ThoughtSpot Security Portal Trust Center

Welcome to **ThoughtSpot's Security Portal!** At ThoughtSpot, our mission is to help everyone create a more fact-driven world. To achieve this, we recognize that trust is the essential foundation. Our Security Portal provides you with access to the information you need to validate our commitment to the security and privacy of your data. You can easily access and download information about our comprehensive security program and posture, key compliance certifications, and how we use artificial intelligence to bring you more insight into your data. We aim to be transparent, so you can be confident in ThoughtSpot's security and data protection practices, allowing you to focus on using AI-powered analytics to drive your organization forward. To learn more about our security and privacy practices, visit our Trust Center at [www.thoughtspot.com/trust](https://www.thoughtspot.com/trust).

Powered by Wolfia. Review compliance certifications, security policies, subprocessors, and request access to detailed documentation.

Skip to main content
ThoughtSpot Security Portal
Header background

ThoughtSpot Security Portal

Welcome to ThoughtSpot's Security Portal!

At ThoughtSpot, our mission is to help everyone create a more fact-driven world. To achieve this, we recognize that trust is the essential foundation. Our Security Portal provides you with access to the information you need to validate our commitment to the security and privacy of your data.

You can easily access and download information about our comprehensive security program and posture, key compliance certifications, and how we use artificial intelligence to bring you more insight into your data.

We aim to be transparent, so you can be confident in ThoughtSpot's security and data protection practices, allowing you to focus on using AI-powered analytics to drive your organization forward.

To learn more about our security and privacy practices, visit our Trust Center at www.thoughtspot.com/trust.

Certifications

Trusted by

Documentation

Featured

ThoughtSpot Cloud 2025 ISO 27001 Certificate
ThoughtSpot Cloud 2025 SOC 2 Type II
ThoughtSpot Data Security Field Guide - 4th Edition
ThoughtSpot Documentation
ThoughtSpot AI Overview

Subprocessors

Amazon
Amazon · USA
Cloud hosting and infrastructure provider.
Cloudflare
Cloudflare · USA
Cloud hosting for the Remote Model Context Protocol Server.
Elastic
Elastic · USA
In-app search and data indexing.
Google
Google · USA
Cloud hosting and infrastructure provider and Large Language Model data processing services.
honeycomb
honeycomb · USA
Service Observability.

Controls

Access control

Policies and processes that govern user authentication, authorization, account management, and access reviews to ensure only authorized personnel can access systems and data.

Multi-factor authentication
Role-based access control
Quarterly and annual access reviews
Immediate access termination
Password policy enforcement
Administrative and privileged access management
Access provisioning and deprovisioning workflow
Application security

Practices, tools, and reviews embedded into the development lifecycle to minimize vulnerabilities and deliver secure software.

Secure software development lifecycle
Automated vulnerability scanning and code analysis
Peer code review and build testing
Environment segregation
Patch management process
Change management policy
Non-production data protection
Compliance and auditing

Independent attestations and internal procedures demonstrating alignment with industry regulations and customer requirements.

SOC 1 Type II, SOC 2 Type II, and SOC 3 reports
ISO/IEC 27001:2022 certification
Annual risk assessments
Vendor and subservice organization monitoring
Audit logging and review

Latest updates

May 12, 2026
Security Advisories
Security Advisory: Supply Chain Attack Affecting npm and PyPl Packages
Mar 24, 2026
Security Advisories
Security Advisory: Trivy, LiteLLM, and Axios Supply Chain Vulnerabilities
Dec 17, 2025
Security Advisories
Security Advisory: CVE-2025-55182 - React2Shell React & Next.js CVE Disclosures