This Privacy Policy explains how Splunk LLC and its subsidiaries ("Splunk") collect, use, and disclose information you provide to us or which we otherwise collect (“Information”), including “Personal Data” by which we mean Information about an identified or reasonably identifiable individual.
This Privacy Policy applies to Offerings (as defined in the Splunk General Terms), splunk.com and to other websites Splunk operates that link to this Privacy Policy. This Privacy Policy does not apply to Personal Data processed by Splunk as a processor or to Splunk as an employer.
From time to time, Splunk acquires companies that may operate under their own privacy policies. You will continue to be presented with those companies’ privacy policies on their offerings and websites until the integration with Splunk is complete and those offerings and websites are linked to this Privacy Policy.
The use of our Offerings is also subject to the terms of the applicable customer agreement. The use of our website is subject to the Splunk Websites Terms and Conditions of Use, and the terms of this Privacy Policy are incorporated into and form part of that agreement.
There are two primary ways in which Splunk collects Information about you: through Interactions and through Offerings as set forth below.
When you interact online or offline with Splunk, we may receive your Information, including your Personal Data. For example, we receive your Information when you:
We collect Information about you from other sources such as public databases, commercial data sources, joint marketing partners, resellers, managed services providers and other partners, social media platforms, industry groups, and conference/event hosts.
We refer collectively to these contacts as “Interactions” and we explain below how we use the Information we collect through them.
We (or others acting on our behalf) may collect your Information, including your Personal Data, through Interactions. The Personal Data we collect includes such things as:
We collect Personal Data in various ways, such as when you manually key in your Personal Data to our website forms or provide it to us or others from whom we receive marketing leads. From time to time, we offer virtual private networks (VPNs) for attendees at Splunk events or visitors to our offices. If you access a Splunk-provided VPN, we may collect Personal Data from you, such as IP and MAC addresses, when we monitor the VPNs for security or performance.
IP addresses are also collected on an automated basis through your use of the website services using cookies, web beacons, and like technologies. We may infer your location from your IP address. For more on the use of cookies and like technologies, see the Splunk Cookie Policy and How We Use Information Collected from Interactions.
When you make purchases through our website, we use third-party payment processors to collect credit card or other financial data. Splunk does not store the credit card data you provide, only payment confirmation information.
Splunk uses the Information we collect from your Interactions to deliver Offerings to you in accordance with our terms, to fulfill our contractual and legal obligations, or to pursue legitimate business interests, as described below. Here is a summary of the purposes for which we use your Information, including Personal Data, to:
If we process your Personal Data for other purposes, we will provide you with information about such processing, and if required, obtain your consent.
If you no longer want to receive marketing emails from Splunk on a go-forward basis, please submit your request through our online opt-out form. Alternatively, you may use the "unsubscribe" feature in our marketing email messages to opt-out of receiving marketing email messages.
We also collect Information, including Personal Data, when providing our Offerings. We may ask you for this Information directly, or in some cases, we may collect it as you use our Offerings. For example, we collect Information from or about you when you (or someone you work with):
We collect and process different types of data (described below) when you deploy our Offerings to fulfill our contractual and legal obligations, to operate our business, or fulfill other legitimate interests. The type of data we collect via our Offerings is Usage Data, which is data generated from the usage, configuration, deployment, access and performance of an Offering. We summarize for you here the types of usage data collected and the purposes for which we use this data below.
Data about your operating environment and configuration, user interactions, and sessions related to your use of our Offerings. This may include information and related metadata about your network and systems architecture and configurations, OS and Offering versions, Offering configurations, installed applications, feature utilizations and frequencies, page loads and views, number and types of searches, errors, number of active and licensed users, source, source types and formats (e.g., json, xml, and csv), web browser details, http referrer page, and app workflows.
Data that allows us to identify account entitlements, such as license entitlement consumption, license capacity, or license type in our systems through an assigned license ID.
A combination of the above two, to provide account support including features used, deployment topology, performance metrics and license ID. The Information is user/customer-identifiable so that we can help address your specific issue and personalize your experience.
If you use a mobile device to access an Offering via an application (“Apps” or “App”, as discussed below) that associates your mobile device with an identifier for your App. We may also receive information that your mobile device sends when you use our Apps, such as a device identifier or OS. Depending on a customer’s configuration of our Offerings, location information about users may be shared with Splunk. You can disable location sharing using the location-setting features on your mobile device.
For more information about the data collected through our Offerings, see the Offering-specific documentation (e.g., Share data in Splunk Enterprise in the Splunk Enterprise Admin Manual).
We use the data and Information described above to fulfill our contractual obligations in providing the Offerings to you and to fulfill our legitimate interest in supporting and enhancing them. For example, we may use this data and Information to:
In certain paid on-premises products, the level of participation can be selected and changed. For more details on what we collect and participation options, see Splunk’s Documentation.
We also collect Information from you to fulfill our contractual commitments to you. For example, we collect contact Information such as name, address (email and physical) and phone number to enter you into our databases and manage your account. We also collect billing and payment Information and information about how you use our Offerings, including Information such as browser type, version number and operating system (OS), to administer your account, respond to customer service/support inquiries, and provide you with information about software updates via alerts or other “push” notifications. We may share this Information as described in How Splunk Shares Your Information. We do not sell this Information.
Splunk's Offerings are extendible using software applications commonly called “apps,” “add-ons,” “widgets,” or “technical add-ons” we offer through splunkbase.splunk.com or other websites that may link to this Privacy Policy. We refer to these collectively as “Apps.” These Apps are versatile and have access to a broad set of web technologies that can be used to collect and use your Information. This Privacy Policy only applies to Apps built by or on behalf of Splunk. It does not apply to Apps developed by others (“App Developers”), including those built by Splunk Works and Splunk Labs, which may be available through splunkbase.splunk.com, third-party marketplaces or repositories (e.g., AWS Marketplace, Google Play Store, and GitHub), or that are otherwise interoperable with our Offerings. Apps developed by App Developers are subject to their privacy notices.
Splunk requires App Developers to comply with applicable privacy and data protection laws but cannot guarantee that they do so. Before you use Apps created by App Developers, you should familiarize yourself with their privacy policies and license agreements.
Splunk collects Information generated from the use and performance of Apps that interoperate with its Offerings, such as crash data, version, session duration, and user engagement (e.g., number of downloads, active/licensed users, and logins). We may share this data with App Developers so they can improve and enhance the performance of their Apps.
Splunk may disclose your Information to others in the following ways:
Subsidiaries. We may disclose Information to our subsidiaries subject to this Privacy Policy so that they can help market, sell, and service our Offerings. Splunk is the party responsible for the management of jointly used Personal Data. Splunk maintains intragroup agreements covering the use of Personal Data within the Splunk family of companies.
Service Providers. We may disclose Information to our service providers (e.g., infrastructure as a service, order fulfillment, professional/customer/support services), pursuant to written agreements with confidentiality, privacy, and security obligations.
App Developers. We may disclose Information about App use and performance with App Developers so that they can improve and enhance the performance of their Apps. With your consent, we may also disclose your Information to App Developers to help support the performance of their Apps. App Developers will be identified to you when you download and use their Apps pursuant to their license and other terms.
Partners and Sponsors. We may disclose account and contact details to our partners and event hosts/sponsors (identified at time of registration or event participation) pursuant to written agreements with confidentiality, privacy, and security obligations. They may use the Information to assess your interest in our Offerings, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies. We may also share Usage Data with partners when they manage your Offering for you.Internet Activity Service Providers. As described further in the Splunk Cookie Policy, we may disclose internet or other electronic network activity Information, including, but not limited to, browsing history, search history, and Information regarding a consumer’s interaction with a website, or advertisement if you enable or do not disable advertising and cookies.
Online Forums. When you take certain actions on blogs and Splunk-branded business communication and streaming platform channels ("Online Forums”) that are public or intended to be public in nature, such as when you broadcast content, participate in a chat room, post profile Information, or follow a channel, that Information may be collected, used, or disclosed by other participants in the Online Forums. In addition, some features of Online Forums are designed to provide others with Information about user activity, such as the subscription status of users for a given channel.
Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements; respond to requests from public or government authorities (including those outside your country of residence); enforce our terms and conditions; and protect our operations and rights and safety of you and others, as needed. For more information about data we disclose in response to requests from law enforcement and other government agencies, please see the Splunk Data Request Guidelines.
Merger, Sale, etc. We may disclose Information in the event of a proposed or actual corporate or financing transaction, such as a reorganization, merger, sale, joint venture, acquisition, assignment, transfer, or disposition of all or any portion of Splunk business, assets, or stock (including Information regarding any bankruptcy or similar proceedings).
Other Users. We may disclose Information to other users of our Offerings in aggregated format, provided it does not include Personal Data. This may include “best practices” tips, key performance indicators (KPIs), benchmarking data or other such aggregated information useful to the user community. For select Offerings, we may share Information you provide, such as security artifacts that may contain Personal Data (e.g., IP address) with other subscribers, but only if required as part of the Offering, as set forth in the relevant terms.
Splunk honors Global Privacy Control (GPC) signals that you enable on your browser. If you do not have GPC enabled on your browser or device, and depending on your location, we will seek your consent or provide an opportunity for you to select which cookies you would like to enable or disable. If you wish to change previously selected cookie preferences, please consult the Splunk Cookie Policy.
Splunk takes reasonable technical and organizational measures to safeguard Personal Data against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system is guaranteed to be 100% secure. If you have reason to believe that your Personal Data may no longer be secure (for example, if you feel that the security of an account has been compromised), please notify us immediately via the communication channels in the Contact Splunk section below. If Splunk learns of a breach of its systems, Splunk may notify you or others consistent with applicable law and/or as agreed in our contract with you. Splunk may communicate with you electronically regarding privacy and security issues affecting Information collected through your Interactions or use of our Offerings.
Retention Period. We retain your Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law. Information you store in Splunk cloud environments is portable by you at the end of the term of your agreement with Splunk. We retain your contract information for the duration of your agreement with us and thereafter as required or permitted by law. We keep a record of your data requests, including your requests to opt out of marketing communications, to honor them in the future. See the Splunk Data Retention Policy for additional details.
Use of Offerings by Minors. Our Offerings, splunk.com and other websites Splunk operates are not directed to individuals 16 and under or those not of the age of majority in your jurisdiction, and we request that these individuals, or others on their behalf, not provide us with their Information.
In certain locations, you may have rights under data protection law, such as to request access to or correction, deletion, or transfer of your Personal Data, or to object to or restrict Splunk from using it for certain purposes. If you would like to exercise these rights, please submit your request, with a description of the nature of your request and the Personal Data at issue, through our data request form, and we will respond as soon as reasonably practicable consistent with applicable law. We will verify your identity before we comply with your request and ask for your cooperation with our identity verification process.
We rely on a variety of legal bases to process Personal Data, including your consent, a balancing of legitimate interests, necessity to enter into and perform contracts, and compliance with a legal obligation. If we process your Personal Data based on your consent, you may withdraw your consent at any time. We will let you know if we are seeking to rely on your consent at the time of collection.
In Europe, Splunk Services UK Limited co-controls Personal Data required for contracts and accounts as described above in Offerings and Other Collection Practices.
If you have any questions or concerns about Splunk’s privacy practices, you can contact us at any time via the contact options listed under Contact Splunk below. If your request or concern is not satisfactorily resolved by us, you can approach your local data protection authority. You can find your local data protection authority in the EU here, in the UK here, and in Switzerland here.
Your Rights
Individuals located in the UK or European Economic Area are granted certain rights related to Personal Data, including the ability to:
If you or a designated third-party agent would like to exercise these rights, please submit the request through our data request form, and we will respond in accordance with our legal obligations. We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request and ask for your cooperation with our identity verification process.
Lawful Basis for Transferring Your Data: Cross-border Transfers
Your Personal Data may be stored and processed in any country where Splunk, its subsidiaries, partners, sub-processors, and third-party service providers conduct business or host events. These locations may be outside of your country of residence, including in the United States, where different data protection laws may apply. When we transfer Personal Data, we implement safeguards for protection of the transferred Personal Data, such as standard contractual clauses. We put in place appropriate terms to protect your Personal Data in our agreements with our service providers, processors, and sub-processors.
EU-U.S. Data Privacy Framework
Splunk has certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (“Principles”) of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as further described in the Splunk Data Privacy Framework Notice, and Splunk complies with all its obligations under the Principles. However, Splunk does not currently rely on the frameworks for transfers of Personal Data from the EU/EEA/Switzerland and the UK to the United States in its role as a controller. Instead, we continue to rely on standard contractual clauses. To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/, where you can view Splunk’s certifications.
Capitalized terms in this section are as defined in the California Civil Code.
If you are a California Consumer, California law provides you with specific rights regarding your Personal Information, subject to certain exceptions. These the rights include:
If you or a designated third-party agent would like to exercise these rights, please submit the request through our data request form or via our toll-free number 1-888-914-9661 PIN #: 587261, and we will respond in accordance with our legal obligations. We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and ask for your cooperation with our identity verification process.
Splunk may collect the following categories of Personal Information from California Consumers for purposes outlined in How We Use Information Collected from Interactions and What We Collect via Our Offerings and How We Use It:
Within the scope of this Policy, Splunk does not collect or process Sensitive Personal Information about California Consumers.
Splunk did not – in the preceding 12 months – and does not Sell or Share Personal Information of California Consumers. Splunk will seek your consent for use of cookies that are not strictly necessary and you can select which cookies to enable. If you wish to change previously selected cookie preferences, please consult the Splunk Cookie Policy.
The source of each of these categories of Personal Information are outlined in this Privacy Policy in the Interactions and Offerings sections respectively.
The categories of Third Parties to whom Personal Information may be disclosed are outlined in this Privacy Policy in the How Splunk Shares your Information section. We may have disclosed any of the above categories of Personal Information pursuant to an individual’s consent or under a written contract with a Service Provider for a Business Purpose.
The categories of Personal Data processed, the purposes of processing Personal Data, the categories of Personal Data shared with third parties and the categories of third parties with whom Splunk shares Personal Data are as outlined above.
Consumers in US states with privacy laws have privacy rights, such as to request access to or correction, deletion, or transfer of their Personal Data, or to object to or restrict Splunk from using it for certain purposes. If you, or a person you have authorized, would like to exercise these rights, please submit your request, with a description of the nature of your request and the Personal Data at issue, through our data request form, and we will respond in accordance with our legal obligations. We will verify your identity before we comply with your request and ask for your cooperation with our identity verification process.
In the event Splunk declines to take action on your request, we will respond with the legally-required information, including where applicable instructions for how to submit your appeal. Once an appeal is received, Splunk will respond to the appeal in compliance with applicable law.
Splunk does not sell your Personal Data. Splunk will seek your consent for use of cookies that are not strictly necessary and you can select which cookies to enable. If you wish to change previously selected cookie preferences, please consult the Splunk Cookie Policy.
If you have any questions or concerns about Splunk’s privacy practices, you can contact us at any time via the contact options listed under Contact Splunk below.
Our Offerings may contain links to, or facilitate access to, other websites or online services. This Privacy Policy does not address, and Splunk is not responsible for, the privacy, information, or practices of other parties, including without limitation any App Developer, social media platform provider, wireless service provider, or device manufacturer. The inclusion of a link within the Offerings does not imply endorsement of the linked site or service by Splunk. Splunk encourages you to review the privacy policies and learn about the privacy practices of the companies whose websites you choose to visit or Apps you choose to use. We list below links to resources about many of the other parties with whom we interact as described in this Privacy Policy:
We may change this Privacy Policy from time to time and will post our updates here. We will also communicate any material changes of the Privacy Policy to you.
If you have any questions or comments about this Privacy Policy, you can contact us at any time via our request form or by mail as provided below:
Chief Privacy Officer
Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134 USA
Americas Privacy Officer
Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134 USA
Europe, Middle East, and Africa (EMEA) Privacy Officer
Cisco Systems International BV
1101 CH Amsterdam-Zuidoost, Netherlands
Asia Pacific, Japan, and China (APJC) Privacy Officer
Cisco Systems (USA) Pte Ltd
80 Pasir Panjang Road
Level 25, Maple Tree Business City 2, Singapore 117372