February 14, 2018 CrowdStrike Code of Business Conduct Our Mission Our mission is to help our customers stop data breaches. We operate on the basis of responsiveness, openness, honesty and trust with our customers, business partners, employees and stockholders. Policy Overview This Code of Business Conduct flows directly from our commitment to our mission and core values. We consistently aim for excellence and to provide value for both our customers and stockholders, and it is critical that we do so with integrity and high ethical standards. It is unacceptable to cut legal or ethical corners for the benefit of our company or for personal benefit. This code is intended to deter wrongdoing as well as the appearance of wrongdoing. Doing the right thing is more important than winning while risking our reputation or the trust of our customers, partners and stockholders. This code is designed to ensure: operating our business ethically and with integrity; avoiding actual or apparent conflicts of interest; compliance with the letter and spirit of all laws and CrowdStrike policies; and the prompt internal reporting of suspected violations of this To whom does the code apply? The code applies to all of us: the members of the board of directors, executives, employees and independent contractors of CrowdStrike and its subsidiaries. In addition to our own compliance, all of us must ensure that those employees whom we manage, and those whom we hire to work on our behalf, comply with this policy. Honest and Ethical Conduct Consistent with our core values, CrowdStrike personnel must act and perform their duties ethically, honestly and with integrity – doing the right thing even when “no one is looking.” We tell partners, customers, partners, publishers, investors and the public the truth about our company. We commit only to what we can do, and we deliver on our commitments. No winks. No nods. Conflicts of Interest A conflict of interest may exist where the interests or benefits of one person or entity conflict or appear to conflict with the interests or benefits of CrowdStrike. Your decisions and actions related to CrowdStrike should be based on the best interests of CrowdStrike and not based on personal relationships or benefits, either for yourself or for others. CrowdStrike personnel must never use or attempt to use their position with CrowdStrike to obtain improper personal benefits. A conflict of interest may arise in many situations. We cannot list them all in this policy; however, some examples include: serving as a director, employee or contractor for a company that has a business relationship with CrowdStrike or is a competitor of CrowdStrike; having a financial interest in a competitor, supplier or customer of CrowdStrike, other than holding a direct interest of less than 1% in the stock of a publicly traded company or holding mutual funds that may include stock of a competitor, supplier or customer of CrowdStrike; receiving something of material value from a competitor, supplier or customer of CrowdStrike beyond entertainment or nominal gifts in the ordinary course of business; being asked to present at a conference where the conference sponsor has a real or potential business relationship with CrowdStrike (as a vendor, customer or investor, for example), in a situation in which the sponsor offers travel or accommodation arrangements or other benefits materially in excess of our standard benefits; or directly or indirectly using for personal gain, rather than for the benefit of CrowdStrike, an opportunity that you discovered through your role with Evaluating whether a conflict of interest exists can be difficult and may involve a number of considerations. We encourage you to seek guidance from your manager and the human resources or legal departments when you have any questions or doubts. In the interest of clarifying the definition of “conflict of interest,” if any member of the Board who is also a partner or employee of an entity that is a holder of CrowdStrike capital stock, or an employee of an entity that manages such an entity (each, a “Fund”), acquires knowledge of a potential transaction (investment transaction or otherwise) or other matter other than in connection with such individual’s service as a member of the Board (including, if applicable, in such individual’s capacity as a partner or employee of the Fund or the manager or general partner of a Fund) that may be an opportunity of interest for both CrowdStrike and such Fund (a “Corporate Opportunity”), then, provided that such director has acted reasonably and in good faith with respect to the best interests of CrowdStrike, such an event shall be deemed not to be a “conflict of interest” under this policy. If you are aware of an actual or potential conflict of interest, or are concerned that a conflict might develop, please discuss with your manager and then obtain approval from our CFO or Chief Legal Officer before engaging in that activity or accepting something of value. Compliance CrowdStrike strives to comply with all applicable laws and regulations. It is your personal responsibility to adhere to the standards and restrictions imposed by those laws and regulations, including those relating to financial and accounting matters. The same applies to policies we adopt, such as this one. Even if conduct complies with the letter of the law or our policies, we must avoid conduct that will have an adverse impact on the trust and confidence of our customers, partners or investors. Reporting If you have a concern regarding conduct that you believe to be a violation of a law, regulation or CrowdStrike policy, or you are aware of questionable legal, financial or accounting matters, or simply are unsure whether a situation violates any applicable law, regulation or CrowdStrike policy, there are several alternative reporting paths. CrowdStrike encourages you to reveal your name so we can effectively address your concern, but has also provided unattributed reporting routes. You may do any of the following, so long as you do one of them: Contact your manager, HR, the CFO or Chief Legal Officer Send an email to email@example.com (this will reflect that you are the sender) Send an unattributed letter to the attention of the CFO or Chief Legal Officer at 150 Mathilda Place, Suite 300, Sunnyvale, CA 94086 File an attributed or unattributed online report through www.crowdstrike.ethicspoint.com or through our ethics hotline: 1-844-330-7796 (USA/Canada) 1-800-881-011 (Australia) 000-117 (India) 001-800-462-4240 (Mexico) 0-800-89-0011 (UK) 00-800-222-55288 (Ireland) 800-172-444 (Italy) 0800-022-9111 (Netherlands) 0-800-225-5288 (Germany) 0808-03-4288 (Romania) 800-011-1111 (Singapore) 0034-811-001 (Japan) Regardless of location, when prompted dial 844-330-7796 The CFO or Chief Legal Officer, as appropriate, will review concerns submitted through the hotline or by regular mail. The complaint procedure is specifically designed so that employees have a mechanism that allows the employee to bypass a supervisor he or she believes is engaged in prohibited conduct under this policy. Unattributed reports should be detailed and factual, instead of speculative or conclusory, and should contain as much specific information as possible to allow the CFO or Chief Legal Officer and other persons investigating the report to adequately assess the nature, extent and urgency of the allegations. We expect our employees to do their best to comply with this policy. It is important that you stay vigilant to ensure there are no violations of this policy by anyone. Do not stay silent in the face of a potential violation. If you have knowledge of a potential violation and fail to report it via the process set forth above, you too may be subject to disciplinary action under this code. If you are a manager and are approached with a question or concern related to this or any other company policy, listen carefully and give the employee your complete attention. Get as much information as possible and write it down as fully as you can. Do not try to solve the problem yourself. Rather, tell the employee that we take these things seriously and that we will look into it and follow up. Then, please turn the information over to HR or the Legal Department and they will follow up. Do not share the information with anyone else, except on the instructions of the Legal Department. No Retaliation CrowdStrike will not retaliate against any individual for filing a good-faith concern regarding noncompliance with this policy. CrowdStrike will not retaliate against any individual participating in the investigation of any such complaint either. Finally, CrowdStrike will not permit any such retaliation by any manager or executive officer, or by any company with which we contract.