General Privacy Statement

Effective Date: January 24, 2024

This General Privacy Statement (also referred to as our "Privacy Statement") explains how Elasticsearch, Inc., and our subsidiaries and affiliated companies ("Elastic," "we," "our," or "us") collect, use, share and otherwise process information that identifies or could be identifiable to you ("personal data" or "personal information").

Residents of the EEA, United Kingdom, and Switzerland

If EEA, UK or Swiss data protection law applies to the processing of your personal data, you can review the “Your Privacy Rights” section below to learn more about your rights and Elastic’s compliance with applicable laws.

California Residents

If you are a California resident, the California Privacy Rights Statement supplements this General Privacy Statement and provides an explanation of how Elastic “discloses” for “business purposes,” but does not “sell” or “share” your “personal information,” as those terms are defined under California law.

Interaction Specific Statements

We supplement this Statement with the following specific statements based on how we interact with you:

Product Privacy Statement. This statement applies to the information we collect and use in connection with customer deployments of our products and services.

Applicant Privacy Statement. This statement applies to the personal data we collect and use in connection with our employment recruiting process.

California Privacy Rights Statement. This statement explains the privacy rights of California residents.

Cookie Statement. This statement explains how we use cookies and similar technologies.

General Privacy Statement: Contents

Scope & Responsibilities
Information We Collect & How We Collect It
How We Use the Information
How We Share the Information
Cookies and Website Automatic Data Collection
Legal Basis for Processing Your Personal Data
International Data Transfers
Your Privacy Rights
U.S. State Law Requirements
Security
Other Information
How to Contact Us


Scope & Responsibilities

This General Privacy Statement explains your rights and choices related to the personal data we collect when:

  • You visit, interact with or use any of our websites, social media pages, marketing or sales communications, or register for our products and services ("Online Properties"); and
  • You visit, interact with or use any of our offices, events, sales, marketing and other offline activities ("Offline Properties")(collectively, the "Properties");

This General Privacy Statement does not cover:

  • Automatic collection from our products and services: This Statement does not cover the information we automatically collect in connection with your use of Elastic products and services. Please see our Product Privacy Statement for that information.

  • Applicant Information: This Statement does not cover information related to our employment recruiting efforts. Please see our Applicant Privacy Statement for that information.

  • Customer Content: Certain Elastic products permit customers to ingest or upload and submit content to the products ("Customer Content"). This notice does not cover Customer Content, including any personal data about you that may be contained in Customer Content, because the Customer, rather than Elastic, controls how Customer Content is processed. Any questions about the processing of Customer Content should be addressed to the Customer directly.

  • Organizational Use: When you use our products or services on behalf of an organization (e.g., your employer), your use is administered and provisioned by your organization under its policies regarding the use and protection of personal data. If you have questions about how your data is being accessed or used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization's system administrator.

Elastic determines the purposes and means for the processing (i.e., we are the data controller) of your personal data as described in this Privacy Statement unless expressly specified otherwise.


Information We Collect & How We Collect It

Elastic collects personal data and other information from you directly, through automated means, and from third parties. More information on each category follows:

From You

We collect personal data when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect personal data when you order, register to use, or request information about Elastic products and services, subscribe to marketing communications, complete surveys, provide such data in product feedback, or sign up for an Elastic event or webinar. We may also collect personal data from you when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.

The personal data we collect may include contact information (such as your name, address, telephone number, or email address), professional information (such as your employer name, address, job title, department or job role), user IDs, and passwords, and contact preferences. We collect information you choose to provide when completing any "free text" boxes in our forms (for example, for event sign-up, product feedback, or survey requests), and we collect personal data disclosed by you on message boards, chat features (such as Elastic Bot), blogs, and other services or platforms to which you can post information and materials (including third party services and platforms). We may also collect billing and transactional information.

Automatically

We use technology that is integrated into our Online Properties such as cookies, web beacons, and embedded URLs to provide us with automated data collection.

Online Properties

We automatically collect certain information when you use, access, or interact with our Online Properties. This information may include unique identification numbers and other information about the specific device you are using, such as the hardware model, operating system version, web-browser software, your Internet Protocol (IP) address/MAC address/device identifier, device event information (such as crashes, system activity, and hardware settings, browser language, the date and time of your request and referral URL), broad geographic location (e.g., country or city-level location) and other technical data that uniquely identifies your browser. We may also collect information about how your device has interacted with our Online Properties, such as the pages accessed and other statistical information. To learn more, please read the Elastic Cookie Statement.

Elastic Products

Elastic may automatically collect information in connection with your organization's deployment of certain products. See our Product Privacy Statement for more information.

From Third-Party Sources

We may also acquire data from other sources including affiliates in our corporate group, our partners, or others that we use to make our information better or more useful. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by our Automatic Data Collection Tools (see our Cookie Statement) to derive your general geographic area. Information may also be linked via a unique identifier, such as a cookie or account number.


How We Use the Information

Depending on the situation, we may use your information for the following purposes:

  • Communications and Transaction Processing. We use your information to communicate with you, respond to your requests, and provide the information you requested. We also use personal data, including financial, credit card, and payment information, to process transactions.

  • Provision, Administer, and Support Your Account. We use your information to provide our products and manage your account. Examples include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes.

  • Manage Your Customer Experience. We use your information to maintain accurate contact and registration data, deliver support, and to offer products, services, and features. We also use your data to deliver personalized communications and create recommendations based on your use of Elastic products, services, features, and your visits on our websites.

  • Advertising. We use your information to provide personalized advertising to you per your privacy preferences settings and applicable law. We might also share some of your information with marketing service providers and digital marketing networks to present advertisements that might interest you. This may involve the use of Automatic Data Collection Tools. To learn more about how Elastic uses Automated Data Collection Tools please see our Cookie Statement.

  • Facilitate and Evaluate Use of the Online Properties. We use your information to provide the Online Properties, to facilitate your use of the Online Properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and personalize and determine content.

  • Business Operations. We use your information to conduct ordinary business operations, e.g., business research and analytics, corporate reporting and management, staff training and quality assurance purposes, and outreach.

  • Security. We use the information to maintain the integrity and security of our websites, products and services and preventing and detecting security threats, fraud, or other criminal or malicious activity that might compromise your information or the information of other customers or website visitors.

  • Third Party Social Networks. We may use personal data to interact with you on third party social networks (subject to that network's terms of use).

  • Conferences and Events. Elastic and our partners may use your information to communicate with you about our events or our partner events. After the event, Elastic may contact you about the event and related products and services. We may share information about your attendance with your company, and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your personal data at their conference booths or presentations, your information will be handled per their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.

  • Education and Training: If you sign up for an Elastic certification course or training, Elastic will use your information to facilitate the delivery of such course or training.

  • Research & Innovation. We use your information to develop new products, features, and services using research and development tools and incorporating data analysis activities.

  • Comply with Law. We use your information as required to be compliant with applicable laws, regulations, court orders, government, and law enforcement requests.

  • Other Legitimate Business Purposes: We may use your information when it is necessary for other legitimate purposes, such as protecting Elastic's confidential and proprietary information.


How We Share the Information

We share your personal data with the following categories of recipients and only with the appropriate contractual obligations in place:

With Elastic Companies

We may transfer your personal data to other Elastic entities in the US and worldwide for the purposes outlined in this Privacy Statement. We protect your personal data per this Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. These steps include implementing the European Commission's standard contractual clauses along with supplementary measures, implementing the Information Commissioner's Office international data transfer addendum to the European Commission’s standard contractual clauses, and relying on the European Commission's and the Information Commissioner's Office’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA, UK, and Switzerland to the United States and other countries. We have implemented similar appropriate safeguards with our service providers, partners, and affiliates. Furthermore, our privacy guidelines are communicated to our employees on an annual basis as part of our mandatory training.

With Service Providers

We may share your information with third parties, such as vendors, consultants, agents and other service providers who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, targeted advertising, training and certifications, customer support, and data enrichment for the purposes and according to the legal bases described below. Our service providers are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by Elastic. These service providers may be located in the US or other global locations.

With Business Partners

We may share your information with our partners, such as distributors and resellers, and to other business partners, to fulfill product and information requests, to effectively deliver unified support, to provide customers and prospective customers with information about Elastic, and for event purposes. From time to time, Elastic may engage in joint sales, product promotions, or events with selected business partners. If you purchase or express interest in a jointly-offered product, promotion, service, or event, we may share relevant personal data with those partners. Such partners are responsible for managing their use of the personal data collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.

With Competent Authorities

We may share your personal data when we believe, in good faith, that we must: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts, and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Elastic or our affiliates; or (v) protect the rights or personal safety of Elastic's and our affiliates' employees, and third parties on or using Elastic property when allowed and in line with the requirements of applicable law.

For Corporate Transactions

We may share your information where, whether for strategic or other business reasons, Elastic decides to sell, buy, merge, or otherwise reorganize its businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive your personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.


Cookies and Website Automatic Data Collection

Please see our Cookie Statement for detailed information on our use of cookies and Automatic Data Collection Tools.


Legal Basis for Processing Your Personal Data

We only use your personal data in a lawful, transparent, and fair manner. Depending on the specific personal data concerned and the factual context, we rely on the following legal bases:

  • As necessary to prepare and enter into a contract;
  • Consistent with specific revocable consents;
  • As necessary to comply with our legal obligations;
  • To protect your vital interests or those of others; and
  • As necessary for our (or others') legitimate interests, including our interests in, unless those interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.


International Data Transfers

Elastic operates globally, which means personal data collected in the European Economic Area ("EEA"), UK or Switzerland may be stored and processed outside of the country or region where it was initially collected. We protect your personal data in accordance with this Privacy Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. These steps include implementing the European Commission's standard contractual clauses along with supplementary measures, implementing the Information Commissioner's Office international data transfer addendum to the European Commission’s standard contractual clauses, and relying on the European Commission's and the Information Commissioner's Office’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA, UK, and Switzerland to the United States and other countries. We have implemented similar appropriate safeguards with our service providers, partners and affiliates.


Your Privacy Rights

Depending on where you live, you may have certain rights including the rights to access, correct, delete and export your personal data, and to object to or request that we restrict processing of your personal data.

To exercise your rights, you may raise a request by submitting this form. Please identify yourself and specify your request. We use commercially reasonable efforts to delete your personal data as required, but retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.

You may also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

Subscription Communications and General Communications

You have the option of subscribing to communications from us. Elastic subscription communications include email newsletters, software updates, and maintenance notifications that may be expressly requested by you or which you consented to receive.

After you consent to such communications, you may opt-out of receiving them by following the instructions in the email. To unsubscribe from all Elastic email lists, please click here.


U.S. State Privacy Law Requirements

Some U.S. state privacy laws like the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA) require specific disclosures for state residents.

This Privacy Statement is designed to help you understand how Elastic handles your personal data:

  • We explain the categories of personal data we collect and the sources of that personal data in Information We Collect & How We Collect It.
  • We explain how we use personal data in How We Use the Information.
  • We explain when we may share information in How We Share the Information.
    We do not sell your personal data to any third parties. We also do not “share” your personal information as that term is defined in the CCPA.
  • We explain how we retain personal data in the Data Retention section of this Privacy Statement.

State laws like the CCPA and VCDPA also provide the right to request information about how we collect, use, and disclose personal data. And they give you the right to access and correct personal data, and to request that Elastic delete that personal data.

To exercise your rights, you may raise a request by submitting this form. Please identify yourself and specify your request. We use commercially reasonable efforts to delete your personal data as required, but retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others. If you disagree with the decision on your request, you can ask us to reconsider it by responding to the team’s email.

For additional information related to your rights and for other required disclosures for residents of California, please see our California Privacy Rights Statement.


Security

Elastic is committed to protecting the security of personal data. We use appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure. Despite these measures, Elastic cannot eliminate security risks associated with personal data, and mistakes and security breaches may happen. We retain the data only as required or permitted by law, and while the data continues to have a legitimate business purpose. Please contact us with security questions at security@elastic.co.


Other Information

Data Retention. We retain information collected in connection with the Properties for so long as necessary to fulfill the purposes outlined in this Statement or where we have an ongoing legitimate business need to do so.

Changes to this Privacy Statement. This General Privacy Statement is subject to occasional revision. If we make any substantial changes in the way we use personal data, we will take appropriate measures to inform our customers, consistent with the significance of the changes we make. We will provide notice of any material changes if and where required by applicable data protection laws.

The date of the most recent update to this General Privacy Statement can be found by checking the "effective" date displayed at the top of this Statement.


How to Contact Us

If you have any questions or concerns regarding this Statement, you may call us at +1.650.458.2620, submit your request through our form, or send your request by postal mail to:

Elasticsearch, Inc.
Attn: Privacy Team
88 Kearny Street

Floor 19
San Francisco, CA 94018 USA

Or

Elasticsearch B.V.
Attn: Privacy Team
Keizersgracht 281
1016 ED Amsterdam
The Netherlands

Data Protection Officer. Elastic has appointed an external Data Protection Officer for German data subjects. For questions about how information is gathered, stored, shared, used, or to exercise any data subject rights, please contact our Data Protection Officers here.

If we are unable to resolve your concerns, you have the right to contact your local data privacy supervisory authority or seek a remedy through the courts if you believe your requests to exercise your rights have not been honored.