Trust Center

Start your security review
View & download sensitive information
Search items

Overview

Welcome to Datadog's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
EU-US DPF Logo
EU-US DPF
FedRAMP Moderate Logo
FedRAMP Moderate
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 27701 Logo
ISO 27701
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
TISAX Logo
TISAX
VPAT Logo
VPAT
Start your security review
View & download sensitive information
ISO 27001
SOC 2
Information Security Policy
Network and Dataflow Diagrams
Pen Test Report
ISO 27701
PCI DSS
TISAX
VPAT
SIG Core
Cyber Insurance
RUM Session Replay - Privacy Whitepaper
Acceptable Use
Access Control
Asset Management Policy
Business Continuity / Disaster Recovery
Data Classification
Data Security and Retention
Encryption
Mobile Device and Remote Work
Network Security
Password Policy
Physical Security
Policy Exceptions
Risk Management
SDLC and Change Management
Security Awareness and Training
Third Party Management
Vulnerability Management
AppGate Brief
Customer orgID Resolution
Datadog IMS Statement of Applicability
Incident Response Plan
Information Technology Organization Chart
Remote Configuration Security Whitepaper
Shared Responsibility Model

Risk Profile

Third Party DependenceYes
HostingMajor Cloud Provider

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network and Dataflow Diagrams
Pen Test Report

Self-Assessments

CAIQ
SIG Core

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Data Privacy

Cookies
Data Out of System
Privacy Center
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Amazon Web Services
Azure
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Security Information and Event Management

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies and Procedures

Acceptable Use
Access Control
Asset Management Policy
View more

Security Grades

ImmuniWeb
datadoghq.com
A
Qualys SSL Labs
datadoghq.com
A
Security Headers
datadoghq.com
A

Trust Center Updates

Datadog's Response to Leaky Vessels Vulnerability

VulnerabilitiesCopy link

Datadog is actively investigating the presence of one of the “Leaky Vessels” vulnerabilities (CVE-2024-21626) and working on patching our container environments identified as vulnerable. Datadog has controls in place that mitigate the risk from this vulnerability, including allowing only Datadog vetted container images to run in our environment; blocking container images from third-party (external) registries from being deployed directly onto our nodes; and enforcing strict access controls across Datadog resources. As such, we do not believe there is a substantial security risk to our customers due to this potential vulnerability in our environment.

We intend to patch our container environments in adherence with our Vulnerability Management process. Our process and remediation timelines are outlined in our Vulnerability Management at Datadog white paper, which is available via our Trust Portal.

Published at N/A

2023 Penetration Test

ComplianceCopy link

We're pleased to announce that a summary of Datadog's 2023 penetration test (as performed by Bishop Fox) is available on our security portal. This summary is accompanied by a Letter of Assessment. Please review the updated summary and Letter of Assessment at your convenience.

Published at N/A

Datadog's Response to curl Vulnerabilities

VulnerabilitiesCopy link

As some patches for the curl vulnerabilities (CVE-2023-38545 & CVE-2023-38546) have recently been released, Datadog is actively investigating and working on patching code identified as vulnerable. Patching will be performed in adherence with our Vulnerability Management process. Our process and remediation timelines are outlined in our whitepaper Vulnerability Management at Datadog, which is available via our Trust Portal.

Published at N/A

Datadog's Response to the HTTP/2 Rapid Reset Vulnerability

VulnerabilitiesCopy link

In late August 2023, a zero-day vulnerability was discovered that exploits the standard HTTP/2 protocol, known as the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487).

Datadog has conducted an internal investigation and can confirm that we do not have any Datadog-owned, internet-facing resources that are vulnerable to CVE-2023-44487 (running vulnerable HTTP/2).

Datadog’s Cloud Service Providers (CSPs) have implemented mitigations to address this issue, which can be found below:

Published at N/A

Datadog Certified Against the EU-US Data Privacy Framework

ComplianceCopy link

We are thrilled to announce that Datadog has completed its self-certification with the EU-U.S. Data Privacy Framework, including UK Extension and Swiss-U.S. Framework (together, the “DPF”). Our participant profile can be viewed on the DPF public website here.

The DPF is designed to provide protections for personal data transferred from the European Union to the United States that are comparable to those provided under EU law, and it formed the basis of the European Commission’s July 10 adequacy decision for the United States. You can read more about the background of the DPF on the Department of Commerce’s website here.

Datadog’s participation in the DPF demonstrates Datadog’s commitment to protecting the privacy of its customers and partners. As a member of the DPF, our customers now have another GDPR-compliant way to transfer personal data to us (in addition to the European Commission-approved Standard Contractual Clauses that we will continue to include in our customer DPAs). For more information about how we think about data transfers, please review our Transfer Impact Assessment.

Published at N/A*

Add Security Contacts to Your Datadog Account for Timely Notifications

GeneralCopy link

You can now configure up to two email addresses to receive security-related notifications specific to your Datadog account. These notifications may include alerts for Datadog keys you accidentally expose on the internet, critical changes to your organization settings or other messages from Datadog relating to the security of your Datadog account.

To add or update a Security Contact, simply sign in to your Datadog account as an Administrator, navigate to Organization Settings and select "Security Contacts" under Preferences. As a best practice, we recommend using an email alias or a distribution list for your Security Contact(s), for example, security@yourdomain[.]com (rather than an email address for an individual).

Want more information? Please reach out to your Datadog Representative and they will be happy to assist you with any inquiries you may have.

Published at N/A

Datadog's Response to MOVEit Transfer

IncidentsCopy link

On June 15, 2023, Progress published a public advisory regarding a vulnerability with its MOVEit Transfer product “that could lead to escalated privileges and potential unauthorized access to the environment.”

Datadog promptly conducted an internal investigation and determined that we do not use, and therefore are not vulnerable to the vulnerability affecting MOVEit Transfer.

Published at N/A*

SOC 2 and ISO Updates

ComplianceCopy link

We're pleased to announce that we recently completed our ISO 27001, ISO 27701 and SOC 2 audits! As such, our updated ISO certificates and SOC 2 report are now available.

Published at N/A

Datadog's Response to CircleCI

IncidentsCopy link

On January 4th 2023, CircleCI published a public advisory stating that all users should rotate “any and all” credentials stored in CircleCI due a breach at their company.

What we are doing: Datadog is promptly rotating its secrets stored in CircleCI and investigating the potential unauthorized access or use of these secrets. No impact has been identified at this time.

What you should do: If you store Datadog API and APP keys in CircleCI, we highly recommend you follow the guidance posted in the aforementioned advisory and rotate them immediately. As a proactive measure to keep your account safe, Datadog Security will notify you directly if we observe suspicious API activity from your account.

Published at N/A
Powered bySafeBase Logo