California Consumer Privacy Act

Our Commitment to You and the Protection of Your Data

We’re committed to helping Gainsight customers and users understand, and where applicable, comply with the California Consumer Privacy Act of 2018 (CCPA). The CCPA is the first comprehensive consumer privacy law when enacted in California the first U.S state which becomes effective January 1, 2020.

The CCPA grants California resident’s new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. While it incorporates several GDPR concepts, such as the rights of access, portability, and data deletion, there are several areas where the CCPA requirements are more specific than those of the GDPR or where the GDPR goes beyond the CCPA requirements.

CCPA Compliance

The CCPA requirements are significant and our global team is preparing Gainsight’s product offerings, operations and contractual commitments to help customers comply with the regulation. Measures we will implement include:

  • Enhance Data and System Inventory
  • Leverage Consumer Rights Requests Internal Process & Checklist
  • Include a “Do Not Sell my Personal Information” Button on websites
  • Develop a “Do Not Sell my Personal information” Process
    • Leveraging Cookie Banners
    • Enable opt-out for tracking analytics
    • Dynamically drive consent model based on reverse IP lookup
  • Review and Update external Privacy Disclosures and Notices
    • Ensure Privacy notices includes consumer rights under the CCPA
    • Ensure Privacy notices includes the categories of information collected, sold and disclosed
    • Create a reliable schedule and process to ensure privacy policies are reviewed annually.

We will also monitor the guidance around CCPA compliance from privacy-related regulatory bodies and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.

Gainsight considers itself a “service provider” under the CCPA – while we do process information on behalf of our clients and such information may include CA consumer personal information (and therefore are “receiving” or “accessing” such information in accordance with the CCPA), we limit our use of such information to the specific purpose of performing the services specified in the contract – not for any commercial purpose other than the foregoing. We don’t sell data that our customers store with us in any circumstances. Gainsight will be including language to capture this intent in our privacy policies and templates, we are also happy to make amendments to existing contracts to reflect this intent as well. To ensure full compliance with CCPA (and to make sure that all global customers have the maximum control of their data) we also provide a mechanism to opt-out on our website. We provide details about our privacy program (including GDPR and CCPA compliance) on our privacy page