Service-Specific and Other Supplemental Terms

Capitalized terms not otherwise defined in these Terms will have the respective meanings assigned to them in the Subscription Agreement at https://www.datadoghq.com/legal/msa/ (the “MSA”). Datadog may modify these Terms from time to time. Sign up to be notified with updates here.

Service-Specific Terms

1. Real User Monitoring and Session Replay

   
   (last updated December 13, 2022)

   1.  Real User Monitoring (“RUM”) and Session Replay assist Customer in understanding an end user’s experience within its browser-based, mobile, or other supported application (“Customer App”). Through Customer’s use of RUM and Session Replay, cookies are placed on the devices of end users and data collected by default and through Customer’s configuration and use of RUM and Session Replay may comprise Personal Information. Datadog makes no representations or warranties that Customer’s use of RUM or Session Replay is or will be permitted under Applicable Law. In addition to Customer’s responsibilities and limitations of use under the Agreement, Customer responsibilities with respect to RUM and Session Replay include the requirements listed below and Customer is solely responsible for any Losses that arise for Customer and/or Datadog as a result of Customer’s failures with respect to the below obligations.
      
      Customer is responsible for:
      • (a) only using RUM and Session Replay on Customer Apps;
      • (b) obtaining and maintaining all rights, consents, and permissions, and providing all notices, required by Applicable Law for Customer’s use of RUM and Session Replay;
      • (c) using RUM and Session Replay in a way that complies with Applicable Law, including applicable privacy, data protection, and consumer protection laws;
      • (d) not using RUM or Session Replay to track end users on third-party websites; and
      • (e) using reasonable efforts to limit the amount of Personal Information about end users that is submitted to Datadog for Processing through RUM and Session Replay, including the tools described in the Documentation.

2. Synthetics Service Private Locations

   
   (last updated June 11, 2020)

   1. The Datadog Synthetics Service enables Customer to run Browser and API Tests that simulate End User actions, typically used in managed locations. Additionally, Datadog makes available proprietary code that Customer may, at its option, download and install in private locations in Customer’s Environment to support use of the Synthetics Service (“PL Code”). Subject to these Terms regarding Synthetics Service private locations (“PL Terms”) and the Agreement, Customer may use the PL Code exclusively to support Customer’s use of the Synthetics Service. These PL Terms are effective upon the earliest of when Customer or its Authorized User: (a) downloads, installs, accesses or uses the PL Code or (b) clicks an “I Accept,” “Sign up” or similar button or check box referencing these PL Terms.

   2. Where Customer has subscribed to the Synthetics Service, subject to these PL Terms and the Agreement, Customer is granted a limited, non-exclusive and non-transferable license to download, install and use the PL Code on servers in Customer’s Environment solely to allow Customer to use supported features and functionality of the Synthetics Service. The PL Code will be deemed a part of the Synthetics Service, not a Connection or Ancillary Tool, under these PL Terms and the Agreement.

   3. Without limiting the Agreement: (a) Customer is solely responsible for configuring its usage and privacy and security settings in its Private Locations and (b) no provision of these PL Terms includes the right to, and Customer shall not, directly or indirectly, resell, distribute or otherwise make available PL Code to any third party or, except to the extent limited by Applicable Law, reverse engineer, disassemble or decompile PL Code or access or use PL Code or associated Documentation in order to (i) copy ideas, features, functions or graphics, (ii) develop competing products or services, or (iii) perform competitive analyses.

   4. Customer agrees to comply with all Applicable Laws with respect to its access and use of PL Code. Customer shall not directly or indirectly export, re-export or release the PL Code to, or make the PL Code accessible to, a Sanctions Target, or broker, finance or otherwise facilitate any transaction in violation of any Export Laws.

   5. PL Code is provided under license, not sold, to Customer. Customer does not acquire any ownership interest in PL Code, or any other rights to PL Code other than to use PL Code in accordance with these PL Terms and the Agreement. Except as expressly granted in these PL Terms, Datadog reserves and shall its entire right, title, and interest in and to PL Code, including all associated Intellectual Property Rights.

   6. Datadog may from time to time in its sole discretion develop and provide updates to PL Code, which may include upgrades, bug fixes, patches, other error corrections, and/or new features (collectively, “PL Updates”). Datadog shall provide Customer notice, which may include through the Services, of or be prompted to download and install available PL Updates. Customer agrees to promptly download and install all PL Updates and acknowledges and agrees that PL Code or portions thereof may not properly operate should Customer fail to do so. Customer further agrees that all PL Updates will be deemed part of PL Code and subject to these PL Terms and the Agreement.

   7. These PL Terms terminate upon expiration or earlier termination of Customer’s subscription to the Synthetics Service. Upon termination, all rights granted to Customer under these Private Location Terms will also terminate and, unless Customer must cease all use of and access to PL Code and delete all copies of PL Code.

   8. For clarity, the Parties’ confidentiality and indemnification obligations under the Agreement extend to these PL Terms, and each Party’s (and each of its Affiliate’s) liability taken together in the aggregate, arising out of or related to these PL Terms, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability provisions of the Agreement.

3. Cloudcraft

   
   (last updated November 23, 2022)

   1.  The Datadog Cloudcraft Service enables Customer to create professional architecture diagrams using the Cloudcraft visual designer, optimized for AWS with smart components. Customer’s use of the Datadog Cloudcraft Service is subject to the Cloudcraft Terms and Conditions available here (the “CC Terms”).

4. Sensitive Data Scanner

   
   (last updated December 13, 2022)

   1.  Sensitive Data Scanner (“SDS”) is a stream-based, pattern matching service that Customer can use to identify, tag, and optionally redact or hash sensitive data before it is stored in the Services. Personal Data and Sensitive Information may be included in the data stream sent to SDS. Customer is responsible for configuring SDS to hash or redact all Sensitive Information and any Personal Data that is not pertinent to the intended use of Datadog’s connected Services, namely RUM, APM, and Logs. Customer’s use of SDS relies upon Customer properly configuring the search parameters for SDS, including the out-of-the-box (“OOTB”) rules. Datadog makes no representation that SDS will prevent all sensitive data from being included in Customer Data stored in the Services. For clarity, all redaction, masking, or obfuscation of sensitive data, as determined by Customer, happens in the data stream prior to any storage within the Services.

5. Cloud Security Posture Management

   
   (last updated December 13, 2022)

   1.  Datadog Cloud Security Posture Management (“CSPM”) performs configuration checks of cloud accounts, hosts, and containers. While CSPM includes out-of-the-box (“OOTB”) detection rules to address various regulatory frameworks, benchmarks, and standards (“Security Posture Frameworks”), CSPM does not provide an assessment of your actual compliance with any Security Posture Framework, and the OOTB rules may not address all configuration settings that are relevant to the Security Posture Frameworks. By using CSPM, Customer acknowledges and agrees that Datadog is not providing legal or compliance advice or guidance.

6. Observability Pipelines

   
   (last updated December 13, 2022)

   1.  Observability Pipelines is a monitoring solution that requires Customer installation of Vector, an open source tool. The use of Vector is not part of the Services and is subject to the Mozilla Public License, version 2.0V.

7. Restricted Service Locations

   
   (last updated December 13, 2022)

   1. Russia and Belarus.
      

      Datadog is suspending all business activities in Russia and Belarus until further notice. On April 1, 2022 and until such time as Datadog lifts this restriction, Customer agrees that it is NOT (a) an entity incorporated in Russia or Belarus, (b) an individual with a primary residence in Russia or Belarus, or (c) providing Datadog Services to an entity or individual described in (a) or (b).

   2. People’s Republic of China.
      

      Datadog Services are neither designed nor certified for any legal, operational, or regulatory requirements in mainland China (“PRC”). As such, Datadog does not enter deals with PRC entities (directly or via a third party) and Datadog does not provide specific support for any use of its Services in the PRC. Any use by, or access to, Datadog Services in the PRC or with respect to environments within the PRC is entirely at the Customer’s own risk. Datadog makes no representations or guarantees with respect to use of its Services in the PRC or with respect to environments within the PRC, including with regards to confidentiality, privacy, integrity of customer data, or technology importation.

Supplemental Terms

1. CCPA Terms

   
   (last updated June 30, 2023)

   1. Scope. These CCPA terms apply when the CCPA applies to Customer’s use of the Services to process Covered Information.

   2. Definitions. The following definitions apply to these CCPA terms.

      • (a) “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§1798.100–1798.199.100, as amended, and the CCPA regulations, Cal. Code Regs. §§7000–7304.
      • (b) “Covered Information” means the Personal Information contained in Customer Data.
      • (c) “Subprocessor” means a Service Provider engaged by Datadog to process Covered Information to provide the Services to Customer.
      • (d) The terms “Commercial Purpose,” “Consumer,” “Personal Information,” “Sell,” “Service Provider,” and “Share” have the meanings given to them in the CCPA.

   3. Datadog’s Obligations.

      • (a) Datadog will not Sell or Share Covered Information;
      • (b) Datadog will process Covered Information only to provide, support, and improve the Services in accordance with the Agreement or Orders, or as otherwise permitted under the CCPA;
      • (c) Datadog will not retain, use, or disclose Covered Information (i) for any purpose, including any Commercial Purpose, except to provide, support, and improve the Services in accordance with the Agreement or Orders, or as otherwise permitted under the CCPA; (ii) outside the direct business relationship between Datadog and Customer; or (iii) in any way prohibited by the CCPA;
      • (d) Datadog will not combine the Covered Information it receives from, or on behalf of, Customer with Personal Information it receives from, or on behalf of, another person or from Datadog’s own interactions with the Consumer to whom the Personal Information relates, except to the extent a Service provider is permitted to do so under the CCPA;
      • (e) Datadog will comply with all applicable obligations under, and provide the same level of privacy protection to Covered Information as required by, the CCPA;
      • (f) Datadog will notify Customer if it believes it cannot meet its obligations under the CCPA; and
      • (g) Datadog will, on Customer’s request and taking into account the nature of the Covered Information processed, provide reasonable assistance to Customer in fulfilling consumer requests made under the CCPA to the extent Customer is unable through its use of the Services to address a particular request on its own.

   4. Customer’s Obligations and Rights.

      • (a) Customer will only disclose Covered Information to Datadog for the limited purpose of using the Services in accordance with the Agreement;
      • (b) Customer may audit Datadog’s compliance with its obligations under these CCPA terms by requesting and reviewing (i) copies of or extracts from Datadog’s audit reports related to the security of the Services, or (ii) other information Datadog deems is reasonably necessary to demonstrate Datadog’s compliance; and
      • (c) If Datadog engages in an unauthorized use of Covered Information, Customer may, upon notice to Datadog, take reasonable and appropriate steps to stop and remediate the unauthorized use.

2. Customer Data subject to the GDPR

   
   (last updated December 30, 2019)

   1. If Customer believes Customer Data may include the Personal Data of natural persons located in the European Economic Area and wishes to execute a Data Processing Addendum (“DPA”) pursuant to the GDPR, Customer may do so by submitting a request by email to gdpr@datadoghq.com. Except where the Parties have already entered into a DPA (or the Agreement incorporates DPA provisions), promptly following Datadog’s receipt of Customer’s request, Datadog will send Customer a DPA ready for execution.

   2. As used in Paragraph 3.1, “Personal Data” has the meaning assigned to it in the General Data Protection Regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC (“GDPR”).

3. HIPAA and PCI Compliance

   
   (last updated September 19, 2022)

   1. Through Customer configuration of the Customer Components, the Connections, and the Services, Customer can limit Personal Information in Customer Data, including through the measures detailed at https://docs.datadoghq.com/data_security/.

   2. To enable Customer compliance with applicable laws, in the event of any inclusion by Customer of (a) protected health information (“PHI”), Datadog can, upon request, configure the Customer account to be HIPAA-compliant for the HIPAA-Eligible Services; and (b) credit card holder data, Datadog will maintain all applicable PCI DSS requirements with respect to cardholder data contained in the Customer Data for the PCI-Eligible Services.