TiDB User Day 2024のアーカイブ動画を公開中!詳細を見る

PingCAP Privacy Policy

AI-Powered functions Privacy Statement

PingCAP Privacy Policy

Last Updated on March 31, 2022

To see update history, click here.

PingCAP (US), Inc. and its affiliates (hereinafter referred to as “PingCAP”, “we,” “our,” or “us”) understand that privacy is important to visitors to our websites (our “Sites”) and users of our products and services (including without limitation TiDB and TiDB Cloud; hereinafter referred as our “Products”). This Privacy Policy explains how we collect, use, and share your personal information when you use the Sites and Products that link to this Privacy Policy.

This Privacy Policy does not apply to Sites or Products that display or link to different Privacy Policies. This Privacy Policy also does not apply with respect to any data or content that you store or process using any of our Products, the storage and processing of which is governed by our agreements with you.

By accessing or using our Sites or Products, you acknowledge that you have read this Privacy Policy.

Click on the links below to jump to each section:

  1. PERSONAL INFORMATION WE COLLECT
  2. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES
  3. OUR USE OF PERSONAL INFORMATION
  4. SHARING OF PERSONAL INFORMATION
  5. YOUR CHOICES ABOUT PERSONAL INFORMATION
  6. HOW WE STORE AND PROTECT PERSONAL INFORMATION
  7. EUROPEAN DATA PROTECTION RIGHTS
  8. CALIFORNIA PRIVACY RIGHTS
  9. CHANGES TO OUR PRIVACY POLICY
  10. HOW TO CONTACT US

PERSONAL INFORMATION WE COLLECT

Information you provide directly. We collect and store personal information that you directly provide us through our Site, when using our Products, and other ways, such as:

  • Completing a customer support request;
  • Interacting with us on social media;
  • Participating in a survey or promotion;
  • Applying for a job;
  • Downloading white papers on our Sites; and
  • Registering for events held by PingCAP and via our Site.

Information we collect includes, for example,

  • Contact information: your name, email address, phone number, mailing address, billing address, and usernames.
  • Demographic data: your job title, company name, city, state, and country.
  • Content and communications: any data you enter into any ‘free text’ boxes on our forms, comments in our chat forms, and communications with us on social media and other platforms (like GitHub and Twitter), through phone, or messaging services (like Slack) (“User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
  • Payment information: your credit card numbers and other payment information. Our third-party payment processors (like Stripe) collect this information if you purchase our Products, such as online training, cloud services, or software subscriptions.

Information collected automatically. As further described in the “Our Use of Cookies and Other Technologies”, “TiDB product telemetry data” and “TiDB Cloud operational data” sections below, we and our third-party partners automatically collect certain types of device and usage information when you use our Sites or Products. Information we collect includes, for example:

  • Geolocation data: Depending on your device settings, we may collect geolocation data when you visit our Sites and use our Products. For example, we may derive your general location using your IP address.
  • Identifiers and device information: When you visit our Site, your device’s operating system, device identifier, customer ID and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Sites (e.g., number of clicks, pages viewed, information searched for), and the website you visited before and after coming to our Site (i.e., referrer header) are logged automatically. When you submit a support ticket, we receive data from the user agent string of your browser, which includes device information, browser information, OS information, city, state, country, and IP address.

TiDB Product telemetry data (for TiDB and its relevant products and services only; referred as “TiDB Products”). When you use our TiDB Products, we may also collect certain TiDB telemetry data and other data about your usage, including your pseudonymized IP address and other unique identifiers in combination with information about the version of our software you are running and how it is configured, to collect and aggregate certain diagnostic and analytics information. We may combine this information with information you provide when you download our TiDB Products or provide to customer support, including the name of your organization or company.

When we collect TiDB product telemetry data, we take appropriate steps to pseudonymize the IP addresses before it is stored. We employ technical and organizational measures to prevent the reconstitution of IP addresses or reversal of pseudonymization that would allow attribution of the data to a specific individual, including segregating or not collecting any additional information that may be used for attribution. We store the pseudonymized data for 2 years.

The resulting pseudonymized data is used by us on behalf of our customers to (i) maintain and improve TiDB Products, and (ii) inform users whether they are running the latest version of TiDB Products.

We collect several data within TiDB telemetry data as below:

  • TiDB Products cluster related hardware information
  • TiDB Products cluster topology information
  • TiDB Products cluster software version information
  • TiDB Products cluster configuration information (only the config items, config values are excluded)
  • TiDB Products cluster components information
  • TiDB Products cluster maintenance operation consumed time
  • TiDB Products cluster usage and runtime metrics

PingCAP Clinic. When you use PingCAP Clinic, PingCAP Clinic may generate clinic
data as below and store such clinic data in your device.
● TiDB Products cluster related operation system and hardware information
● TiDB Products cluster topology information (including node IP and type)
● TiDB Products cluster software version information (including UUID and version)
● TiDB Products cluster configuration information (both config items and values)
● TiDB Products cluster logs (including logs, error logs and slow query logs)
● TiDB Products cluster monitoring metrics and alerts information
● TiDB Products cluster database system variables

Once you agree to upload the clinic data to PingCAP, you acknowledge and agree that
PingCAP and its employee(s) and vendor(s) may transmit, store, copy and process the
clinic data uploaded by you for the purpose of diagnosis and improvement of TiDB.

TiDB Cloud operational data (for TiDB Cloud only). When you use TiDB Cloud, we may automatically collect and store non-anonymized information and data about your operation of TiDB Cloud, including logs, metrics, and the service tickets submitted to TiDB Cloud. Although the operational data usually does not involve personal information, it may be linked to your account and include the following information, data and metadata:

  • Technical information obtained from APIs, software or system hosting TiDB Cloud and your computer or device, and log files generated during your operation of TiDB Cloud;
  • Data and metadata about you, such as your account, email, IP address, computer or other device, browser, and software; and
  • Data and metadata about your activities and behavior within TiDB Cloud.

Inferences. We infer new information about you and your company from data we collect, including using automated means to generate information about your likely preferences, your service and product needs or other characteristics. For example, we infer your city, state, and country location based on your IP address.

Information collected through social media and other platforms. We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, following us on Twitter or Instagram, registering for training through WooCommerce, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third-party websites and services before engaging. Do not provide us with any sensitive personal data through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy policies to learn how they use your information.

Third-party sources. We may occasionally receive your personal information from third party sources including our affiliates, marketing and research partners, and companies. Users of our Products may also provide your personal information when they identify you as a billing, support, or technical contact, or when inviting you to use our Products or attend our events. If you integrate or link a third-party service with our Sites or Products, we may receive personal information about you from that third-party service based upon the settings and permissions you’ve established with such third-party service, and that third-party service’s privacy practices.

The types of information we collect from third parties may include contact information, demographic data, and content and communications. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Sites and Products.

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Products, those Products or certain of their capabilities may not be available or function correctly.

We are not responsible for the data policies and procedures or content of any third parties. We recommend that you check the privacy policies of each website you visit.

OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Our Sites and related online services use cookies and similar technologies to enable certain functionality and help collect information about your visit. “Cookies” are small text files, typically containing a unique string of letters and numbers, stored on your hard drive by a Site. When you return to the Site using the same browser, the Site can read the cookie and thereby gather information about your usage over time. Among other things, we use cookies and other technology to see which areas and features are popular and to count visits, which helps us to improve our Site, our Products, and your experience.

The cookies we use include:

  • Web beacons
  • Performance cookies
  • Functionality cookies
  • Marketing cookies
  • Third-party cookies from Google Analytics, Mixpanel and Algolia

For detailed information about online interest-based advertising, our use of cookies and other similar tracking technologies, and how to opt-out of having your information used for these purposes by many of these third parties, please see our Cookie Policy.

OUR USE OF PERSONAL INFORMATION

We collect and process personal information about you as necessary to provide the Products you use, operate our Sites and business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests as described in this Privacy Policy and in our notices to you.

For example, we may use any of the categories of personal information we describe above to:

  • Operate, maintain and improve our internal operations, systems, Sites, and Products.
  • Understand you and your preferences to enhance your experience and enjoyment using our Sites and Products, to provide recommendations, to solicit feedback, and to better market and advertise to you.
  • Monitor and analyze user interactions with our Sites and Products to identify trends, usage, and activity patterns.
  • Respond to your comments and questions and provide technical support or customer service.
  • Provide and deliver the Products you request.
  • Comply with applicable laws, rules, or regulations and cooperate and defend legal claims and audits.
  • Communicate with you about promotions, upcoming events, and other news about products and services offered by PingCAP and our partners.
  • Plan and host corporate events.
  • Protect the Site and Products, and investigate and deter against fraudulent, unauthorized, or illegal activity.

We may also use such information in any other way we may describe when you provide the information or for any other purpose with your consent.

SHARING OF PERSONAL INFORMATION

We may share your personal information with your consent. We may also share any of the categories of personal information we describe above:

  • Among our affiliates, which include companies that own, are owned by or are under common ownership of, PingCAP, all of which will be required to use your personal information as described in this Privacy Policy.
  • With our business partners and other third parties, such as our sponsors and cosponsors of events, whose information we believe may be relevant to you or research and advisory firms whose reports are offered through our Sites.
  • With third-party vendors and other service providers that we use to provide payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, data backup services, professional services and other services used in connection with our maintenance or provision of the Sites or Products.
  • With other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by a third party, or in the event of a bankruptcy, dissolution, or related or similar proceeding.
  • As required by law or subpoena or if we reasonably believe that such action is necessary to comply with applicable law or the reasonable requests of law enforcement, to enforce our Terms of Services, TiDB Cloud Services Agreement, or other agreements or to protect the security or integrity of our Sites and Products, and/or to exercise or protect the rights, property, or personal safety of PingCAP, our customers, users, or others.
  • To fulfill the purpose for which you provide it or for any other purpose disclosed by us when you provide the information.

We may also share aggregated or deidentified data with third parties (subject to applicable laws).

YOUR CHOICES ABOUT PERSONAL INFORMATION

Access, correction, or deletion. If you wish to request access, correction, or deletion of any of your personal information held by us or a change in the way we use your information (for which we reserve the right to charge you a fee, as permitted by applicable law), please submit your request here or by email to legal@pingap.com. However, we may decline requests that are unreasonable, prohibited by law, or are not required to be honored by applicable law.

How to control your communications preferences. You can stop receiving promotional emails from us by clicking on the “unsubscribe link” provided in such emails or by contacting us at the contact details set forth below. In addition, you can make changes to your preferences in our Preference Center. We make every effort to promptly process all unsubscribe requests. If you opt out, we may still send you transactional communications (e.g., non-promotional emails such as emails about training and events you registered to attend and technical or security notices).

Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove cookies and to reject cookies. If you choose to remove reject cookies, this could affect certain features or services of our Site or other Products. Other choices related to information collected through the use of cookies and similar technologies are described in the “Cookies” section above. For specific opt out links and to manage your preferences in relation to first- and third-party cookies please see our Cookie Notice.

Analytics and online advertising. Our third-party analytics and advertising partners may provide you with options to opt-out of certain information collection. For more information about the applicable choices they provide you, please see the “Cookies” section above and our Cookie Notice.

How to control collection of TiDB telemetry data. If you prefer that we do not collect certain TiDB telemetry data, including IP address, through TiDB tools – TiUP, you can manage the collection of this data as follows:

  • By using tiup telemetry disable to turn off and disable collecting telemetry data.
  • By using tiup telemetry enable to turn on and enable collecting telemetry data.
  • By using tiup telemetry reset to reset the collecting function and generate a new unique tracing identifier.
  • By using tiup telemetry status to verify the status (on/off) of the collecting function.

Do Not Track. There are many ways through which web browser signals and other similar mechanisms (for example, “Do Not Track”) can indicate your choice to disable tracking, and, while we and others give you choices described in this Privacy Policy, we do not currently honor these mechanisms.

HOW WE STORE AND PROTECT PERSONAL INFORMATION

Storage and processing. Your information collected through the Sites and our Products may be stored and processed in any country in which PingCAP or its subsidiaries, affiliates, or service providers maintain facilities including your region, the United States, Australia, Canada, China, and the European Economic Area (including the United Kingdom). Our processing locations are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this Privacy Policy is processed according to the provisions of this Privacy Policy and applicable law wherever the data is located.

International data transfers. When we transfer personal information from the European Economic Area (including the United Kingdom) and from Switzerland to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we use legal mechanisms, including contracts, designed to help ensure your rights and protections. Specifically, our website servers are located in the United States and our affiliates, partners, third parties and service providers operate in the United States, European Economic Area, Canada, China, and Australia. This means when we collect your personal information, we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. The safeguard PingCAP primarily relies upon is the European Commission-approved standard contractual data protection clauses. For more information about these mechanisms, please contact us using the contact details provided in the “How to contact us” section below.

Keeping your information safe. PingCAP cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information.

Lawful basis for processing personal information (EEA only). PingCAP (US), Inc., is the data controller of your information.

This section below is specifically for you if you are located in the European Economic
Area (EEA), United Kingdom or Switzerland.

Our legal basis for collecting and using the personal information above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will indicate this at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will indicate to you at the relevant time what those legitimate interests are.

If you have questions about the legal basis for processing or want to find out more, please contact us using the details at the end of this Privacy Policy.

Retention. We retain personal information for as long as necessary for the purposes for which the personal information is processed and for longer periods as necessary for us to comply with applicable laws. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal data as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. Thereafter, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.

EUROPEAN DATA PROTECTION RIGHTS

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:

  • You may request access to, and correction or erasure of, personal information. We are not obliged to delete your data if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • You have the right to restrict our processing where you believe your personal data is inaccurate, our processing is unlawful, or that we no longer need to process such data for a particular purpose (unless we are unable to delete the data due to a legal or other obligation or because you do not wish for us to delete it).
  • Where the legal justification for our processing of personal data is our legitimate interest, you have the right to object to processing on grounds relating to your particular situation. If we are processing your personal data on the basis of your consent or to perform a contract with you, you have the right to data portability.
  • If the processing of personal information is based on your consent, you have a right to withdraw consent at any time for future processing, without affecting the lawfulness of processing based on consent before its withdrawal. This includes cases where you wish to opt out of marketing messages sent by us.

To make a request to exercise these rights, contact us by email at the address below. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. Contact details for data protection authorities in the EEA are available here, United Kingdom here and Switzerland here.

CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act (“CCPA”) requires businesses that collect personal information of California residents to make certain additional disclosures. This section applies solely to you if you reside in the State of California.

The categories of personal information we have collected within the last twelve (12) months and the third parties with whom we have shared that personal information for a business purpose are as follows:

Categories of Personal Information Examples Third Parties
Identifiers. Name, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. Corporate affiliates, vendors, service providers and third-party business partners (as identified above)
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Name, address, telephone number, or financial information. Corporate affiliates, vendors, and service providers and third-party business partners (as identified above)
Protected classification characteristics under California or federal law. Age, race, or sex (including gender). Corporate affiliates, vendors and service providers
Commercial information. Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Corporate affiliates, vendors, service providers and third-party business partners (as identified above)
Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Corporate affiliates, vendors and service providers
Geolocation data. Physical location or movements. Corporate affiliates, vendors and service providers
Professional or employment-related information. Current or past job history. Corporate affiliates, vendors, service providers and third-party business partners (as identified above)
Non-public education information Degrees and certifications. Corporate affiliates, vendors and service providers
Inferences drawn from other personal information. Profile reflecting a person’s preferences or characteristics. N/A

 

We obtain the categories of personal information from the sources discussed above in Sections 1 (Personal Information We Collect) and 2 (Our Use of Cookies and Similar Technologies). We may use or disclose the personal information we collect for one or more of the purposes discussed above in Section 3 (Our Use of Personal Information). We may share your personal information as discussed above in Section 4 (Sharing of Personal Information).

Right to know. You may request a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months. Once we have received your request and confirmed your identity, we will disclose to you:

  • The categories of personal information we collected about you,
  • The purposes for collection,
  • The categories of sources for the personal information we collected about you,
  • The categories of third parties with whom we share that personal information,
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained, and
  • The specific pieces of personal information we collected about you.

Right to delete. You may also request that we delete certain personal information we have collected and retained, subject to certain exceptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies.

You may “request to know” or “request to delete” your personal information up to two times in any twelve (12)-month period by filling out the Privacy Web Form or contacting us at legal@pingcap.com. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. Please know that any such request is subject to our ability to verify your identity and any exceptions provided under applicable laws.

Right to opt out. As discussed in this Privacy Policy, our advertising and analytics providers may collect your IP address, cookie ID, and mobile ID when you use our websites, and such vendors may further share your information to provide similar advertising or analytics services to their other customers. However, PingCAP does not sell personal information as the terms “sale” or “sell” are defined under the CCPA.

We will not discriminate against you for exercising any of your rights under the CCPA.

CHANGES TO OUR PRIVACY POLICY

PingCAP may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, and so you should review this page periodically. If we make any changes to this Privacy Policy, we will notify you by changing the “Last Updated” date above. If we make any material changes, we will provide you with additional notice or obtain consent as may be required by applicable law.

HOW TO CONTACT US

If you have any questions, complaints, or concerns about how your information is handled, please email us at legal@pingcap.com. Our main address is PingCAP, Inc., 2955 Campus Drive #110, San Mateo, CA 94403, USA.

If you are located in the EEA or the United Kingdom and have questions about your
personal data or would like to request to access, update or delete it, you may contact
our representative at:

AI-Powered functions Privacy Statement

Effective Date: January 17, 2023

Data collected in AI-Powered Function

We collect data to provide AI-Powered function services:

  • User Engagement Data: When you use AI-Powered functions, it will collect usage information about events generated when interacting with the editor. These events include user edit actions like library and table meta information of the user database, and general data to edit SQL. This information may include personal data, such as pseudonymous identifiers.
  • Code Snippets Data: AI-Powered function may also collect and retain SQL that you are editing and related annotation files.

Usage and sharing of collected data

User Engagement Data and Code Snippets Data is used by AI-Powered functions and OpenAI to improve the services and to conduct product and academic research among developers. Such uses may include:

  • Directly improving and evaluating AI-Powered function services;
  • Developing and improving developer products and services related to AI-Powered functions and OpenAI;
  • Investigating and detecting potential abuse of AI-Powered functions; and
  • Improving the underlying code generation models.

Users’ Code Snippets Data will not be used as suggested code for other users of AI-Powered functions.

Protection of transmitted Code Snippets

The transmitted Code Snippets Data is encrypted in transit and at rest.

Users’ control of Code Snippets Data

Users can disable AI SQL in the settings, and then AI-Powered functions will stop the collection and transmission of related Code Snippets Data. Please note that you need to agree to enable AI SQL to continue to use AI-Powered functions.

For more information on how PingCAP processes and uses personal data, please see the Our Privacy Policy.