Effective November 10, 2024.

 

Privacy Notice

CrowdStrike is on a mission to stop breaches. We have numerous offerings, including but not limited to platform and cloud-based security and intelligence subscription services, app store software and integrations, professional services, free community security tools, and more. Our offerings are designed to provide cutting-edge security solutions to our customers. We lead the industry in cloud-native crowdsourced security, applying big data analytics to detect, contain, and mitigate network intrusions, protect data, assess risk, and identify attackers. For more information about CrowdStrike, please see the “About Us” section of our Website at https://www.crowdstrike.com/about-crowdstrike/.

This Privacy Notice (“Notice”) describes the manner in which CrowdStrike, Inc. and its affiliates (collectively “CrowdStrike”) collect, use, maintain, and disclose information from users of our websites (e.g., crowdstrike.com, supportportal.crowdstrike.com, falcon.crowdstrike.com, crowdstrike.org, humio.com) (collectively, “Websites”), event participants, prospective customers, or other situations in which CrowdStrike is a data controller, and from the use of our products and the performance of our services (our “Offerings”). For purposes of this Notice, the terms “user,” “customer,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used within the Notice interchangeably.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice. At any time, you can manage your privacy preferences by visiting our Preference Center. If you are a job applicant, please refer to our Candidate Privacy Notice.

 

1. Quick Links

2. Data Collection and Use

2.1 What Personal Information Does CrowdStrike Obtain?

2.2 Where Does CrowdStrike Obtain Personal Information and How Is Personal Information Used?

2.3 With Whom Does CrowdStrike Share My Personal Information?

3. Legal Basis for Processing Personal Information (EEA, UK, and Swiss Visitors Only)

4. Cookies and Similar Technology

5. Offerings

6. How We Protect Your Personal Information

7. International Data Transfers

8. Retention of Personal Information

9. European Economic Area, United Kingdom, and Switzerland Residents

10. California Residents

10.1 Categories of Personal Information Collected

10.2 Purposes for Collection

10.3 Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising

10.4 Sensitive Personal Information

10.5 Your Rights

11. Changes to this Privacy Notice

12. Contacting Us

 

2. Data Collection and Use

 

2.1 What Personal Information Does CrowdStrike Obtain?

To fulfill the purposes described in this Notice, CrowdStrike may collect personal information such as business contact information, technical unique identifiers, authentication credentials, or other personal information you choose to provide to CrowdStrike. For example, as described in specific sections of this Notice, personal data collected may include, among other things, the Internet Protocol (IP) address, browser information, device ID, the type of computer, and technical information about a user’s means of connection to our Websites or Web Portals, such as the operating system and the Internet service providers utilized and other similar information. When users are required to login to gain access to a particular Website feature or Web Portal, we collect usernames, passwords, and other login credentials to authenticate access to the feature or Offering.

CrowdStrike’s Websites and offerings are not directed at children, and CrowdStrike does not knowingly collect or sell personal information from individuals under the age of 16.

2.2 Where Does CrowdStrike Obtain Personal Information and How Is Personal Information Used?

CrowdStrike Websites provide Internet-based access for users to learn about CrowdStrike and its offerings and to communicate with CrowdStrike and with others. CrowdStrike web portals that may exist within our offerings (“Web Portals”) provide customers with Internet-based access to our offerings. When an individual, partner, or reseller, uses our Websites and Web Portals, CrowdStrike gathers information, some of which may be considered personal information in your jurisdiction and is used consistent with the below purposes.

Information Provided By You

Business Contact Information - If you register to attend a CrowdStrike-hosted in-person or virtual event, download one of our Knowledge Resources, sign up for a Free Trial or visit one of our offices, we will receive personal information about you, including your name, phone number, business email address, company name, and country. We use this information consistent with the purpose for which you provided it, such as to contact you about CrowdStrike’s offerings, company news, updates, and other CrowdStrike related information. We may also associate personal information that you submit to us, including email addresses, with information collected about you through other means such as cookies, web beacons, or social media plugins. This will help us better tailor content delivered to you through a variety of ways, including online advertisements. We include unsubscribe instructions at the bottom of each email if at any time you would like to unsubscribe from receiving future emails.

Audio, Electronic, or Visual Information - If you attend a CrowdStrike hosted in-person or virtual event or agree to be recorded in a telephone or virtual meeting, we may record some or all of that event or meeting. We may document the event in various ways, such as by taking photos at the event, interviewing you at the event, or recording your participation in a live question-and-answer or other interactive session. We use this information for business and marketing purposes, including to enhance our offerings and your customer or user experience.

CrowdStrike Blog and Other User Generated Content - We make available various community forums and blogs, where you can interact with other users and make your own posts. Your posts in CrowdStrike community forums or blogs are publicly-available information that you choose to disclose and such posts may be read, collected, and processed by others that visit these websites. We are under no obligation to publish, maintain, or retain any of your posts. If you provide us with feedback about our company, offerings, or Websites, we consider this to be freely given and we may use your feedback without compensation or attribution to you.

Links to Other Websites - Our Websites include links to other websites whose privacy practices may differ from those of CrowdStrike. If you submit personal information to any of those sites or services, your information is governed by their privacy notices. We encourage you to carefully read the privacy notice of any website service you visit.

Information That We Obtain From Third-Party Sources

From time to time, we may receive personal information about you, including your name, email address, or other information such as a profile picture, from third-party sources where those parties have indicated that they have your consent or are otherwise legally permitted or required to disclose your personal information to us. For example, we may be provided with information about individuals interested in using our offerings, joining our company, or when using third-party authentication options to sign-up for or log-in to our offerings.

How We Use Your Personal Information

We may use the information, including personal information, that you provide to us or that is provided to us by third-party sources for a variety of purposes, including but not limited to the following purposes:

Business and Operational Purposes - We may use the personal information in order to run our business, including in the course of running and maintaining our Websites and Webpages and infrastructure; improving customer and user experience; providing support; improving current and developing new features, products, and services; processing payments and agreements; managing contests and promotions; analyzing trends; to achieve other legitimate interests as well as where you have provided consent; and other business and operational-related purposes, including running and maintaining our Partner Portal and Partner Incentive Program.

Marketing and Commercial Purposes - We may use the personal information to send marketing and other communications to you; to conduct joint marketing efforts with our partners; to conduct digital and direct marketing; to connect you with our partners and resellers; and other marketing and commercial related-purposes.

Security Purposes - We may use the personal information to help ensure the security and integrity of our Websites and Web Portals, our physical office locations, and of our offerings; to help prevent fraud; to maintain endpoint and network security; and other security-related purposes.

Legal and Compliance Purposes - We may use the personal information to comply with our legal obligations; protect our intellectual property; enforce our legal rights; and other legal and compliance-related purposes.

2.3 With Whom Does CrowdStrike Disclose My Personal Information?

We may disclose personal information, including business contact information or aggregated demographic information regarding visitors and users of our Websites with our affiliates, partners, sponsors, and advertisers as described in more detail below, consistent with the purposes previously outlined in Section 2.2. This may be considered “sharing” or a “sale” under the CCPA. When we collect personal information through our offerings, it is made available to the CrowdStrike customer who was the source of the information and we use it as described in Section 5 of this Privacy Notice, the terms and conditions, or otherwise as directed by our customers.

Online Behavioral Advertising - We partner with a third party to display advertising on our Websites or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies, scripts and tags to gather information about your activities on this site and other sites to provide you advertising based on your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out from participating companies by visiting Digital Advertising Alliance's self-regulatory opt-out page, click here. If you are located in the European Economic Area, click here. Please note this does not opt you out of being served ads; you will continue to receive generic ads.

Social Media Features - Our Websites include social media features. These features may collect your IP address, which webpage you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy policy of the company providing them.

Event Sponsors - If you choose to register for or attend a CrowdStrike-hosted or jointly-hosted event or webinar or if you enter a contest or raffle with us and a sponsor, then we may disclose your contact information, content interest information or other activity data, and any other information, including personal information, collected in the course of these activities to those sponsors for commercial purposes. In many cases, you intentionally disclose your details by providing your information to these sponsors through consent via a registration form or by scanning your badge at the applicable sponsor’s booth. Virtual events hosted by third-party platforms may also collect additional data from you when you visit their sites. The treatment of this information is subject to each of these other entities’ respective privacy statements.

Partners and Resellers - We may disclose your personal information, such as contact information, business details, and content interest and activity details, to our partners and resellers for business purposes, such as to carry out our business or for joint marketing efforts to reach our customers and prospective customers. In many cases, you consent to the disclosure of your details by filling out a registration form.

Referrals - Where we provide a referral option that you choose to use to share information with a point of contact about us, we will ask you for the contact's name and email address. We will automatically send your contact a one-time email inviting him or her to visit our Website. CrowdStrike will store this information for the sole purpose of sending the one-time email and for tracking the success of our referral program. An individual whose name has been provided to us may contact us at Privacy@crowdstrike.com to request that we remove their information from our database.

With our Affiliates, Related to Corporate Transactions, the Provision of Professional Services, and Legal Disclosures - For all categories of data we collect, we disclose personal information to our affiliates and subsidiaries for business purposes, including any service providers and agents that work on our behalf. We may also disclose your information as required for us to carry out a corporate transaction, such as a merger or sale of assets of all or part of our company. We will also disclose your personal information to our professional service providers (for example, our auditors, insurance providers, financial service providers, and legal advisors) as needed for us to run our business, provide our offerings, support, maintain, or secure our offerings and our Websites; or administer activities on our behalf, such as events or marketing campaigns.We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If you are a visitor from the European Economic Area ("EEA"), Switzerland, or the United Kingdom ("UK"), CrowdStrike’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it.

In most circumstances, we collect personal information (i) where it is needed for the performance of a contract, (ii) where the processing of the personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your personal information may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests.

If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this notice or otherwise what those legitimate interests are. Often times, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicating with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.

 

4. Cookies and Similar Technologies

CrowdStrike and our service providers use cookies, local storage (HTML5), scripts and similar technologies to all our Websites and Web Portals to function properly, to help us continuously improve our Websites and Web Portals, and to customize a user's experience on our Websites and Web Portals. For further information regarding CrowdStrike’s use of cookies and how to set your cookie preferences, please refer to our Cookie Notice.

 

5. Offerings

Most of the information we collect through our Offerings is metadata. Metadata may include how and when a device or network is being used, login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. In some cases, we collect personal information as it may appear within the metadata such as that associated with usernames, filenames, file paths, and machine names. This personal information is used to help our customers and improve our capabilities in the way described in our more specific product or service documentation and agreements. CrowdStrike’s Offerings also include features providing customers the ability to submit files (including the content of those files) and other information related to the files for purposes including security analysis and response, product improvement, enhanced capabilities, or customer support. At the direction of customers, we may also collect or retrieve files as part of our Offerings.

An important type of data we detect, collect, analyze, and use through our Offerings (or provide our customers the ability to provide to us) is information about adversaries, for example, malware and URLs where adversaries try to send your data. We often discover this type of information from analyzing samples customers provide to us or from the data we collect from customers through our Offerings. We use the information we collect about adversaries to help all of our customers and the public – DETECT, RESPOND, REVEAL. However, when we share information that we learn about adversaries, we don’t identify customers or individuals, other than, of course, the adversary, that’s the WHO, WHAT, and WHY of our security mission.

To the extent CrowdStrike collects personal information through its Offerings, CrowdStrike generally collects that information under the authority and direction of its customers, which often are corporate entities. CrowdStrike typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a corporate customer and subsequently analyze and use. Consequently, any inquiries about the specific processing of your personal information via CrowdStrike Offerings should be directed to your organization. Regardless, the use of the information collected through our Offerings is limited to the purpose of providing the service for which our customers have engaged CrowdStrike or as otherwise outlined in our agreements. We do not use any personal information collected through our Offerings to contact or market products or services to these individuals. We also do not provide any personal information obtained through the Offerings to third parties for the purpose of contacting or marketing products or services to these individuals.

If you are a user of one of our Offerings, we obtain the personal information you provide us during the sales and/or fulfillment process or when you enter and use the Falcon Platform. We may use the personal information you provide to contact you and to provide and inform you of Offerings, send you an invoice, ask you to fill out a survey so we can determine how our offerings are used and enhance your customer and user experience, perform accounting, auditing and collection activities, answer questions, and provide support or other similar services.

 

6. How We Protect Your Information

The security of customer data and your personal information is not only important to us, it is our mission. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure and destruction of customer data and your personal information. We follow generally accepted practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Offerings or Websites, you can contact us at privacy@crowdstrike.com.

 

7. International Data Transfers

CrowdStrike's mission is global, and therefore, we may store information in the United States and other locations worldwide where we or our service providers have facilities. Where applicable, CrowdStrike relies upon an adequate mechanism for the international transfer of personal information. Specific to our Offerings, CrowdStrike provides a Global Data Protection Addendum to customers that incorporates the EU Standard Contractual Clauses (“SCCs”) unless (a) the data transfer destination has been recognized as providing an adequate level of data protection pursuant to the GDPR by competent data protection authority, or otherwise in a legally binding way, or (b) CrowdStrike has adopted an appropriate, under Applicable Laws recognized, adequacy mechanism ensuring an adequate level of data protection.

Data Privacy Framework

CrowdStrike, Inc. complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. CrowdStrike has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance the UK Extension to the EU-U.S. DPF. CrowdStrike has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

CrowdStrike is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. CrowdStrike complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over CrowdStrike's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, CrowdStrike may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, CrowdStrike commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

 

8. Retention of Personal Information

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.

 

9. European Economic Area, United Kingdom, and Switzerland Residents

If you are a resident of the EEA, UK, or Switzerland and where CrowdStrike is a data controller, your data protection rights are as follows:

  • You can request access, correction, or deletion of your personal information. You can do so at any time by submitting a request via our Data Subject Request Form
  • You can object to processing of your personal information, ask us to restrict processing of your personal data or request portability of your personal information. You can do so at any time by submitting a request via our Data Subject Request Form.
  • You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by visiting our Preference Center. To opt-out of other forms of marketing, such as telemarketing, then please contact CrowdStrike using the contact details provided below or by email at privacy@crowdstrike.com
  • If CrowdStrike has collected and currently processes your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about CrowdStrike’s collection and use of your personal information.

CrowdStrike responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect your personal information. If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact the customer/data controller that you interact with directly.

 

10. California Residents

The California Consumer Protection Act ("CCPA") provides consumers (California residents) with specific rights regarding the processing of their personal information.

10.1 Categories of Personal Information Collected

In the preceding 12 months, CrowdStrike has collected the following categories of personal information about California consumers. We may collect this personal information directly from you, from third parties, and from your interactions with our Websites and Web Portals. For additional details regarding the personal information CrowdStrike collects and where it is collected, please review Section 2.1 above. As defined by CCPA, the personal information categories are:

  • business contact information, including identifiers such a name, email address, address, and phone number;

  • commercial information, such as records of products or services purchased and other transactional data;

  • Internet or other network or device activity details, such as technical data about your use of our Websites or Web Portals;

  • geolocation data, such as your approximate location based on IP address;

  • audio, electronic, or visual data, such as part of a photo or recording for a CrowdStrike in-person or virtual event.

In regard to personal information provided by you, from third parties, or from your interactions with our Websites and Web Portals, we may retain personal information for as long as is needed for the purpose(s) for which it was collected and no longer than is relevant and reasonably necessary. Our retention periods vary based on business, legal and regulatory needs. If you are a CrowdStrike customer, please review Section 5 above.

10.2 Purposes for Collection

CrowdStrike may collect the categories of personal information described above for business and operational purposes, marketing and commercial purposes, security purposes, and legal and compliance purposes, as further described above in Section 2.2. In the preceding 12 months and where applicable, we have disclosed each of these categories to our service providers, affiliates, partners, resellers, and event sponsors, in line with the applicable purpose(s) as described above in Section 2.3.

10.3 Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising

In the preceding 12 months, we have disclosed the above categories of personal information to third-party advertising partners, such as in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA.

10.4 Sensitive Personal Information

In the preceding 12 months, CrowdStrike has not collected, shared, or sold any sensitive personal information as described in the CCPA.

10.5 Your Rights

  • You have the right to know what personal information we collect, use, disclose, share and sell about you.

  • You have the right to request we correct personal information we collect and maintain about you if such personal information is inaccurate.

  • You have the right to request we delete personal information we collect and maintain about you.

  • You have the right to opt-out of the sale or sharing of your personal data. CrowdStrike shares personal data as described above, which may be considered a “sale” of personal data under the CPRA.

  • You have the right to limit the use or disclosure of your sensitive personal data. CrowdStrike does not collect, share, or sell sensitive personal data.

  • You have the right not to receive discriminatory treatment from CrowdStrike for exercising your privacy rights under the CCPA.

  • You have the right to designate an Authorized Agent to make a request on your behalf when exercising your privacy rights under the CCPA

How to Contact CrowdStrike about Your Rights

CrowdStrike responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. If you would like to exercise your privacy rights under CCPA or are an Authorized Agent making a request on behalf of a California consumer, please submit a request via our Data Subject Request Form. After submitting your request, please monitor your email for any follow-up communications from us. The information you provide will be used only to help verify and process your request. If you are an Authorized Agent, we reserve the right to request you demonstrate evidence of your authorization, either by providing us with a signed permission form or a copy of your power-of-attorney granting you such authority.

To opt-out of the sale/share of your personal information, please submit a request via our Opt-Out Form, by emailing your request to Privacy@crowdstrike.com, or by clicking the “Your Privacy Choices” link at the bottom of our website and following the directions provided on that page. You may also opt-out by using an Opt-Out Preference Signal, such as the Global Privacy Control (“GPC”). Please note that unless you have previously provided your personal information to CrowdStrike, your request to opt-out via GPC will be linked to your browser identifier only because CrowdStrike does not have any of your personal information to associate your GPC out-out with.

If you are an authorized agent making a request on behalf of a California consumer, please email your request to Privacy@crowdstrike.com and provide us the first name, last name, and email address of the California consumer you are making the request for. If you do not provide the requested information, we may not be able to identify the California consumer and process the request. The information you provide will be used only to help verify and process the request. We reserve the right to request you demonstrate evidence of your authorization, either by providing us with a signed permission form or a copy of your power-of-attorney document granting you such authority.

If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact the customer/business that you interact with directly.

From the period of January 1, 2022, to January 1, 2023, CrowdStrike has received 1 verifiable request from California consumers.

11. Changes to this Privacy Notice

CrowdStrike may update this Privacy Notice and its last modified date at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this Website. We encourage you to periodically review this page for the latest information on our privacy practices.

12. Contacting Us

If you have any questions, inquiries, or complaints about this Privacy Notice or our privacy practices, please contact us at:

Vice President, Privacy
CrowdStrike
150 Mathilda Place
Sunnyvale, CA 94068
privacy@crowdstrike.com

If you are a current CrowdStrike customer and would like to sign up to receive subprocessor notifications, you can do so at https://www.crowdstrike.com/subprocessor-notification/.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

TRUSTe TRUSTe


Effective October 10, 2023.


Privacy Notice

CrowdStrike is on a mission to stop breaches. We have numerous offerings, including but not limited to platform and cloud-based security and intelligence subscription services, app store software and integrations, professional services, free community security tools, and more. Our offerings are designed to provide cutting-edge security solutions to our customers. We lead the industry in cloud-native crowdsourced security, applying big data analytics to detect, contain, and mitigate network intrusions, protect data, assess risk, and identify attackers. For more information about CrowdStrike, please see the “About Us” section of our Website at https://www.crowdstrike.com/about-crowdstrike/.

This Privacy Notice (“Notice”) describes the manner in which CrowdStrike, Inc. and its affiliates (collectively “CrowdStrike”) collect, use, maintain, and disclose information from users of our websites (e.g., crowdstrike.com, supportportal.crowdstrike.com, falcon.crowdstrike.com, crowdstrike.org, humio.com) (collectively, “Websites”), event participants, prospective customers, or other situations in which CrowdStrike is a data controller, and from the use of our products and the performance of our services (our “Offerings”). For purposes of this Notice, the terms “user,” “customer,” “you,” and “your” are meant to refer to the individuals about whom we may collect personal information, and at times may be used within the Notice interchangeably.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice. At any time, you can manage your privacy preferences by visiting our Preference Center. If you are a job applicant, please refer to our Candidate Privacy Notice.

 

1. Quick Links

2. Data Collection and Use

2.1 What Personal Information Does CrowdStrike Obtain?

2.2 Where Does CrowdStrike Obtain Personal Information and How Is Personal Information Used?

2.3 With Whom Does CrowdStrike Share My Personal Information?

3. Legal Basis for Processing Personal Information (EEA, UK, and Swiss Visitors Only)

4. Cookies and Similar Technology

5. Offerings

6. How We Protect Your Personal Information

7. International Data Transfers

8. Retention of Personal Information

9. European Economic Area, United Kingdom, and Switzerland Residents

10. California Residents

10.1 Categories of Personal Information Collected

10.2 Purposes for Collection

10.3 Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising

10.4 Sensitive Personal Information

10.5 Your Rights

11. Changes to this Privacy Notice

12. Contacting Us

 

2. Data Collection and Use

 

2.1 What Personal Information Does CrowdStrike Obtain?

To fulfill the purposes described in this Notice, CrowdStrike may collect personal information such as business contact information, technical unique identifiers, authentication credentials, or other personal information you choose to provide to CrowdStrike. For example, as described in specific sections of this Notice, personal data collected may include, among other things, the Internet Protocol (IP) address, browser information, device ID, the type of computer, and technical information about a user’s means of connection to our Websites or Web Portals, such as the operating system and the Internet service providers utilized and other similar information. When users are required to login to gain access to a particular Website feature or Web Portal, we collect usernames, passwords, and other login credentials to authenticate access to the feature or Offering.

CrowdStrike’s Websites and offerings are not directed at children, and CrowdStrike does not knowingly collect or sell personal information from individuals under the age of 16.

2.2 Where Does CrowdStrike Obtain Personal Information and How Is Personal Information Used?

CrowdStrike Websites provide Internet-based access for users to learn about CrowdStrike and its offerings and to communicate with CrowdStrike and with others. CrowdStrike web portals that may exist within our offerings (“Web Portals”) provide customers with Internet-based access to our offerings. When an individual, partner, or reseller, uses our Websites and Web Portals, CrowdStrike gathers information, some of which may be considered personal information in your jurisdiction and is used consistent with the below purposes.

Information Provided By You

Business Contact Information - If you register to attend a CrowdStrike-hosted in-person or virtual event, download one of our Knowledge Resources, sign up for a Free Trial or visit one of our offices, we will receive personal information about you, including your name, phone number, business email address, company name, and country. We use this information consistent with the purpose for which you provided it, such as to contact you about CrowdStrike’s offerings, company news, updates, and other CrowdStrike related information. We may also associate personal information that you submit to us, including email addresses, with information collected about you through other means such as cookies, web beacons, or social media plugins. This will help us better tailor content delivered to you through a variety of ways, including online advertisements. We include unsubscribe instructions at the bottom of each email if at any time you would like to unsubscribe from receiving future emails.

Audio, Electronic, or Visual Information - If you attend a CrowdStrike hosted in-person or virtual event or agree to be recorded in a telephone or virtual meeting, we may record some or all of that event or meeting. We may document the event in various ways, such as by taking photos at the event, interviewing you at the event, or recording your participation in a live question-and-answer or other interactive session. We use this information for business and marketing purposes, including to enhance our offerings and your customer or user experience.

CrowdStrike Blog and Other User Generated Content - We make available various community forums and blogs, where you can interact with other users and make your own posts. Your posts in CrowdStrike community forums or blogs are publicly-available information that you choose to disclose and such posts may be read, collected, and processed by others that visit these websites. We are under no obligation to publish, maintain, or retain any of your posts. If you provide us with feedback about our company, offerings, or Websites, we consider this to be freely given and we may use your feedback without compensation or attribution to you.

Links to Other Websites - Our Websites include links to other websites whose privacy practices may differ from those of CrowdStrike. If you submit personal information to any of those sites or services, your information is governed by their privacy notices. We encourage you to carefully read the privacy notice of any website service you visit.

Information That We Obtain From Third-Party Sources

From time to time, we may receive personal information about you, including your name, email address, or other information such as a profile picture, from third-party sources where those parties have indicated that they have your consent or are otherwise legally permitted or required to disclose your personal information to us. For example, we may be provided with information about individuals interested in using our offerings, joining our company, or when using third-party authentication options to sign-up for or log-in to our offerings.

How We Use Your Personal Information

We may use the information, including personal information, that you provide to us or that is provided to us by third-party sources for a variety of purposes, including but not limited to the following purposes:

Business and Operational Purposes - We may use the personal information in order to run our business, including in the course of running and maintaining our Websites and Webpages and infrastructure; improving customer and user experience; providing support; improving current and developing new features, products, and services; processing payments and agreements; managing contests and promotions; analyzing trends; to achieve other legitimate interests as well as where you have provided consent; and other business and operational-related purposes, including running and maintaining our Partner Portal and Partner Incentive Program.

Marketing and Commercial Purposes - We may use the personal information to send marketing and other communications to you; to conduct joint marketing efforts with our partners; to conduct digital and direct marketing; to connect you with our partners and resellers; and other marketing and commercial related-purposes.

Security Purposes - We may use the personal information to help ensure the security and integrity of our Websites and Web Portals, our physical office locations, and of our offerings; to help prevent fraud; to maintain endpoint and network security; and other security-related purposes.

Legal and Compliance Purposes - We may use the personal information to comply with our legal obligations; protect our intellectual property; enforce our legal rights; and other legal and compliance-related purposes.

2.3 With Whom Does CrowdStrike Disclose My Personal Information?

We may disclose personal information, including business contact information or aggregated demographic information regarding visitors and users of our Websites with our affiliates, partners, sponsors, and advertisers as described in more detail below, consistent with the purposes previously outlined in Section 2.2. This may be considered “sharing” or a “sale” under the CCPA. When we collect personal information through our offerings, it is made available to the CrowdStrike customer who was the source of the information and we use it as described in Section 5 of this Privacy Notice, the terms and conditions, or otherwise as directed by our customers.

Online Behavioral Advertising - We partner with a third party to display advertising on our Websites or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies, scripts and tags to gather information about your activities on this site and other sites to provide you advertising based on your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out from participating companies by visiting Digital Advertising Alliance's self-regulatory opt-out page, click here. If you are located in the European Economic Area, click here. Please note this does not opt you out of being served ads; you will continue to receive generic ads.

Social Media Features - Our Websites include social media features. These features may collect your IP address, which webpage you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy policy of the company providing them.

Event Sponsors - If you choose to register for or attend a CrowdStrike-hosted or jointly-hosted event or webinar or if you enter a contest or raffle with us and a sponsor, then we may disclose your contact information, content interest information or other activity data, and any other information, including personal information, collected in the course of these activities to those sponsors for commercial purposes. In many cases, you intentionally disclose your details by providing your information to these sponsors through consent via a registration form or by scanning your badge at the applicable sponsor’s booth. Virtual events hosted by third-party platforms may also collect additional data from you when you visit their sites. The treatment of this information is subject to each of these other entities’ respective privacy statements.

Partners and Resellers - We may disclose your personal information, such as contact information, business details, and content interest and activity details, to our partners and resellers for business purposes, such as to carry out our business or for joint marketing efforts to reach our customers and prospective customers. In many cases, you consent to the disclosure of your details by filling out a registration form.

Referrals - Where we provide a referral option that you choose to use to share information with a point of contact about us, we will ask you for the contact's name and email address. We will automatically send your contact a one-time email inviting him or her to visit our Website. CrowdStrike will store this information for the sole purpose of sending the one-time email and for tracking the success of our referral program. An individual whose name has been provided to us may contact us at Privacy@crowdstrike.com to request that we remove their information from our database.

With our Affiliates, Related to Corporate Transactions, the Provision of Professional Services, and Legal Disclosures - For all categories of data we collect, we disclose personal information to our affiliates and subsidiaries for business purposes, including any service providers and agents that work on our behalf. We may also disclose your information as required for us to carry out a corporate transaction, such as a merger or sale of assets of all or part of our company. We will also disclose your personal information to our professional service providers (for example, our auditors, insurance providers, financial service providers, and legal advisors) as needed for us to run our business, provide our offerings, support, maintain, or secure our offerings and our Websites; or administer activities on our behalf, such as events or marketing campaigns.We may also disclose your personal information as required by law, such as to comply with a subpoena or similar legal process; or when we believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If you are a visitor from the European Economic Area ("EEA"), Switzerland, or the United Kingdom ("UK"), CrowdStrike’s legal basis for collecting and using the personal information collected will depend on the personal information concerned and the specific context in which we collect it.

In most circumstances, we collect personal information (i) where it is needed for the performance of a contract, (ii) where the processing of the personal information is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your personal information may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests.

If we collect and use your personal information in reliance on our legitimate interests or those of any third party, we will make clear to you at the relevant time through this notice or otherwise what those legitimate interests are. Often times, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicating with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.

 

4. Cookies and Similar Technologies

CrowdStrike and our service providers use cookies, local storage (HTML5), scripts and similar technologies to all our Websites and Web Portals to function properly, to help us continuously improve our Websites and Web Portals, and to customize a user's experience on our Websites and Web Portals. For further information regarding CrowdStrike’s use of cookies and how to set your cookie preferences, please refer to our Cookie Notice.

 

5. Offerings

Most of the information we collect through our Offerings is metadata. Metadata may include how and when a device or network is being used, login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. In some cases, we collect personal information as it may appear within the metadata such as that associated with usernames, filenames, file paths, and machine names. This personal information is used to help our customers and improve our capabilities in the way described in our more specific product or service documentation and agreements. CrowdStrike’s Offerings also include features providing customers the ability to submit files (including the content of those files) and other information related to the files for purposes including security analysis and response, product improvement, enhanced capabilities, or customer support. At the direction of customers, we may also collect or retrieve files as part of our Offerings.

An important type of data we detect, collect, analyze, and use through our Offerings (or provide our customers the ability to provide to us) is information about adversaries, for example, malware and URLs where adversaries try to send your data. We often discover this type of information from analyzing samples customers provide to us or from the data we collect from customers through our Offerings. We use the information we collect about adversaries to help all of our customers and the public – DETECT, RESPOND, REVEAL. However, when we share information that we learn about adversaries, we don’t identify customers or individuals, other than, of course, the adversary, that’s the WHO, WHAT, and WHY of our security mission.

To the extent CrowdStrike collects personal information through its Offerings, CrowdStrike generally collects that information under the authority and direction of its customers, which often are corporate entities. CrowdStrike typically has no direct relationship or contact with an individual whose personal information we may collect or receive from a corporate customer and subsequently analyze and use. Consequently, any inquiries about the specific processing of your personal information via CrowdStrike Offerings should be directed to your organization. Regardless, the use of the information collected through our Offerings is limited to the purpose of providing the service for which our customers have engaged CrowdStrike or as otherwise outlined in our agreements. We do not use any personal information collected through our Offerings to contact or market products or services to these individuals. We also do not provide any personal information obtained through the Offerings to third parties for the purpose of contacting or marketing products or services to these individuals.

If you are a user of one of our Offerings, we obtain the personal information you provide us during the sales and/or fulfillment process or when you enter and use the Falcon Platform. We may use the personal information you provide to contact you and to provide and inform you of Offerings, send you an invoice, ask you to fill out a survey so we can determine how our offerings are used and enhance your customer and user experience, perform accounting, auditing and collection activities, answer questions, and provide support or other similar services.


6. How We Protect Your Information

The security of customer data and your personal information is not only important to us, it is our mission. We adopt data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure and destruction of customer data and your personal information. We follow generally accepted practices to protect customer data and the personal information collected and submitted to us, both during transmission and once we receive it. If you have questions about the security of your personal information collected through our Offerings or Websites, you can contact us at privacy@crowdstrike.com.

 

7. International Data Transfers

CrowdStrike's mission is global, and therefore, we may store information in the United States and other locations worldwide where we or our service providers have facilities. Where applicable, CrowdStrike relies upon an adequate mechanism for the international transfer of personal information. Specific to our Offerings, CrowdStrike provides a Global Data Protection Addendum to customers that incorporates the EU Standard Contractual Clauses (“SCCs”) unless (a) the data transfer destination has been recognized as providing an adequate level of data protection pursuant to the GDPR by competent data protection authority, or otherwise in a legally binding way, or (b) CrowdStrike has adopted an appropriate, under Applicable Laws recognized, adequacy mechanism ensuring an adequate level of data protection.

Data Privacy Framework

CrowdStrike, Inc. complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. CrowdStrike has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance the UK Extension to the EU-U.S. DPF. CrowdStrike has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

CrowdStrike is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. CrowdStrike complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over CrowdStrike's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, CrowdStrike may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, CrowdStrike commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.


8. Retention of Personal Information

We will retain your personal information for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal information preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.

 

9. European Economic Area, United Kingdom, and Switzerland Residents

If you are a resident of the EEA, UK, or Switzerland and where CrowdStrike is a data controller, your data protection rights are as follows:

  • You can request access, correction, or deletion of your personal information. You can do so at any time by submitting a request via our Data Subject Request Form
  • You can object to processing of your personal information, ask us to restrict processing of your personal data or request portability of your personal information. You can do so at any time by submitting a request via our Data Subject Request Form.
  • You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by visiting our Preference Center. To opt-out of other forms of marketing, such as telemarketing, then please contact CrowdStrike using the contact details provided below or by email at privacy@crowdstrike.com
  • If CrowdStrike has collected and currently processes your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about CrowdStrike’s collection and use of your personal information.

CrowdStrike responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the personal information you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect your personal information. If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact the customer/data controller that you interact with directly.


10. California Residents

The California Consumer Protection Act ("CCPA") provides consumers (California residents) with specific rights regarding the processing of their personal information.

10.1 Categories of Personal Information Collected

In the preceding 12 months, CrowdStrike has collected the following categories of personal information about California consumers. We may collect this personal information directly from you, from third parties, and from your interactions with our Websites and Web Portals. For additional details regarding the personal information CrowdStrike collects and where it is collected, please review Section 2.1 above. As defined by CCPA, the personal information categories are:

  • business contact information, including identifiers such a name, email address, address, and phone number;

  • commercial information, such as records of products or services purchased and other transactional data;

  • Internet or other network or device activity details, such as technical data about your use of our Websites or Web Portals;

  • geolocation data, such as your approximate location based on IP address;

  • audio, electronic, or visual data, such as part of a photo or recording for a CrowdStrike in-person or virtual event.

In regard to personal information provided by you, from third parties, or from your interactions with our Websites and Web Portals, we may retain personal information for as long as is needed for the purpose(s) for which it was collected and no longer than is relevant and reasonably necessary. Our retention periods vary based on business, legal and regulatory needs. If you are a CrowdStrike customer, please review Section 5 above.

10.2 Purposes for Collection

CrowdStrike may collect the categories of personal information described above for business and operational purposes, marketing and commercial purposes, security purposes, and legal and compliance purposes, as further described above in Section 2.2. In the preceding 12 months and where applicable, we have disclosed each of these categories to our service providers, affiliates, partners, resellers, and event sponsors, in line with the applicable purpose(s) as described above in Section 2.3.

10.3 Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising

In the preceding 12 months, we have disclosed the above categories of personal information to third-party advertising partners, such as in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA.

10.4 Sensitive Personal Information

In the preceding 12 months, CrowdStrike has not collected, shared, or sold any sensitive personal information as described in the CCPA.

10.5 Your Rights

  • You have the right to know what personal information we collect, use, disclose, share and sell about you.

  • You have the right to request we correct personal information we collect and maintain about you if such personal information is inaccurate.

  • You have the right to request we delete personal information we collect and maintain about you.

  • You have the right to opt-out of the sale or sharing of your personal data. CrowdStrike shares personal data as described above, which may be considered a “sale” of personal data under the CPRA.

  • You have the right to limit the use or disclosure of your sensitive personal data. CrowdStrike does not collect, share, or sell sensitive personal data.

  • You have the right not to receive discriminatory treatment from CrowdStrike for exercising your privacy rights under the CCPA.

  • You have the right to designate an Authorized Agent to make a request on your behalf when exercising your privacy rights under the CCPA

How to Contact CrowdStrike about Your Rights

CrowdStrike responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. If you would like to exercise your privacy rights under CCPA or are an Authorized Agent making a request on behalf of a California consumer, please submit a request via our Data Subject Request Form. After submitting your request, please monitor your email for any follow-up communications from us. The information you provide will be used only to help verify and process your request. If you are an Authorized Agent, we reserve the right to request you demonstrate evidence of your authorization, either by providing us with a signed permission form or a copy of your power-of-attorney granting you such authority.

To opt-out of the sale/share of your personal information, please submit a request via our Opt-Out Form, by emailing your request to Privacy@crowdstrike.com, or by clicking the “Your Privacy Choices” link at the bottom of our website and following the directions provided on that page. You may also opt-out by using an Opt-Out Preference Signal, such as the Global Privacy Control (“GPC”). Please note that unless you have previously provided your personal information to CrowdStrike, your request to opt-out via GPC will be linked to your browser identifier only because CrowdStrike does not have any of your personal information to associate your GPC out-out with.

If you are an authorized agent making a request on behalf of a California consumer, please email your request to Privacy@crowdstrike.com and provide us the first name, last name, and email address of the California consumer you are making the request for. If you do not provide the requested information, we may not be able to identify the California consumer and process the request. The information you provide will be used only to help verify and process the request. We reserve the right to request you demonstrate evidence of your authorization, either by providing us with a signed permission form or a copy of your power-of-attorney document granting you such authority.

If we obtained your personal information from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact the customer/business that you interact with directly.

From the period of January 1, 2022, to January 1, 2023, CrowdStrike has received 1 verifiable request from California consumers.

11. Changes to this Privacy Notice

CrowdStrike may update this Privacy Notice and its last modified date at any time to reflect changes to our information practices. If we make significant changes in how we use your personal information, we will notify you by email if feasible or by means of a notice on this Website. We encourage you to periodically review this page for the latest information on our privacy practices.

12. Contacting Us

If you have any questions, inquiries, or complaints about this Privacy Notice or our privacy practices, please contact us at:

Vice President, Privacy
CrowdStrike
150 Mathilda Place
Sunnyvale, CA 94068
privacy@crowdstrike.com

If you are a current CrowdStrike customer and would like to sign up to receive subprocessor notifications, you can do so at https://www.crowdstrike.com/subprocessor-notification/.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.