Last Updated on March 31, 2022
To see update history, click here.
Click on the links below to jump to each section:
- PERSONAL INFORMATION WE COLLECT
- OUR USE OF PERSONAL INFORMATION
- SHARING OF PERSONAL INFORMATION
- YOUR CHOICES ABOUT PERSONAL INFORMATION
- HOW WE STORE AND PROTECT PERSONAL INFORMATION
- EUROPEAN DATA PROTECTION RIGHTS
- CALIFORNIA PRIVACY RIGHTS
- HOW TO CONTACT US
PERSONAL INFORMATION WE COLLECT
Information you provide directly. We collect and store personal information that you directly provide us through our Site, when using our Products, and other ways, such as:
- Completing a customer support request;
- Interacting with us on social media;
- Participating in a survey or promotion;
- Applying for a job;
- Downloading white papers on our Sites; and
- Registering for events held by PingCAP and via our Site.
Information we collect includes, for example,
- Contact information: your name, email address, phone number, mailing address, billing address, and usernames.
- Demographic data: your job title, company name, city, state, and country.
- Content and communications: any data you enter into any ‘free text’ boxes on our forms, comments in our chat forms, and communications with us on social media and other platforms (like GitHub and Twitter), through phone, or messaging services (like Slack) (“User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Site with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
- Payment information: your credit card numbers and other payment information. Our third-party payment processors (like Stripe) collect this information if you purchase our Products, such as online training, cloud services, or software subscriptions.
- Geolocation data: Depending on your device settings, we may collect geolocation data when you visit our Sites and use our Products. For example, we may derive your general location using your IP address.
- Identifiers and device information: When you visit our Site, your device’s operating system, device identifier, customer ID and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Sites (e.g., number of clicks, pages viewed, information searched for), and the website you visited before and after coming to our Site (i.e., referrer header) are logged automatically. When you submit a support ticket, we receive data from the user agent string of your browser, which includes device information, browser information, OS information, city, state, country, and IP address.
TiDB Product telemetry data (for TiDB and its relevant products and services only; referred as “TiDB Products”). When you use our TiDB Products, we may also collect certain TiDB telemetry data and other data about your usage, including your pseudonymized IP address and other unique identifiers in combination with information about the version of our software you are running and how it is configured, to collect and aggregate certain diagnostic and analytics information. We may combine this information with information you provide when you download our TiDB Products or provide to customer support, including the name of your organization or company.
When we collect TiDB product telemetry data, we take appropriate steps to pseudonymize the IP addresses before it is stored. We employ technical and organizational measures to prevent the reconstitution of IP addresses or reversal of pseudonymization that would allow attribution of the data to a specific individual, including segregating or not collecting any additional information that may be used for attribution. We store the pseudonymized data for 2 years.
The resulting pseudonymized data is used by us on behalf of our customers to (i) maintain and improve TiDB Products, and (ii) inform users whether they are running the latest version of TiDB Products.
We collect several data within TiDB telemetry data as below:
- TiDB Products cluster related hardware information
- TiDB Products cluster topology information
- TiDB Products cluster software version information
- TiDB Products cluster configuration information (only the config items, config values are excluded)
- TiDB Products cluster components information
- TiDB Products cluster maintenance operation consumed time
- TiDB Products cluster usage and runtime metrics
PingCAP Clinic. When you use PingCAP Clinic, PingCAP Clinic may generate clinic
data as below and store such clinic data in your device.
● TiDB Products cluster related operation system and hardware information
● TiDB Products cluster topology information (including node IP and type)
● TiDB Products cluster software version information (including UUID and version)
● TiDB Products cluster configuration information (both config items and values)
● TiDB Products cluster logs (including logs, error logs and slow query logs)
● TiDB Products cluster monitoring metrics and alerts information
● TiDB Products cluster database system variables
Once you agree to upload the clinic data to PingCAP, you acknowledge and agree that
PingCAP and its employee(s) and vendor(s) may transmit, store, copy and process the
clinic data uploaded by you for the purpose of diagnosis and improvement of TiDB.
TiDB Cloud operational data (for TiDB Cloud only). When you use TiDB Cloud, we may automatically collect and store non-anonymized information and data about your operation of TiDB Cloud, including logs, metrics, and the service tickets submitted to TiDB Cloud. Although the operational data usually does not involve personal information, it may be linked to your account and include the following information, data and metadata:
- Technical information obtained from APIs, software or system hosting TiDB Cloud and your computer or device, and log files generated during your operation of TiDB Cloud;
- Data and metadata about you, such as your account, email, IP address, computer or other device, browser, and software; and
- Data and metadata about your activities and behavior within TiDB Cloud.
Inferences. We infer new information about you and your company from data we collect, including using automated means to generate information about your likely preferences, your service and product needs or other characteristics. For example, we infer your city, state, and country location based on your IP address.
Information collected through social media and other platforms. We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, following us on Twitter or Instagram, registering for training through WooCommerce, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third-party websites and services before engaging. Do not provide us with any sensitive personal data through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy policies to learn how they use your information.
Third-party sources. We may occasionally receive your personal information from third party sources including our affiliates, marketing and research partners, and companies. Users of our Products may also provide your personal information when they identify you as a billing, support, or technical contact, or when inviting you to use our Products or attend our events. If you integrate or link a third-party service with our Sites or Products, we may receive personal information about you from that third-party service based upon the settings and permissions you’ve established with such third-party service, and that third-party service’s privacy practices.
The types of information we collect from third parties may include contact information, demographic data, and content and communications. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Sites and Products.
When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Products, those Products or certain of their capabilities may not be available or function correctly.
We are not responsible for the data policies and procedures or content of any third parties. We recommend that you check the privacy policies of each website you visit.
The cookies we use include:
- Web beacons
- Performance cookies
- Functionality cookies
- Marketing cookies
- Third-party cookies from Google Analytics, Mixpanel and Algolia
OUR USE OF PERSONAL INFORMATION
For example, we may use any of the categories of personal information we describe above to:
- Operate, maintain and improve our internal operations, systems, Sites, and Products.
- Understand you and your preferences to enhance your experience and enjoyment using our Sites and Products, to provide recommendations, to solicit feedback, and to better market and advertise to you.
- Monitor and analyze user interactions with our Sites and Products to identify trends, usage, and activity patterns.
- Respond to your comments and questions and provide technical support or customer service.
- Provide and deliver the Products you request.
- Comply with applicable laws, rules, or regulations and cooperate and defend legal claims and audits.
- Communicate with you about promotions, upcoming events, and other news about products and services offered by PingCAP and our partners.
- Plan and host corporate events.
- Protect the Site and Products, and investigate and deter against fraudulent, unauthorized, or illegal activity.
We may also use such information in any other way we may describe when you provide the information or for any other purpose with your consent.
SHARING OF PERSONAL INFORMATION
We may share your personal information with your consent. We may also share any of the categories of personal information we describe above:
- With our business partners and other third parties, such as our sponsors and cosponsors of events, whose information we believe may be relevant to you or research and advisory firms whose reports are offered through our Sites.
- With third-party vendors and other service providers that we use to provide payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, data backup services, professional services and other services used in connection with our maintenance or provision of the Sites or Products.
- With other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by a third party, or in the event of a bankruptcy, dissolution, or related or similar proceeding.
- As required by law or subpoena or if we reasonably believe that such action is necessary to comply with applicable law or the reasonable requests of law enforcement, to enforce our Terms of Services, TiDB Cloud Services Agreement, or other agreements or to protect the security or integrity of our Sites and Products, and/or to exercise or protect the rights, property, or personal safety of PingCAP, our customers, users, or others.
- To fulfill the purpose for which you provide it or for any other purpose disclosed by us when you provide the information.
We may also share aggregated or deidentified data with third parties (subject to applicable laws).
YOUR CHOICES ABOUT PERSONAL INFORMATION
Access, correction, or deletion. If you wish to request access, correction, or deletion of any of your personal information held by us or a change in the way we use your information (for which we reserve the right to charge you a fee, as permitted by applicable law), please submit your request here or by email to firstname.lastname@example.org. However, we may decline requests that are unreasonable, prohibited by law, or are not required to be honored by applicable law.
How to control your communications preferences. You can stop receiving promotional emails from us by clicking on the “unsubscribe link” provided in such emails or by contacting us at the contact details set forth below. In addition, you can make changes to your preferences in our Preference Center. We make every effort to promptly process all unsubscribe requests. If you opt out, we may still send you transactional communications (e.g., non-promotional emails such as emails about training and events you registered to attend and technical or security notices).
Analytics and online advertising. Our third-party analytics and advertising partners may provide you with options to opt-out of certain information collection. For more information about the applicable choices they provide you, please see the “Cookies” section above and our Cookie Notice.
How to control collection of TiDB telemetry data. If you prefer that we do not collect certain TiDB telemetry data, including IP address, through TiDB tools – TiUP, you can manage the collection of this data as follows:
- By using
tiup telemetry disableto turn off and disable collecting telemetry data.
- By using
tiup telemetry enableto turn on and enable collecting telemetry data.
- By using
tiup telemetry resetto reset the collecting function and generate a new unique tracing identifier.
- By using
tiup telemetry statusto verify the status (on/off) of the collecting function.
HOW WE STORE AND PROTECT PERSONAL INFORMATION
Keeping your information safe. PingCAP cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information.
Lawful basis for processing personal information (EEA only). PingCAP (US), Inc., is the data controller of your information.
This section below is specifically for you if you are located in the European Economic
Area (EEA), United Kingdom or Switzerland.
Our legal basis for collecting and using the personal information above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will indicate this at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will indicate to you at the relevant time what those legitimate interests are.
Retention. We retain personal information for as long as necessary for the purposes for which the personal information is processed and for longer periods as necessary for us to comply with applicable laws. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal data as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. Thereafter, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.
EUROPEAN DATA PROTECTION RIGHTS
If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:
- You may request access to, and correction or erasure of, personal information. We are not obliged to delete your data if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- You have the right to restrict our processing where you believe your personal data is inaccurate, our processing is unlawful, or that we no longer need to process such data for a particular purpose (unless we are unable to delete the data due to a legal or other obligation or because you do not wish for us to delete it).
- Where the legal justification for our processing of personal data is our legitimate interest, you have the right to object to processing on grounds relating to your particular situation. If we are processing your personal data on the basis of your consent or to perform a contract with you, you have the right to data portability.
- If the processing of personal information is based on your consent, you have a right to withdraw consent at any time for future processing, without affecting the lawfulness of processing based on consent before its withdrawal. This includes cases where you wish to opt out of marketing messages sent by us.
To make a request to exercise these rights, contact us by email at the address below. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. Contact details for data protection authorities in the EEA are available here, United Kingdom here and Switzerland here.
CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act (“CCPA”) requires businesses that collect personal information of California residents to make certain additional disclosures. This section applies solely to you if you reside in the State of California.
The categories of personal information we have collected within the last twelve (12) months and the third parties with whom we have shared that personal information for a business purpose are as follows:
|Categories of Personal Information||Examples||Third Parties|
|Identifiers.||Name, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||Corporate affiliates, vendors, service providers and third-party business partners (as identified above)|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Name, address, telephone number, or financial information.||Corporate affiliates, vendors, and service providers and third-party business partners (as identified above)|
|Protected classification characteristics under California or federal law.||Age, race, or sex (including gender).||Corporate affiliates, vendors and service providers|
|Commercial information.||Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Corporate affiliates, vendors, service providers and third-party business partners (as identified above)|
|Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Corporate affiliates, vendors and service providers|
|Geolocation data.||Physical location or movements.||Corporate affiliates, vendors and service providers|
|Professional or employment-related information.||Current or past job history.||Corporate affiliates, vendors, service providers and third-party business partners (as identified above)|
|Non-public education information||Degrees and certifications.||Corporate affiliates, vendors and service providers|
|Inferences drawn from other personal information.||Profile reflecting a person’s preferences or characteristics.||N/A|
Right to know. You may request a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months. Once we have received your request and confirmed your identity, we will disclose to you:
- The categories of personal information we collected about you,
- The purposes for collection,
- The categories of sources for the personal information we collected about you,
- The categories of third parties with whom we share that personal information,
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained, and
- The specific pieces of personal information we collected about you.
Right to delete. You may also request that we delete certain personal information we have collected and retained, subject to certain exceptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies.
You may “request to know” or “request to delete” your personal information up to two times in any twelve (12)-month period by filling out the Privacy Web Form or contacting us at email@example.com. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. Please know that any such request is subject to our ability to verify your identity and any exceptions provided under applicable laws.
We will not discriminate against you for exercising any of your rights under the CCPA.
HOW TO CONTACT US
If you have any questions, complaints, or concerns about how your information is handled, please email us at firstname.lastname@example.org. Our main address is PingCAP, Inc., 2955 Campus Drive #110, San Mateo, CA 94403, USA.
If you are located in the EEA or the United Kingdom and have questions about your
personal data or would like to request to access, update or delete it, you may contact
our representative at:
- Bird & Bird GDPR Representative Services SRL
Avenue Louise 235, 1050 Bruxelles, Belgium
- Bird & Bird GDPR Representative Services UK
12, New fetter Lane, London, EC4A 1JP, United Kingdom
AI-Powered functions Privacy Statement
Effective Date: January 17, 2023
Data collected in AI-Powered Function
We collect data to provide AI-Powered function services:
- User Engagement Data: When you use AI-Powered functions, it will collect usage information about events generated when interacting with the editor. These events include user edit actions like library and table meta information of the user database, and general data to edit SQL. This information may include personal data, such as pseudonymous identifiers.
- Code Snippets Data: AI-Powered function may also collect and retain SQL that you are editing and related annotation files.
Usage and sharing of collected data
User Engagement Data and Code Snippets Data is used by AI-Powered functions and OpenAI to improve the services and to conduct product and academic research among developers. Such uses may include:
- Directly improving and evaluating AI-Powered function services;
- Developing and improving developer products and services related to AI-Powered functions and OpenAI;
- Investigating and detecting potential abuse of AI-Powered functions; and
- Improving the underlying code generation models.
Users’ Code Snippets Data will not be used as suggested code for other users of AI-Powered functions.
Protection of transmitted Code Snippets
The transmitted Code Snippets Data is encrypted in transit and at rest.
Users’ control of Code Snippets Data
Users can disable AI SQL in the settings, and then AI-Powered functions will stop the collection and transmission of related Code Snippets Data. Please note that you need to agree to enable AI SQL to continue to use AI-Powered functions.