Compliance and law FAQ
This FAQ answers questions we often get about our Terms of Service, our privacy statements, our documentation, our Acceptable Use Policy, and how they all work together. It does not replace any of those, nor is it legally binding on its own.
NOTE: If you have questions or would like to suggest an update, check out our support page.
Why is Fastly documentation mentioned in the Terms of Service?
We believe in transparent communication. That's why we built out a public documentation portal that describes our products, how our services work, and our security and technology compliance programs. Fastly documentation is available to anyone (including all subscribers and prospective subscribers) at https://docs.fastly.com. We contractually stand behind all of our documentation. Anyone can sign up for a free account and confirm that what they see on https://docs.fastly.com matches our services.
What if Fastly documentation changes over time?
We work hard to improve and evolve our services, and we'll update the documentation as that happens and we post changes in our documentation to our changes blog. Anyone can subscribe to receive our changes blog via email or an RSS feed. We also maintain our significant changes blog, which highlights changes to our documentation that might reflect a reduction in features or functionality of our services, changes to our security program, or a significant increase in our subscribers' obligations. You can also subscribe to the significant changes blog by RSS or email.
What are Fastly's support commitments and service level agreements?
Our Support Description and SLA describes the hours of availability and response times for all our levels of customer support. The support offering a subscriber receives depends on the level of service a subscriber has purchased from us. The type of SLA a subscriber receives depends on the type of contract and level of support service the subscriber has purchased from us. Our Availability SLA describes our service level commitments for our network. Our Availability SLA also addresses how to work with our support team in the event of a planned (or unplanned) significant spikes in usage.
It doesn't apply to how we process personal information submitted to us by our subscribers (or their internet clients) — these commitments are covered by the privacy policies of our subscribers.
What data does Fastly collect from Fastly services and how does Fastly use it?
As you'll find with any internet company, when Fastly provides services to our subscribers, we receive some data about their websites and applications. We also learn a lot simply by having such a big presence on the internet. We collect data that is operationally necessary to deliver, maintain and improve our services. Details about how we retain and use data can be found in our Compliance documentation.
Can I transfer personal data from the EU to the US using the Fastly services?
We have self-certified with the Department of Commerce under the Privacy Shield. Fastly is committed to subjecting all personal data received from European Union ("EU") member countries and Switzerland in reliance on its principles. However, as the Privacy Shield does not impose secondary liability, to the extent Fastly, on behalf of its subscribers, merely transmits, routes, switches, or caches information, Fastly may rely on its subscribers to comply with legal requirements underlying the Principles with respect to such processing. Moreover, the Fastly services by default do not process personal data. Our service can be configured or used at the direction of the customer to process personal data. It is the customer's responsibility to determine if it will use or configure the Fastly services to process personal data.
In addition, for customers that require a data processing agreement that meets the requirements of the General Data Protection Regulation (GDPR) 2016/679, we have integrated our data processing terms available here. These data processing terms include the European Commission's standard contractual clauses for the transfer of personal data to the U.S.
The data processing terms cover use cases in which an EU data controller uses or configures the Fastly services to process personal data, to cache or transmit personal data, or to log personal information in your log files, including IP addresses if they identify an individual. Like with all source code, service configurations and VCL are not appropriate places to store personal information.
These data processing terms only apply if you are subject to the GDPR and you are submitting personal data of European Union data subjects to be processed by the services. They do not apply if you have reached separately agreed terms with Fastly. If you require a signed version of these terms, please contact firstname.lastname@example.org. Fastly will post any changes made to these Terms on this page with a notice that these Terms have been updated on http://docs.fastly.com/changes thirty (30) days prior to the change becoming effective.
I think my business has some specific needs and requirements. What should I do?
Reach out to your sales representative if you think you have needs or requirements that aren't addressed by our terms, data privacy, documentation, or this FAQ. Feel free to email email@example.com to be connected with a sales team member for assistance.
What does "Acceptable Use" mean?
Fastly is an intermediary between our subscribers and their users. This means we have to put a few rules in place to ensure that we're not held accountable for illegal or harmful things that subscribers (or their users) do while using Fastly services. We expect subscribers and their end users to respect the law while using Fastly. You can find more information in our Acceptable Use Policy, which hosts DMCA information and process.
Why do subscribers need to give you an Abuse Contact?
In addition to being an intermediary between our subscribers and their end users, we often appear to be the provider for subscriber content. If someone has a complaint about content being delivered by or cached on our network, we want to enable the parties involved to resolve their issues as quickly as possible. The fastest way to do that is for Fastly to send a subscriber contact email to the person who alerted us to the potential violation of our Acceptable Use Policy.
What are non-Fastly services and what am I giving Fastly permission to do?
Non-Fastly services are services that our subscribers elect to use outside of Fastly. Examples include your origin, a DNS provider, a CMS like WordPress, or something similar. In many cases, Fastly is actually configured to work with these third-party services. The Non-Fastly Services provision gives us permission to work with these services, makes it clear that subscribers are directly responsible for their relationships with third-party service providers, and lets subscribers know that we are not responsible if something goes wrong with a service that Fastly does not provide.
What are the typical lifecycles of Fastly Features and Services?
Fastly typically uses three lifecycle categories for releases: beta, limited availability, and general availability. Our product lifecycle guide describes the support and long term availability for each of these categories in more detail. The Beta Services section of our Terms of Service also provides additional information.
What does "feedback" mean?
At Fastly, we take pride in our customer support and how effectively we are able to respond to subscriber requests. We also want to build an awesome CDN service that continues to evolve, and we are very open to suggestions for features and improvements. Our feedback provision ensures that if a subscriber gives us a suggestion about how to improve our service, we can integrate it efficiently.
What happens if usage of our services by a subscriber or its users interferes with our services?
Usage of our services that interferes with or disrupts the integrity and performance of our services violates our Acceptable Use Policy and may result in the suspension or termination of services to the applicable subscriber. To avoid adversely affecting other subscribers or the Fastly network, a subscriber must promptly respond to any communication from Fastly regarding its use of our services or its users' use of our services if that use interferes or disrupts our services.
What are some examples of use of our services that may interfere with or disrupt the integrity and performance of our services?
As described in our Service Availability SLA, utilization spikes in traffic may interfere with our services and adversely affect other subscribers. In addition, security vulnerability research testing or penetration testing by third parties or our subscribers that do not comply with our instructions may interfere with our services and as a result adversely affect our network or other subscribers. Fastly may take action against any unauthorized use of our services including suspension or termination of a subscriber's account.
We most recently updated our Terms of Service on May 20, 2016. All previous versions of our Terms of Service are archived in our documentation archives site. As of April 24, 2018, we have also incorporated our data processing terms into our Terms of Service. The Terms of Service applicable to you are determined by the date you agreed to them, and stay in effect unless you agree to a new version, which means that updates to our Terms of Service don't affect you until you take significant action with your account. You will be asked to agree to our Terms of Service when you first create an account (usually a trial account). If after that, you switch to a paid month-to-month account, or sign a service order with us, you will be asked to agree to the Terms of Service then in effect. If you are a trial subscriber prior to an update to the Terms of Service, you won't have to accept new terms of service until you convert to a paid account. Some subscribers have other arrangements with us, and updates to the Terms of Service on our website do not affect the terms of their arrangement with us.
What are the noteworthy changes we made to our Terms of Service that went into effect on May 20, 2016?
We have revised our Terms of Service to make it concise and clarify (i) our security commitments, (ii) our requirements for interoperating with non-Fastly services, (iii) our expectation of our subscribers regarding abuse reports, (iv) our subscribers' responsibilities when using our services, (v) our promises regarding our services and (vi) how we communicate updates to our documentation and Acceptable Use Policy.
What does Subscriber Data mean?
As defined in our subscription documents, Subscriber Data is content transmitted or cached through our network and the configurations and credentials of our subscribers. Any content authorized or permitted by a subscriber to be transmitted or cached through our network is Subscriber Data of that subscriber.