California Consumer Privacy Act

Our Commitment to You and the Protection of Your Data

We’re committed to helping Gainsight customers and users understand, and where applicable, comply with the California Consumer Privacy Act of 2018 (CCPA). The CCPA is the first comprehensive consumer privacy law enacted in a U.S state, which became effective January 1, 2020.

The CCPA grants California residents new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. While it incorporates several General Data Protection Regulation (GDPR) concepts, such as the rights of access, portability, and data deletion, there are several areas where the CCPA requirements are more specific than those of the GDPR or where the GDPR goes beyond the CCPA requirements.

CCPA Compliance

The CCPA requirements are significant and our global team has prepared Gainsight’s product offerings, operations and contractual commitments to help customers comply with the regulation. Measures we implemented include:

  • Enhanced Data and System Inventory
  • Leveraged Consumer Rights Requests Internal Process & Checklist
  • Included a “Do Not Sell my Personal Information” Button on websites
  • Developed a “Do Not Sell my Personal information” Process
  • Leveraging Cookie Banners
  • Enabled opt-out for tracking analytics
  • Reviewed and Updated external Privacy Disclosures and Policy
  • Ensured Privacy Policy includes consumer rights under the CCPA
  • Ensured Privacy Policy includes the categories of information collected, sold, and disclosed

We will also monitor the guidance around CCPA compliance from privacy-related regulatory bodies and update our product features and contractual commitments accordingly.

Gainsight considers itself a “service provider” under the CCPA – while we do process information on behalf of our clients and such information may include CA consumer personal information (and therefore we are “receiving” or “accessing” such information in accordance with the CCPA), we limit our use of such information to the specific purpose of performing the services specified in the contract – not for any commercial purpose other than the foregoing. We don’t sell data that our customers store with us in any circumstances. Gainsight has included language to capture this intent in our Privacy Policy. We are also happy to make amendments to existing contracts to reflect this intent as well. To ensure full compliance with CCPA (and to make sure that all global customers have the maximum control of their data) we also provide a mechanism to opt-out on our website. We provide details about our privacy program (including GDPR and CCPA compliance) on our privacy page