Elastic Privacy Statement

Effective Date: May 18, 2018

Elastic welcomes your interest in our company, products, and services. This document is our "Privacy Statement." It applies to Elasticsearch, Inc., our subsidiaries and affiliated companies, as well as all Elastic-owned and operated websites, domains, services, applications, and products (collectively, "Site", "Elastic", "We", "Our", or "Us").

This Privacy Statement informs you of our privacy practices and the choices you can make about the way we collect and use information about you, including information that may be collected from your online activity, use of our products and services, and provided to us for purposes of recruitment or employment consideration.

Use and Purpose of Collected Personal Data

The term "Personal Data" means information relating to an identified or identifiable natural person. That is, someone who can be directly or indirectly identified. This may include your full name, physical address, email address, telephone number, IP address, or any other personal information that, alone or in combination with other information, enables contact with you physically or online.

When We Collect Personal Data

We collect Personal Data that you knowingly and voluntarily provide when you:

  • Interact with our websites;
  • Register for any of our services;
  • Submit requests, suggestions, or other communications to us;
  • Choose to share usage information regarding Elastic products and services with Elastic

What Data We Collect

We collect information that is directly provided by you, collected automatically, and gathered from third parties.

Information Directly Provided by You

  • Contact Data – We may collect contact data including your first name, last name, mailing address, telephone number, fax number, email address, your favorite superhero, and other similar contact information.
  • Payment Data – We collect data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.
  • Account Data – We collect anything related to the account you create, this may include information such as your username, how you purchased or signed up for Elastic products and services, or events, your transaction, billing, and support history.
  • Location Data – We may collect geolocation data when you enable location-based services or when you choose to provide location-related information during product, service, or event registration.
  • Security Credentials Data – We collect user IDs, passwords, password hints, and similar security information required for authentication and access to Elastic accounts.
  • Demographic Data – We may collect certain demographic data including country, gender, age, preferred language, general educational and employment background, and general job interest data.
  • Preferences – We collect information about your preferences and interests as they relate to our products, services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
  • Social Media Data – We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that may be collected, used, and shared by those sites.
  • Other Unique Identifying Information – Examples of other unique information that we may collect from you include information you provide when you interact in-person, online or by phone or postal mail with our service centers, help desks or other customer support channels, events, meetups and conferences, your responses to customer surveys or contests, or additional information you have provided to us to facilitate delivery of website content, services and to respond to your inquiries.

Information Collected Automatically

We use technology integrated into our websites, products, and services that you can choose to enable to provide us with automated data collection. Such information may include:

  • Product Usage Data - If you elect to send product usage information, also known as telemetry information, we collect details as described in our Telemetry Privacy Statement Supplement
  • Elastic Cloud Usage Data - When you use an Elastic Cloud trial or subscription account, we collect information about your use of the Elastic Cloud service, as described in our Telemetry Privacy Statement Supplement
  • Demonstration Usage Data - If you interact with our demonstration systems at https://demo.elastic.co, we collect detailed information about your interaction with the demo system as described in our Telemetry Privacy Statement Supplement
  • Device Data - Data collected from Google Analytics may provide us with information regarding your device type (mobile, tablet, desktop/laptop, etc.), operating system, and type of browser. This helps us prioritize support for popular configurations.
  • Application Data - We may collect data regarding key performance metrics of Elastic applications in order to understand if there are issues.
  • Website Browsing Data – We collect information about your visits and activity on our Elastic websites, including the content (and any ads) that you view and interact with, the address of the website from which you were referred and other clickstream behavior (such as the pages you view, the links you click or which items you've added to your shopping cart). Some of this information is collected using our Automatic Data Collection Tools which include cookies, web beacons and embedded web links. To learn more, please read the Cookies and Website Automatic Data Collection section in this Privacy Statement.

Information Collected from Third-Party Sources

We may also acquire data from third-party sources that we deem to be credible and that are either publicly-available, or available on a commercial basis. Such information may include:

  • Personal data - We may collect Personal Data such as your name, address, email address, preferences, interests, and certain demographic data. For example, Personal Data may be collected when you access our applications through social media logins (e.g., logging in to our applications using your Facebook or other social media credentials). The details we receive may depend on your social media account privacy settings.
  • Business contact data - In order to provide some of our products and services at an enterprise level, your business contact data may be provided to us by a designated entity within your business or enterprise (such as a member of your IT department). Where necessary, we may also use information provided by you or your employer, together with information from publicly-available and other online and offline sources, to conduct due diligence checks on business contacts as part of our anti-corruption and export control compliance programs.
  • Combined data - In order to ensure data accuracy and offer personalized services, content, marketing and ads, we may link or combine the information that we collect from the different sources outlined above. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by our Automatic Data Collection Tools (see Cookies and Website Automatic Data Collection) to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.

Other Information We Collect

We may also collect information and data you choose to provide that is not Personal Data, such as your occupation, affiliated companies, and general location. Additionally, we may collect technical information relating to your mobile phone, mobile device or computer and the way you interact with the Site, such as your IP address, browser type, and aggregate user data. This information is used to identify your internet browser, store your user preferences, authenticate user sessions, provide services, and determine whether you have installed the software necessary to access certain material or applications on the Site.

How We Use Personal Data

We use your Personal Data for the following purposes:

Transaction Processing and Account Administration

To process transactions and orders of our products or services (including payment processing), to provide troubleshooting or consulting for our products or services, and for account administration.

Managing Your Customer Experience

To maintain accurate contact and registration data, deliver customer support, and to offer products, services, and features that may interest you. We also use your data to deliver personalized communications and create recommendations based on your use of Elastic products, services, features, and your visits on our websites.

Advertising

To provide personalized advertising to you in accordance with your privacy preferences settings. We might also share some of your information with marketing service providers and digital marketing networks to present advertisements that might interest you. This may involve the use of Automatic Data Collection Tools. To learn more about how Elastic uses Automated Data Collection Tools and which ones, please see our Cookies and Website Automatic Data Collection section of this document.

Administrative Communications

To answer questions or to provide information, support, or advice about existing and new products or services.

Business Operations

To conduct ordinary business operations, e.g., recruiting, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support team) and outreach.

Research & Innovation

To develop new products, features, and services using research and development tools, and incorporating data analysis activities.

Security

To maintain the integrity and security of our websites, products and services and preventing and detecting security threats, fraud, or other criminal or malicious activity that might compromise your information or the information of other customers and/or website visitors.

Compliance with Law

We collect and store data as required to be compliant with applicable laws, regulations, court orders, government, and law enforcement requests.

Third Parties With Whom We Share Your Data

Sharing with Elastic Affiliated Entities

We may transfer your Personal Data to other Elastic entities within the US or worldwide for the purposes outlined in this Privacy Statement. To ensure that your Personal Data is private, Elastic entities are contractually bound to comply with our privacy requirements. For the transfer of Personal Data to Elastic entities outside of the European Union, we have agreed on respective EU Model Clauses between the Elastic entities. Furthermore, our privacy guidelines are communicated to our employees on an annual basis as part of our mandatory security and privacy awareness training. By accessing our websites, registering a product or for services, creating an account, or otherwise providing us with your Personal Data, you consent to the transfer of your Personal Data throughout the global Elastic network of entities on the basis of the international restrictions stated above.

Sharing Data with Third Party Service Providers

We will not provide your Personal Data to third party advertisers without your permission, except as provided in this privacy statement. We will not share Personal Data with third parties that would directly contact you without your explicit consent to be contacted by a partner. However, we may provide information and data that is not Personal Data, to our third party providers for any purpose including primarily customizing and targeting advertising messages.

We work with external service providers to plan, manage and/or support certain aspects of our business operations on our behalf.

These service providers may be located in the US or in other global locations and may provide services such as credit card processing, customer support, advertising and marketing activities (including digital and personalized advertising), email service, or data hosting. Our service providers are required by contract to safeguard any Personal Data they receive from us and are prohibited from using the Personal Data for any purpose other than to perform the services as instructed by Elastic.

Examples of our third party service providers and the use of your data:

  • Google Analytics - We use Google Analytics to understand visitor trends, page popularity, geographic distribution of interest, time on pages, or issues with our site. We use this data to understand how to invest in regions based on demand. For more information about Google Analytics, see https://policies.google.com/privacy?hl=en and for more information about how Google uses data when you use a Google partner's sites or apps, see www.google.com/policies/privacy/partners/
  • Clearbit - In an effort to reduce the amount of information we require users to enter when registering for content or trials on our Site, we use Clearbit to enrich information. For example, many forms only ask for an email address. We securely pass the email address to Clearbit to provide us additional information that may include social identification (like Twitter handle), first and last name as well as organizational affiliation.
  • Kickfire - Used to identify organizations (not individuals) visiting our site. We leverage this information to determine regional investments in our support, website, sales, and marketing investments.
  • Facebook - We service a growing community of over 75,000 global followers on Facebook and use the platform to inform this community of new content available. We use a Facebook cookie to match audiences and enable us to ensure we can deliver paid (and unpaid) advertising to our Facebook Elastic followers and additional audiences that we think would be interested in the content.
  • Google AdWords - We use Adwords to deliver advertising through Google's network of advertising sites.
  • LinkedIn - We serve a community of over 30,000 global followers on LinkedIn. We share content with this community, and use matching techniques to provide advertising on LinkedIn. The matching techniques include the use of a cookie we execute on our websites and may include email matching (which is only used for Elastic advertising).

Sharing Data with Third Parties Who May Collect Information

The following third parties may collect information through the Site, but, except as set forth above, such information shall not include Personal Data unless you post or publish such Personal Data in areas of the Site accessible to other users or the public:

  • third parties that help facilitate the Site may, from time to time, collect information through the Site in the course of providing support;
  • we may share Site information with partners for marketing purposes;
  • third parties may collect other information that you voluntarily post or publish through the Site in any way; and/or
  • web-crawlers such as Google or Yahoo may collect information through the Site.

The Site may contain links or references to other websites, including third party advertisers and other unaffiliated websites. We are not responsible for the privacy policies of those websites or of advertisers on the Site, and you should read the privacy policies of each website you visit.

Sharing Financial Information

Elastic uses third party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third party processors. These third party processors currently include Wirecard. Chase Paymentech, and Recurly, and their privacy policies may be viewed at:

Sharing Data for Other Reasons

Corporate transactions

Circumstances may arise where, whether for strategic or other business reasons, Elastic decides to sell, buy, merge or otherwise reorganize its businesses. In such transactions, we may disclose or transfer your Personal Data to prospective or actual purchasers, or receive your Personal Data from sellers. Our practice is to seek appropriate protection for your Personal Data in these types of transactions.

Compliance with law

We may also share your Personal Data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts, and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Elastic and/or our affiliates; or (v) protect the rights or personal safety of Elastic's and our affiliates' employees, and third parties on or using Elastic property when allowed and in line with the requirements of applicable law.

Online Advertising and Tracking

Elastic engages with third-party advertising networks on the Site. Ad networks may include third-party ad servers, ad agencies, ad technology vendors and research firms. We are not responsible for the privacy practices of these third parties, and we encourage you to read their privacy policies, which may apply to these third-party programs. Ad networks allow us to target our advertising to users through demographic, behavioral and contextual means. After you visit our websites, these ad networks may continue to track your online activities over time across third-party websites or online services by collecting information through automated means, including through the use of cookies, identifiers, web server logs, web beacons and other methods.

Because there is not yet a consensus on how companies should respond to web browser-based or other do-not-track ("DNT") mechanisms, we do not respond to web browser-based DNT signals at this time.

How We Keep Your Data Secure

To prevent unauthorized access or disclosure, and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. We retain the data only as required or permitted by law, and while the data continues to have a legitimate business purpose.

 

Cookies and Website Automatic Data Collection

We use and allow certain other companies to use cookies, web beacons and other similar technologies (collectively "Automatic Data Collection Tools") on our website and in the marketing, sale and delivery of our products and services. We do this to understand your use of our website and our products and services and to improve your user experience and to enable personalized features and content, optimize our advertisements and marketing, and to enable third-party advertising companies to assist us in serving ads specific to your interests across the internet.

For information regarding advertising opt-out and cookie choices, please see Third Party Advertising Cookies and Social Media Cookies below.

Our Use of Cookies

Cookies are text files containing small amounts of information which are stored on your device when you visit a site. The entity that places cookies on your browser can then read the information on that cookie that it set. We categorize cookies as follows:

  • Necessary cookies - These cookies are essential for our websites and their features to work properly, and for us to properly provide services that depend on our websites and these features. (e.g., to remember cookie permission settings, session logins, etc.)
  • Convenience cookies - These enable us to improve the usability and performance of our websites and services that depend on our websites. (e.g., to remember selection of region and country to redirect visitors to localized websites, or for altering or suggesting content that matches navigation patterns.)
  • Statistics cookies - Used to collect information about how you navigate to and from our websites and how you use our website. The collection of this information is carried out as anonymous access measurements. Statistics cookies may be classified as either session cookies or persistent cookies. Session cookies expire when you close your browser session. Persistent cookies may remain on your system for an extended period of time.
  • Targeting/Retargeting cookies - Used by our advertising services to provide you with Elastic-relevant advertising content.
  •  

    Third Party Advertising Cookies and Social Media Cookies

    We use third party cookies on our websites, which will then be stored on your device (unless you opt-out) to allow them to show you advertisements that may be relevant and useful to you. We may use remarketing tags (e.g., Facebook, Outbrain, Google, LinkedIn) that align with these third party cookies to deliver advertisements about products that you have browsed on our site when you are on third party websites. However, the remarketing tags that we use do not include any information that directly identifies you. We would note, however, that these advertisers and other third parties (including ad networks, ad-serving companies, and other service providers they may use) may correlate the remarketing tag to their own third party cookies, and infer the user ID of users who interact with or click on a personalized ad or content.

    Cookies may also be used when you share information using a social media feature on our website or with services made available via our website. The social media network may record your activities which may be linked to targeted advertising. The types of cookies used by these third parties and how they use the information generated by them will be governed by those companies' privacy policies.

    You can find out more about some of our social media, interest-based advertising partners and opt-out mechanism by visiting these websites:

    If you do not want to allow cookies at all, or only want to allow use of certain cookies, please refer to your browser settings. You can also use your browser settings to withdraw your consent to our use of cookies at any time, and delete cookies that have already been set. Your browser help menu contains information about the process of opting out on different browsers.

    Note that by disabling certain categories of cookies, you may be prevented from accessing some features of our sites, and certain content or functionality may not be available.

    If you are in the EU and would like to opt out of third party cookies relating to interest-based advertising, please go to www.youronlinechoices.eu.

    In the US and Canada, we comply with the Digital Advertising Alliance industry standards with respect to interest based advertising. To learn more about your advertising choices if you are in the US, please click here or in Canada please click here.

    In the US, the Network Advertising Initiative also offers a means to opt out of a number of advertising cookies. Please visit www.networkadvertising.org to learn more. Note that opting out does not mean that you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

    Examples of Cookies in Use on Elastic Websites

    Name: Cookie Acceptance cookie-accepted
    Category: Necessary
    Type: Permanent. This cookie will be stored until you change your cookie settings.
    Purpose: Allows you to continue using/navigating the website(s) by accepting our cookie policy.

    Names: Marketo (Form Consent and site activity tracking), Google Optimize (content testing and optimization)
    Category: convenience
    Type: Permanent. These cookies will be stored until you change your cookie settings.
    Purpose: Remembers your consent to opt-in and/or the use of cookies for this website for features that do not require re-authentication or more additional information to view additional content. Provides site activity tracking used to infer interest and relevant content to share through our site and additional channels such as email and advertising. Enables us to test and optimize content that users will find more valuable and engage with. For more information about Marketo, see https://www.marketo.com/company/trust/. For more information about Google Optimize, see https://policies.google.com/privacy?hl=en.

    Name: AirPR
    Category: Convenience
    Type: Statistics (Social Media and News Activity Tracking)
    Purpose: This enables Elastic to understand the origins of traffic that comes to our website. For example, if users follow a link from a Tweet or a news article about our company or products.

    Names: Google Analytics, Kickfire
    Category: Statistics
    Type: Permanent. These cookies will be stored for 3 years max. or until you change your cookie settings.
    Purpose: Enables us to understand geographic demand, determine site effectiveness, and identify issues on our site. Helps us identify organizations engaging with our website(s) so that we can determine how and where we invest to support growing demand for our products and services.

    Names: Facebook, Google AdWords, LinkedIn, Stack Overflow, Outbrain
    Category: Advertising retargeting
    Type: Permanent. These cookies will be stored for 3 years max. or until you change your cookie settings.
    Purpose: Enables us to provide Elastic-relevant content in advertising to you from third party sites and provides us with analytics on site visitors' organizations and trends.

    Other Automatic Data Collection Tools

    Web Beacons

    We may use and permit select third parties to use web beacons (usually in combination with cookies) to compile information about your website usage and your interaction with email or other communications, to measure performance and to provide content and ads that are more relevant to you.

    A web beacon (also known as a web bug or clear GIFs) is typically a transparent graphic image (usually 1 pixel x 1 pixel) that can be embedded in online content, pictures, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the date and time when you viewed the beacon, and the IP address of your device. For instance, we may include web beacons on our websites, and in our promotional email messages or newsletters to determine whether our messages have been opened or acted upon and whether our mailing tools are working correctly.

    Because web beacons are the same as any other content request initiated in a web page, you cannot opt out or refuse them. However, you may be able to disable web beacons in email messages by not downloading images contained in messages you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable a web beacon or other Automatic Data Collection Tools in the email message due to specific email software capabilities. For more information, refer to the details provided by your email software or service provider. Web beacons may also be rendered ineffective in some circumstances by opting out of cookies or amending your cookie settings in your browser.

    Embedded Web Links

    Emails from us often use links designed to lead you to a relevant area on the web, after redirection through our servers. The redirection system allows us to change the destination URL of these links, if necessary, and to determine the effectiveness of our communications and marketing initiatives. In emails, such web links may also allow us to determine whether you have clicked a link in an email, and information about this interaction may be connected to your personal identity.

    If you do not want us to collect information about the links that you click, you can:

    • Change your choice about how you receive communications from us (i.e., choose a text-based version of the message where available) or choose not to click links in emails that we send.
    • Choose privacy settings in your browser and email client that will restrict this information.

    Your Rights

    At your request, we will: (i) inform you of what personal information we have on file for you; (ii) amend or correct the personal information that we have on file for you or any previous privacy preferences that you have selected; and/or (iii) erase personal information that you have provided to us, or that we have collected. You may do so by contacting us via email at privacy@elastic.co; provided, however, that we ask individuals to identify themselves and the information requested to be accessed, corrected or erased before processing such requests, and, to the extent permitted by applicable law, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).

    For information regarding advertising opt-out and cookie choices, please see Third Party Advertising Cookies and Social Media Cookies above.

    If you ask us to erase your Personal Data from our records, we will use commercially reasonable efforts to do so while retaining any record necessary to comply with a governmental authority or applicable federal, state, or local law.

    Your California Privacy Rights

    If you are a resident of the State of California and would like to opt-out from the disclosure of your personal information to any third-party for marketing purposes, please email us at: privacy@elastic.co; call us at +1.650.458.2620; or send your request via postal mail to:

    Elasticsearch, Inc.
    800 W. El Camino Real, Suite 350
    Mountain View, CA 94040 USA

    Please be advised that where California State residents opt-out from permitting their personal information to be shared, such individuals may still receive selected offers directly from us, in accordance with applicable law.

    Your European Union Privacy Rights under GDPR

    If you are an EU person and would like to exercise your GDPR privacy rights, such as your right to access, amendment, correction, or erasure of Personal Data, please email us at: privacy@elastic.co; call us at +1.650.458.2620; or send your request via postal mail to:

    1. Elasticsearch, Inc.
      Attn: Privacy Team
      800 W. El Camino Real, Suite 350
      Mountain View, CA 94040 USA

    Or

    1. Elasticsearch B.V.
      Attn: Privacy Team
      Rijnsburgstraat 11
      1059 AT Amsterdam
      The Netherlands

    Your Privacy Preferences

    You have the option of subscribing to communications from us. You can change your choices at the data collection point, or by using other methods, described below. Please note that these options do not apply to communications primarily for the purpose of administering order completion, contracts, support, updates, or other administrative and transactional notices, where the primary purpose of these communications is not promotional in nature.

    Subscription Communications and General Communications

    Elastic subscription communications include email newsletters, software updates, maintenance notifications, etc. that may be expressly requested by you or which you consented to receive.

    After you consent to such communications, you may opt out of receiving them by using one of the following methods:

    • Select the email's "Opt out" or "Unsubscribe" link and follow the instructions included in each email subscription communication.
    • To unsubscribe from messages delivered to mobile devices, reply to the message with the words "STOP" or "END."
    • Visit https://www.elastic.co/unsubscribe and follow the instructions.
    • Contact our Data Protection Officer at daniela.duda@elastic.co. Please be sure to provide your name, contact information, and specific relevant information about the Elastic subscriptions or marketing that you no longer wish to receive.

    Please note that unsubscribing from one email list does not automatically unsubscribe you from any other email list that you may be on. Please read the email carefully to find out which list you are unsubscribing from. To unsubscribe from all Elastic email lists, please click here.

    Contact Us

    If you have any questions or concerns about our Privacy Statement, our collection and use of your data or a possible breach of local privacy laws, you can contact us via email to privacy@elastic.co or write to us at the appropriate address below:

    Elasticsearch, Inc.
    Attn: Privacy Team
    800 El Camino Real, Suite 350
    Mountain View, CA 94040
    United States of America

    Elasticsearch B.V.
    Attn: Privacy Team
    Rijnsburgstraat 11
    1059 AT Amsterdam
    The Netherlands

    All communications will be treated confidentially and we will also take reasonable steps to verify your identity, such as requiring a password and user ID or confirming personal information, in order to validate any requests, questions or concerns. Upon receipt of your communication, our representative will respond to you within a reasonable time to address your requests, questions or concerns and ensure that they are resolved in a timely and appropriate manner.

    You can also contact our Data Protection Officer (DPO):

    Daniela Duda, DPO
    daniela.duda@elastic.co

    If we are unable to resolve your concerns, you have the right to contact your local data privacy supervisory authority or seek a remedy through the courts if you believe your requests to exercise your rights have not been honored.