Service-Specific and Other Supplemental Terms

Capitalized terms not otherwise defined in these Terms will have the respective meanings assigned to them in the Master Subscription Agreement at https://www.datadoghq.com/legal/msa/ (the “MSA”). Datadog may modify these Terms from time to time, subject to Section 30 of the MSA.

These Terms are in addition to the MSA, the Free-Trial Terms at https://www.datadoghq.com/legal/free-trial-agreement/, the Pass-Through Terms of Use at https://www.datadoghq.com/legal/pass-through/ and any separately executed agreement for Services between Datadog and Customer (each, as applicable, the “Agreement”). In the event of any inconsistency between these Terms and the Agreement, the applicable Terms will take precedence.

Service-Specific Terms

1. Real User Monitoring and Session Replay
   

   (last updated December 13, 2022)

   1.  Real User Monitoring (“RUM”) and Session Replay assist Customer in understanding an end user’s experience within its browser-based, mobile, or other supported application (“Customer App”). Through Customer’s use of RUM and Session Replay, cookies are placed on the devices of end users and data collected by default and through Customer’s configuration and use of RUM and Session Replay may comprise Personal Information. Datadog makes no representations or warranties that Customer’s use of RUM or Session Replay is or will be permitted under Applicable Law. In addition to Customer’s responsibilities and limitations of use under the Agreement, Customer responsibilities with respect to RUM and Session Replay include the requirements listed below and Customer is solely responsible for any Losses that arise for Customer and/or Datadog as a result of Customer’s failures with respect to the below obligations.
      
      Customer is responsible for:
      • (a) only using RUM and Session Replay on Customer Apps;
      • (b) obtaining and maintaining all rights, consents, and permissions, and providing all notices, required by Applicable Law for Customer’s use of RUM and Session Replay;
      • (c) using RUM and Session Replay in a way that complies with Applicable Law, including applicable privacy, data protection, and consumer protection laws;
      • (d) not using RUM or Session Replay to track end users on third-party websites; and
      • (e) using reasonable efforts to limit the amount of Personal Information about end users that is submitted to Datadog for Processing through RUM and Session Replay, including the tools described in the Documentation.

2. Synthetics Service Private Locations
   

   (last updated June 11, 2020)

   1. The Datadog Synthetics Service enables Customer to run Browser and API Tests that simulate End User actions, typically used in managed locations. Additionally, Datadog makes available proprietary code that Customer may, at its option, download and install in private locations in Customer’s Environment to support use of the Synthetics Service (“PL Code”). Subject to these Terms regarding Synthetics Service private locations (“PL Terms”) and the Agreement, Customer may use the PL Code exclusively to support Customer’s use of the Synthetics Service. These PL Terms are effective upon the earliest of when Customer or its Authorized User: (a) downloads, installs, accesses or uses the PL Code or (b) clicks an “I Accept,” “Sign up” or similar button or check box referencing these PL Terms.

   2. Where Customer has subscribed to the Synthetics Service, subject to these PL Terms and the Agreement, Customer is granted a limited, non-exclusive and non-transferable license to download, install and use the PL Code on servers in Customer’s Environment solely to allow Customer to use supported features and functionality of the Synthetics Service. The PL Code will be deemed a part of the Synthetics Service, not a Connection or Ancillary Tool, under these PL Terms and the Agreement.

   3. Without limiting the Agreement: (a) Customer is solely responsible for configuring its usage and privacy and security settings in its Private Locations and (b) no provision of these PL Terms includes the right to, and Customer shall not, directly or indirectly, resell, distribute or otherwise make available PL Code to any third party or, except to the extent limited by Applicable Law, reverse engineer, disassemble or decompile PL Code or access or use PL Code or associated Documentation in order to (i) copy ideas, features, functions or graphics, (ii) develop competing products or services, or (iii) perform competitive analyses.

   4. Customer agrees to comply with all Applicable Laws with respect to its access and use of PL Code. Customer shall not directly or indirectly export, re-export or release the PL Code to, or make the PL Code accessible to, a Sanctions Target, or broker, finance or otherwise facilitate any transaction in violation of any Export Laws.

   5. PL Code is provided under license, not sold, to Customer. Customer does not acquire any ownership interest in PL Code, or any other rights to PL Code other than to use PL Code in accordance with these PL Terms and the Agreement. Except as expressly granted in these PL Terms, Datadog reserves and shall its entire right, title, and interest in and to PL Code, including all associated Intellectual Property Rights.

   6. Datadog may from time to time in its sole discretion develop and provide updates to PL Code, which may include upgrades, bug fixes, patches, other error corrections, and/or new features (collectively, “PL Updates”). Datadog shall provide Customer notice, which may include through the Services, of or be prompted to download and install available PL Updates. Customer agrees to promptly download and install all PL Updates and acknowledges and agrees that PL Code or portions thereof may not properly operate should Customer fail to do so. Customer further agrees that all PL Updates will be deemed part of PL Code and subject to these PL Terms and the Agreement.

   7. These PL Terms terminate upon expiration or earlier termination of Customer’s subscription to the Synthetics Service. Upon termination, all rights granted to Customer under these Private Location Terms will also terminate and, unless Customer must cease all use of and access to PL Code and delete all copies of PL Code.

   8. For clarity, the Parties’ confidentiality and indemnification obligations under the Agreement extend to these PL Terms, and each Party’s (and each of its Affiliate’s) liability taken together in the aggregate, arising out of or related to these PL Terms, whether in contract, tort, or under any other theory of liability, is subject to the limitation of liability provisions of the Agreement.

3. Cloudcraft
   

   (last updated November 23, 2022)

   1.  The Datadog Cloudcraft Service enables Customer to create professional architecture diagrams using the Cloudcraft visual designer, optimized for AWS with smart components. Customer’s use of the Datadog Cloudcraft Service is subject to the Cloudcraft Terms and Conditions available here (the “CC Terms”).

4. Sensitive Data Scanner
   

   (last updated December 13, 2022)

   1. Sensitive Data Scanner (“SDS”) is a stream-based, pattern matching service that Customer can use to identify, tag, and optionally redact or hash sensitive data before it is stored in the Services. Personal Data and Sensitive Information may be included in the data stream sent to SDS. Customer is responsible for configuring SDS to hash or redact all Sensitive Information and any Personal Data that is not pertinent to the intended use of Datadog’s connected Services, namely RUM, APM, and Logs. Customer’s use of SDS relies upon Customer properly configuring the search parameters for SDS, including the out-of-the-box (“OOTB”) rules. Datadog makes no representation that SDS will prevent all sensitive data from being included in Customer Data stored in the Services. For clarity, all redaction, masking, or obfuscation of sensitive data, as determined by Customer, happens in the data stream prior to any storage within the Services.

5. Cloud Security Posture Management
   

   (last updated December 13, 2022)

   1. Datadog Cloud Security Posture Management (“CSPM”) performs configuration checks of cloud accounts, hosts, and containers. While CSPM includes out-of-the-box (“OOTB”) detection rules to address various regulatory frameworks, benchmarks, and standards (“Security Posture Frameworks”), CSPM does not provide an assessment of your actual compliance with any Security Posture Framework, and the OOTB rules may not address all configuration settings that are relevant to the Security Posture Frameworks. By using CSPM, Customer acknowledges and agrees that Datadog is not providing legal or compliance advice or guidance.

6. Observability Pipelines
   

   (last updated December 13, 2022)

   1. Observability Pipelines is a monitoring solution that requires Customer installation of Vector, an open source tool. The use of Vector is not part of the Services and is subject to the Mozilla Public License, version 2.0V.

7. Restricted Service Locations
   

   (last updated December 13, 2022)

   1. Russia and Belarus.

   Datadog is suspending all business activities in Russia and Belarus until further notice. On April 1, 2022 and until such time as Datadog lifts this restriction, Customer agrees that it is NOT (a) an entity incorporated in Russia or Belarus, (b) an individual with a primary residence in Russia or Belarus, or (c) providing Datadog Services to an entity or individual described in (a) or (b).

   2. People’s Republic of China.

   Datadog Services are neither designed nor certified for any legal, operational, or regulatory requirements in mainland China (“PRC”). As such, Datadog does not enter deals with PRC entities (directly or via a third party) and Datadog does not provide specific support for any use of its Services in the PRC. Any use by, or access to, Datadog Services in the PRC or with respect to environments within the PRC is entirely at the Customer’s own risk. Datadog makes no representations or guarantees with respect to use of its Services in the PRC or with respect to environments within the PRC, including with regards to confidentiality, privacy, integrity of customer data, or technology importation.

Supplemental Terms

1. Customer Data subject to the CCPA
   

   (last updated December 30, 2019)

   1. If Customer Data comprises Personal Information subject to the CCPA (“Covered Information”), Datadog is the Service Provider and, consistent with the requirements of the CCPA, shall not (a) Sell the Covered Information or (b) retain, use or disclose the Covered Information: (i) for any purpose, including any Commercial Purpose, other than for the specific purpose of providing and supporting the Services or (ii) outside of the Parties’ direct business relationship. Datadog certifies that it understands these restrictions and will comply with them. Customer acknowledges nothing in this Paragraph removes or lessens Customer’s obligations with respect to Personal Information under the Agreement (for example, Sections 8.1 and 9.1 of the MSA).

   2. Customer will be responsible for responding to Consumer requests in relation to Covered Information (each, a “Consumer Request”). If Datadog receives a Consumer Request then, to the extent legally permissible, Datadog will advise the Consumer to submit the Consumer Request to Customer, and Customer agrees that Datadog may confirm to a Consumer that the Consumer Request relates to Customer. To the extent Customer is unable through its use of the Services to address a particular Consumer Request, Datadog will, upon Customer’s request and taking into account the nature of the Covered Information, provide reasonable assistance in addressing the Consumer Request (provided Datadog is legally permitted to do so and that Customer has verified the request in accordance with the CCPA).

   3. As used in Paragraphs 2.1 and 2.2, “Commercial Purpose”, “Consumer”, “Personal Information”, “Sell”, and “Service Provider” have the meanings assigned to them in the California Consumer Privacy Act of 2018, sections 1798.100 through 1798.199 of the California Civil Code (“CCPA”).

2. Customer Data subject to the GDPR
   

   (last updated December 30, 2019)

   1. If Customer believes Customer Data may include the Personal Data of natural persons located in the European Economic Area and wishes to execute a Data Processing Addendum (“DPA”) pursuant to the GDPR, Customer may do so by submitting a request by email to gdpr@datadoghq.com. Except where the Parties have already entered into a DPA (or the Agreement incorporates DPA provisions), promptly following Datadog’s receipt of Customer’s request, Datadog will send Customer a DPA ready for execution.

   2. As used in Paragraph 3.1, “Personal Data” has the meaning assigned to it in the General Data Protection Regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC (“GDPR”).

3. HIPAA and PCI Compliance
   

   (last updated September 19, 2022)

   1. Through Customer configuration of the Customer Components, the Connections, and the Services, Customer can limit Personal Information in Customer Data, including through the measures detailed at https://docs.datadoghq.com/data_security/.

   2. To enable Customer compliance with applicable laws, in the event of any inclusion by Customer of (a) protected health information (“PHI”), Datadog can, upon request, configure the Customer account to be HIPAA-compliant for the HIPAA-Eligible Services; and (b) credit card holder data, Datadog will maintain all applicable PCI DSS requirements with respect to cardholder data contained in the Customer Data for the PCI-Eligible Services.