Please note that this document is for informational purposes only, and that Datadog customers are responsible for making their own independent assessment of the information presented below. All of Datadog’s obligations and liabilities to our customers are outlined in our agreements, and this document does not form part of, or modify, any agreement between Datadog and our customers.
What is Datadog?
Datadog is a subscription-based, multi-tenant, third-party cloud-hosted, web-based, software as a service (SaaS) platform. Our services enable our customers’ collection, monitoring, management and analysis of data generated by their IT systems, platforms, services, applications, software, devices, sites and/or networks in order to gain real-time visibility into the operation of the information technology supporting their businesses.
What are the key features of Datadog’s model?
Subscription-Based: Although you can purchase our services through the platform on a pay-as-you-go basis, most of our customers purchase annual access subscriptions to our platform. Subscriptions are commitments by both parties to maintain the relationship through the full term of the applicable order and cannot be terminated for convenience mid-term.
Multi-Tenant: This means that a single instance of the software and support infrastructure serves multiple customers. While each customer’s data is isolated and remains invisible to other customers, the Datadog infrastructure (including the security controls) and services are the same for all of our customers and cannot be customized on an individual customer-by-customer basis.
Third-Party Cloud Hosted: This means we use third-party cloud service providers such as AWS, GCP and Azure to host our platform so we can provide high-availability, enterprise-grade services to our customers. We also engage other third parties to assist us in providing our platform and support to our customers. A full list of our third-party providers that process customer data is available here.
Web-Based: This means that you do not store our application on your on-prem servers, but rather access them through the web.
Software as a Service: This means that you do not need to worry about versioning, updates, or maintenance. We make continuous improvements to our platform, and every customer gets the benefit of these improvements. As a single platform, continuously improved service offering, the concepts of deliverable and acceptance in connection with your use are not applicable, but you may trial our services before making a commitment.
Datadog is continuously adding new services and functionalities within the platform. A current list of all of our services can be found here. General categories of offerings include:
Infrastructure Monitoring: visualization and analytics of IT metrics and events data from your cloud and on-premise infrastructure
Application Performance Monitoring: visualization and analytics of IT metrics and events data from your software applications
Log Management: visualization and analytics of log metadata generated by your infrastructure and applications
Digital Experience Monitoring: visualization and analytics around your user experience for end user-facing applications
Security: real-time threat detection and continuous configuration audits across your entire production environment
What do I need to know about the data we send to Datadog?
Methods of collection: You manage the extent and nature of any data that is sent to Datadog through your use and configuration of APIs, agents, and integrations. These APIs, agents, and integrations may be made available by Datadog, or your component providers or other third parties, or they may be built by your own teams. Those made available by Datadog are primarily open source and subject to one of either the Apache 2.0, MIT, GPL or BSD open source licenses. As open source tools, you can independently vet the code for copyright, errors, and malicious code.
Types of data: Datadog provides you with a single pane of glass to enable your effective analysis of the operations of your infrastructure and applications. Except for basic business information, such as names and email addresses for the identification and authentication of users, most of the data you send to Datadog will not need to contain private or personal data to realize the value of the services. The service-specific terms address the products for which this is not the case. For customers sharing personal information that requires additional contractual obligations to meet regulatory requirements, we provide a data processing addendum (DPA) and certain supplemental terms. Note, there is no business case for using the Datadog services to process sensitive information like government-issued social security numbers, protected health information, PCI DSS cardholder data, or special categories of personal data under the EU GDPR.
Exclusion of data: Datadog provides instructions, tools, and recommendations to enable you to scrub, obfuscate, filter, and otherwise reduce the inclusion of, and access to, any unnecessary private or personal data that may be contained in the data you choose to share with Datadog. More information is available here.
Location of data: Your team selects the country where your data will be hosted when setting up the account. Datadog will not change your data’s hosting location. Data may be accessed from any non-sanctioned country by your personnel and Datadog’s personnel as part of our follow-the-sun support model.
Security of data: Privacy, security, and confidentiality are part of the design of the Datadog platform and each service we offer, and included in our annual employee training. You can visit our security page for an overview of our security posture and discussion of our SOC 2, Type II audit, ISO 27001 certification, and participation in the Cloud Security Alliance. Detailed documentation relevant to the security of Datadog’s platform, including copies of our independent third-party audit certificates, BC/DR plans, and more, are available on-demand here. To ensure the security of our platform for all of our customers, we do not allow customers to conduct their own security analysis of our platform.
