Contracting with Splunk is simple
We’ve designed our contracting process to be as simple as possible in order to accelerate your journey to using Splunk solutions and unleashing the power of your data. Splunk terms are balanced and specifically drafted to reflect our offerings and business practices. We continuously benchmark against industry standards and listen to our customers to provide the terms and protections that are most meaningful to the marketplace. Our experts are available to answer questions and facilitate the most efficient path to an agreement.
Here, you can read all about our General Terms and Specific Offering Terms. You can also take a look at our privacy terms and security terms.
General Terms
Our Splunk General Terms (SGT) is what you need to buy any Splunk offering. It’s a single set of terms that applies across all our offerings so you contract with Splunk just once! The SGT incorporates our Specific Offering Terms and Support Terms, as well as our security terms and privacy terms.
Specific Offering Terms
Some Splunk offerings have additional terms that supplement our General Terms. These are set out in our Specific Offering Terms and will apply to your purchased offering where applicable. The Specific Offering Terms are part of your agreement with us and they are incorporated into the Splunk General Terms by reference. They contain additional details applicable only to certain offerings, so you can enjoy additional Splunk products and services over time simply by sending us your order, without having to sign a new agreement.
Security Terms
Splunk maintains a robust security program designed to protect the confidentiality, integrity and availability of your data. Splunk Cloud Platform has been certified by independent third-party auditors to meet SOC 2 Type II and ISO 27001 security standards. We also offer a Level 1 PCI-DSS certified premium environment for customers that plan to ingest cardholder data, as well as a HIPAA-certified Splunk Cloud Platform premium environment for customers that plan to ingest PHI. Splunk Observability Cloud has also been certified by independent third-party auditors to meet the SOC 2 Type II security standard.
Our comprehensive security addenda for our offerings include the administrative, organizational, technical and physical measures we undertake to protect your data, and are incorporated by reference into the General Terms, as applicable. The security measures in our addenda reflect the way we provide our offerings. As such, Splunk is unable to make changes to these security terms.
Privacy Terms
Splunk has a Data Processing Addendum (DPA) that complies with the requirements for a data processor under GDPR and relies on the Standard Contractual Clauses for data transfers from the EEA/EU to the U.S. Additionally, Splunk offers a separate DPA to address US privacy laws. Customers can sign either DPA, or both. Our DPAs are tailored to reflect how we offer our products and services and are scaled to meet the needs of all customers.
Download exemplar copies of our DPAs or execute either or both DPAs via DocuSign here.
For more information regarding Splunk’s privacy and security compliance programs, including our SOC 2 Type II and ISO 27001 audit reports, take a look at our Security Terms section above and Splunk Protects.
Specific questions regarding the transfer of personal data from the EEA/EU to the U.S. under the Standard Contractual Clauses as discussed in Schrems II are addressed in our white paper and the Schrems II Questionnaire to assist in the completion of a Data Transfer Impact Assessment.
Regulated Sectors
Financial Services
Splunk has a dedicated financial services program for our customers in the financial services sector who are subject to additional regulations that relate to outsourcing, third-party risk management and cloud services. We have taken into account various global regulations including the European Banking Authority Outsourcing Guidelines 2019, guidance issued by the United States Federal Banking Regulations and Federal Financial Institutions Examination Council on outsourcing and third party risk, and the Monetary Authority of Singapore’s Outsourcing Guidelines 2018, amongst others.
Our financial services program includes robust security terms, a business continuity and resilience management program, performance management and monitoring, a pre-sales due diligence assessment and a three-tiered audit program to help our customers meet their compliance requirements. More information about Splunk’s approach to financial services regulations is available in our White Paper.
Public Sector
Splunk recognizes that public sector customers have to adhere to a variety of regulations governing how they procure software and cloud services and have stringent requirements for the types of organizations they can do business with. Splunk’s products meet a variety of certification standards required by our public sector customers. We have taken a robust approach when it comes to our focus on environmental sustainability. Splunk works with a large variety of local authorized channel partners who participate in a myriad of government contracting vehicles and framework agreements. Our Splunk General Terms provide you with an insight on the core licensing model that we and our partners use when selling Splunk’s offerings.
Healthcare Sector
Splunk acknowledges that protected health information is a sensitive category of personal data, and offers customers regulated by HIPAA with a premium HIPAA environment for our Splunk Cloud Platform service. In addition to the protections already granted by the Splunk General Terms and the Splunk Cloud Platform Security Addendum, if you elect the premium HIPAA environment and require a Business Associate Agreement (BAA), you may download and electronically sign the Splunk BAA. The Splunk BAA establishes how Splunk complies with HIPAA in connection with protected health information in Splunk Cloud Platform’s HIPAA environment.
Additional Resources
Splunk Protects
Data Privacy. Security. Compliance.These matter to you and they are imperative to us.
Archived Terms
Splunk’s prior agreements can be found here: Software License Agreement and Splunk Cloud Terms of Use
