CrowdStrike Software Terms of Use
PLEASE READ CAREFULLY: YOU AND ANY COMPANY OR ENTITY THAT YOU ARE ACTING FOR (“SOFTWARE USER” OR “YOU” OR “YOUR”) ACCEPTS THESE CROWDSTRIKE SOFTWARE TERMS OF USE (THE “TERMS”) BY INSTALLING AND/OR USING THE SOFTWARE. YOU REPRESENT THAT YOU: 1. ARE LAWFULLY ABLE TO ENTER INTO THESE TERMS, AND 2. HAVE FULL AUTHORITY TO BIND THE SOFTWARE USER TO THESE TERMS. THESE TERMS ARE A BINDING CONTRACT BETWEEN SOFTWARE USER AND CROWDSTRIKE, INC., A DELAWARE CORPORATION, ON BEHALF OF ITSELF AND ANY OF ITS AFFILIATES PERFORMING HEREUNDER (COLLECTIVELY, “CROWDSTRIKE”). IF YOU DO NOT HAVE THIS AUTHORITY, OR YOU DO NOT AGREE TO, OR CANNOT COMPLY WITH, ALL THE TERMS, THEN YOU MAY NOT USE THE SOFTWARE. THESE TERMS GOVERN YOUR USE OF THE SOFTWARE UNLESS YOU HAVE ANOTHER VALID AGREEMENT WITH CROWDSTRIKE FOR THE USE OF THIS SOFTWARE.
1. Updating the Terms. CrowdStrike may revise and update these Terms from time to time in our sole discretion. Your continued use of the Software following the update of revised Terms means that you accept and agree to the changes. When accepted by you, the revised Terms automatically supersede the prior version. New Terms apply prospectively only.
2. Definitions.
“CrowdStrike Competitor” means a person or entity in the business of developing, distributing, or commercializing Internet security products or services substantially similar to or competitive with CrowdStrike’s products or services.
“CrowdStrike Data” shall mean the data generated by the Software, including but not limited to, correlative and/or contextual data, and/or detections. For the avoidance of doubt, CrowdStrike Data does not include Software User Data. Any access to or use of CrowdStrike Data through the Software is expressly limited to Software User’s Internal Use.
“Documentation” means the Software end-user technical documentation.
“Endpoint” means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image.
“Execution Profile/Metric Data” means any machine-generated data, such as metadata derived from tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts, and processes, that: (i) Software User provides to CrowdStrike or (ii) is collected or discovered through or during the use of the Software, excluding any such information or data that identifies Software User or to the extent it includes Personal Data.
“Internal Use” means access or use solely for Software User’s own internal information security purposes. By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or entity other than Software User, or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by Software User’s employees or your Third Party Providers for Software User’s benefit.
“Personal Data” means information provided by Software User to CrowdStrike or collected by CrowdStrike from Software User used to distinguish or trace a natural person’s identity, either alone or when combined with other personal or identifying information that is linked or linkable by CrowdStrike to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable in the jurisdictions in which such person resides define such information as Personal Data.
“Software” means the software accompanying these Terms, or CrowdStrike software that you or a Third Party Provider have installed or used on your Endpoints, including any updates thereto and/or related Documentation that may be made available from time to time by CrowdStrike. CrowdStrike Software may commonly be referred to as the “Falcon Sensor”. Software may accompany or be accessed through CrowdStrike cloud offerings (e.g., commonly referred to as the Falcon Platform), under another license or subscription and subject to separate terms and conditions found here https://www.crowdstrike.com/terms-conditions/
“Threat Actor Data” means any malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information or data, in each case that is potentially related to unauthorized third parties associated therewith and that: (i) Software User provides to CrowdStrike, or (ii) is collected or discovered through or during the use of the Software, excluding any such information or data that identifies Software User or to the extent that it includes Personal Data.
“Third Party Provider” means any individual or entity (other than a CrowdStrike Competitor) that: (i) has access or use of the Software: (a) under these Terms solely on behalf of and for Software User’s Internal Use, or (b) under a separate valid agreement with CrowdStrike, (ii) has an agreement to provide Software User (or its Affiliates) services, and (iii) is subject to confidentiality obligations covering CrowdStrike’s Confidential Information. A non-exhaustive list of examples of Third Party Providers are managed services providers, consultants or consulting firms providing incident response services, or franchisors.
“Software User Data” means the data generated by the Software User’s Endpoint and collected by the Software, but excluding Threat Actor Data or Execution Profile/Metric Data. For the avoidance of doubt, Software User Data does not include CrowdStrike Data.
3. License and Restrictions.
3.1 License. Subject to these Terms, if Software User has obtained a valid evaluation license or subscription to the Software through CrowdStrike or a designated CrowdStrike partner or reseller, Software User may, solely for Software User’s own Internal Use and during the period of time such evaluation or subscription remains valid, install and run this Software up to the validly licensed quantity.
3.2 Restrictions. The rights set forth in 3.1 above do not include any rights to, and you shall not: (i) employ or authorize a CrowdStrike Competitor to use the Software or the Documentation, or to provide management, hosting, or support for Software; (ii) alter, publicly display, translate, create derivative works of or otherwise modify the Software; (iii) sublicense, distribute or otherwise transfer the Software to any third party; (iv) allow third parties to access or use the Software; (v) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code for the Software (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to CrowdStrike’s hosted software or its related systems or networks; (vi) use the Software to circumvent the security of another party’s network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (vii) remove or alter any notice of proprietary right appearing on the Software; (viii) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, the Software (provided, that this does not prevent Software User from comparing Software to other products for legitimate purchase evaluation decisions and Software User’s Internal Use); or (x) cause, encourage or assist any third party to do any of the foregoing. Software User agrees to use the Software in accordance with laws, rules and regulations directly applicable to Software User and acknowledges that Software User is solely responsible for determining whether a particular use of the Software is compliant with such laws. CrowdStrike Competitors or any other party with interests or intentions adverse to CrowdStrike may not access, install or use the Software or CrowdStrike Data.
3.3 Third Party Software. CrowdStrike uses certain third party software in its Software, including what is commonly referred to as open source software. Under some of these third party licenses, CrowdStrike is required to provide Software User with notice of the license terms and attribution to the third party. See the licensing terms and attributions for such third party software that CrowdStrike uses at: https://falcon.crowdstrike.com/opensource.
3.4 Ownership & Feedback. Software is made available for use and licensed, not sold. CrowdStrike owns and retains all right, title and interest (including all intellectual property rights) in and to the Software. Any feedback or suggestions that Software User provides to CrowdStrike regarding any CrowdStrike products or services is non-confidential and may be used by CrowdStrike for any purpose without acknowledgement or compensation; provided, Software User will not be identified publicly as the source of the feedback or suggestion.
4. Software User Obligations and Third Party Providers.
4.1 Software User Obligations. Software User represents and warrants that: (i) it owns or has a right of use from a third party, and controls, directly or indirectly, all of the software, hardware and computer systems (collectively, “Systems”) where the Software will be installed, (ii) to the extent required under any federal, state, or local U.S. or non-US laws (e.g., Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq.) it has authorized CrowdStrike to access the Systems and process and transmit data through the Software and any other CrowdStrike offerings in accordance with these Terms and as necessary to provide the Software and other services, (iii) it has a lawful basis in having the Software operate on the Systems, and collect and process the Software User Data and the Personal Data; (iv) that it is and will at all relevant times remain duly and effectively authorized to instruct CrowdStrike to carry out the services related to the Software, (v) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Software User Data and Personal Data from each Software User and Software User Affiliate, to CrowdStrike; and (vi) Software User authorizes CrowdStrike to provide access to and use of the Software and Software User Data to Third Party Providers.
4.2 Third Party Providers. You are solely responsible for: (i) independently testing and validating any Third Party Provider products and services and the Software before deploying it or them in a test or production environment, (ii) evaluating whether using any Third Party Provider products or services are lawful under the laws that apply to you or are permitted in your jurisdiction, and (iii) paying for the Third Party Provider products and services and any claims that arise out of your use of their products and services. Any breach by a Third Party Provider of these Terms is a breach by Software User. CrowdStrike is not responsible or liable for any loss, costs or damages arising out of Third Party Provider’s actions or inactions in any manner, including but not limited to, for any disclosure, transfer, modification or deletion of Software User Data. Whether or not a Third Party Provider is designated by CrowdStrike as, or otherwise claims to be “certified,” “authorized,” or similarly labeled, CrowdStrike does not control, monitor, maintain or provide support for, Third Party Providers or their services or products. CrowdStrike disclaims all warranties of any kind, and all indemnities, obligations, and other liabilities in connection with the Third Party Provider’s services and products, and any Third Party Provider interface or integration with CrowdStrike’s products or services (including the Software).
5. CrowdStrike Use of Data.
5.1 Data Collection. The Software uses Software User Data, CrowdStrike Data, Threat Actor Data and Execution Profile/Metric Data in a crowd-sourced environment, for the benefit of all users, to help users protect themselves against suspicious and potentially destructive activities. CrowdStrike uses such data to: (i) analyze, characterize, attribute, warn of, and/or respond to threats against Software User and other users, (ii) analyze trends and performance, (iii) improve the functionality of, and develop, CrowdStrike’s products and services, and enhance cybersecurity; provided, however, that in all of the foregoing use cases, in a way that does not identify Software User or Software User’s Personal Data to other CrowdStrike users (other than your Third Party Providers). CrowdStrike may also enable Software Users and/or their Third Party Providers to use certain Software User Data, CrowdStrike Data, Threat Actor Data or Execution Profile Metric Data in other applications or services. Neither Execution Profile/Metric Data nor Threat Actor Data are Software User’s confidential information or Software User
5.2 File Collection. Software User and your Third Party Providers may have the option to upload (by submission, configuration, and/or, retrieval) files and other information related to the files for security analysis and response or, when submitting crash reports, to make the product more reliable and/or improve CrowdStrike’s products and services or enhance cyber-security. These potentially suspicious or unknown files may be transmitted and analyzed to determine functionality and their potential to cause instability or damage to Software User’s endpoints and systems. In some instances, these files could contain Personal Data.
5.3 Processing Personal Data. Personal Data may be collected and used during the provisioning and use of the Software, to deliver, support and improve CrowdStrike’s products and services, further our business relationship, comply with law, act in accordance with Software User’s written instructions, or otherwise in accordance with these Terms and the Documentation. Software User authorizes CrowdStrike to collect, use, store, and transfer the Personal Data that Software User provides to CrowdStrike as contemplated in these Terms, CrowdStrike’s documentation and CrowdStrike’s privacy notice, which may be found at http://www.crowdstrike.com/privacy-notice/.
6. No Warranty.
6.1 Disclaimer. THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS ARE PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND. CROWDSTRIKE AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS. THERE IS NO WARRANTY THAT THE SOFTWARE OR ANY OTHER CROWDSTRIKE OFFERINGS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF SOFTWARE USER’S PARTICULAR PURPOSES OR NEEDS. THE SOFTWARE AND ALL OTHER CROWDSTRIKE OFFERINGS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE SOFTWARE OR ANY OTHER CROWDSTRIKE OFFERINGS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. SOFTWARE USER AGREES THAT IT IS SOFTWARE USER’S RESPONSIBILITY TO ENSURE SAFE USE OF SOFTWARE AND ANY OTHER CROWDSTRIKE OFFERING IN SUCH APPLICATIONS AND INSTALLATIONS. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES.
6.2 No Guarantee. SOFTWARE USER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DISCOVER, PREVENT OR WARN OF, ALL OF SOFTWARE USER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND SOFTWARE USER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR.
7. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW CROWDSTRIKE SHALL NOT BE LIABLE TO SOFTWARE USER (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR: (A) ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF CROWDSTRIKE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS IN THE AGGREGATE $100. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THESE TERMS. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 7.
Additional Terms That May Apply. See Exhibit A for additional warranties that may apply to certain Customers.
8. Compliance with Laws. Software User agrees to comply with all U.S. federal, state, local and non-U.S. laws directly applicable to it in the performance of these Terms and use of the Software, including but not limited to, applicable export and import, anti-corruption and employment laws. Software User acknowledges and agrees the Software shall not be used, transferred, or otherwise exported or re-exported to regions that the United States and/or the European Union maintains an embargo or comprehensive sanctions (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity subject to individual prohibitions (e.g., parties listed on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders) (collectively, “Designated Nationals”), without first obtaining all required authorizations from the U.S. government and any other applicable government. Software User represents and warrants that Software User is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National.
9. U.S. Government End Users. If Software User is a US Government End User, the following provisions apply:
9.1 Commercial Items. The following applies to all acquisitions by or for the U.S. government or by any U.S. Government prime contractor or subcontractor at any tier (“Government Users”) under any U.S. Government contract, grant, other transaction, or other funding agreement. The Software and the Documentation are “commercial items,” as that term is defined in Federal Acquisition Regulation (“FAR”) (48 C.F.R.) 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in FAR 12.211 and 12.212. In addition, Department of Defense FAR Supplement (“DFARS”) 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by Department of Defense agencies. Consistent with FAR 12.211 and 12.212 and DFARS (48 C.F.R.) 227.7202-1 through 227.7202-4, the Software and the Documentation are being licensed to Government Users pursuant to the terms of this license(s) customarily provided to the public as forth herein, unless such terms are inconsistent with United States federal law (“Federal Law”).
9.2 Disputes with the U.S. Government. If these Terms fail to meet the Government’s needs or is inconsistent in any way with Federal Law and the parties cannot reach a mutual agreement on terms, the Government agrees to terminate its use of the Software. In the event of any disputes with the U.S. Government in connection with these Terms, the rights and duties of the parties arising from these Terms, shall be governed by, construed, and enforced in accordance with Federal Procurement Law and any such disputes shall be resolved pursuant to the Contract Disputes Act of 1978, as amended (41 U.S.C. 7101-7109), as implemented by the Disputes Clause, FAR 52.233-1.
9.3 Precedence. This U.S. Government rights in this Section are in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in software, computer software or technical data under these Terms.
10. General.
10.1 Entire Agreement. Unless you have another valid agreement with CrowdStrike for the use of this Software, these Terms constitute the entire agreement between Software User and CrowdStrike concerning the Software. It is expressly agreed that as between Software User and CrowdStrike and regarding the Software, these Terms shall supersede any other terms Software User has on its procurement Internet portal, purchase order or any other agreement with any reseller, prime contractor or service provider. CrowdStrike is not obligated under Third Party Provider’s, or any reseller’s, prime contractor’s or other service provider’s agreement with you unless an officer of CrowdStrike executes the agreement. These Terms shall not be construed for or against any party to these Terms because that party or that party’s legal representative drafted any of its provisions.
10.2 Governing Law; Venue. These Terms, and the rights and duties of the parties arising hereunder, shall be governed by, construed, and enforced in accordance with the laws of the State of California, excluding its conflicts-of-law principles. The sole and exclusive jurisdiction and venue for actions arising under these Terms shall be state and federal courts in Santa Clara County, California, and the parties agree to service of process in accordance with the rules of such courts. The Uniform Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its intellectual property rights and, in CrowdStrike’s case, to recoup any payments due.
10.3 Waiver, Severability & Amendments. The failure of either party to enforce any provision of these Terms shall not constitute a waiver of any other provision or any subsequent breach. If any provision of these Terms is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remaining provisions of these Terms will remain in full force and effect.
10.4 Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of these Terms due to, any failure to perform its obligations under these Terms (other than its payment obligations) as a result of a cause beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been prevented with reasonable care. The party experiencing a force majeure event, shall use commercially reasonable efforts to provide notice of such to the other party.
Exhibit A
Additional or Different Terms That May Apply to Certain Software Users
A. For Australian Consumers Only.
A.1. For Software Users that are consumers under the Australian Consumer Law, the following provisions apply.
The benefits of the warranty in Section 6 Warranties & Disclaimer of these Terms are in addition to any other rights and remedies in relation to the Software that Software User may be entitled to under Australian Consumer Law. Our goods and services come with guarantees that cannot be excluded under the Australian Consumer Law. For major failures with the service, you are entitled: (i) to cancel your service contract with us; and (ii) to a refund for the unused portion, or to compensation for its reduced value. You are also entitled to choose a refund or replacement for major failures with goods. If a failure with the goods or a service does not amount to a major failure, you are entitled to have the failure rectified in a reasonable time. If this is not done you are entitled to a refund for the goods and to cancel the contract for the service and obtain a refund of any unused portion. You are also entitled to be compensated for any other reasonably foreseeable loss or damage from a failure in the goods or service.
The warranties in these Terms are provided by CrowdStrike, Inc. at 150 Mathilda Place, Sunnyvale California, USA. To file a claim under this limited warranty, Software Users must contact CrowdStrike at support@crowdstrike.com. CrowdStrike shall be responsible for any costs Software User incurs in making a warranty claim under these Terms.
A.2. For Software Users that are consumers under the Australian Consumer Law, Section 7 Limitation of Liability shall be replaced in its entirety with the following:
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW CROWDSTRIKE SHALL NOT BE LIABLE TO SOFTWARE USER (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR: (A) ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF CROWDSTRIKE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS $100. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THESE TERMS. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION A.2.
SECTION A.2 DOES NOT SEEK TO LIMIT OR EXCLUDE THE LIABILITY OF CROWDSTRIKE OR ITS AFFILIATES IN THE EVENT OF DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR FOR FRAUD OR FOR ANY OTHER LIABILITY FOR WHICH IT IS NOT PERMITTED BY LAW TO EXCLUDE. TO THE EXTENT APPLICABLE, THIS PROVISION MUST BE READ SUBJECT TO THE AUSTRALIAN CONSUMER LAW.
B. For Software Users Outside the United States and Australia. Some countries, states and provinces, including member states of the European Economic Area, do not allow certain exclusions or limitations of liability, therefore, the exclusions or limitation of liabilities and disclaimers of warranties in these Terms may not fully apply to Software User if the laws directly applicable to CrowdStrike in the performance under these Terms do not allow such terms.