrictions for the Mobile Applications.
Our Mobile Applications may also provide us with information regarding your Device, such as the Device model, manufacturer, and operating system. We may also collect Device event information, such as error logs and crashes related to our Mobile Applications, which allows us to improve our Mobile Application for a better user experience. In addition, we may use information collected by our Mobile Applications to enforce our rights arising from contracts we enter into with you.
In addition, to provide Mobile Applications, we work with our group companies and certain partners and service providers who may have access to your information.
We implement physical, administrative, and technical safeguards designed to protect your Personal Data from unauthorized access, use, or disclosure. We also contractually require that our service providers protect such information from unauthorized access, use, and disclosure. In addition, we limit access to Personal Data to those employees, agents, contractors, and other third-parties that have a legitimate business need for such access. For more information about our security practices, please visit the Trust Center at https://www.thoughtspot.com/trust. For security information related to the Mode platform, please see https://www.mode.com/security.
We will retain your Personal Data as needed to fulfill the purposes for which it was collected. We will retain and use your Personal Data as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. When we have no ongoing legitimate business need to process your Personal Data, we will either delete it, anonymize it, or securely store your Personal Data and isolate it from any further processing until deletion is possible.
Our marketing emails permit you to "opt-out" of or “unsubscribe” from receiving further marketing emails. Certain jurisdictions, for example the EEA and California, also provide their residents certain privacy rights under applicable law. Subject to local law, you may have the right to access, delete, receive a copy of or object to or restrict the processing of, to data portability, or to request that we correct any inaccuracies or otherwise update your Personal Data.
You may contact us to exercise your rights using the contact details in the section titled “How to Contact Us” below. We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfill your request, we may need you to provide certain information to verify your identity. When you or your authorized agent contacts us in connection with your Personal Data under applicable local law, we will ask you to validate your identity before fulfilling your request. Authorized agents may also be required to provide a copy of the consumer’s signed permission authorizing the agent to submit requests on the consumer’s behalf.
These choices do not apply to service notifications or other required communications that are considered part of the Products or Services, which you may receive periodically unless you stop using or cancel your rights to access the Product or Services in accordance with its terms and conditions. Moreover, these rights may be limited or denied in some circumstances. For example, we may retain your Personal Data where required or permitted by applicable law. In such situations we will put in place appropriate measures to prevent any further processing or use of the Personal Data.
Event registrants and attendees may update their user profiles for events we host by logging into the applicable Event website or registration page while the Event registration and related website remain active.
Like many websites, ThoughtSpot uses automatic data collection tools, such as cookies, embedded web links, and web beacons. “Cookies” are small text files that we and others may place in users' computer browsers to store their preferences. "Web beacons" or “pixel tags” are small pieces of code placed on a web page or within the body of an email to monitor the behavior and collect data about the users viewing a web page or viewing or opening an email.
While ThoughtSpot attempts to honor do not track (“DNT”) instructions we receive from a user’s browser, we cannot guarantee that ThoughtSpot will always respond to such signals, in part, because of the lack of common industry standard for DNT technology. We continue to monitor developments in DNT technology and stay apprised of DNT industry standards as they evolve.
In addition, our Products may use cookies in furtherance of the purposes described in this Privacy Statement. Some of these technologies are essential for the provision of the Product, such as account access/authentication; others assist with the performance and functionality of the cloud service, such as recognizing returning users, remembering preferences or facilitating in-product educational content; and others enable us to analyze usage to improve our Products and Services well as trouble-shoot issues. See our Cookie Policy for more information.
ThoughtSpot stores and processes any information collected in: (a) any country where we have facilities, (b) any country in which we engage service providers; or (c) any country where our hosted Events are held. A list of ThoughtSpot global offices is available here.
To conduct our operations, we transfer information to ThoughtSpot Affiliates in their respective countries of operation for the purposes described in this Privacy Statement. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where our Customers and Authorized Users are based. When we disclose information about you within and among ThoughtSpot corporate affiliates, we will rely on the EU-U.S. Data Privacy Framework to receive personal data transfers from the EEA to the U.S. (see “EU-U.S. Data Privacy Framework Notice” section below), and the Standard Contractual Clauses, to safeguard the transfer of information we collect from the EEA, the United Kingdom ("UK"), and Switzerland.
Some of the third parties described in this Privacy Statement, which provide services to us under a written contract, are based in countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we disclose Personal Data of customers in the EEA, the UK, or Switzerland, we make use of the Standard Contractual Clauses or will implement other appropriate legal mechanisms to safeguard the transfer.
On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) entered into force. ThoughtSpot adheres to the Data Privacy Framework Principles regarding the collection, use, and retention of Personal Data that is transferred from the EEA, UK, and Switzerland to the United States.
ThoughtSpot has self-certified its commitment to comply with the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ThoughtSpot has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF.
ThoughtSpot. has self-certified its commitment to comply with the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF”). If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To view ThoughtSpot’s certifications, please visit this page and search for ”ThoughtSpot”. To view ThoughtSpot’s Data Privacy Framework Policy, please click here.
If you require further information about our international transfers of Personal Data, please contact us using the contact details in the section titled “How to Contact Us” below.
The California Consumer Privacy Act (“CCPA”) requires businesses to provide additional disclosures of California consumer rights relating to the sharing of, access to, and deletion of Personal Data that is collected. We may share Personal Data with third-parties or allow them to collect Personal Data as described in this Privacy Statement. We may share or disclose the Personal Data listed in the section above titled “How We Share Your Personal Data”.
California consumers have a right to request information about the collection of your Personal Data, and access to and deletion of your Personal Data under the CCPA. We do not sell the Personal Data of California consumers and do not discriminate in response to privacy rights requests. Further, we do not collect or process “sensitive” data or protected characteristics under applicable law for the purpose of inferring characteristics about an individual.
If you are a California consumer and you or your authorized agent would like to exercise your privacy rights, please contact us using the contact details in the section titled “How to Contact Us” below. We may need to verify your identity and place of residence before completing your rights request.
Websites
We may provide links to other third-party websites and services that are outside our control and not covered by this Privacy Statement. We encourage you to review the privacy statements posted on those websites (and all websites) you visit.
Forums and Chat Rooms
We offer you the ability to post information and exchange ideas through our websites and other services such as ThoughtSpot Community.
If you participate in the ThoughtSpot Community or other discussion forum or chat feature on a ThoughtSpot Website, be aware that the information you provide there (i.e., your public profile) will be made broadly available to others, and could be used to contact you, send you unsolicited messages, or for purposes neither ThoughtSpot nor you have control over. ThoughtSpot will not be responsible in the event that you disclose Personal Data in your posts, through our public services or during any other communication with other Website users.
Children's Privacy
ThoughtSpot does not knowingly collect Personal Data from children without appropriate parental or guardian consent. If you believe that we may have collected Personal Data from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the How to Contact Us section and we will take appropriate measures to investigate and address the issue promptly.
ThoughtSpot may modify or update this Privacy Statement from time to time to reflect the changes in our business and practices, and so you should review this page periodically. When we make a material change to the Privacy Statement, we will post the revised version with an updated ‘effective date’ as provided at the top of this page.
If you have any questions about this Privacy Statement or our privacy practices, or wish to exercise applicable rights regarding your data, please email us at [email protected], call us at (800) 508-7008, or write to us at:
ThoughtSpot, Inc.
Attn: General Counsel
444 Castro Street, Suite 1000
Mountain View, CA 94041