Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Jan. 31, 2026
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We have an established cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, internal networks, and information. This program implements policies, processes, and controls to respond to cybersecurity threats and mitigate business impacts. Management is responsible for day-to-day administration of our cybersecurity policies, processes, practices, and risk management. Our board of directors recognizes the critical importance of maintaining the trust and confidence of our customers, business partners and employees. Our board of directors is actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management. We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Our cybersecurity policies, standards, processes, and practices are informed by recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and an array of other applicable standards-setting bodies, which are integrated into a broader risk management framework and related processes. We also hold various security-related industry certifications and attestations that have been validated by external auditors, including SOC 1 Type II, SOC 2 Type II, ISO 27001, ISO 27018, HITRUST, and HIPAA-related validations, and others. We conduct annual risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate high-level personnel, including our Chief Technology Officer, who reports to our Chief Executive Officer, to manage the risk assessment and mitigation process. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with our human resources, security, IT, legal and management teams. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings. We engage independent assessors, consultants, and auditors in connection with our risk assessment processes, including ISO 27001 and SOC audit firms. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. We require each third-party service provider which has access to or a relationship to our systems or data to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our CTO provides quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Our audit committee provides regular updates to the board of directors on such reports.
Cybersecurity Risk Role of Management [Text Block]	We have a unified and centrally coordinated team, led by our Chief Technology Officer (CTO) and EVP of Product, that is responsible for implementing and maintaining centralized cybersecurity and data protection practices in close coordination with executive leadership team including CEO, CTO, CFO, CLO, CHRO, COO, and other members of the senior leadership team. The CTO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology, information security, engineering, and product development, for over 30 years. He also holds a bachelor's degree in mechanical engineering and a master’s degree in business marketing. We believe the Company’s business leaders, including our CEO, CFO, CTO, CHRO, COO, and CLO, who have experience managing cybersecurity risk at Domo and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats. Reporting to our Chief Technology Officer are several experienced security engineers, and governance, risk, and compliance professionals. In addition to our in-house cybersecurity capabilities, we also engage with external assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. Our CTO and our cybersecurity team oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Some key processes by which our CTO and security steering committee are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: •Identification and Reporting: We have implemented a robust, cross-functional approach to identifying, assessing, and managing cybersecurity threats and risks. Our program includes controls and procedures designed to properly identify, classify, and escalate cybersecurity risks to provide management with visibility and prioritization of risk mitigation efforts and to publicly report material cybersecurity incidents when appropriate. •Threat Intelligence: We have a security operations team focused on profiling, intelligence collection, and threat analysis supporting our ongoing efforts to identify, assess and manage cybersecurity threats. The team’s input supports both near-term response to cybersecurity events, and long-term strategic planning and development of our cybersecurity risk management framework. •Technical Safeguards: We deploy, maintain, and regularly monitor the effectiveness of technical safeguards that are designed to protect our information systems from cybersecurity threats. We make investments in core security capabilities, including awareness and training, identity and access, incident response, product security, cloud security, enterprise security, risk management, and supply chain risk, to enable us to better identify, protect, detect, respond to, and recover from evolving security threats. Our technical safeguards include firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through internal and external security assessments and cybersecurity threat intelligence. We regularly assess our safeguards through internal testing by our assurance teams. We also leverage external third-party testing (e.g., penetration testing, attack surface mapping, and security maturity assessments). •Incident Response and Recovery Planning: We have established and maintain robust incident response, business continuity and disaster recovery plans designed to address our response to a cybersecurity incident. We conduct regular tabletop exercises involving multiple operational teams, including senior management, to test these plans and to familiarize personnel with their roles in a response scenario. •Third-Party Risk Management: We maintain a robust, risk-based approach to identifying and overseeing cybersecurity threats presented by certain third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a significant cybersecurity incident affecting those third-party systems. •Education and Awareness: We regularly provide employee training on security-related duties and responsibilities, including knowledge about how to recognize security incidents and how to proceed if an actual or suspected incident should occur. This training is mandatory for employees across our organization and is intended to provide our employees and contractors with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	We have a unified and centrally coordinated team, led by our Chief Technology Officer (CTO) and EVP of Product, that is responsible for implementing and maintaining centralized cybersecurity and data protection practices in close coordination with executive leadership team including CEO, CTO, CFO, CLO, CHRO, COO, and other members of the senior leadership team.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CTO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology, information security, engineering, and product development, for over 30 years. He also holds a bachelor's degree in mechanical engineering and a master’s degree in business marketing.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our CTO and our cybersecurity team oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Some key processes by which our CTO and security steering committee are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following: •Identification and Reporting: We have implemented a robust, cross-functional approach to identifying, assessing, and managing cybersecurity threats and risks. Our program includes controls and procedures designed to properly identify, classify, and escalate cybersecurity risks to provide management with visibility and prioritization of risk mitigation efforts and to publicly report material cybersecurity incidents when appropriate. •Threat Intelligence: We have a security operations team focused on profiling, intelligence collection, and threat analysis supporting our ongoing efforts to identify, assess and manage cybersecurity threats. The team’s input supports both near-term response to cybersecurity events, and long-term strategic planning and development of our cybersecurity risk management framework. •Technical Safeguards: We deploy, maintain, and regularly monitor the effectiveness of technical safeguards that are designed to protect our information systems from cybersecurity threats. We make investments in core security capabilities, including awareness and training, identity and access, incident response, product security, cloud security, enterprise security, risk management, and supply chain risk, to enable us to better identify, protect, detect, respond to, and recover from evolving security threats. Our technical safeguards include firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through internal and external security assessments and cybersecurity threat intelligence. We regularly assess our safeguards through internal testing by our assurance teams. We also leverage external third-party testing (e.g., penetration testing, attack surface mapping, and security maturity assessments). •Incident Response and Recovery Planning: We have established and maintain robust incident response, business continuity and disaster recovery plans designed to address our response to a cybersecurity incident. We conduct regular tabletop exercises involving multiple operational teams, including senior management, to test these plans and to familiarize personnel with their roles in a response scenario. •Third-Party Risk Management: We maintain a robust, risk-based approach to identifying and overseeing cybersecurity threats presented by certain third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a significant cybersecurity incident affecting those third-party systems. •Education and Awareness: We regularly provide employee training on security-related duties and responsibilities, including knowledge about how to recognize security incidents and how to proceed if an actual or suspected incident should occur. This training is mandatory for employees across our organization and is intended to provide our employees and contractors with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Jan. 31, 2026

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We have an established cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems, internal networks, and information. This program implements policies, processes, and controls to respond to cybersecurity threats and mitigate business impacts. Management is responsible for day-to-day administration of our cybersecurity policies, processes, practices, and risk management.

Our board of directors recognizes the critical importance of maintaining the trust and confidence of our customers, business partners and employees. Our board of directors is actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management.

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Our cybersecurity policies, standards, processes, and practices are informed by recognized frameworks established by the National Institute of Standards and Technology, the International Organization for Standardization and an array of other applicable standards-setting bodies, which are integrated into a broader risk management framework and related processes. We also hold various security-related industry certifications and attestations that have been validated by external auditors, including SOC 1 Type II, SOC 2 Type II, ISO 27001, ISO 27018, HITRUST, and HIPAA-related validations, and others.

We conduct annual risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.

Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards. We devote significant resources and designate high-level personnel, including our Chief Technology Officer, who reports to our Chief Executive Officer, to manage the risk assessment and mitigation process.

As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with our human resources, security, IT, legal and management teams. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings.

We engage independent assessors, consultants, and auditors in connection with our risk assessment processes, including ISO 27001 and SOC audit firms. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards.

We require each third-party service provider which has access to or a relationship to our systems or data to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our

executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our board of directors administers its cybersecurity risk oversight function directly as a whole, as well as through the audit committee.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our CTO provides quarterly briefings to the audit committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, activities of third parties, and the like. Our audit committee provides regular updates to the board of directors on such reports.

Cybersecurity Risk Role of Management [Text Block]

We have a unified and centrally coordinated team, led by our Chief Technology Officer (CTO) and EVP of Product, that is responsible for implementing and maintaining centralized cybersecurity and data protection practices in close coordination with executive leadership team including CEO, CTO, CFO, CLO, CHRO, COO, and other members of the senior leadership team. The CTO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology, information security, engineering, and product development, for over 30 years. He also holds a bachelor's degree in mechanical engineering and a master’s degree in business marketing. We believe the Company’s business leaders, including our CEO, CFO, CTO, CHRO, COO, and CLO, who have experience managing cybersecurity risk at Domo and at similar companies, have the appropriate expertise, background and depth of experience to manage risks arising from cybersecurity threats. Reporting to our Chief Technology Officer are several experienced security engineers, and governance, risk, and compliance professionals. In addition to our in-house cybersecurity capabilities, we also engage with external assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks.

Our CTO and our cybersecurity team oversee our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Some key processes by which our CTO and security steering committee are informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents include the following:

•Identification and Reporting: We have implemented a robust, cross-functional approach to identifying, assessing, and managing cybersecurity threats and risks. Our program includes controls and procedures designed to properly identify, classify, and escalate cybersecurity risks to provide management with visibility and prioritization of risk mitigation efforts and to publicly report material cybersecurity incidents when appropriate.

•Threat Intelligence: We have a security operations team focused on profiling, intelligence collection, and threat analysis supporting our ongoing efforts to identify, assess and manage cybersecurity threats. The team’s input supports both near-term response to cybersecurity events, and long-term strategic planning and development of our cybersecurity risk management framework.

•Technical Safeguards: We deploy, maintain, and regularly monitor the effectiveness of technical safeguards that are designed to protect our information systems from cybersecurity threats. We make investments in core security capabilities, including awareness and training, identity and access, incident response, product security, cloud security, enterprise security, risk management, and supply chain risk, to enable us to better identify, protect, detect, respond to, and recover from evolving security threats. Our technical safeguards include firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through internal and external security assessments and cybersecurity threat intelligence. We regularly assess our safeguards through internal testing by our assurance teams. We also leverage external third-party testing (e.g., penetration testing, attack surface mapping, and security maturity assessments).

•Incident Response and Recovery Planning: We have established and maintain robust incident response, business continuity and disaster recovery plans designed to address our response to a cybersecurity incident. We conduct regular tabletop exercises involving multiple operational teams, including senior management, to test these plans and to familiarize personnel with their roles in a response scenario.

•Third-Party Risk Management: We maintain a robust, risk-based approach to identifying and overseeing cybersecurity threats presented by certain third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a significant cybersecurity incident affecting those third-party systems.

•Education and Awareness: We regularly provide employee training on security-related duties and responsibilities, including knowledge about how to recognize security incidents and how to proceed if an actual or suspected incident should occur. This training is mandatory for employees across our organization and is intended to provide our employees and contractors with effective tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The CTO has extensive experience in the management of cybersecurity risk programs, having served in various leadership roles in information technology, information security, engineering, and product development, for over 30 years. He also holds a bachelor's degree in mechanical engineering and a master’s degree in business marketing.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true