Quick Recap of Our Updated Customer Terms
We’ve updated our terms and policies. If you’re a Drata customer, below is a summary of key changes to our most recent updates.We update our terms and policies on an annual basis, driven by customer feedback, evolving legal standards, and product updates. A summary of the most recent and key updates is below. If you would like more information about our legal terms, please visit our website here. If you would like more information about our privacy and security practices, please visit our Trust Center.
Our updated Terms of Service - Subscription Agreement (Agreement) will become effective on March 4, 2024.
Terms of Service - Subscription Agreement (Agreement)
In addition to making many of our terms clearer, we made the following key updates to the Drata Agreement:
Key Changes:
To improve readability, Drata has reorganized our Agreement including a table of contents with hyperlinks and a definition section at the end of the Agreement for easier reference.
Customers can now download a PDF version of the Agreement.
We have updated the ‘Fees’ section in the Agreement to clarify payment, billing, taxes, upgrades, downgrades and updating billing information;
To assist Customers with privacy law compliance, Drata has modified the Agreement to provide a direct link to Drata’s signature-ready Data Processing Addendum (see below).
We have added an explicit commitment that we will not materially decrease the overall functionality of the Services during a subscription term;
We have updated our privacy and security provisions to be even more straightforward, including Drata’s use of third parties to provide the Services to Customers and Customers’ ability to enter into supplemental privacy terms with Drata (e.g. Data Processing Addendum);
We have added language giving Customers the right to assign the Agreement without Drata’s consent in the event of an assignment to an affiliate or in connection with a merger or change of control provided that certain conditions are met;
We have clarified the process for how Drata updates its Agreement and provides Customers with notice thereof;
We have added detail regarding our export compliance and use restrictions that comply with United States and applicable import and export laws and regulations;
We have updated our security measures to add an explicit commitment to notify an affected Customer within 48 hours of verifying that the incident affects a Customer’s Customer Data;
We have added an insurance provision detailing the minimum coverage types and amounts that Drata will carry; and
We have updated the email address for notices under the Agreement to [email protected].
Data Processing Addendum
Drata has revised its Data Processing Addendum (DPA) to better describe Drata processes and procedures.
If you would like to review and execute our DPA, please see here.
Privacy Notice
Drata has modified its Privacy Notice (formerly known as our Privacy Policy) to better describe our privacy practices and to address applicable requirements of GDPR and the CCPA.
We have also updated our Privacy Notice to, among other things, provide more transparency around how we process personal data about users that Drata stores separate from the Services in order to communicate with them regarding Drata’s provision and support of the Services.
Cookie Notice
Drata has modified its Cookie Notice (formerly known as our Cookie Policy) to better reflect cookie practices.