Tableau helps you see, understand and protect your data.
Frequently asked questions
Learn more about Tableau’s approach to GDPR and CCPA compliance with these frequently asked privacy questions. Download the GDPR FAQ Download the CCPA FAQ
Tableau has always believed in the importance of handling personal data in a way that is both thoughtful and comprehensive. We will continue to protect customer data in accordance with privacy laws, including GDPR and CCPA. We believe these privacy laws are important steps toward clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for and complying with global privacy regulations.
The General Data Protection Regulation (GDPR), effective 25 May 2018, strengthens and unifies data protection for all individuals in the European Economic Area (EEA). The GDPR imposes enhanced rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the EEA, or that collect and analyse data tied to EEA residents. The GDPR applies to all organisations doing business with individuals in the EEA, whether the organisations are based in the EEA or not. It also addresses the export of personal data outside the EEA, so companies need to take a measured approach to their personal data collection and protection practices.
The California Consumer Privacy Act (CCPA), effective 1 January 2020, represents the highest standard of data protection in the United States so far. It grants California residents a number of rights over their personal data, such as the right to have certain personal data deleted, the right to be notified about a company’s collection and processing of their personal data, the right to information about how a company uses their personal data, and the right not to have companies sell their personal data.
Tableau is committed to creating customers for life. Earning the generational trust of the world’s data users requires a relentless focus on the customer experience, a fundamental component of which is safeguarding your data.
Our commitment to you.
TABLEAU PRODUCTS AND THE GENERAL DATA PROTECTION REGULATION
Tableau users subject to privacy regulations need to be aware of their obligations. Download our white paper to understand the ways Tableau products can help you meet your obligations.
Tableau policies
Tableau collects personal information in support of its mission to help people see and understand their data. This personal information is collected and used in a variety of ways as described more fully in our Privacy Statement.
The GDPR restricts the export of personal data to countries outside the EU and the European Economic Area (EEA) unless certain controls are in place. Tableau gives its customers assurances that personal data will be transferred and processed in compliance with EU data protection law in multiple ways.
View Salesforce's response to the Court of Justice of the European Union's decision on transfers of personal data
GDPR requires that personal information is subject to certain contractual protections as it is transferred between controller and processor. As a Salesforce company, Tableau offers our Tableau Cloud customers the Salesforce Data Processing Addendum upon registration and at renewal.
Tableau collects personal information for marketing purposes pursuant to GDPR and other local laws. Marketing communications are easily opted out of at any time, either through an unsubscribe button on the email itself or by contacting customerservice@tableau.com.
Product readiness
On-premises software
Tableau Desktop, Tableau Prep and Tableau Server are installed locally on your servers/computers, behind your firewall, and do not automatically transmit your data back to Tableau. Our support staff members do not have a built-in remote connection to the software and cannot “tunnel” into your installation. As such, Tableau does not process the customer data that you analyse using our on-premises software and relies on our customers to maintain adequate protections for that data. Note that for registration information or usage data used to perform our contractual obligations and improve your experience with our products, Tableau is the controller/business and accepts related responsibilities under applicable law.
Tableau Cloud data location
Tableau Cloud is structured so that customers control where their data is stored. Tableau’s EU-based data centre is available to both existing and new Tableau Cloud customers, wherever they are located, with disaster recovery systems also located in the EU. Existing customers can choose to migrate their data to the EU-based data centre, while new customers can select their preferred location – currently either North America or Europe – when setting up their Tableau Cloud site.
Security readiness
Information security practices
We have published informational security and data protection practices governing when employees and contractors can access data stores containing your data.
Third-party audits and certifications
Tableau’s controls have been audited by independent third parties against defined standards and makes SOC 2 Type II and SSAE 16 SOC 1 reports available to customers.
Incident response
We have implemented a data breach and incident response plan. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.
Best practices for Tableau customers
Apart from following the security hardening best practices for Tableau Server, the best thing our customers can do to reduce their exposure under any privacy law is to not collect or store personal data that isn’t needed.
Additionally, customers should ensure that only those people who need to see personal data are able to do so. The rich permissions settings on Tableau Server and Tableau Cloud allow control of which assets users are able to access, such as sites, workbooks, worksheets and data sources.
We will keep you informed on our progress with updates to this site. Should you have additional concerns or questions you would like to discuss, please do not hesitate to contact us at privacy@tableau.com.