Quick Recap of Our Annual Updated Customer Terms

We update our terms and policies on an annual basis, driven by customer feedback, evolving legal standards, and product updates. A summary of the most recent and key updates is below. If you would like more information about our legal terms, please visit our website here. If you would like more information about our privacy and security practices, please visit our Trust Center.

Earlier last month we announced the acquisition of SafeBase which was huge news for both Drata and SafeBase, but more importantly for customers. On the heels of that announcement, we are issuing our updated Terms of Service - Subscription Agreement (Agreement) that will become effective on March 3, 2025. This updated version will allow customers to purchase the products/services of the combined Drata/SafeBase entity under a single set of terms. 

Terms of Service - Subscription Agreement (Agreement)

In addition to making many of our terms clearer, we made the following key updates:

Key Changes:

• Section 2.1 was revised to (i) remove the user count limitation and clarify our credential sharing policy; and (ii) add language regarding use of a product/ service in violation of a customer’s purchase.

• Section 6.4 was revised to add more clarity around the use of Artificial Intelligence (“AI”) features in our products. Importantly, our terms were clarified so that customers can be assured that we will not share or commingle their Customer Data with any other customers’ data for the purposes of training machine learning models without your explicit opt-in.

Data Processing Addendum

The only change to our Data Processing Addendum (DPA) was in Annex 4, “Security Measures” where paragraph 5(i) was changed to reflect a 14 character password policy.

If you would like to review and execute our DPA, please see here.