Dynatrace Transparency Report

Dynatrace may occasionally receive a request from law enforcement agencies or other government authorities seeking access to data, such as the personal information Dynatrace processes on behalf of its customers. Dynatrace’s goal is to protect our customers’ data while complying with applicable laws.

This Transparency Report provides information regarding governmental or law enforcement requests for personal information in customer data Dynatrace has received from July 1, 2023 through December 31, 2023, and will be updated periodically for each six-month period.

The term “customer data” used in this report refers to electronic data and information submitted by or on behalf of customers to our services, as further defined in our Subscription Agreement.

For more information about how Dynatrace protects customer data, please see our Security Practices, Privacy Notice, and Terms of Use.

Dynatrace is committed to protecting user privacy and only produces user data to governments in response to valid and lawful requests. Our privacy and security programs are designed to protect our customers' privacy and protect data submitted by our customers to our services against unauthorized access or disclosure. Dynatrace provides its customers with various contractual commitments in its Subscription Agreement (including its Data Processing Agreement) which align to the principles described in this report.

Dynatrace has never received a government request for customer data in the past. We are primarily a business-to-business company and historically receive far fewer requests than do business-to-consumer services. If we do receive such a request, if permitted by law, we will endeavor to refer the requesting agency to the customer. Dynatrace is not the owner of customer data. We strongly believe that any government agency seeking access to customer data should address its request directly to that customer, where possible.

Except if prohibited by law, Dynatrace’s policy is to inform the relevant customer of any request from any government authorities for their personal data before complying with the request. Dynatrace maintains internal processes to assess whether such requests from government authorities are narrowly tailored and lawful. Upon receipt of such a request, a limited group of legal and security personnel within Dynatrace will review the request, in consultation with external legal advisors. Any notification to Dynatrace’s customers or response to such requests will be subject to Dynatrace management approval. Dynatrace does not voluntarily disclose data to government authorities without a valid court-issued or other legally binding order. We have not purposefully created back doors or similar programming that allows access by a government agency to our services or customers’ data. Where Dynatrace is required to disclose personal data, it will disclose only the minimum amount necessary to comply with the request.

Under United States law, Dynatrace is prohibited from providing a full accounting of requests issued under FISA or 18 U.S.C. § 2709. Dynatrace may only report the aggregate number of requests it receives in statutorily specified bands, subject to a six-month delay. The following table provides information regarding national security process received by Dynatrace in bands as permitted by the law subject to a six-month delay in reporting.

Although Dynatrace is headquartered in the U.S., we have a corporate presence in several other countries. Dynatrace complies with the law in all jurisdictions where we operate and is thus required to respond to requests in all the countries that have legal jurisdiction over our operations. If we receive requests from non-US governmental agencies, we will work with appropriate counsel to determine the validity of the request and our ability to respond under United States and other applicable laws.