1
CROWDSTRIKE TERMS AND CONDITIONS
(CLICK THROUGH 12-3-17)
PLEASE READ CAREFULLY: THE INDIVIDUAL ACCEPTING THESE TERMS AND CONDITIONS ON BEHALF OF A COMPANY OR
OTHER LEGAL ENTTY (“CUSTOMER”), REPRESENTS AND WARRANTS THAT HE OR SHE HAS FULL AUTHOIRTY TO BIND THE
CUSTOMER TO THIS AGREEMENT. UNLESS THE CUSTOMER HAS ANOTHER VALID AGREEMENT FOR THE PURCHASE AND USE
OF CROWDSTRIKE PRODUCTS AND SERVICES (AS DEFINED BELOW), THESE TERMS AND CONDITIONS GOVERN CUSTOMER’S
RIGHTS TO USE THE CROWDSTRIKE PRODUCTS AND SERVICES. BY ASSENTING TO THESE TERMS (EITHER BY CLICKING,
CHECKING A BOX OR PLACING AN ORDER) CUSTOMER ACCEPTS THESE TERMS AND CONDITIONS, WHICH WILL BE DEEMED A
BINDING CONTRACT BETWEEN CUSTOMER AND CROWDSTRIKE, INC., A DELAWARE CORPORATION, ON BEHALF OF ITSELF
AND ANY AFFILIATES PERFORMING HEREUNDER (COLLECTIVELY, “CROWDSTRIKE”) WITH A PRINCIPAL PLACE OF BUSINESS AT
150 MATHILDA PLACE, SITE 300, SUNNYVALE, CALIFORNIA 94086. IF CUSTOMER DOES NOT AGREE TO OR CANNOT COMPLY
WITH ALL THE TERMS AND CONDITIONS OR IF THE INDIVIDUAL DOES NOT HAVE AUTHORITY TO BIND THE CUSTOMER, THEN
DO NOT ASSENT AND CUSTOMER WILL NOT BE AUTHORIZED TO ACCESS OR USE THE PRODUCTS OR SERVICES. THESE TERMS
AND CONDITIONS ARE BINDING AS OF THE EARLIEST OF THE DATE THAT CUSTOMER ACCEPTS THE TERMS AND CONDITIONS
HEREIN, THE DATE SET FORTH ON AN ORDER OR THE DATE ON WHICH CUSTOMER DOWNLOADS, INSTALLS, ACTIVATES OR
USES THE PRODUCT OR SERVICE.
These CrowdStrike Terms and Conditions are a master agreement that covers all CrowdStrike products and services but
provisions regarding specific products or services apply only to the extent Customer has purchased, accessed or used such
products or services.
1. Definitions.
Affiliate means any entity that a party directly or indirectly controls (e.g., subsidiary) or is controlled by (e.g.,
parent), or with which it is under common control (e.g., sibling).
Authorized Contractor means any individual or entity (other than a CrowdStrike Competitor) that has a written
agreement to provide Customer services and is subject to confidentiality obligations covering CrowdStrike’s Confidential
Information and that is authorized hereunder to have access or use of a Product solely on behalf of and for Customer’s
Internal Use. Note that certain Products may not be used by Customer’s Authorized Contractors. Customer’s Authorized
Contractors are subject to the terms and conditions herein and Customer remains responsible for their acts and omissions,
and any breach by any such Authorized Contractor of the terms or conditions herein is a breach by Customer.
CrowdStrike Competitormeans a person or entity in the business of developing, distributing, or commercializing
Internet security products or services substantially similar to or competitive with CrowdStrike's products or services.
CrowdStrike Tool means any CrowdStrike proprietary software-as-a-service, software, hardware, or other tool
that CrowdStrike uses in performing Professional Services, which may be specified in the applicable SOW. CrowdStrike Tools
may include CrowdStrike’s products.
Documentation” means CrowdStrike’s end-user technical documentation supplied with the applicable Offering.
Error means a reproducible failure of a Product to perform in substantial conformity with its applicable
Documentation.
Internal Use means access or use solely for Customer’s own internal information security purposes. By way of
example and not limitation, Internal Use does not include access or use for the benefit of any person or entity other than
Customer or for the development of any product or service. Internal Use is limited to access and use by Customer’s
employees unless this Agreement otherwise expressly authorizes use or access by Customer’s Authorized Contractors, and in
such case, solely on Customer’s behalf and for Customer’s benefit.
License/Access Termmeans the period of time during which Customer is authorized by CrowdStrike to access and
use the Product or Product Related Service as set forth in the applicable Order.
2
Offerings” means, collectively, any Products, Product-Related Services, or Professional Services
Ordermeans any purchase order or other ordering document (including any SOW) accepted by CrowdStrike or a
reseller that identifies any Offering and any quantity thereof ordered by Customer based on CrowdStrike’s applicable license
metrics (e.g., number of endpoints (such as computers, laptops, desktops, and other devices), size of company (based on
number of employees), number of file uploads, or number of queries). For an Order, only those transaction-specific terms
detailing the Offerings ordered, quantity, price, payment terms, License/Access Term, and billing/provisioning contact
information will have any force or effect unless a particular Order is executed by an authorized signer of CrowdStrike and
returned to Customer (or the applicable reseller). If any such Order is so executed and delivered, then only those specific
terms on the face of such Order that expressly identify those portions of this Agreement that are to be superseded will
prevail over any conflicting terms herein but only with respect to those Offerings ordered on such Order. Orders are non-
cancellable.
Productmeans any of CrowdStrike’s cloud-based software or other products ordered by Customer as set forth in
the relevant Order, including any Documentation and any Updates (as applicable) thereto that may be made available to
Customer from time to time by CrowdStrike.
Product-Related Services means, collectively, (i) Falcon OverWatch; and (ii) the technical support services for
certain Products provided by CrowdStrike -- either the standard support that is included with a Product during its
License/Access Term or any additional support and/or support training options purchased as a separate SKU on an Order.
Product-Related Services do not include Professional Services.
Professional Services means any professional services performed by CrowdStrike for Customer pursuant to an
SOW or other Order. Professional Services may include without limitation incident response, investigation and forensic
services related to cyber security adversaries, tabletop exercises, and next generation penetration tests related to cyber
security.
Statement of Workor SOW means a mutually-agreed executed written document describing the Professional
Services to be performed by CrowdStrike for Customer, deliverables, fees, and expenses related thereto.
Services” means, collectively, any Product-Related Services and any Professional Services.
Updates” means any correction, update, upgrade, patch, or other modification or addition made by CrowdStrike to
any object code software component of a Product and made available to Customer by CrowdStrike from time to time.
2. Agreement Scope & Terms.
2.1 Entire Agreement. These CrowdStrike Terms and Conditions together with each Order (this “Agreement”) constitute
the entire agreement between Customer and CrowdStrike concerning the subject matter of this Agreement and it supersedes,
and its terms govern, all prior proposals, agreements, understandings, or other communications between the parties, oral or
written, regarding such subject matter.
2.2 Payment. Customer will pay the fees for Offerings as set forth in the applicable Order. Customer will pay the fees
and amounts stated on each Order within 30 days after receipt of the applicable invoice (unless otherwise expressly set forth
on the Order). All fees and other amounts are non-refundable (except as otherwise expressly provided in this Agreement)
and exclusive of any applicable sales, use, value added, withholding, and other taxes, however designated, and Customer will
pay all such taxes levied or imposed by reason of the transactions hereunder, except for taxes based on CrowdStrike’s net
income. If Customer’s actual access and use of a Product exceeds the quantity ordered in the applicable Order, then
Customer shall (a) purchase such additional quantity of the Product (based on the applicable license metric that applies to
such Product) or (b) promptly cease such excess usage. Fees for excess usage shall be based on CrowdStrike’s then-current
price list or specified in the Order.
2.3 Affiliates and Resellers. Any Affiliate purchasing hereunder or using or accessing any Offering hereunder will be
bound by and comply with all terms and conditions of this Agreement and Customer will remain responsible for Customer’s
Affiliates’ acts and omissions unless Customer’s Affiliate has entered into its own Terms and Conditions with CrowdStrike.
3
Any Order through resellers is subject to, and CrowdStrike’s obligations and liabilities to Customer are governed by, this
Agreement.
3. Access & Use Rights.
3.1 Evaluation. If CrowdStrike approves Customer’s evaluation use of a CrowdStrike product (“Evaluation Product”), the
terms herein applicable to Products also apply to evaluation access and use of such Evaluation Product, except for the
following different or additional terms: (a) the License/Access Term is as mutually agreed upon by Customer and CrowdStrike,
provided that either CrowdStrike or Customer can terminate the evaluation at any time upon written (including email) notice
to the other party; (b) the Evaluation Product is provided “AS-IS” without warranty of any kind, and CrowdStrike disclaims all
warranties, support obligations, and other liabilities and obligations for the Evaluation Product; and (c) Customer’s access and
use is limited to Internal Use.
3.2 Access & Use Rights. Subject to the terms and conditions of this Agreement (including CrowdStrike’s receipt of
applicable fees), CrowdStrike grants Customer, under CrowdStrike’s intellectual property rights in and to the applicable
Product, a non-exclusive, non-transferable (except as expressly provided in the Section 15.1 (Assignment)), non-sublicensable
license to access and use the Products in accordance with any applicable Documentation solely for Customer’s Internal Use
during the applicable License/Access Term. Customer’s access and use is limited to the quantity ordered in the applicable
Order, which quantity is based on the license metric that applies to such Product (e.g., number of endpoints (such as
computers, laptops, desktops, and other devices), size of company (based on number of employees), number of file uploads,
or number of queries). Furthermore, the following additional terms and conditions apply to specific Products (or components
thereof):
(a) Products with Object-Code Components. If Customer purchases a subscription to a Product with an object-
code component (“Software Component”), Customer may, during the License/Access Term: (i) install and run multiple copies
of the Software Components, respectively, solely for Customer’s and Customer’s Affiliates’ Internal Use up to the maximum
quantity based on the applicable license metric as ordered in the applicable Order; and (ii) allow Customer’s Authorized
Contractors to use and access the Software Component and associated Products solely on behalf and for the benefit of
Customer and Customer’s Affiliates.
(b) CrowdStrike Tools. If CrowdStrike provides CrowdStrike Tools to Customer pursuant to performing
Professional Services, the license set forth in Section 3.2 (Access & Use Rights) applies to such CrowdStrike Tools as used
solely for Customer’s Internal Use during the period of time set forth in the applicable Order, or if none is specified, for the
period authorized by CrowdStrike. Not all Professional Services engagements will involve delivery of CrowdStrike Tools.
(c) Restrictions. The access and use rights set forth in Section 3.2 (Access & Use Rights) do not include any
rights to, and Customer will not, with respect to any Offering (or any portion thereof): (a) employ or authorize a CrowdStrike
Competitor to use or view the Offering or Documentation, or to provide management, hosting, or support for an Offering; (b)
alter, publicly display, translate, create derivative works of or otherwise modify an Offering; (c) sublicense, distribute or
otherwise transfer an Offering to any third party (except as expressly provided in the Section 15.1 (Assignment)); (d) allow
third parties to access or use an Offering (except for Authorized Contractors as expressly permitted herein); (e) create public
Internet “links” to an Offering or “frame” or “mirror” any Offering content on any other server or wireless or Internet-based
device; (f) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for an Offering
(except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to
gain unauthorized access to an Offering or its related systems or networks; (g) use an Offering to circumvent the security of
another party’s network/information or develop malware; (h) remove or alter any notice of proprietary right appearing on an
Offering; (i) conduct any benchmark or stress tests, competitive analysis on, or publish any performance data of, an Offering
(provided that this does not prevent Customer from comparing the Product to other products for Customer’s Internal Use); (j)
violate the Acceptable Use Policy; (k) use any feature of CrowdStrike APIs for any purpose other than in the performance of
this Agreement; or (l) cause, encourage or assist any third party to do any of the foregoing. Customer agrees to use an
Offering in accordance with laws, rules and regulations directly applicable to Customer and acknowledges that Customer is
solely responsible for determining whether a particular use of an Offering is compliant with such laws.
(e) Installation and User Accounts. CrowdStrike is not responsible for installing Products unless Customer
purchases installation services from CrowdStrike. For those Products requiring user accounts, only the single individual user
assigned to a user account may access or use the Product. User accounts for Authorized Contractors may be established only
4
for those Products permitting use or access by Authorized Contractors as described herein. Customer is liable and
responsible for all actions and omissions occurring under Customer’s and Customer’s Authorized Contractor’s user accounts
for Offerings. Customer shall notify CrowdStrike if Customer learns of any unauthorized access or use of Customer’s user
accounts or passwords for an Offering.
(f) Malware Samples. If CrowdStrike makes malware samples available to Customer in connection with an
evaluation or use of the Product (“Malware Samples”), Customer acknowledges and agrees that Customer’s access to and
use of Malware Samples is at Customer’s own risk, that Customer has the requisite skill to safely handle Malware Samples,
that Customer should not download or access any Malware Samples on or through its own production systems and networks
and that doing so can infect and damage Customer’s systems, networks, and data, and that Customer shall use the Malware
Samples solely for evaluation of the Product and Internal Use and not for any malicious or unlawful purpose. CrowdStrike will
not be liable for any loss or damage caused by any Malware Sample that may infect Customer’s computer equipment,
computer programs, data, or other proprietary material due to Customer’s access to or use of the Malware Samples.
3.3 Third Party Software. CrowdStrike uses certain third party software in its Products, including what is commonly
referred to as open source software. See the licensing terms and attributions for the third party software that CrowdStrike
uses at: https://falcon.crowdstrike.com/opensource.
4. Cooperation & Services.
4.1 Cooperation. Customer authorizes CrowdStrike for purposes of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030
et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq. (and similar
state, local and non-US laws) to access data and systems and process and transmit data through the Offerings.
4.2 Professional Services. Professional Services will commence on a mutually agreed upon date. Estimates provided for
Professional Services performed on a time-and-material basis are estimates only and not a guaranteed time of completion.
Professional Services performed on a fixed fee basis are limited to the scope of services stated in the applicable Order.
Professional Services do not constitute works for hire and the only deliverable is a report consisting primarily of CrowdStrike’s
findings, recommendations, and adversary information. Customer owns the copy of the report (including without limitation,
all of Customer’s Confidential Information therein) delivered to Customer (“Deliverable”), subject to CrowdStrike’s ownership
of the CrowdStrike Materials. Customer agrees that relative to Customer, CrowdStrike exclusively owns any and all software
(including object and source code), flow charts, algorithms, documentation, adversary information, report templates, know-
how, inventions, techniques, models, CrowdStrike trademarks, ideas and any and all other works and materials developed
hereunder (including without limitation all intellectual property rights therein and thereto) (the CrowdStrike Materials”)
and that title shall remain with CrowdStrike. Upon payment in full of the amounts due hereunder for the applicable
Professional Services and to the extent the CrowdStrike Materials are incorporated into (not just referenced in) the
Deliverable(s), Customer shall have a perpetual, non-transferable (except as expressly provided in Section 15.1 (Assignment)),
non-exclusive license to use the CrowdStrike Materials solely as a part of the Deliverable(s) for Customer’s Internal Use.
5. Data Security and Privacy. See Exhibit A.
6. Ownership & Feedback. Products and Product-Related Services are made available or licensed, not sold.
CrowdStrike owns and retains all right, title and interest (including all intellectual property rights) in and to the Offerings,
except for any Deliverable. Any feedback or suggestions that Customer provides to CrowdStrike regarding its Offerings (e.g.,
bug fixes and features requests) is non-confidential and may be used by CrowdStrike for any purpose without
acknowledgement or compensation; provided, Customer will not be identified publicly as the source of the feedback or
suggestion.
7. Third Party Agreements. Customer is responsible for obtaining and maintaining all telecommunications, broadband,
computer equipment, and services needed to access and use the Offerings and for paying all charges related thereto.
Offerings may contain features designed to interface with applications or services provided or made available by third parties
(“Third Party Services”). In order to use a feature in connection with a Third Party Service, Customer must have a license
from the provider of the relevant Third Party Service. If the Third Party Services are no longer available or if the applicable
third party provider no longer allows the Third Party Services to interface with an Offering, then such features will no longer
be available or function with an Offering. CrowdStrike and the provider of the applicable Third Party Service disclaim all
warranties, indemnities, obligations, and other liabilities in connection with any interface or integration with the Third Party
5
Service. Further, CrowdStrike disclaims all warranties, indemnities, obligations, and other liabilities in connection with any
Third Party Service.
8. Confidentiality.
8.1 Definitions. In connection with this Agreement, each party (“Recipient”) may receive Confidential Information of
the other party (“Discloser”) or third parties to whom Discloser has a duty of confidentiality. Confidential Information
means non-public information in any form and regardless of the method of acquisition that the Discloser designates as
confidential to Recipient or should be reasonably known by the Recipient to be Confidential Information due to the nature of
the information disclosed and/or the circumstances surrounding the disclosure. Confidential Information shall not include
information that is: (i) in or becomes part of the public domain (other than by disclosure by Recipient in violation of this
Agreement); (ii) previously known to Recipient without an obligation of confidentiality and demonstrable by the Recipient;
(iii) independently developed by Recipient without use of Discloser’s Confidential Information; or (iv) rightfully obtained by
Recipient from third parties without an obligation of confidentiality.
8.2 Restrictions on Use. Except as allowed in the Section 8.3 (Exceptions), Recipient shall hold Discloser’s Confidential
Information in strict confidence and shall not disclose any such Confidential Information to any third party, other than to its
employees, and contractors, including without limitation, counsel, accountants, and financial advisors (collectively,
“Representatives”), its Affiliates and their Representatives, subject to the other terms of this Agreement, and in each case
who need to know such information and who are bound by restrictions regarding disclosure and use of such information
comparable to and no less restrictive than those set forth herein. Recipient shall not use Discloser’s Confidential Information
for any purpose other than as set forth in this Agreement. Recipient shall take the same degree of care that it uses to protect
its own confidential information of a similar nature and importance (but in no event less than reasonable care) to protect the
confidentiality and avoid the unauthorized use, disclosure, publication, or dissemination of the Discloser’s Confidential
Information.
8.3 Exceptions. Recipient may disclose Discloser’s Confidential Information: (a) to the extent required by applicable law
or regulation; (b) pursuant to a subpoena or order of a court or regulatory, self-regulatory or legislative body of competent
jurisdiction; (c) in connection with any regulatory report, audit, or inquiry; or (d) where requested by a regulator with
jurisdiction over Recipient. In the event of such a requirement or request, Recipient shall give Discloser prompt written notice
of such requirement or request prior to such disclosure and a reasonable opportunity to review and comment upon the
disclosure and request confidential treatment or a protective order pertaining thereto prior to making such disclosure. If
CrowdStrike is legally required to respond to a third party request for information (including but not limited to a third party
subpoena) or to provide documents, information or testimony in connection with a Professional Services engagement,
Customer shall pay all of CrowdStrike’s reasonable and actual out of pocket legal fees and expenses (as evidenced by
reasonably detailed invoices) in connection therewith. If CrowdStrike’s Professional Services employees are required to
expend time in such efforts, Customer shall pay the then current list price Professional Services fees for actual hours worked
in responding to such requirement.
8.4 Destruction. Upon Discloser’s written request, Recipient shall use commercially reasonable efforts to destroy the
Confidential Information and any copies or extracts thereof. However, Recipient, its Affiliates and their Representatives may
retain any Confidential Information that: (a) they are required to keep for compliance purposes under a document retention
policy or as required by applicable law, professional standards, a court, or regulatory agency; or (b) have been created
electronically pursuant to automatic or ordinary course archiving, back-up, security, or disaster recovery systems or
procedures; provided, however, that any such retained information shall remain subject to this Agreement. Upon Discloser’s
request, Recipient will provide Discloser with written confirmation of destruction in compliance with this provision.
8.5 Equitable Relief. Each party acknowledges that a breach of this Section 8 (Confidentiality) shall cause the other party
irreparable injury and damage. Therefore, each party agrees that those breaches may be stopped through injunctive
proceedings in addition to any other rights and remedies which may be available to the injured party at law or in equity
without the posting of a bond.
9. Warranties & Disclaimer.
9.1 No Warranty for Pre-Production Versions. Any pre-production feature or version of an Offering provided is
experimental and provided “AS IS” without warranty of any kind and will not create any obligation for CrowdStrike to
6
continue to develop, productize, support, repair, offer for sale, or in any other way continue to provide or develop any such
feature or Offering. Customer agrees that its purchase is not contingent on the delivery of any future functionality or
features, or dependent on any oral or written statements made by CrowdStrike regarding future functionality or features.
9.2 Product Warranty. If Customer has purchased a Product, CrowdStrike warrants to Customer during the applicable
License/Access Term that the Product will operate without Error and that CrowdStrike has used industry standard techniques
to prevent the Products at the time of delivery from injecting malicious software viruses into Customer’s endpoints where
the Products are installed. Customer must notify CrowdStrike of any warranty claim during the License/Access Term.
Customer’s sole and exclusive remedy and the entire liability of CrowdStrike for its breach of this warranty will be for
CrowdStrike, at its own expense to do at least one of the following: (a) use commercially reasonable efforts to provide a
work-around or correct such Error; or (b) terminate Customer’s license to access and use the applicable non-conforming
Product and refund the prepaid fee prorated for the unused period of the License/Access Term. CrowdStrike shall have no
obligation regarding Errors reported after the applicable License/Access Term.
9.3 Services Warranty. CrowdStrike warrants to Customer that it will perform all Services in a professional and
workmanlike manner consistent with generally accepted industry standards. Customer must notify CrowdStrike of any
warranty claim for Services during the period the Services are being performed or within 30 days after the conclusion of the
Services. Customer’s sole and exclusive remedy and the entire liability of CrowdStrike for its breach of this warranty will be
for CrowdStrike, at its option and expense, to (a) use commercially reasonable efforts to re-perform the non-conforming
Services, or (b) refund the portion of the fees paid attributable to the non-conforming Services.
9.4 Exclusions. The express warranties do not apply if the applicable Product or Service (a) has been modified, except by
CrowdStrike, (b) has not been installed, used, or maintained in accordance with this Agreement or Documentation, or (c) is
non-conforming due a failure to use an applicable Update. If any part of a Product or Service references websites, hypertext
links, network addresses, or other third party locations, information, or activities, it is provided as a convenience only.
CrowdStrike has no responsibility for third party services, products or content and does not endorse, authorize, approve,
certify, maintain, or control them and does not guarantee the accuracy, completeness, efficacy, or timeliness of the
information located within them.
9.5 No Guarantee. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT
GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM
THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD
CROWDSTRIKE RESPONSIBLE THEREFOR.
9.6 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 9, CROWDSTRIKE AND ITS AFFILIATES
DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY OR OTHERWISE. TO THE MAXIMUM
EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGMENT WITH
RESPECT TO THE OFFERINGS AND CROWDSTRIKE TOOLS. THERE IS NO WARRANTY THAT THE OFFERINGS OR CROWDSTRIKE
TOOLS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CUSTOMER’S
PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS AND CROWDSTRIKE TOOLS ARE NOT FAULT-TOLERANT AND ARE NOT
DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION.
NEITHER THE OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR
FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC
CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR
PROPERTY DAMAGE. Customer agrees that it is Customer’s responsibility to ensure safe use of an Offering and CrowdStrike
Tool in such applications and installations.
10. Indemnification.
10.1 CrowdStrike’s Obligation. CrowdStrike shall at its cost and expense (a) defend and/or settle any claim brought
against Customer by an unaffiliated third party alleging that an Offering infringes or violates that third party’s intellectual
property rights, and (b) pay, indemnify, and hold Customer harmless from any settlement of such claim or any damages
finally awarded to such third party by a court of competent jurisdiction as a result of such claim; provided, that Customer:
(x) gives CrowdStrike prompt written notice of such claim; (y) permits CrowdStrike to solely control and direct the defense or
settlement of such claim (however, CrowdStrike will not settle any claim in a manner that requires Customer to admit liability
7
or pay money without Customer’s prior written consent); and (z) provides CrowdStrike all reasonable assistance in
connection with the defense or settlement of such claim, at CrowdStrike’s cost and expense. In addition, Customer may, at
Customer’s own expense, participate in defense of any claim.
10.2 Remedies. If a claim covered under this Section occurs or in CrowdStrike’s opinion is reasonably likely to occur,
CrowdStrike may at its expense and sole discretion (and if Customer’s access and use of an Offering is enjoined, CrowdStrike
will, at its expense): (a) procure the right to allow Customer to continue using the applicable Offering; (b) modify or replace
the applicable Offering to become non-infringing; or (c) if neither (a) nor (b) is commercially practicable, terminate
Customer’s license or access to the affected portion of applicable Offering and refund a portion of the pre-paid, unused fees
paid by Customer corresponding to the unused period of the License/Access Term.
10.3 Exclusions. CrowdStrike shall have no obligations under this Section if the claim is based upon or arises out of:
(a) any modification to the applicable Offering not made by CrowdStrike; (b) any combination or use of the applicable
Offering with or in any third party software, hardware, process, firmware or data, to the extent that such claim is based on
such combination or use; (c) Customer’s continued use of the allegedly infringing Offering after being notified of the
infringement claim or after being provided by a modified version intended to address such alleged infringement;
(d) Customer’s failure to use the Offering in accordance with the applicable Documentation; and/or (f) Customer’s use of the
Offering outside the scope of the rights granted under this Agreement.
10.4 Exclusive Remedy. THE REMEDIES SPECIFIED IN THIS SECTION CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE
REMEDIES, AND CROWDSTRIKE’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD PARTY INTELLECTUAL
PROPERTY RIGHTS.
11. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR LIABILITY FOR ANY
AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 10 (INDEMNIFICATION), CUSTOMER’S PAYMENT
OBLIGATIONS, AND/OR ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY’S INTELLECTUAL
PROPERTY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT OR THE
SUBJECT MATTER HEREOF (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR:
(a) ANY LOST PROFITS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR
PUNITIVE DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH
DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (b) AN AMOUNT THAT EXCEEDS THE TOTAL FEES PAID OR
PAYABLE TO CROWDSTRIKE FOR THE RELEVANT OFFERING DURING THE TWELVE-MONTH PERIOD BEFORE THE EVENT GIVING
RISE TO SUCH LIABILITY. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY
REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS
SECTION 11.
12. Compliance with Laws. The Offerings and Documentation may be subject to U.S. and foreign import and export
control laws and regulations, and each party agrees to comply with all such laws that are directly applicable to such party in
the performance of this Agreement. Customer acknowledges and agrees the Product shall not be used, transferred, or
otherwise exported or re-exported to countries as to which the United States and/or the European Union maintains an
embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S.
Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders
(collectively, “Designated Nationals”). Customer represents and warrants that Customer is not located in, or is under the
control of, or a national or resident of, an Embargoed Country or Designated National.
13. U.S. Government End Users. The Products and Documentation are “commercial items,” as that term is defined in
FAR (48 C.F.R.) 2.101, consisting of “commercial computer software” and “commercial computer software documentation,”
as such terms are used in FAR 12.211 and 12.212. Consistent with FAR 12.211 and 12.212 and DFARS (48 C.F.R.) 227.7202-1
through 227.7202-4, the Products and Documentation are being licensed to U.S. government end users under the license(s)
customarily provided to the public as forth in this Agreement. If this Agreement fails to meet the Government’s needs or is
inconsistent in any way with Federal law, and the parties cannot reach a mutual agreement on terms for this Agreement, the
Government agrees to terminate its use of the Products and Services and return the Products and Services and any other
software or technical data delivered as part of the Products and Services, unused, to CrowdStrike. In addition, DFARS
252.227-7015 (Technical Data Commercial Items) applies to technical data acquired by Department of Defense agencies.
This U.S. Government Rights clause in this Section is in lieu of, and supersedes, any other FAR, DFARS, or other clause,
8
provision, or supplemental regulation that addresses Government rights in computer software or technical data under this
Agreement.
14. Termination. This Agreement shall remain effective until termination in accordance with this Section or as
otherwise specified herein. If Customer materially breaches Section 3.2 (Access and Use Rights) of this Agreement or fail to
pay CrowdStrike on time (and fail to cure such material breach in accordance herewith), in addition to all other rights and
remedies that CrowdStrike may have at law or in equity, CrowdStrike may, without terminating this Agreement, and in its
sole discretion and without further notice to Customer, suspend Customer’s access or use of the Offerings. Either party may
terminate this Agreement: (a) upon 30 days’ written notice of a material breach by the other party, unless the breach is cured
within the 30-day notice period; or (b) immediately, if the other party ceases to do business, becomes insolvent, or seeks
protection under any bankruptcy or comparable proceedings. Upon termination of this Agreement for any reason: (i) all
Customer’s access and use rights granted in this Agreement will immediately terminate; (ii) Customer must promptly cease all
use of Offerings and de-install all Software Components installed on Customer’s endpoints; and (iii) data retention is based on
the retention parameters that Customer has purchased for the applicable Product and such data will be deleted in
accordance with such parameters. Sections 1, 3.2(c), 6, 8, 10, 11, 14, and 15 and all liabilities that accrue prior to termination
shall survive expiration or termination of this Agreement for any reason.
15. General.
15.1 Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except
to an Affiliate in connection with a corporate reorganization or in connection with a merger, acquisition, or sale of all or
substantially all of its business and/or assets. Any assignment in violation of this Section shall be void. Subject to the
foregoing, all rights and obligations of the parties under this Agreement shall be binding upon and inure to the benefit of and
be enforceable by and against the successors and permitted assigns.
15.2 Governing Law; Venue. Except as otherwise provided in Exhibit B (if applicable), this Agreement, and the rights and
duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with the laws
of the State of California, excluding its conflicts-of-law principles. The sole and exclusive jurisdiction and venue for actions
arising under this Agreement shall be state and federal courts in Santa Clara County, California, and the parties agree to
service of process in accordance with the rules of such courts. The Uniform Computer Information Transactions Act and the
United Nations Convention on the International Sale of Goods shall not apply. Notwithstanding the foregoing, each party
reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its
intellectual property rights and, in CrowdStrike’s case, to recoup any payments due.
15.3 Permission to List as a Customer. Unless Customer direct otherwise by sending an email to us at
legal@crowdstrike.com, which direction may be given at any time, Customer agrees that CrowdStrike may display Customer’s
company name and logo (in accordance with any trademark guidelines Customer provides) as a CrowdStrike customer in a
manner that does not suggest Customer’s use or endorsement of any specific CrowdStrike product or service.
15.4 Independent Contractors; No Third Party Rights. The parties are independent contractors. This Agreement shall not
establish any relationship of partnership, joint venture, employment, franchise or agency between the parties. No provision
in this Agreement is intended or shall create any rights with respect to the subject matter of this Agreement in any third party.
15.5 Waiver & Severability; Amendments; Order of Precedence The failure of either party to enforce any provision of this
Agreement shall not constitute a waiver of any other provision or any subsequent breach. If any provision of this Agreement
is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to
effect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect. This
Agreement may only be amended, or any term or condition set forth herein waived, by written consent of both parties. If
there is a conflict between the terms contained in the main body of this Agreement and any SOW, the terms in the main body
will prevail over the terms in a SOW.
15.6 Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due
to, any failure to perform its obligations under this Agreement (other than its payment obligations) as a result of a cause
beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority,
change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications
(including an upstream server block and Internet or other networked environment disruption or outage), power or other
9
utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been
prevented with reasonable care.
15.7 Notices. All legal notices will be given in writing to the addresses below and will be effective (a) when personally
delivered, (b) on the reported delivery date if sent by a recognized international or overnight courier, or (c) five business days
after being sent by registered or certified mail (or ten days for international mail). For clarity, Orders, POs, and other
documents relating to order processing and payment are not legal notices and may be delivered electronically in accordance
with each party’s standard ordering procedures.
10
Exhibit A: Data Security and Privacy Schedule
1. Definitions.
a. “Execution Profile/Metric Data” means any machine-generated data, such as metadata derived from tasks, file
execution, commands, resources, network telemetry, executable binary files, scripts, and processes that Customer
provides to CrowdStrike in connection with this Agreement or that is collected or discovered during the course of
CrowdStrike providing Offerings, excluding any such information or data to the extent that it includes Personal Data for
which Customer is responsible. Customer, rather than CrowdStrike, determines which types of data, whether Personal
Data or not, exist on its systems. Accordingly, Customer’s endpoint environment is unique in configurations and naming
conventions and the machine event data could potentially include Personal Data.
b. Personal Data” means information used to distinguish or trace a natural person’s identity, either alone or when
combined with other personal or identifying information that is linked or linkable to a specific natural person. Personal
Data also includes such other information about a specific natural person to the extent that the data protection laws
applicable in the jurisdictions in which such person resides define such information as Personal Data.
c. Privacy and Security Lawsmeans U.S. federal, state and local and non-U.S. laws that regulate the privacy or security of
Personal Data and that are directly applicable to CrowdStrike.
d. Process or Processing” means the collection, access to, use, storage, disclosure, transfer, or other processing of
Personal Data of any natural person whom Customer authorizes to use or access an Offering.
e. Threat Actor Datameans any malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful
code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information
or data, in each case that is potentially related to unauthorized third parties associated therewith and that (i) Customer
provides to CrowdStrike in connection with this Agreement, or (ii) is collected or discovered during the course of
CrowdStrike providing Offerings, excluding any such information or data to the extent that it includes Personal Data for
which Customer is responsible.
2. Falcon Platform
The ‘Falcon EPP Platform’ uses a crowd-sourced environment, for the benefit of all customers, to protect customers
against suspicious and potentially destructive activities. CrowdStrike’s Products are designed to detect, prevent, respond
to, and identify intrusions by collecting and analyzing data, including machine event data, executed scripts, code, system
files, log files, dll files, login data, binary files, tasks, resource information, commands, protocol identifiers, URLs, network
data, and/or other executable code and metadata. CrowdStrike uses the data to analyze, characterize, attribute, warn of,
and/or respond to threats against Customer and other customers, analyze trends and performance, improve the
functionality of, and develop, CrowdStrike’s products and services, and enhance cybersecurity. Neither Execution
Profile/Metric Data nor Threat Actor Data are Customer’s Confidential Information.
3. Processing Personal Data.
a. Provisioning/Use of Offerings. Personal Data may be collected and used during the provisioning and use of
the Offerings to deliver, support and improve the Offerings, administer the Agreement and further the
business relationship between Customer and CrowdStrike, comply with law, act in accordance with
Customer’s written instructions, or otherwise in accordance with this Agreement. Customer authorizes
CrowdStrike to collect, use, store, and transfer the Personal Data that Customer provides to CrowdStrike as
contemplated in this Agreement.
b. Suspicious/Unknown File Analysis. While using certain CrowdStrike Offerings Customer may have the
option to upload (by submission, configuration, and/or, in the case of Services, by CrowdStrike personnel
retrieval) files and other information related to the files for security analysis and response or, when
submitting crash reports, to make the product more reliable and/or improve CrowdStrike’s products and
services or enhance cybersecurity. These potentially suspicious or unknown files may be transmitted and
analyzed to determine functionality and their potential to cause instability or damage Customer’s endpoint.
In some instances, these files could contain Personal Data for which Customer is responsible.
4. Compliance with Privacy and Information Security Requirements
a. Compliance with Laws. CrowdStrike shall comply with all Privacy and Security Laws and the EU-US Privacy
Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and
11
retention of Personal Data from the European Economic Area. In addition, CrowdStrike shall comply with
the U.S. - Swiss Safe Harbor framework or its successor as set forth by the U.S. Department of Commerce
regarding the collection, use, and retention of Personal Data from Switzerland. CrowdStrike’s privacy notice
may be found at http://www.crowdstrike.com/privacy-notice/.
b. Safeguards. CrowdStrike shall maintain appropriate technical and organizational safeguards commensurate
with the sensitivity of the Personal Data processed by it on Customer’s behalf, which are designed to
protect the security, confidentiality, and integrity of such Personal Data and protect such Personal Data
against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
5. Customer Obligations. Customer confirms that it has a lawful basis in having CrowdStrike process the Personal
Data and/or that Customer has made such disclosures and obtained such consents and authorizations for the
lawful processing of Personal Data by CrowdStrike.
12
Exhibit B
Dispute Resolution Outside North America
If Customer’s principal office is located outside North America as indicated in the Agreement, the terms and conditions of this
Exhibit shall apply to all disputes arising out of or relating to this Agreement (excluding disputes regarding the actual or
alleged violation of CrowdStrike’s intellectual property rights or the collection of overdue invoices, which shall be governed
by California law).
1. For ALL principal offices outside North America:
a. Choice of Law. This Agreement, and the rights and duties of the parties arising from this Agreement, shall be governed by,
construed, and enforced with the laws of the State of New York, excluding its conflicts-of-law principles. The Uniform
Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply.
b. Arbitration. Any dispute, claim, or controversy arising out of or relating to this Agreement or the existence, breach,
termination, enforcement, interpretation, or validity of the Agreement, including the determination of the scope or
applicability of this Agreement to arbitrate, (each, a Dispute”) shall be referred to and finally resolved by arbitration under
the rules and at the location identified below. The arbitral panel shall consist of three (3) arbitrators, selected as follows: each
party shall appoint one (1) arbitrator; and those two (2) arbitrators shall discuss and select third arbitrator. If the two party-
appointed arbitrators are unable to agree on a third arbitrator, the third arbitrator shall be selected in accordance with the
applicable rules of the arbitration body. Each arbitrator shall be independent of each of the parties and shall have suitable
experience and knowledge in the subject matter of the Dispute. The arbitrators shall have the authority to grant specific
performance and to allocate between the parties the costs of arbitration (including service fees, arbitrator fees and all other
fees related to the arbitration) in such equitable manner as the arbitrators may determine. Judgment upon the award so
rendered may be entered in a court having jurisdiction or application may be made to such court for judicial acceptance of
any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, either party shall have the right
to institute an action in a court of proper jurisdiction for preliminary injunctive relief pending a final decision by the arbitrator,
provided that a permanent injunction and damages shall only be awarded by the arbitrator. The language to be used in the
arbitral proceedings shall be English.
2. For ONLY principal offices within Europe, the Middle East or Africa:
Any Dispute shall be referred to and finally resolved by arbitration under the London Court of International Arbitration Rules
(which Rules are deemed to be incorporated by reference into this clause) on the basis that the governing law is the law of
the State of New York, USA. The seat, or legal place, of arbitration shall be London, England.
3. For ONLY principal offices within Asia Pacific, Australia & New Zealand:
Any Dispute shall be referred to and finally resolved by arbitration under the Rules of Conciliation and Arbitration of the
International Chamber of Commerce in force on the date when the notice of arbitration is submitted in accordance with such
Rules (which Rules are deemed to be incorporated by reference into this clause) on the basis that the governing law is the law
of the State of New York, USA. The seat, or legal place, of arbitration shall be Singapore.
4. For ONLY principal offices within the Americas, excluding North America:
Any Dispute shall be referred to and finally resolved by arbitration under International Dispute Resolution Procedures of the
American Arbitration Association in force on the date when the notice of arbitration is submitted in accordance with such
Procedures (which Procedures are deemed to be incorporated by reference into this clause) on the basis that the governing
law is the law of the State of New York, USA. The seat, or legal place, of arbitration shall be New York, New York, USA.