We’ve designed our contracting process to be as simple as possible in order to accelerate your journey to using Splunk solutions and unleashing the power of your data. Splunk terms are balanced and specifically drafted to reflect our offerings and business practices. We continuously benchmark against industry standards and listen to our customers to provide the terms and protections that are most meaningful to the marketplace. Our experts are available to answer questions and facilitate the most efficient path to an agreement.
Here, you can read all about our General Terms and Specific Offering Terms. You can also take a look at our privacy terms and security terms.
Our Splunk General Terms (SGT) is what you need to buy any Splunk offering. It’s a single set of terms that applies across all our offerings so you contract with Splunk just once! The SGT incorporates our Specific Offering Terms and Support Terms, as well as our security terms and privacy terms.
Some Splunk offerings have additional terms that supplement our General Terms. These are set out in our Specific Offering Terms and will apply to your purchased offering where applicable. The Specific Offering Terms are part of your agreement with us and they are incorporated into the Splunk General Terms by reference. They contain additional details applicable only to certain offerings, so you can enjoy additional Splunk products and services over time simply by sending us your order, without having to sign a new agreement.
Splunk maintains a robust security program designed to protect the confidentiality, integrity and availability of your data. Splunk Cloud Platform has been certified by independent third-party auditors to meet SOC 2 Type II and ISO 27001 security standards. We also offer a Level 1 PCI-DSS certified premium environment for customers that plan to ingest cardholder data, as well as a HIPAA-certified Splunk Cloud Platform premium environment for customers that plan to ingest PHI. Splunk Observability Cloud has also been certified by independent third-party auditors to meet the SOC 2 Type II security standard.
Our comprehensive security addenda for our offerings include the administrative, organizational, technical and physical measures we undertake to protect your data, and are incorporated by reference into the General Terms, as applicable. The security measures in our addenda reflect the way we provide our offerings. As such, Splunk is unable to make changes to these security terms.
Splunk has a Data Processing Addendum (DPA) that complies with the requirements for a data processor under GDPR. Although Splunk is certified under the new EU-U.S. Data Privacy Framework, we - for the time being - solely rely on the Standard Contractual Clauses for data transfers from the EEA/EU/UK to the U.S. Additionally, Splunk offers a separate DPA to address US privacy laws. Customers can sign either DPA, or both. Our DPAs are tailored to reflect how we offer our products and services and are scaled to meet the needs of all customers.
Download exemplar copies of our DPAs or execute either or both DPAs via DocuSign here.
For more information regarding Splunk’s privacy and security compliance programs, including our SOC 2 Type II and ISO 27001 audit reports, take a look at our Security Terms section above and Splunk Protects.
Specific questions regarding the transfer of personal data from the EEA/EU to the U.S. can be found on Splunk Protects and in our Whitepaper on International Data Transfers & the EU-U.S. Data Privacy Framework.
Financial Services
Splunk has a dedicated financial services (FSI) program for our FSI sector customers subject to additional regulations related to outsourcing, third-party risk management, and cloud services. To learn more about Splunk’s approach, please visit “Splunk and Financial Services”, where you can find our “Splunk and Financial Services” white paper.
Public Sector
Splunk recognizes that public sector customers have to adhere to a variety of regulations governing how they procure software and cloud services and have stringent requirements for the types of organizations they can do business with. Splunk’s products meet a variety of certification standards required by our public sector customers. We have taken a robust approach when it comes to our focus on environmental sustainability. Splunk works with a large variety of local authorized channel partners who participate in a myriad of government contracting vehicles and framework agreements. Our Splunk General Terms provide you with an insight on the core licensing model that we and our partners use when selling Splunk’s offerings.
Healthcare Sector
Splunk acknowledges that protected health information is a sensitive category of personal data, and offers customers regulated by HIPAA with a premium HIPAA environment for our Splunk Cloud Platform service. In addition to the protections already granted by the Splunk General Terms and the Splunk Cloud Platform Security Addendum, if you elect the premium HIPAA environment and require a Business Associate Agreement (BAA), you may download and electronically sign the Splunk BAA. The Splunk BAA establishes how Splunk complies with HIPAA in connection with protected health information in Splunk Cloud Platform’s HIPAA environment.
Additional Resources
Data Privacy. Security. Compliance.These matter to you and they are imperative to us.
Splunk’s prior agreements can be found here: Software License Agreement and Splunk Cloud Terms of Use