Spotter security
ThoughtSpot provides enterprise-grade AI-powered analytics while maintaining the rigorous security, privacy, and compliance standards you expect.
Data security and compliance
-
Encryption: All communication between ThoughtSpot and large language model (“LLM”) providers is encrypted in transit using TLS.
-
Security Risk Assessment: ThoughtSpot-managed LLM providers have all passed ThoughtSpot’s Vendor Security Risk Assessment process and have data security and privacy practices that meet ThoughtSpot’s data security and handling requirements, which includes a minimum security compliance baseline, such as SOC 2 compliance.
Data handling
To provide accurate, contextual data analysis and SQL generation, Spotter sends the natural language query along with specific metadata to LLMs. This includes:
-
Model column names and descriptions
-
Sample data values (to ensure prompt accuracy)
-
Contextual metadata for Spotter analysis
With using Spotter 3, Spotter also uses data from a data warehouse query response, with the information above, to provide more intelligent, detailed, and contextualized analysis grounded in your data.
LLM providers used in Spotter
| Feature | Azure AI Foundry | Google Vertex AI |
|---|---|---|
Model(s) used |
Azure OpenAI Service GPT series |
Gemini, Anthropic Claude |
Data training |
No customer data is used for LLM training. |
|
Data persistence and retention |
Customer data is not persisted or cached. When using Spotter 3, query results are cached for up to one hour as part of Spotter’s Advanced Analysis capabilities, which is used for performing user-specific and requested analytics. |
Customer data is not persisted or cached. |
Audit logs |
While audit logs are maintained for services, they do not include any customer data, user prompts, or results. |
While audit logs are maintained for services, they do not include any customer data, user prompts, or results. |
Spotter does not use the ChatGPT application. Instead, it uses a combination of the latest models, such as GPT-4.1 by OpenAI, and Claude Sonnet 4.5 / Opus 4.5 by Anthropic, based on what provides the best LLM performance. As LLM models improve, we will test and update the LLMs and AI services used to ensure you get the best analytics performance and accuracy when using ThoughtSpot Cloud.
ThoughtSpot AI features are opt-in
ThoughtSpot ensures that customers have complete control over the use of AI features. All AI-powered features – including Spotter, SpotIQ, AI Highlights, and AI Assist – are disabled by default. You can choose to enable these features for specific models or columns, ensuring that AI is only applied where you want it. This opt-in approach gives you the power to govern how and when AI interacts with your data.
