Elastic Product Privacy Statement

Effective Date: November 6, 2023

This Product Privacy Statement (the "Product Privacy Statement" or "Statement") explains how Elasticsearch, Inc. and its subsidiaries and affiliates ("Elastic," "we", "us" and "our") collect, use and share information, including information relating to an identified or identifiable natural person ("Personal Data" or "Personal Information") from our customers or users ("you" and "your") when you use or demo our Elastic products such as Elastic Self-Managed Software, Elastic Cloud Services, or any other services maintained by Elastic for use by our users, such as Support Services (together the "Products").

Scope & Responsibilities
Information We Collect from the Products
How We Use Information We Collect from the Products
How We Share Information We Collect from the Products
How We Use Cookies and Automatic Data Collection Tools
Legal Basis for Processing Personal Data We Collect from the Products
User Privacy Rights and Choices
Security
International Data Transfers
California Privacy Rights
Other Information
How to Contact Us


Scope & Responsibilities

This Statement applies only to the information we collect automatically in connection with your use of the Products and for which we determine the means and purpose of processing (i.e., as a "data controller").

Our legal basis for processing such information in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland is our legitimate interest in providing, improving, maintaining, and securing our Products, providing support for users of our Products, and operating our business efficiently and appropriately.

This Product Privacy Statement does not cover:

  • Personal Data processed by Elastic according to our General Privacy Statement, such as Personal Data collected through: our websites, such as www.elastic.co, website (together the "Sites"); product feedback or surveys; the sales and provisioning process; and in connection with Elastic events, sales and marketing activities. Please see our General Privacy Statement for details on how this information is processed.
  • Personal Data processed by Elastic according to our Applicant Privacy Statement when an individual applies for a role with Elastic through our Site or otherwise.
  • Personal Data processed by Elastic as a Processor. This Product Privacy Statement does not apply to Personal Data processed by Elastic as a Processor or Service Provider (as applicable), which is subject to the terms of the applicable customer agreement.
  • Organizational Users. When you use the Products on behalf of an organization (e.g., your employer), your use is administered and provisioned by your organization per its own policies regarding the use and protection of Personal Data. If you have questions about how your data is being used by your organization, please refer to your organization's privacy policy and direct your inquiries to your organization's system administrator.


Information We Collect from the Products

When you use our Products, Elastic automatically collects information about how you are using the Products ("Product Usage Data"). While most Product Usage Data does not contain Personal Data, it may include:

  • Products and System Data: this is information about the Products you are using and about the systems and related environment from which you access the Products. This may include Product type and version, deployment ID, license information, installed plug-ins, UUID, operating system, hardware version, MAC address, IP address, network connection type, browser type, device type, and third-party systems used in connection with the Products.
  • Cluster Data: this is information about your Elasticsearch Cluster. This may include statistics related to uptime, node count, node types, indexes, shards, and segments.
  • Performance Data: this is information about the performance of the Products. This may include metrics on the performance and scale of the Products and response times.
  • Feature Usage Data: this is information about how you are using the Products. This may include details about which features are used and user interface metrics, search queries entered, functions and commands executed, number of searches, and types of searches.
  • Security Data: for security Products, this is information about how the security software is operating. This may include information on sensor performance, sources, networks, and destinations of threats (which may include IP addresses, URLs, and DNS queries), configuration and detection events, and security event data.


How We Use Information We Collect from the Products

Elastic uses the information automatically collected from the Products to support our customers and improve the Products generally; more detailed information is provided below. Elastic strives to collect only the minimum amount of information needed to achieve these purposes.

How we use Product Usage Data

We use Product Usage Data to fulfill our contractual obligations in providing the Products to you and to fulfill our legitimate interest in supporting and enhancing the Products. For example, we may use Product Usage Data for:

  • Product improvement: Elastic may use Product Usage Data to analyze the use of the Products, prioritize testing and development of new features and functionality, improve our support responses, improve forecasting, make pricing and packaging decisions, identify, understand, and anticipate performance issues and the factors that affect them.
  • Supporting our customers and users: Elastic may use Product Usage Data to provide proactive or reactive support to our customers and users (such as guidance to help optimize usage), identify product improvement opportunities, prioritize future product features, personalize your experience and suggest other Elastic Products, solicit feedback, and increase engagement and adoption of our features (e.g., by providing in product suggestions).
  • Conducting account administration: Elastic may use Product Usage Data to provide the Products and for account management, such as managing product downloads, updates, and fixes, and sending other administrative or account-related communications, including release notes and billing information.
  • Enhancing security: Elastic may use Product Usage Data to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
  • Maintaining the security of our Products: Elastic may use Product Usage Data to maintain the security and operational integrity of the Elastic IT infrastructure and our Products, including for security monitoring and incident management, managing the performance and stability of the Products, addressing technical issues, and operate our back-up disaster recovery plans and policies.
  • Confirming your compliance with contractual obligations: Elastic may use Product Usage Data to confirm your compliance with contractual and other terms of use obligations in connection with the relevant Product.
  • Business to business marketing and sales: Where permitted by law, Elastic may use Product Usage Data to market additional Products to our customers and to inform sales discussions.
  • Complying with legal requirements: Elastic may use Product Usage Data to comply with applicable laws and regulations and to operate our business, including to comply with legally mandated reporting, disclosure or other legal process requests, for mergers and acquisitions, finance and accounting, archiving and insurance purposes, legal and business consulting, and dispute resolution. Elastic may be legally required to access Personal Data contained in Product Usage Data, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect or defend our rights or property of Elastic or users of the Products, protect the safety of others, to investigate fraud, or respond to government requests, including public and government authorities outside a user's country of residence, for national security or law enforcement purposes.
  • Other legitimate business purposes: Elastic may use Product Usage Data when it is necessary for other legitimate purposes.


How We Share Information We Collect from the Products

We take care to ensure that the Product Usage Data, including any Personal Data that may be contained therein, is accessed internally only by individuals that require access to perform their tasks and duties, and externally only by service providers with a legitimate purpose for accessing it. We contractually require such service providers to safeguard any Personal Data they may receive from us. We will not sell your Personal Data or allow a third party to use your Personal Data for its own commercial purpose. See the Section titled How We Share the Information in our General Privacy Statement for more information.


How We Use Cookies and Automatic Data Collection Tools

Depending on the Product you use, we may use cookies or other tracking technologies in furtherance of the purposes described in this Statement. The types of technology we use may change over time. Some of these technologies are essential for the provision of the Products, such as account access and authentication; others assist with the performance and functionality of the services, such as recognizing returning users or remembering preferences; and others enable us to analyze and customize the Products.


Legal Basis for Processing Personal Data We Collect from the Products

Our legal basis for processing Personal Data contained in information we collect from the Products in the EEA, the UK, or Switzerland is our legitimate interest in providing, supporting, improving, maintaining, and securing our Products and operating our business efficiently and appropriately.


User Privacy Rights and Choices

We only collect a limited amount of Personal Data to fulfill the purposes outlined in this Statement. To the extent provided under applicable laws, users may request to access, correct, update, or delete such Personal Data, or otherwise exercise their choices with regards to such Personal Data by filling out this form.

Individuals located in the EEA, the UK, or Switzerland have the right to raise concerns about our collection and use of their Personal Data to a data protection authority. For more information, please contact your local data protection authority.


Security

Elastic is committed to protecting the security of your Personal Data. We use appropriate technical and organizational measures to protect your Personal Data from loss, misuse, and unauthorized access, alteration, or disclosure. Despite these measures, Elastic cannot eliminate every potential security risk associated with Personal Data and mistakes, and security breaches may happen.


International Data Transfers

Personal Data may be transferred to, and processed in, countries other than the country in which the individual resides. These countries may have data protection laws that are different from the laws of the individual's country of residence.

Specifically, if an individual resides in the EEA, the UK, or Switzerland their Personal Data may be processed outside those places, in countries, including the US, which have different data protection laws.

For transfers of Personal Data to Elastic group entities outside of the EEA, the UK, or Switzerland, we have entered into the respective EU Model Clauses, or the UK international data transfer agreement, as applicable, between the Elastic group entities. We implement similar appropriate safeguards with our third-party service providers. We have taken appropriate safeguards to ensure that any Personal Data collected and transferred under this Product Privacy Statement will remain protected.


California Privacy Rights

See our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures, if any.


Other Information

Data Retention. We retain information collected in connection with the Products for so long as necessary to fulfill the purposes outlined in this Statement, or where we have an ongoing legitimate business need to do so (for example, to provide a user with a service that was requested or to comply with applicable legal, tax or accounting requirements).

Changes to this Product Privacy Statement. This Product Privacy Statement is subject to occasional revision. If we make any substantial changes in the way we use Personal Data, we will take appropriate measures to inform our customers, consistent with the significance of the changes we make. We will provide notice of any material Product Privacy Statement changes if and where required by applicable data protection laws.

The date of the most recent update to this Product Privacy Statement can be found by checking the "effective" date displayed at the top of this Product Privacy Statement.


How to Contact Us

If you have any questions or concerns regarding this Statement, you may fill out this form or write us by postal mail at:

Elasticsearch B.V.
Attn: Privacy Team
Keizersgracht 281
1016 ED Amsterdam
The Netherlands

Data Protection Officer. Elastic has appointed an external Data Protection Officer for German data subjects. You can contact our Data Protection Officer here.

If we are unable to resolve your concerns, you have the right to contact your local data privacy supervisory authority or seek a remedy through the courts if you believe your requests to exercise your rights have not been honored.