Compliance and law FAQ
This FAQ answers questions we often get about our Terms of Service, our privacy statements, our documentation, our Acceptable Use Policy, and how they all work together. It does not replace any of those, nor is it legally binding on its own.
If you have questions or would like to suggest an update, check out our support page.
Why is Fastly documentation mentioned in the Terms of Service?
We believe in transparent communication. That's why we built out a public documentation portal that describes our products, how our services work, and our security and technology compliance programs. Fastly documentation is available to anyone (including all subscribers and prospective subscribers) at https://docs.fastly.com. We contractually stand behind all of our documentation. Anyone can sign up for a free account and confirm that what they see on https://docs.fastly.com matches our services.
What if Fastly documentation changes over time?
We work hard to improve and evolve our services, and we'll update the documentation as that happens and we post changes in our documentation to our changes blog. Anyone can subscribe to receive our changes blog via email or an RSS feed. We also maintain our significant changes blog, which highlights changes to our documentation that might reflect a reduction in features or functionality of our services, changes to our security program, or a significant increase in our subscribers' obligations. You can also subscribe to the significant changes blog by RSS or email.
What are Fastly's support commitments and service level agreements?
Our Support Description and SLA describes the hours of availability and response times for all our levels of customer support for our delivery products. The support offering a subscriber receives depends on the level of service a subscriber has purchased from us. The type of SLA a subscriber receives depends on the type of contract and level of support service the subscriber has purchased from us. Our Availability SLA describes our service level commitments for our network. Our Availability SLA also addresses how to work with our support team in the event of a planned (or unplanned) significant spike in usage. Product specific service and support SLAs are included in the product descriptions for Signal Sciences Next-Gen WAF and Signal Sciences Cloud WAF.
What data does Fastly collect from Fastly services and how does Fastly use it?
As you'll find with any internet company, when Fastly provides services to our subscribers, we receive some data about their websites and applications. We also learn a lot simply by having such a big presence on the internet. We collect data that is operationally necessary to deliver, maintain and improve our services. Details about how we retain and use data can be found in our Compliance documentation.
Fastly’s security services collect data insights from anomalous activity and suspicious behavior detected by the services. Fastly uses these data insights to further protect its customers and improve Fastly products. Fastly provides additional information about how these data insights are used in Threat Intelligence in the descriptions of Signal Sciences Next-Gen WAF and Signal Sciences Cloud WAF.
Can I transfer personal data from the EU to the US using the Fastly services?
Fastly services by default do not process personal data other than IP addresses to route requests and deliver content. Our service can be configured or used at the direction of the customer to process personal data. In addition, Fastly’s data processing terms available here and incorporated by reference into the Fastly Terms of Service, include the European Commission's standard contractual clauses for the transfer of personal data to the U.S.
The data processing terms cover use cases in which a data controller uses or configures the Fastly services to process personal data, to cache or transmit personal data, or to log personal information in your log files, including IP addresses. Like with all source code, service configurations and VCL are not appropriate places to store personal information.
These data processing terms do not apply if you have reached separately agreed terms with Fastly. If you require a signed version of these terms, please contact firstname.lastname@example.org. Fastly considers any changes made to these data processing terms to be a significant update and will post a notice that these data processing terms have been updated on https://docs.fastly.com/changes.
I think my business has some specific needs and requirements. What should I do?
Reach out to your sales representative if you think you have needs or requirements that aren't addressed by our terms, data privacy, documentation, or this FAQ. Feel free to email email@example.com to be connected with a sales team member for assistance.
What does "Acceptable Use" mean?
Fastly is an intermediary between our subscribers and their users. This means we have to put a few rules in place to ensure that we're not held accountable for illegal or harmful things that subscribers (or their users) do while using Fastly services. We expect subscribers and their end users to respect the law while using Fastly. You can find more information in our Acceptable Use Policy, which hosts DMCA information and process.
Why do subscribers need to give us an Abuse Contact?
In addition to being an intermediary between our subscribers and their end users, we often appear to be the provider for subscriber content. If someone has a complaint about content being delivered by or cached on our network, we want to enable the parties involved to resolve their issues as quickly as possible. The fastest way to do that is for Fastly to send a subscriber contact email to the person who alerted us to the potential violation of our Acceptable Use Policy.
What are non-Fastly services and what am I giving Fastly permission to do?
Non-Fastly services are services that our subscribers elect to use outside of Fastly. Examples include your origin, a DNS provider, a CMS like WordPress, or something similar. In many cases, Fastly is actually configured to work with these third-party services. The Non-Fastly Services provision gives us permission to work with these services, makes it clear that subscribers are directly responsible for their relationships with third-party service providers, and lets subscribers know that we are not responsible if something goes wrong with a service that Fastly does not provide.
What are the typical lifecycles of Fastly Features and Services?
Fastly typically uses three lifecycle categories for releases: beta, limited availability, and general availability. Our product lifecycle guide describes the support and long term availability for each of these categories in more detail. The Beta Services section of our Terms of Service also provides additional information.
What does "feedback" mean?
At Fastly, we take pride in our customer support and how effectively we are able to respond to subscriber requests. We also want to build an awesome edge cloud service that continues to evolve, and we are very open to suggestions for features and improvements. Our feedback provision ensures that if a subscriber gives us a suggestion about how to improve our service, we can integrate it efficiently.
What happens if usage of our services by a subscriber or its users interferes with our services?
Usage of our services that interferes with or disrupts the integrity and performance of our services violates our Acceptable Use Policy and may result in the suspension or termination of services to the applicable subscriber. To avoid adversely affecting other subscribers or the Fastly network, a subscriber must promptly respond to any communication from Fastly regarding its use of our services or its users' use of our services if that use interferes or disrupts our services.
What are some examples of use of our services that may interfere with or disrupt the integrity and performance of our services?
As described in our Service Availability SLA, utilization spikes in traffic may interfere with our services and adversely affect other subscribers. In addition, security vulnerability research testing or penetration testing by third parties or our subscribers that do not comply with our instructions may interfere with our services and as a result adversely affect our network or other subscribers. Fastly may take action against any unauthorized use of our services including suspension or termination of a subscriber's account.
We most recently updated our Terms of Service on March 8, 2021. All previous versions of our Terms of Service are archived in our documentation archives site. As of April 24, 2018, we have also incorporated our data processing terms into our Terms of Service. The current version of those terms may be found here. The Terms of Service applicable to you are determined by the date you agreed to them, and stay in effect unless you agree to a new version, which means that updates to our Terms of Service don't affect you until you take significant action with your account. You will be asked to agree to our Terms of Service when you first create an account (usually a trial account). If after that, you switch to a paid month-to-month account, or sign a service order with us, you will be asked to agree to the Terms of Service then in effect. If you are a trial subscriber prior to an update to the Terms of Service, you won't have to accept new terms of service until you convert to a paid account. Some subscribers have other arrangements with us, and updates to the Terms of Service on our website do not affect the terms of their arrangement with us.
What are the noteworthy changes we made to our Terms of Service that went into effect on March 8, 2021?
In October 2020, Fastly acquired Signal Sciences and we determined that we needed to update the Terms of Service to allow Fastly to sell the Signal Sciences products under such terms. These changes include the following: (a) the addition of provisions that address distributed software components which are part of the Signal Sciences Next-Gen WAF product, (b) the identification of the data insights that are gleaned from anomalous activity and suspicious behavior detected by Fastly security services, and (c) the inclusion of a paragraph that allows customers to purchase Fastly’s products and services through a reseller.
As we were updating the Terms of Service to reflect our growing multi-product business, we decided to take the opportunity to make some additional changes that reflect our learnings from feedback from our customers. For example, we have now incorporated references to the Data Processing Terms directly into the Terms of Service. We have also streamlined the language around beta services and limitation of liability. We made some adjustments to the indemnification terms that are consistent with industry practice. The Terms of Service always included a commitment by Fastly to comply with law, but, consistent with Fastly’s Code of Conduct and Business Ethics, we have revised the terms so that the anti-corruption language applies to both Fastly and our customers. We have also increased our payment terms for customers not paying by credit card from net 15 days to net 30 days.
What does Subscriber Data mean?
As defined in our subscription documents, Subscriber Data is content transmitted or cached through our network, requests received by the network, and the configurations and credentials of our subscribers. Any content authorized or permitted by a subscriber to be transmitted or cached through our network is Subscriber Data of that subscriber.