Service-Specific and Other Supplemental Terms

Capitalized terms not otherwise defined in these Terms will have the respective meanings assigned to them in the Master Subscription Agreement at https://www.datadoghq.com/legal/msa/ (the “MSA”). Datadog may modify these Terms from time to time, subject to Section 30 of the MSA.

These Terms are in addition to the MSA, the Free-Trial Terms at https://www.datadoghq.com/legal/free-trial-agreement/, the Pass-Through Terms of Use at https://www.datadoghq.com/legal/pass-through/ and any separately executed agreement for Services between Datadog and Customer (each, as applicable, the “Agreement”). In the event of any inconsistency between these Terms and the Agreement, the applicable Terms will take precedence.

1. Real User Monitoring Service

   (Section 1 last updated December 30, 2019)

   1. The Datadog Real User Monitoring ("RUM") Service enables Customer to Process (and Datadog to collect) as Customer Data certain performance data about the access and use of a Customer’s browser-based or other supported application (a “Customer App”) by an actual end user of that Customer App (an “End User”). The types of performance data may include, among others:

      • (a) End User’s username or any other identifier provided through the Customer App;
      • (b) IP address and geographic location of the End User;
      • (c) End User’s browser type, device type and operating system;
      • (d) URLs of resources visited and server calls by the End User within, and the URLs of resources loaded to, the Customer App; and
      • (e) length of time of an End User’s session on a specific URL and overall within the Customer App.

      Of those data types, the RUM Service collects the End User’s user agent (including information derived therefrom such as device type, operating system and browser) resources visited, server calls, IP address and geographic location. Customer Data collected by default and through Customer’s configuration and use of the RUM Service may comprise Personal Information.

   2. The RUM Service is intended to assist Customer in understanding an End User’s experience solely within a Customer App. The RUM Service may place cookies, but cannot be used to track End Users on third-party websites and shall in no event be used, directly or indirectly, to support any such monitoring of End User or other parties. Without limiting Customer’s obligations under the Agreement (for example, Sections 8.1 and 9.1 of the MSA), Customer is responsible for complying with Applicable Law by providing any notices and receiving any consents and authorizations required by Applicable Law from, persons whose Personal Information may be Processed through Customer’s configuration and use of the RUM Service. Customer shall use reasonable efforts to restrict the inclusion of Personal Information in Customer Data; and in no event shall Customer use the RUM Services to Process any Sensitive Information.

2. Customer Data subject to the CCPA

   (Section 2 last updated December 30, 2019)

   1. If Customer Data comprises Personal Information subject to the CCPA ("Covered Information"), Datadog is the Service Provider and, consistent with the requirements of the CCPA, shall not (a) Sell the Covered Information or (b) retain, use or disclose the Covered Information: (i) for any purpose, including any Commercial Purpose, other than for the specific purpose of providing and supporting the Services or (ii) outside of the Parties’ direct business relationship. Datadog certifies that it understands these restrictions and will comply with them. Customer acknowledges nothing in this Paragraph removes or lessens Customer’s obligations with respect to Personal Information under the Agreement (for example, Sections 8.1 and 9.1 of the MSA).

   2. Customer will be responsible for responding to Consumer requests in relation to Covered Information (each, a “Consumer Request”). If Datadog receives a Consumer Request then, to the extent legally permissible, Datadog will advise the Consumer to submit the Consumer Request to Customer, and Customer agrees that Datadog may confirm to a Consumer that the Consumer Request relates to Customer. To the extent Customer is unable through its use of the Services to address a particular Consumer Request, Datadog will, upon Customer’s request and taking into account the nature of the Covered Information, provide reasonable assistance in addressing the Consumer Request (provided Datadog is legally permitted to do so and that Customer has verified the request in accordance with the CCPA).

   3. As used in Paragraphs 2.1 and 2.2, “Commercial Purpose”, “Consumer”, “Personal Information”, “Sell”, and “Service Provider” have the meanings assigned to them in the California Consumer Privacy Act of 2018, sections 1798.100 through 1798.199 of the California Civil Code ("CCPA").

3. Customer Data subject to the GDPR

   (Section 3 last updated December 30, 2019)

   1. If Customer believes Customer Data may include the Personal Data of natural persons located in the European Economic Area and wishes to execute a Data Processing Addendum ("DPA") pursuant to the GDPR, Customer may do so by submitting a request by email to gdpr@datadoghq.com. Except where the Parties have already entered into a DPA (or the Agreement incorporates DPA provisions), promptly following Datadog’s receipt of Customer’s request, Datadog will send Customer a DPA ready for execution.

   2. As used in Paragraph 3.1, “Personal Data” has the meaning assigned to it in the General Data Protection Regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC ("GDPR").

4. Synthetics Service Private Locations

   (Section 4 last updated June 11, 2020)

   1. The Datadog Synthetics Service enables Customer to run Browser and API Tests that simulate End User actions, typically used in managed locations. Additionally, Datadog makes available proprietary code that Customer may, at its option, download and install in private locations in Customer’s Environment to support use of the Synthetics Service ("PL Code"). Subject to these Terms regarding Synthetics Service private locations ("PL Terms") and the Agreement, Customer may use the PL Code exclusively to support Customer’s use of the Synthetics Service. These PL Terms are effective upon the earliest of when Customer or its Authorized User: (a) downloads, installs, accesses or uses the PL Code or (b) clicks an “I Accept,” “Sign up” or similar button or check box referencing these PL Terms.

   2. Where Customer has subscribed to the Synthetics Service, subject to these PL Terms and the Agreement, Customer is granted a limited, non-exclusive and non-transferable license to download, install and use the PL Code on servers in Customer’s Environment solely to allow Customer to use supported features and functionality of the Synthetics Service. The PL Code will be deemed a part of the Synthetics Service, not a Connection or Ancillary Tool, under these PL Terms and the Agreement.

   3. Without limiting the Agreement: (a) Customer is solely responsible for configuring its usage and privacy and security settings in its Private Locations and (b) no provision of these PL Terms includes the right to, and Customer shall not, directly or indirectly, resell, distribute or otherwise make available PL Code to any third party or, except to the extent limited by Applicable Law, reverse engineer, disassemble or decompile PL Code or access or use PL Code or associated Documentation in order to (i) copy ideas, features, functions or graphics, (ii) develop competing products or services, or (iii) perform competitive analyses.

   4. Customer agrees to comply with all Applicable Laws with respect to its access and use of PL Code. Customer shall not directly or indirectly export, re-export or release the PL Code to, or make the PL Code accessible to, a Sanctions Target, or broker, finance or otherwise facilitate any transaction in violation of any Export Laws.

   5. PL Code is provided under license, not sold, to Customer. Customer does not acquire any ownership interest in PL Code, or any other rights to PL Code other than to use PL Code in accordance with these PL Terms and the Agreement. Except as expressly granted in these PL Terms, Datadog reserves and shall its entire right, title, and interest in and to PL Code, including all associated Intellectual Property Rights.

   6. Datadog may from time to time in its sole discretion develop and provide updates to PL Code, which may include upgrades, bug fixes, patches, other error corrections, and/or new features (collectively, “PL Updates”). Datadog shall provide Customer notice, which may include through the Services, of or be prompted to download and install available PL Updates. Customer agrees to promptly download and install all PL Updates and acknowledges and agrees that PL Code or portions thereof may not properly operate should Customer fail to do so. Customer further agrees that all PL Updates will be deemed part of PL Code and subject to these PL Terms and the Agreement.

   7. These PL Terms terminate upon expiration or earlier termination of Customer’s subscription to the Synthetics Service. Upon termination, all rights granted to Customer under these Private Location Terms will also terminate and, unless Customer must cease all use of and access to PL Code and delete all copies of PL Code.

   8. For clarity, the Parties’ confidentiality and indemnification obligations under the Agreement extend to these PL Terms, and each Party’s (and each of its Affiliate’s) liability taken together in the aggregate, arising out of or related to these PL Terms, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability provisions of the Agreement.

5. Restricted Service Locations

   (Section 5 last updated April 1, 2022)

   1.  Datadog is suspending all business activities in Russia and Belarus until further notice. On April 1, 2022 and until such time as Datadog lifts this restriction, Customer agrees that it is NOT (a) an entity incorporated in Russia or Belarus, (b) an individual with a primary residence in Russia or Belarus, or (c) providing Datadog Services to an entity or individual described in (a) or (b).

6. HIPAA and PCI Compliance

   (Section 6 last updated September 19, 2022)

   1. Through Customer configuration of the Customer Components, the Connections, and the Services, Customer can limit Personal Information in Customer Data, including through the measures detailed at https://docs.datadoghq.com/data_security/.

   To enable Customer compliance with applicable laws, in the event of any inclusion by Customer of (a) protected health information (“PHI”), Datadog can, upon request, configure the Customer account to be HIPAA-compliant for the HIPAA-Eligible Services; and (b) credit card holder data, Datadog will maintain all applicable PCI DSS requirements with respect to cardholder data contained in the Customer Data for the PCI-Eligible Services.