PingCAP Privacy Statement

Privacy Statement updated on June 1, 2020

Effective: June 1, 2020

Beijing PingCAP Xingchen Technology and Development Co., Ltd. (hereinafter referred as “PingCAP”, PingCAP and its affiliates hereinafter referred as “PingCAP Group”，” “we,” “our,” or “us”) understand that privacy is important to visitors to our websites (our “Sites”) and users of our products and services (our “Products”). This Privacy Statement explains how we collect, use, and share your personal information when you use the Sites and Products that link to this Privacy Statement.

This Privacy Statement does not apply to Sites or Products that display or link to different privacy statements. This Statement also does not apply where PingCAP processes the data of our customers on their behalf; our collection and processing of such data is governed by our agreements with those customers.

PERSONAL INFORMATION WE COLLECT

Information you provide directly. We collect and store personal information that you directly provide us through our Site, when using our Products, and other ways, such as through a customer support request, through interactions on social media, participation in a survey or promotion, application for a job, when downloading white papers on our Sites, and at events. Information we collect includes, for example,

Contact information: your name, email address, phone number, mailing address, billing address,and user names.
Demographic data: your job title, company name, city, state, and country.
Content and communications: any data you enter into any ‘free text’ boxes on our forms, comments in our chat forms, and communications with us on social media and other platforms (like GitHub and Twitter), through phone, or messaging services (like Slack).
Payment information: your credit card numbers and other payment information. Our third party payment processors (like Stripe) collect this information if you purchase our Products, such as online training, cloud services, or software subscriptions.

Information collected automatically. As further described in the “Our Use of Cookies and Other Technologies” and “Product telemetry data” sections below, we and our third-party partners automatically collect certain types of device and usage information when you use our Sites or Products. Information we collect includes, for example:

Geolocation data: Depending on your device settings, we collect geolocation data when you visit our Sites and use our Products. For example, we may derive your general location using IP address.
Identifiers and device information: When you visit our Site, your device’s operating system, device identifier, customer ID and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Site (e.g., number of clicks, pages viewed, information searched for), and the website you visited before and after coming to our Site (i.e., referrer header) are logged automatically. When you submit a support ticket, we receive data from the user agent string of your browser, which includes device information, browser information, OS information, city, state, country, and IP address.

Product telemetry data. When you use our Products, we may also collect certain telemetry data and other data about your usage, including your IP Address and other unique identifiers in combination with information about the version of our software you are running and how it is configured, to collect and aggregate certain diagnostic and analytics information. We may combine this information with information you provide when you download our Products or provide to customer support, including the name of your organization or company.

When we collect product telemetry data , we take appropriate steps to pseudonymise the IP addresses before it is stored . We employ technical and organizational measures to prevent the reconstitution of IP addresses or reversal of pseudonymization that would allow attribution of the data to a specific individual, including segregating or not collecting any additional information that may be used for attribution. We store the pseudonymized data for 2 years

The resulting pseudonymised data is used by us on behalf of our customers to (i) maintain and improve TiDB products, and (ii) inform users whether they are running the latest version of PingCAP products.

We collect several data within product telemetry data as below :

TiDB cluster related hardware information
TiDB cluster topology information
TiDB cluster software version information
TiDB cluster configuration information(Only the config items , config values are excluded)
TiDB cluster components information
TiDB cluster maintainence operation consumed time

Inferences. We infer new information about you and your company from data we collect, including using automated means to generate information about your likely preferences, your service and product needs or other characteristics. For example, we infer your city, state, and country location based on your IP address

Information collected through social media and other platforms.** We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, followingus on Twitter or Instagram, registering for training through WooCommerce, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third-party websites and services before engaging. Do not provide us with any sensitive personal data through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy statements to learn how they use your information.

Third-party sources. We may occasionally receive your personal information from third party sources including our affiliates, marketing and research partners, and companies. Users of our Products may also provide your personal information when they identify you as a billing, support, or technical contact, or when inviting you to use our Products or attend our events. If you integrate or link a third-party service with our Sites or Products we may receive personal information about you from that third-party service based upon the settings and permissions you’ve established with such third party service, and that third party service’s privacy practices

The types of information we collect from third parties may include contact information, demographic data, and content and communications. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Sites and Products

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Products, those Products may not be available or function correctly

OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Our Sites and related online services use cookies and similar technologies to enable certain functionality and help collect information about your visit. “Cookies” are small text files, typically containing a unique string of letters and numbers, stored on your hard drive by a Site. When you return to the Site using the same browser, the Site can read the cookie and thereby gather information about your usage over time. Among other things, we use cookies and other technology to see which areas and features are popular and to count visits, which helps us to improve our Site, our Products, and your experience.

Web Beacons. We may collect information using Web beacons. Web beacons are electronic images that may be used on our Site, Products, or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and to tell if an email has been opened and acted upon.

Analytics and Advertising. We work with third parties to provide analytics and advertising services in connection with our Sites and Products. These third parties use cookies, web beacons, or similar technologies to automatically collect some of the information described above from visitors of our Sites and Products over time and across third party Websites and mobile applications for purposes of analytics and advertising. We use the analytics information to analyze and improve our services. Our advertising partners use the information to try to understand your interests and show you relevant advertising about products and services from and on behalf of us and others.

For additional information about online interest-based advertising, our use of cookies and other similar tracking technologies, and how to opt-out of having your information used for these purposes by many of these third-parties, please see our Cookie Notice.

OUR USE OF PERSONAL INFORMATION

In general, we collect and process personal information about you with your consent, as necessary to provide the Products you use, operate our Sites and business, meet our contractual and legal obligations,protect the security of our systems and our customers, or fulfil other legitimate interests as described in this Privacy Statement and in our notices to you.

For example, we may use any of the categories of personal information we describe above to:

Operate, maintain and improve our internal operations, systems, Sites, and Products.
Understand you and your preferences to enhance your experience and enjoyment using our Sites and Products, to provide recommendations, to solicit feedback, and to better market and advertise to you.
Monitor and analyze user interactions with our Sites and Products to identify trends, usage, and activity patterns.
Respond to your comments and questions and provide technical support or customer service.
Provide and deliver the Products you request.
Comply with applicable laws, rules, or regulations and cooperate and defend legal claims and audits.
Communicate with you about promotions, upcoming events, and other news about products and services offered by PingCAP and our partners
Plan and host corporate events.
Protect the Site and Products, and investigate and deter against fraudulent, unauthorized, or illegal activity.

We may share your personal information with your consent. We may also share any of the categories of personal information we describe above:

Among our affiliates, which include companies owned by or under common ownership of PingCAP, all of which will be required to use your personal information as described in this Privacy Statement.
With our partners and other third parties, such as our sponsors and cosponsors of events, whose information we believe may be relevant to you or research and advisory firms whose reports are offered through our Sites (subject to applicable laws).
With third-party vendors and other service providers that we use to provide payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, data backup services, and professional services.
With other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by another company or third party, or in the event of a bankruptcy, dissolution, or related or similar proceedings.
As required by law or subpoena or if we reasonably believe that such action is necessary to comply with the law or the reasonable requests of law enforcement, to enforce our Terms of Use or other agreements or to protect the security or integrity of our Sites and Products, and/or to exercise or protect the rights, property, or personal safety of PingCAP, our customers, users, or others.

We may also share aggregated or deidentified data with third parties (subject to applicable laws).

YOUR CHOICES ABOUT PERSONAL INFORMATION

Access, correction, or deletion. If you wish to request access, correction, or deletion of any of your personal information held by us or a change in the way we use your information (for which we reserve the right to charge you a fee, as permitted by applicable law), please submit your request here or by email to info@pingcap.com. However, we may decline requests that are unreasonable, prohibited by law, or are not required to be honored by applicable law.

How to control your communications preferences. You can stop receiving promotional emails from us by clicking on the “unsubscribe link” provided in such emails or by contacting us at the contact details set forth below. In addition, you can make changes to your preferences in our Preference Center. We make every effort to promptly process all unsubscribe requests. If you opt out, we may still send you transactional communications (e.g., non-promotional emails such as emails about training and events you registered to attend and technical or security notices).

Cookies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove cookies and to reject cookies. If you choose to remove reject cookies, this could affect certain features or services of our Site or other Products. Other choices related to information collected through the use of cookies and similar technologies are described in the “Cookies” section above. For specific opt out links and to manage your preferences in relation to first and third party cookies please see our Cookie Notice.

Analytics and online advertising. Our third-party analytics and advertising partners may provide you with options to opt-out of certain information collection. For more information about the applicable choices they provide you, please see the “Cookies” section above and our Cookie Notice.

How to control collection of telemetry data. If you prefer that we do not collect certain telemetry data, including IP Address, through TiDB tools – TiUP,, you can manage the collection of this data as follows:

By using tiup telemetry disable to turn off and disable collecting telemetry data.
By using tiup telemetry enable to turn on and enable collecting telemetry data.
By using tiup telemetry reset to reset the collecting function and generate new unique tracing identifier.
By using tiup telemetry status to verify the status (on/off) of collecting function.

Do Not Track. There are many ways through which web browser signals and other similar mechanisms (for example, “Do Not Track”) can indicate your choice to disable tracking, and, while we and others give you choices described in this Privacy Statement, we do not currently honor these mechanisms.

HOW WE STORE AND PROTECT PERSONAL INFORMATION

Storage and processing. Your information collected through the Sites and our Products may be stored and processed in any country in which PingCAP or its subsidiaries, affiliates, or service providers maintain facilities including your region, the United States, Australia, Canada, and the European Economic Area (including the United Kingdom). Our processing locations are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this Privacy Statement is processed according to the provisions of this Privacy Statement and applicable law wherever the data is located.

International data transfers. When we transfer personal information from the European Economic Area (including the United Kingdom) and from Switzerland to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we use legal mechanisms, including contracts, designed to help ensure your rights and protections. Specifically, our website servers are located in the United States and our affiliates, partners, third parties and service providers operate in the United States, European Economic Area, Canada, and Australia. This means when we collect your personal information we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Statement. The safeguard PingCAP primarily relies upon is the European Commission-approved standard contractual data protection clauses. For more information about these mechanisms, please contact us using the contact details provided in the “How to contact us” section below.

Keeping your information safe. PingCAP cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information.

Lawful basis for processing personal information (EEA only). If you are located in the European Economic Area (EEA), PingCAP, Inc., is the data controller of your information.

Our legal basis for collecting and using the personal information above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will indicate this at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will indicate to you at the relevant time what those legitimate interests are.

If you have questions about the legal basis for processing or want to find out more please contact us using the details at the end of this Privacy Statement.

Retention. We retain personal information for as long as we have an ongoing legitimate business need to do so. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal data as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.

EUROPEAN DATA PROTECTION RIGHTS

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:

You may request access to, and correction or erasure of, personal information.
If automated processing of your personal data is based on a contract with you or your consent, you have certain rights to data portability.
If the processing of personal information is based on your consent, you have a right to withdraw consent at any time for future processing.
You have a right to object to, or obtain a restriction of, the processing of personal information under certain circumstances. To make such requests, contact us by email at the address below. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act (“CCPA”), provides California residents with the following rights:

Right to know and right to delete. You may request a copy of the personal information we have collected, used, disclosed, and sold about you over the past twelve (12) months. We identify the categories of personal information we collect, the purposes for collection, the sources of personal information, and any information disclosed and shared in this Privacy Statement. You may also request that we delete certain personal information we have about you. You may “request to know” or “request to delete” your personal information by contacting us at legal@pingcap.com. Please know that any such request is subject to our ability to verify your identity and any exceptions provided under applicable laws.

Right to opt out. As discussed in this Privacy Statement, our advertising and analytics providers may collect your IP address, cookie ID, and mobile ID when you use our websites, and such vendors may further share your information to provide similar advertising or analytics services to their other customers. PingCAP does not generally sell information as the terms “sale” or “sell” are traditionally understood. However, making a California resident’s personal information (including IP addresses, cookies IDs, and mobile IDs) available to third parties as described above may broadly be considered a “sale” under the CCPA. You can opt-out of third party tracking on our websites as described in our Cookie Notice.

CHANGES TO OUR PRIVACY STATEMENT

PingCAP may modify or update this Privacy Statement from time to time to reflect the changes in our business and practices, and so you should review this page periodically. If we make any changes to this Privacy Statement, we will notify you by changing the “Last Updated” date above. If we make any material changes, we will provide you with additional notice or obtain consent as may be required by applicable law.

HOW TO CONTACT US

If you have any questions, complaints, or concerns about how your information is handled, please email us at legal@pingcap.com. Our main address is PingCAP, Inc., 2955 Campus Drive #110, San Mateo, CA 94403, USA.