Spotter security

Azure OpenAI Service complies with SOC2 Type II for data security and privacy, and has passed the ThoughtSpot Vendor Security Risk Assessment (Azure cloud compliances).

ThoughtSpot communication with the Azure OpenAI Service is encrypted in transit using TLS 1.2.

ThoughtSpot sends the natural language search query along with additional metadata such as worksheet column names, descriptions and sample values as part of the GPT prompt in order to provide accurate, in-context responses.

GPT does not store the sample data or metadata that ThoughtSpot sends nor does it use this data or metadata for retraining the model. We have turned off persistence of the prompt. Though Microsoft allows you to persist data for 30 days to do troubleshooting, we have explicitly disabled this and also retraining.

ThoughtSpot Spotter does not use ChatGPT. We use a combination of the latest models, such as GPT-4o created by Open AI, because they are better suited for natural language translation to SQL. As the models progress we will update the versions if they improve the performance of our features.

Google Gemini is accessed through the Google Vertex AI platform.

ThoughtSpot communication with Google Gemini is encrypted in transit using TLS 1.2.

Google Cloud does not use customer data to train its foundation models by default. ThoughtSpot does not enable training of Google’s Gemini models.

Customer data is not persisted nor logged as part of Google safety monitoring processes. ThoughtSpot has set Google’s context caching to off.