Contracts
- Terms of Service
- Data Protection Addendum
- ↳ Standard Contractual Clauses Module 2: Controller to Processor
- ↳ Standard Contractual Clauses Module 3: Processor to Processor
- ↳ Palantir Affiliates
- Business Associate Agreement
- Palantir AIP Addendum
- Use Case Restrictions
- Terms of Service (Self Service)
- Data Protection Addendum (Enterprise Self Service)
- Data Protection Addendum - Consumer
- Use Case Restrictions (Legacy Self-Service)
- Affirmation of Separate Agreement
- Terms of Service (Apollo)
- Terms of Service (AIP Now)
- Data Protection Addendum (AIP Now)
- Terms of Service (AIP Self-Service)
- Palantir Third Party Model Activation Addendum - Anthropic Claude via AWS
- Palantir Third Party Model Activation Addendum - Microsoft Azure OpenAI
- Palantir Third Party Model Activation Addendum - Google Cloud Platform
- Palantir Third Party Model Activation Addendum - OpenAI
- Palantir Third Party Model Activation Addendum - Llama2
- Palantir Third Party Model Activation Addendum - Llama3
- Palantir Third Party Model Activation Addendum - Llama3.1
- Palantir DevCon Fellowship Contest Official Rules
Terms of Service
Effective November 14th 2024
DownloadTable of Contents
1. Certain Definitions.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
SINGAPORE
SWITZERLAND
Effective May 29th 2024 to November 14th 2024
DownloadTable of Contents
1. Certain Definitions.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
SINGAPORE
SWITZERLAND
Effective January 10th 2024 to May 29th 2024
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective December 7th 2023 to January 10th 2024
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective December 6th 2023 to December 7th 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective November 29th 2023 to December 6th 2023
DownloadSummary of changes
Table of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective November 22nd 2023 to November 29th 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective September 1st 2023 to November 22nd 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective August 16th 2023 to September 1st 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective July 11th 2023 to August 16th 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
- Palantir Warranty and Disclaimer. The following Section 10.3 shall be added to the Terms of Service immediately following Section 10.2 therein:
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective June 9th 2023 to July 11th 2023
DownloadTable of Contents
1. Certain Definitions.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
- Palantir Warranty and Disclaimer. The following Section 10.3 shall be added to the Terms of Service immediately following Section 10.2 therein:
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Effective June 8th 2023 to June 9th 2023
DownloadTable of Contents
1. Certain Definitions.
3. Customer Use of Service.
4. Acceptable Use.
5. Proprietary Rights.
COUNTRY-SPECIFIC ADDENDUM
AUSTRALIA
- Palantir Warranty and Disclaimer. The following Section 10.3 shall be added to the Terms of Service immediately following Section 10.2 therein:
CANADA
FRANCE
GERMANY
ITALY AND SPAIN
2. Burdensome Terms. A new Section 16 shall be added to the Terms of Services and contain the following:
SINGAPORE
SWITZERLAND
Data Protection Addendum
Effective May 22nd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure). | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services. | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Oracle America, Inc. | Cloud hosting and infrastructure. | 500 Oracle Parkway, Redwood Shores, CA 94065 | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
15 May 2024 | Addition of Oracle America, Inc. as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Oracle America, Inc. | Cloud hosting and infrastructure. | 500 Oracle Parkway, Redwood Shores, CA 94065 | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Effective May 21st 2024 to May 22nd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure). | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services. | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Oracle America, Inc. | Cloud hosting and infrastructure. | 500 Oracle Parkway, Redwood Shores, CA 94065 | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
15 May 2024 | Addition of Oracle America, Inc. as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Oracle America, Inc. | Cloud hosting and infrastructure. | 500 Oracle Parkway, Redwood Shores, CA 94065 | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Effective December 15th 2023 to May 21st 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure). | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective November 20th 2023 to December 15th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure). | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective October 30th 2023 to November 20th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure). | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | United States | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective August 18th 2023 to October 30th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the AI services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
18 August 2023 | Addition of AI services to the types of purposes for using Google and AWS AI. Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective May 30th 2023 to August 18th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and cognitive services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the cognitive service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the cognitive services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
24 May 2023 | Globalization of our DPA. Amendment of our data transfers provisions to reflect latest regulatory updates. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective May 2nd 2023 to May 29th 2023
DownloadTable of Contents
PALANTIR DATA PROTECTION ADDENDUM (“DPA”)
- “Adequate Country” means a country or territory outside of the EEA that the European Commission has deemed to provide an adequate level of protection for Personal Data pursuant to a decision made in accordance with Article 45(1) of the EU GDPR, or country or territory having equivalent status under the UK GDPR (as applicable);
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity.
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Protection Laws” means all laws and regulations regarding data protection and privacy to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir.
- “DPA Effective Date” means the Effective Date of the Agreement.
- “EEA” means the European Economic Area.
- “European Data Protection Law” means, as applicable, the GDPR and/or the FDP.
- “GDPR” means, as applicable, the EU GDPR and/or the UK GDPR.
- “International Transfer Solution” means appropriate safeguards established by Palantir in relation to the transfer of Personal Data from the EEA or the UK to a country or territory outside of the EEA or the UK (respectively) that is not an Adequate Country (a “Third Country”) in accordance with Article 46 of the GDPR.
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time.
- “Sell” has the meaning set forth in the CCPA, Cal. Civ. Code § 1798.100 et seq.
- “Subprocessor” means a third party, Third Party Service, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR.
- “Standard Contractual Clauses” means the standard data protection clauses for the transfer of Personal Data from Controllers (or Processors, as applicable) established inside the EEA or the UK to Processors established in Third Countries, as adopted by the European Commission from time to time (in the case of transfers from the EEA), as adopted by the Swiss Federal Data Protection and Information Commissioner from time to time (in the case of transfers from Switzerland) or approved by the Information Commissioner’s Office from time to time (in the case of transfers from the UK).
- “UK” means the United Kingdom.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure and cognitive services (Microsoft Azure) and | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the cognitive service is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
2 May 2023 | Addition of the cognitive services to the types of purposes of using Azure. Addition of East US, South Central US, West Europe and other Azure regions as the location of the cognitive processing service. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Effective March 24th 2022 to May 1st 2023
DownloadTable of Contents
PALANTIR DATA PROTECTION ADDENDUM (“DPA”)
- “Adequate Country” means a country or territory outside of the EEA that the European Commission has deemed to provide an adequate level of protection for Personal Data pursuant to a decision made in accordance with Article 45(1) of the EU GDPR, or country or territory having equivalent status under the UK GDPR (as applicable);
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity.
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Protection Laws” means all laws and regulations regarding data protection and privacy to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir.
- “DPA Effective Date” means the Effective Date of the Agreement.
- “EEA” means the European Economic Area.
- “European Data Protection Law” means, as applicable, the GDPR and/or the FDP.
- “GDPR” means, as applicable, the EU GDPR and/or the UK GDPR.
- “International Transfer Solution” means appropriate safeguards established by Palantir in relation to the transfer of Personal Data from the EEA or the UK to a country or territory outside of the EEA or the UK (respectively) that is not an Adequate Country (a “Third Country”) in accordance with Article 46 of the GDPR.
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time.
- “Sell” has the meaning set forth in the CCPA, Cal. Civ. Code § 1798.100 et seq.
- “Subprocessor” means a third party, Third Party Service, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR.
- “Standard Contractual Clauses” means the standard data protection clauses for the transfer of Personal Data from Controllers (or Processors, as applicable) established inside the EEA or the UK to Processors established in Third Countries, as adopted by the European Commission from time to time (in the case of transfers from the EEA), as adopted by the Swiss Federal Data Protection and Information Commissioner from time to time (in the case of transfers from Switzerland) or approved by the Information Commissioner’s Office from time to time (in the case of transfers from the UK).
- “UK” means the United Kingdom.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure (Microsoft Azure) and | One Microsoft Way Redmond, WA 98052, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Exhibit A Updates | |
March 2022 | Addition of Microsoft Corporation and Google LLC as Third-Party Subprocessors. Authorization for subprocessing by these additional subprocessors is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Effective August 26th 2021 to March 23rd 2022
DownloadTable of Contents
- “Adequate Country” means a country or territory outside of the EEA that the European Commission has deemed to provide an adequate level of protection for Personal Data pursuant to a decision made in accordance with Article 45(1) of the EU GDPR, or country or territory having equivalent status under the UK GDPR (as applicable);
- “Affiliates” means any other entity that directly or indirectly controls, is controlled by, or is under common control with a Party;
- “Customer Personal Data” means any Personal Data contained within Content subject to Data Protection Laws that Customer, including Authorized Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Protection Laws” means all laws and regulations regarding data protection and privacy to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir.
- “DPA Effective Date” means the Effective Date of the Agreement.
- “EEA” means the European Economic Area.
- “European Data Protection Law” means, as applicable, the GDPR and/or the FDP.
- “GDPR” means, as applicable, the EU GDPR and/or the UK GDPR.
- “International Transfer Solution” means appropriate safeguards established by Palantir in relation to the transfer of Personal Data from the EEA or the UK to a country or territory outside of the EEA or the UK (respectively) that is not an Adequate Country (a “Third Country”) in accordance with Article 46 of the GDPR.
- “Security Documentation” means the Documentation describing the security standards that apply to the Products and Services (as applicable) as provided by or on behalf of Palantir from time to time.
- “Sell” has the meaning set forth in the CCPA, Cal. Civ. Code § 1798.100 et seq.
- “Subprocessor” means a third party engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement.
- “Supervisory Authority” means, as applicable: (a) a “supervisory authority” as defined in the EU GDPR; and/or (b) the “Commissioner” as defined in the UK GDPR.
- “Standard Contractual Clauses” means the standard data protection clauses for the transfer of Personal Data from Controllers (or Processors, as applicable) established inside the EEA or the UK to Processors established in Third Countries, as adopted by the European Commission from time to time and incorporated by reference (in the case of transfers from the EEA) or approved by the Information Commissioner’s Office from time to time and incorporated by reference (in the case of transfers from the UK), in each case with the inclusions specified in Exhibit C made in the specified locations in the clauses approved by European Commission implementing decision 2021/914 (or where alternative clauses are the Standard Contractual Clauses, inclusions in the locations that are most closely equivalent to those listed below, and such other inclusions as are necessary to give effect to the alternative clauses in such manner as is most closely equivalent to the clauses in implementing decision 2021/914).
- “UK” means the United Kingdom.
Name | Registered Address | Description of processing |
Amazon Web Services, Inc. (AWS) | 410 Terry Avenue North, Seattle, WA 98109 | AWS provides the cloud infrastructure for Palantir products. Additional details are provided in the Documentation. |
Proofpoint, Inc. | 892 Ross Drive, Sunnyvale, CA 94089, USA | Proofpoint supports the alerting and encrypted notification service in Palantir products. Additional details are provided in the Documentation. |
↳ Standard Contractual Clauses Module 2: Controller to Processor
Effective May 30th 2023
DownloadTable of Contents
ANNEX 1 to EXHIBIT D
Effective March 24th 2022 to May 29th 2023
DownloadTable of Contents
ANNEX 1 to EXHIBIT C
↳ Standard Contractual Clauses Module 3: Processor to Processor
Effective May 30th 2023
DownloadTable of Contents
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
Effective March 24th 2022 to May 29th 2023
DownloadTable of Contents
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
↳ Palantir Affiliates
Effective January 5th 2024
DownloadTable of Contents
Palantir Affiliates
Effective December 8th 2023 to January 5th 2024
DownloadTable of Contents
Palantir Affiliates
Effective November 30th 2023 to December 8th 2023
DownloadTable of Contents
Palantir Affiliates
Effective November 20th 2023 to November 30th 2023
DownloadTable of Contents
Palantir Affiliates
Effective August 26th 2021 to November 20th 2023
DownloadTable of Contents
Palantir Affiliates
- March 2022: Added Palantir Technologies Lithuania, UAB
- January 2022: Updated name of Palantir Technologies Sweden AB
Business Associate Agreement
Effective October 25th 2024
DownloadTable of Contents
PALANTIR BUSINESS ASSOCIATE AGREEMENT (“BAA”)
The customer agreeing to the terms of this BAA (“Customer”) and Palantir Technologies Inc., a Delaware corporation with its principal place of business located at 1200 17th Street, Floor 15, Denver, CO 80202 (“Palantir”; each of Customer and Palantir a “Party” and collectively the “Parties”), have entered into an agreement (such as the Palantir Terms of Service and Order Form) governing Customer’s use of Palantir Technology, including the Service, and the provision of related Professional Services to Customer by Palantir, including any attachments, order forms, exhibits, and appendices thereto (collectively, the “Agreement”). This BAA supplements, is incorporated into, and forms part of the Agreement and establishes the rights and obligations of Palantir and Customer with respect to Palantir’s use, disclosure, reception, access, creation, maintenance, and/or transmission of Protected Health Information on behalf of Customer in connection with Palantir’s performance under the Agreement. Any capitalized terms used but not defined in this BAA shall have the meaning provided in the Agreement.
WHEREAS, Customer is a Covered Entity or Business Associate as those terms are defined in the federal regulations at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rule”);
WHEREAS, pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), the U.S. Department of Health and Human Services (“HHS”) promulgated the Privacy Rule, the security standards at 45 C.F.R. Parts 160 and 164, Subparts A and C (the “Security Rule”) and the breach notification standards at 45 C.F.R. Part 164, Subpart D (the “Breach Notification Rule”) requiring certain individuals and entities subject to these standards to protect the privacy and security of certain individually identifiable health information, including electronic individually identifiable health information;
WHEREAS, the Parties are committed to complying with applicable provisions of the Privacy Rule, Security Rule, and Breach Notification Rule, as they may be revised or amended by HHS from time to time;
NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and the Agreement, and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
1. DEFINITIONS
All capitalized terms not otherwise defined in this BAA shall have the meanings set forth in the Agreement or in the regulations promulgated by HHS in accordance with HIPAA and HITECH, including the Privacy Rule and Security Rule (collectively referred to hereinafter as the “Confidentiality Requirements”), as applicable. Specific definitions are as follows:
"Effective Date” shall be the same as the Effective Date of the Agreement.
“Electronic Protected Health Information” or “Electronic PHI” shall have the same meaning as the term “electronic protected health information” at 45 C.F.R. § 160.103. For purposes of this BAA, Electronic Protected Health Information and Electronic PHI shall mean only that electronic protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of Customer pursuant to the Agreement.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” at 45 C.F.R. § 160.103. All references to PHI herein shall be construed to include Electronic PHI. For purposes of this BAA, PHI shall mean only that protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of Customer pursuant to the Agreement. For the avoidance of doubt, this PHI constitutes Customer Data.
2. GENERAL PROVISIONS
3. SCOPE OF USE AND DISCLOSURE
4. OBLIGATIONS OF PALANTIR
With regard to its use and/or disclosure of PHI:
5. OBLIGATIONS OF CUSTOMER
6. TERM AND TERMINATION OF BAA
(a) the date that the Agreement is terminated or expires, or (b) the date on which PHI is permanently deleted from the Palantir Technology; provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this BAA prior to the effective date of termination, all of which shall continue in accordance with their terms.
7. LIABILITY
Effective April 9th 2024 to October 25th 2024
DownloadTable of Contents
PALANTIR BUSINESS ASSOCIATE AGREEMENT (“BAA”)
The customer agreeing to the terms of this BAA (“Covered Entity” or “CE”) and Palantir Technologies Inc., a Delaware corporation with its principal place of business located at 1200 17th Street, Floor 15, Denver, CO 80202 (“Palantir”; each of Customer and Palantir a “Party” and collectively the “Parties”), have entered into an agreement (such as the Palantir Terms of Service and Order Form) governing CE’s use of Palantir Technology, including the Service, and the provision of related Professional Services to CE by Palantir, including any attachments, order forms, exhibits, and appendices thereto (collectively, the “Agreement”). This BAA supplements, is incorporated into, and forms part of the Agreement and establishes the rights and obligations of Palantir and CE with respect to Palantir’s use, disclosure, reception, access, creation, maintenance, and/or transmission of Protected Health Information on behalf of CE in connection with Palantir’s performance under the Agreement. Any capitalized terms used but not defined in this BAA shall have the meaning provided in the Agreement. To the extent there is any conflict in meaning between any provisions of the Agreement and this BAA, the terms and conditions in this BAA shall prevail and control.
WHEREAS, CE is a Covered Entity as that term is defined in the federal regulations at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rule”);
WHEREAS, pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), the U.S. Department of Health and Human Services (“HHS”) promulgated the Privacy Rule, the security standards at 45 C.F.R. Parts 160 and 164, Subparts A and C (the “Security Rule”) and the breach notification standards at 45 C.F.R. Part 164, Subpart D (the “Breach Notification Rule”) requiring certain individuals and entities subject to these standards to protect the privacy and security of certain individually identifiable health information, including electronic individually identifiable health information;
WHEREAS, the Parties are committed to complying with applicable provisions of the Privacy Rule, Security Rule, and Breach Notification Rule, as they may be revised or amended by HHS from time to time;
NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and the Agreement, and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
1. DEFINITIONS
All capitalized terms not otherwise defined in this BAA shall have the meanings set forth in the Agreement or in the regulations promulgated by HHS in accordance with HIPAA and HITECH, including the Privacy Rule and Security Rule (collectively referred to hereinafter as the “Confidentiality Requirements”), as applicable. Specific definitions are as follows:
"Effective Date” shall be the same as the Effective Date of the Agreement.
“Electronic Protected Health Information” or “Electronic PHI” shall have the same meaning as the term “electronic protected health information” at 45 C.F.R. § 160.103. For purposes of this BAA, Electronic Protected Health Information and Electronic PHI shall mean only that electronic protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” at 45 C.F.R. § 160.103. All references to PHI herein shall be construed to include Electronic PHI. For purposes of this BAA, PHI shall mean only that protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement. For the avoidance of doubt, this PHI constitutes Customer Data.
2. GENERAL PROVISIONS
2.1 Amendment. This BAA may be modified or amended only by a written document executed by the authorized representatives of both Parties. The Parties may, upon mutual written agreement, amend this BAA to maintain consistency or compliance with any applicable state or federal law, policy, directive, regulation, or government-sponsored program requirement.
3. SCOPE OF USE AND DISCLOSURE
3.1 Non-Disclosure & Palantir’s Operations. Palantir shall only use or disclose PHI as permitted by this BAA, to perform services as set forth in the Agreement, or as otherwise Required by Law. Except as limited in this BAA, in addition to any other uses and/or disclosures permitted or required by this BAA, Palantir may:
3.1.1 Use PHI as necessary for the proper management and administration of Palantir or to carry out its legal responsibilities.
3.1.2 Disclose PHI for the proper management and administration of Palantir or to carry out the legal responsibilities of Palantir; provided that: (i) such disclosures are Required by Law; or (ii) Palantir: (a) obtains reasonable assurances from any third party to whom the PHI is disclosed that the PHI will be held confidentially and used and disclosed only as Required by Law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to notify Palantir of any instances of which it is aware that the confidentiality of the information has been breached.
3.1.3 Use and disclose PHI for Data Aggregation services relating to the Health Care Operations of CE, as applicable, in accordance with the Agreement.
4. OBLIGATIONS OF PALANTIR
With regard to its use and/or disclosure of PHI:
4.1 Safeguards. Palantir shall implement and use reasonable and appropriate administrative, physical, and technical safeguards, and comply with the applicable Security Rule with respect to Electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
4.2 Reporting.
4.2.1 Palantir shall report to CE, within a reasonable time frame and in any event no less than a quarterly basis, any successful Security Incident of which Palantir becomes aware. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful Security Incidents, including, but not limited to, routine occurrences of pings and other broadcast attacks on a firewall, the loss of control of encrypted media or devices, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information, media or devices where the key is not compromised, or any combination of the above.
4.2.2 Palantir shall, following discovery of a Breach of Unsecured PHI or use or disclosure of Unsecured PHI in a manner not permitted by the Agreement and/or applicable Law, notify CE of such Breach, use or disclosure as required at 45 C.F.R. § 164.410, without unreasonable delay, and in no event more than five (5) business days after Palantir’s discovery of the Breach, use or disclosure, unless Palantir is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. Palantir’s obligation to report or notify under this BAA, including under 4.2.1 and 4.2.2, is not and will not be construed as an acknowledgement by Palantir of any fault or liability with respect to any claims arising from this BAA.
4.3 Mitigation. Palantir shall mitigate to the extent practicable any harmful effect from any access, acquisition, use or disclosure of PHI in violation of this BAA or applicable law.
4.4 Subcontractors. Palantir shall, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractor that uses, discloses, accesses, creates, receives, maintains or transmits PHI on behalf of Palantir, agrees to restrictions and conditions that apply to Palantir under this BAA with respect to that PHI that are at least as stringent as those set forth herein.
4.5 Access. If Palantir maintains a Designated Record Set on behalf of CE, Palantir shall provide access to and permit inspection and copying of PHI by CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.524.
4.6 Accounting for Disclosures. Palantir shall maintain and make available to CE the information about Disclosures made by Palantir that is required to respond to an Individual’s request for an accounting of Disclosures to the CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.528.
4.7 Government Access to Records. Palantir shall make its internal practices, books and records relating to the use or disclosure of PHI under this BAA available to the U. S. Secretary of HHS for purposes of determining CE’s compliance with the Privacy Rule, to the extent Required by Law. Nothing in this section shall waive any applicable privilege or protection, including with respect to Confidential Information.
5. OBLIGATIONS OF CE
5.1 Safeguards. CE shall obtain any and all necessary authorizations, consents, and other permissions that may be required under the Confidentiality Requirements and/or other applicable law or regulation prior to providing Palantir any PHI under this BAA. CE is responsible for implementing and using appropriate administrative, physical, and technical safeguards at all times to ensure the confidentiality, privacy, security, and integrity of its PHI in compliance with the Confidentiality Requirements, including in the configuration of systems, applications, and software CE controls and uses in connection with the Palantir Technology and Professional Services.
5.2 No PHI Outside Service. CE will not include PHI in information CE submits to Palantir’s personnel through a technical support request or other channels outside of the Service or Palantir-designated data ingestion process and represents, warrants and covenants that any information submitted through such a request or other channel outside of the Service is not PHI.
5.3 Restrictions on Use or Disclosure. In the event that CE honors a request to restrict the use or disclosure of PHI pursuant to 45 C.F.R. § 164.522(a) or makes revisions to its notice of privacy practices that place additional limitations on uses or disclosures of PHI or agrees to a request by an Individual for confidential communications under 45 C.F.R. § 164.522(b), CE agrees not to provide Palantir with any PHI that is subject to any of those restrictions or limitations to the extent such may limit Palantir’s ability to use and/or disclose PHI as permitted or required under this BAA unless CE notifies Palantir in writing of the restriction or limitation and Palantir agrees in writing to honor the restriction or limitation.
5.4 Amendments. CE acknowledges and agrees that CE is solely responsible for the form and content of PHI maintained by CE within the Palantir Technology and related services, including whether CE maintains such PHI in a Designated Record Set within the Palantir Technology. Palantir will provide CE with access to CE’s PHI via the Palantir Technology so that CE may fulfill its obligations under HIPAA with respect to Individuals’ rights of access and amendment, but will have no other obligations to CE or any Individual with respect to the rights afforded to Individuals by HIPAA with respect to Designated Record Sets, including rights of access or amendment of PHI. CE is responsible for managing its use of the Palantir Technology to appropriately respond to such individual requests.
6. TERM AND TERMINATION OF BAA
6.1 Term. The Term of this BAA shall be effective as of the Effective Date and shall terminate on the latter of (a) the date that the Agreement is terminated or expires, or (b) the date on which PHI is permanently deleted from the Palantir Technology; provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this BAA prior to the effective date of termination, all of which shall continue in accordance with their terms.
6.2 Obligations Upon Termination. Upon termination of this BAA for any reason, Palantir shall return or destroy (at Palantir’s option) all PHI received from CE in its possession, if it is feasible to do so, and as set forth in the applicable termination provisions of the Agreement. If PHI is destroyed, Palantir agrees to provide CE with certification of such destruction upon request. In the case of PHI for which it is not feasible to return or destroy, Palantir shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible and/or as otherwise Required by Law, for so long as Palantir maintains such PHI.
7. LIABILITY
7.1 To the maximum extent permitted by applicable law, each Party agrees that the maximum aggregate liability of either Party and its Affiliates to the other Party and its Affiliates for all claims in aggregate arising out of a breach of applicable HIPAA obligations arising from the Agreement shall not exceed ten million dollars (USD 10,000,000).
Effective February 1st 2024 to April 9th 2024
DownloadTable of Contents
PALANTIR BUSINESS ASSOCIATE AGREEMENT (“BAA”)
The customer agreeing to the terms of this BAA (“Covered Entity” or “CE”) and Palantir Technologies Inc., a Delaware corporation with its principal place of business located at 1200 17th Street, Floor 15, Denver, CO 80202 (“Palantir”; each of Customer and Palantir a “Party” and collectively the “Parties”), have entered into an agreement (such as the Palantir Terms of Service and Order Form) governing CE’s use of Palantir Technology, including the Service, and the provision of related Professional Services to CE by Palantir, including any attachments, order forms, exhibits, and appendices thereto (collectively, the “Agreement”). This BAA supplements, is incorporated into, and forms part of the Agreement and establishes the rights and obligations of Palantir and CE with respect to Palantir’s use, disclosure, reception, access, creation, maintenance, and/or transmission of Protected Health Information on behalf of CE in connection with Palantir’s performance under the Agreement. Any capitalized terms used but not defined in this BAA shall have the meaning provided in the Agreement. To the extent there is any conflict in meaning between any provisions of the Agreement and this BAA, the terms and conditions in this BAA shall prevail and control.
WHEREAS, CE is a Covered Entity as that term is defined in the federal regulations at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rule”);
WHEREAS, pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), the U.S. Department of Health and Human Services (“HHS”) promulgated the Privacy Rule, the security standards at 45 C.F.R. Parts 160 and 164, Subparts A and C (the “Security Rule”) and the breach notification standards at 45 C.F.R. Part 164, Subpart D (the “Breach Notification Rule”) requiring certain individuals and entities subject to these standards to protect the privacy and security of certain individually identifiable health information, including electronic individually identifiable health information;
WHEREAS, the Parties are committed to complying with applicable provisions of the Privacy Rule, Security Rule, and Breach Notification Rule, as they may be revised or amended by HHS from time to time;
NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and the Agreement, and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
1. DEFINITIONS
All capitalized terms not otherwise defined in this BAA shall have the meanings set forth in the Agreement or in the regulations promulgated by HHS in accordance with HIPAA and HITECH, including the Privacy Rule and Security Rule (collectively referred to hereinafter as the “Confidentiality Requirements”), as applicable. Specific definitions are as follows:
"Effective Date” shall be the same as the Effective Date of the Agreement.
“Electronic Protected Health Information” or “Electronic PHI” shall have the same meaning as the term “electronic protected health information” at 45 C.F.R. § 160.103. For purposes of this BAA, Electronic Protected Health Information and Electronic PHI shall mean only that electronic protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” at 45 C.F.R. § 160.103. All references to PHI herein shall be construed to include Electronic PHI. For purposes of this BAA, PHI shall mean only that protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement. For the avoidance of doubt, this PHI constitutes Customer Data.
2. GENERAL PROVISIONS
2.1 Amendment. This BAA may be modified or amended only by a written document executed by the authorized representatives of both Parties. The Parties may, upon mutual written agreement, amend this BAA to maintain consistency or compliance with any applicable state or federal law, policy, directive, regulation, or government-sponsored program requirement.
3. SCOPE OF USE AND DISCLOSURE
3.1 Non-Disclosure & Palantir’s Operations. Palantir shall only use or disclose PHI as permitted by this BAA, to perform services as set forth in the Agreement, or as otherwise Required by Law. Except as limited in this BAA, in addition to any other uses and/or disclosures permitted or required by this BAA, Palantir may:
3.1.1 Use PHI as necessary for the proper management and administration of Palantir or to carry out its legal responsibilities.
3.1.2 Disclose PHI for the proper management and administration of Palantir or to carry out the legal responsibilities of Palantir; provided that: (i) such disclosures are Required by Law; or (ii) Palantir: (a) obtains reasonable assurances from any third party to whom the PHI is disclosed that the PHI will be held confidentially and used and disclosed only as Required by Law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to notify Palantir of any instances of which it is aware that the confidentiality of the information has been breached.
3.1.3 Use and disclose PHI for Data Aggregation services relating to the Health Care Operations of CE, as applicable, in accordance with the Agreement.
4. OBLIGATIONS OF PALANTIR
With regard to its use and/or disclosure of PHI:
4.1 Safeguards. Palantir shall implement and use reasonable and appropriate administrative, physical, and technical safeguards, and comply with the applicable Security Rule with respect to Electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
4.2 Reporting.
4.2.1 Palantir shall report to CE, within a reasonable time frame and in any event no less than a quarterly basis, any successful Security Incident of which Palantir becomes aware. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful Security Incidents, including, but not limited to, routine occurrences of pings and other broadcast attacks on a firewall, the loss of control of encrypted media or devices, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information, media or devices where the key is not compromised, or any combination of the above.
4.2.2 Palantir shall, following discovery of a Breach of Unsecured PHI or use or disclosure of Unsecured PHI in a manner not permitted by the Agreement and/or applicable Law, notify CE of such Breach, use or disclosure as required at 45 C.F.R. § 164.410, without unreasonable delay, and in no event more than five (5) business days after Palantir’s discovery of the Breach, use or disclosure, unless Palantir is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. Palantir’s obligation to report or notify under this BAA, including under 4.2.1 and 4.2.2, is not and will not be construed as an acknowledgement by Palantir of any fault or liability with respect to any claims arising from this BAA.
4.3 Mitigation. Palantir shall mitigate to the extent practicable any harmful effect from any access, acquisition, use or disclosure of PHI in violation of this BAA or applicable law.
4.4 Subcontractors. Palantir shall, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractor that uses, discloses, accesses, creates, receives, maintains or transmits PHI on behalf of Palantir, agrees to restrictions and conditions that apply to Palantir under this BAA with respect to that PHI that are at least as stringent as those set forth herein.
4.5 Access. If Palantir maintains a Designated Record Set on behalf of CE, Palantir shall provide access to and permit inspection and copying of PHI by CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.524.
4.6 Accounting for Disclosures. Palantir shall maintain and make available to CE the information about Disclosures made by Palantir that is required to respond to an Individual’s request for an accounting of Disclosures to the CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.528.
4.7 Government Access to Records. Palantir shall make its internal practices, books and records relating to the use or disclosure of PHI under this BAA available to the U. S. Secretary of HHS for purposes of determining CE’s compliance with the Privacy Rule, to the extent Required by Law. Nothing in this section shall waive any applicable privilege or protection, including with respect to Confidential Information.
5. OBLIGATIONS OF CE
5.1 Safeguards. CE shall obtain any and all necessary authorizations, consents, and other permissions that may be required under the Confidentiality Requirements and/or other applicable law or regulation prior to providing Palantir any PHI under this BAA. CE is responsible for implementing and using appropriate administrative, physical, and technical safeguards at all times to ensure the confidentiality, privacy, security, and integrity of its PHI in compliance with the Confidentiality Requirements, including in the configuration of systems, applications, and software CE controls and uses in connection with the Palantir Technology and Professional Services.
5.2 No PHI Outside Service. CE will not include PHI in information CE submits to Palantir’s personnel through a technical support request or other channels outside of the Service or Palantir-designated data ingestion process and represents, warrants and covenants that any information submitted through such a request or other channel outside of the Service is not PHI.
5.3 Restrictions on Use or Disclosure. In the event that CE honors a request to restrict the use or disclosure of PHI pursuant to 45 C.F.R. § 164.522(a) or makes revisions to its notice of privacy practices that place additional limitations on uses or disclosures of PHI or agrees to a request by an Individual for confidential communications under 45 C.F.R. § 164.522(b), CE agrees not to provide Palantir with any PHI that is subject to any of those restrictions or limitations to the extent such may limit Palantir’s ability to use and/or disclose PHI as permitted or required under this BAA unless CE notifies Palantir in writing of the restriction or limitation and Palantir agrees in writing to honor the restriction or limitation.
5.4 Amendments. CE acknowledges and agrees that CE is solely responsible for the form and content of PHI maintained by CE within the Palantir Technology and related services, including whether CE maintains such PHI in a Designated Record Set within the Palantir Technology. Palantir will provide CE with access to CE’s PHI via the Palantir Technology so that CE may fulfill its obligations under HIPAA with respect to Individuals’ rights of access and amendment, but will have no other obligations to CE or any Individual with respect to the rights afforded to Individuals by HIPAA with respect to Designated Record Sets, including rights of access or amendment of PHI. CE is responsible for managing its use of the Palantir Technology to appropriately respond to such individual requests.
6. TERM AND TERMINATION OF BAA
6.1 Term. The Term of this BAA shall be effective as of the Effective Date and shall terminate on the latter of (a) the date that the Agreement is terminated or expires, or (b) the date on which PHI is permanently deleted from the Palantir Technology; provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this BAA prior to the effective date of termination, all of which shall continue in accordance with their terms.
6.2 Obligations Upon Termination. Upon termination of this BAA for any reason, Palantir shall return or destroy (at Palantir’s option) all PHI received from CE in its possession, if it is feasible to do so, and as set forth in the applicable termination provisions of the Agreement. If PHI is destroyed, Palantir agrees to provide CE with certification of such destruction upon request. In the case of PHI for which it is not feasible to return or destroy, Palantir shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible and/or as otherwise Required by Law, for so long as Palantir maintains such PHI.
7. LIABILITY
7.1 To the maximum extent permitted by applicable law, each Party agrees that the maximum aggregate liability of either Party and its Affiliates to the other Party and its Affiliates for all claims in aggregate arising out of a breach of applicable HIPAA obligations arising from the Agreement shall not exceed ten million dollars (USD 10,000,000).
Effective January 31st 2024 to February 1st 2024
DownloadTable of Contents
PALANTIR BUSINESS ASSOCIATE AGREEMENT (“BAA”)
The customer agreeing to the terms of this BAA (“Covered Entity” or “CE”) and Palantir Technologies Inc., a Delaware corporation with its principal place of business located at 1200 17th Street, Floor 15, Denver, CO 80202 (“Palantir”; each of Customer and Palantir a “Party” and collectively the “Parties”), have entered into an agreement (such as the Palantir Terms of Service and Order Form) governing CE’s use of Palantir Technology, including the Service, and the provision of related Professional Services to CE by Palantir, including any attachments, order forms, exhibits, and appendices thereto (collectively, the “Agreement”). This BAA supplements, is incorporated into, and forms part of the Agreement and establishes the rights and obligations of Palantir and CE with respect to Palantir’s use, disclosure, reception, access, creation, maintenance, and/or transmission of Protected Health Information on behalf of CE in connection with Palantir’s performance under the Agreement. Any capitalized terms used but not defined in this BAA shall have the meaning provided in the Agreement. To the extent there is any conflict in meaning between any provisions of the Agreement and this BAA, the terms and conditions in this BAA shall prevail and control.
WHEREAS, CE is a Covered Entity as that term is defined in the federal regulations at 45 C.F.R. Parts 160 and 164, Subparts A and E (the “Privacy Rule”);
WHEREAS, pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), the U.S. Department of Health and Human Services (“HHS”) promulgated the Privacy Rule, the security standards at 45 C.F.R. Parts 160 and 164, Subparts A and C (the “Security Rule”) and the breach notification standards at 45 C.F.R. Part 164, Subpart D (the “Breach Notification Rule”) requiring certain individuals and entities subject to these standards to protect the privacy and security of certain individually identifiable health information, including electronic individually identifiable health information;
WHEREAS, the Parties are committed to complying with applicable provisions of the Privacy Rule, Security Rule, and Breach Notification Rule, as they may be revised or amended by HHS from time to time;
NOW THEREFORE, in consideration of the mutual promises set forth in this BAA and the Agreement, and other good and valuable consideration, the sufficiency and receipt of which are hereby acknowledged, the Parties agree as follows:
1. DEFINITIONS
All capitalized terms not otherwise defined in this BAA shall have the meanings set forth in the Agreement or in the regulations promulgated by HHS in accordance with HIPAA and HITECH, including the Privacy Rule and Security Rule (collectively referred to hereinafter as the “Confidentiality Requirements”), as applicable. Specific definitions are as follows:
"Effective Date” shall be the same as the Effective Date of the Agreement.
“Electronic Protected Health Information” or “Electronic PHI” shall have the same meaning as the term “electronic protected health information” at 45 C.F.R. § 160.103. For purposes of this BAA, Electronic Protected Health Information and Electronic PHI shall mean only that electronic protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement.
“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” at 45 C.F.R. § 160.103. All references to PHI herein shall be construed to include Electronic PHI. For purposes of this BAA, PHI shall mean only that protected health information that Palantir uses, discloses, accesses, creates, receives, maintains, or transmits for or on behalf of CE pursuant to the Agreement. For the avoidance of doubt, this PHI constitutes Customer Data.
2. GENERAL PROVISIONS
2.1 Amendment. This BAA may be modified or amended only by a written document executed by the authorized representatives of both Parties. The Parties may, upon mutual written agreement, amend this BAA to maintain consistency or compliance with any applicable state or federal law, policy, directive, regulation, or government-sponsored program requirement.
3. SCOPE OF USE AND DISCLOSURE
3.1 Non-Disclosure & Palantir’s Operations. Palantir shall only use or disclose PHI as permitted by this BAA, to perform services as set forth in the Agreement, or as otherwise Required by Law. Except as limited in this BAA, in addition to any other uses and/or disclosures permitted or required by this BAA, Palantir may:
3.1.1 Use PHI as necessary for the proper management and administration of Palantir or to carry out its legal responsibilities.
3.1.2 Disclose PHI for the proper management and administration of Palantir or to carry out the legal responsibilities of Palantir; provided that: (i) such disclosures are Required by Law; or (ii) Palantir: (a) obtains reasonable assurances from any third party to whom the PHI is disclosed that the PHI will be held confidentially and used and disclosed only as Required by Law or for the purpose for which it was disclosed to the third party; and (b) requires the third party to agree to notify Palantir of any instances of which it is aware that the confidentiality of the information has been breached.
3.1.3 Use and disclose PHI for Data Aggregation services relating to the Health Care Operations of CE, as applicable, in accordance with the Agreement.
4. OBLIGATIONS OF PALANTIR
With regard to its use and/or disclosure of PHI:
4.1 Safeguards. Palantir shall implement and use reasonable and appropriate administrative, physical, and technical safeguards, and comply with the applicable Security Rule with respect to Electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA.
4.2 Reporting.
4.2.1 Palantir shall report to CE, within a reasonable time frame and in any event no less than a quarterly basis, any successful Security Incident of which Palantir becomes aware. Notice is hereby deemed provided, and no further notice will be provided, for unsuccessful Security Incidents, including, but not limited to, routine occurrences of pings and other broadcast attacks on a firewall, the loss of control of encrypted media or devices, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information, media or devices where the key is not compromised, or any combination of the above.
4.2.2 Palantir shall, following discovery of a Breach of Unsecured PHI or use or disclosure of Unsecured PHI in a manner not permitted by the Agreement and/or applicable Law, notify CE of such Breach, use or disclosure as required at 45 C.F.R. § 164.410, without unreasonable delay, and in no event more than five (5) business days after Palantir’s discovery of the Breach, use or disclosure, unless Palantir is prevented from doing so by 45 C.F.R. § 164.412 concerning law enforcement investigations. Palantir’s obligation to report or notify under this BAA, including under 4.2.1 and 4.2.2, is not and will not be construed as an acknowledgement by Palantir of any fault or liability with respect to any claims arising from this BAA.
4.3 Mitigation. Palantir shall mitigate to the extent practicable any harmful effect from any access, acquisition, use or disclosure of PHI in violation of this BAA or applicable law.
4.4 Subcontractors. Palantir shall, in accordance with 45 C.F.R. § 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any Subcontractor that uses, discloses, accesses, creates, receives, maintains or transmits PHI on behalf of Palantir, agrees to restrictions and conditions that apply to Palantir under this BAA with respect to that PHI that are at least as stringent as those set forth herein.
4.5 Access. If Palantir maintains a Designated Record Set on behalf of CE, Palantir shall provide access to and permit inspection and copying of PHI by CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.524.
4.6 Accounting for Disclosures. Palantir shall maintain and make available to CE the information about Disclosures made by Palantir that is required to respond to an Individual’s request for an accounting of Disclosures to the CE as necessary to satisfy CE’s obligations under 45 C.F.R. § 164.528.
4.7 Government Access to Records. Palantir shall make its internal practices, books and records relating to the use or disclosure of PHI under this BAA available to the U. S. Secretary of HHS for purposes of determining CE’s compliance with the Privacy Rule, to the extent Required by Law. Nothing in this section shall waive any applicable privilege or protection, including with respect to Confidential Information.
5. OBLIGATIONS OF CE
5.1 Safeguards. CE shall obtain any and all necessary authorizations, consents, and other permissions that may be required under the Confidentiality Requirements and/or other applicable law or regulation prior to providing Palantir any PHI under this BAA. CE is responsible for implementing and using appropriate administrative, physical, and technical safeguards at all times to ensure the confidentiality, privacy, security, and integrity of its PHI in compliance with the Confidentiality Requirements, including in the configuration of systems, applications, and software CE controls and uses in connection with the Palantir Technology and Professional Services.
5.2 No PHI Outside Service. CE will not include PHI in information CE submits to Palantir’s personnel through a technical support request or other channels outside of the Service or Palantir-designated data ingestion process and represents, warrants and covenants that any information submitted through such a request or other channel outside of the Service is not PHI.
5.3 Restrictions on Use or Disclosure. In the event that CE honors a request to restrict the use or disclosure of PHI pursuant to 45 C.F.R. § 164.522(a) or makes revisions to its notice of privacy practices that place additional limitations on uses or disclosures of PHI or agrees to a request by an Individual for confidential communications under 45 C.F.R. § 164.522(b), CE agrees not to provide Palantir with any PHI that is subject to any of those restrictions or limitations to the extent such may limit Palantir’s ability to use and/or disclose PHI as permitted or required under this BAA unless CE notifies Palantir in writing of the restriction or limitation and Palantir agrees in writing to honor the restriction or limitation.
5.4 Amendments. CE acknowledges and agrees that CE is solely responsible for the form and content of PHI maintained by CE within the Palantir Technology and related services, including whether CE maintains such PHI in a Designated Record Set within the Palantir Technology. Palantir will provide CE with access to CE’s PHI via the Palantir Technology so that CE may fulfill its obligations under HIPAA with respect to Individuals’ rights of access and amendment, but will have no other obligations to CE or any Individual with respect to the rights afforded to Individuals by HIPAA with respect to Designated Record Sets, including rights of access or amendment of PHI. CE is responsible for managing its use of the Palantir Technology to appropriately respond to such individual requests.
6. TERM AND TERMINATION OF BAA
6.1 Term. The Term of this BAA shall be effective as of the Effective Date and shall terminate on the latter of (a) the date that the Agreement is terminated or expires, or (b) the date on which PHI is permanently deleted from the Palantir Technology; provided, however, that termination shall not affect the respective obligations or rights of the Parties arising under this BAA prior to the effective date of termination, all of which shall continue in accordance with their terms.
6.2 Obligations Upon Termination. Upon termination of this BAA for any reason, Palantir shall return or destroy (at Palantir’s option) all PHI received from CE in its possession, if it is feasible to do so, and as set forth in the applicable termination provisions of the Agreement. If PHI is destroyed, Palantir agrees to provide CE with certification of such destruction upon request. In the case of PHI for which it is not feasible to return or destroy, Palantir shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible and/or as otherwise Required by Law, for so long as Palantir maintains such PHI.
7. LIABILITY
7.1 To the maximum extent permitted by applicable law, each Party agrees that the maximum aggregate liability of either Party and its Affiliates to the other Party and its Affiliates for all claims in aggregate arising out of a breach of applicable HIPAA obligations arising from the Agreement shall not exceed (b) ten million dollars (USD 10,000,000).
Palantir AIP Addendum
Effective August 27th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall comply with the Anthropic Bedrock AI Services Agreement (available at https://s3.amazonaws.com/EULA/Anthropic-EULA-1023.pdf), and (c) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry; and (d) shall, with respect to Customer’s use of applicable models that meet the definition of “Pre-GA Offerings” in the Google Model Service Pre-GA Offerings Terms (defined below) made available via the Google Model Service, comply with Google’s “Pre-GA Offerings Terms” subsection in the “General Service Terms” section of the Google Cloud Platform Service Specific Terms, available at https://cloud.google.com/terms/service-terms (the “Google Model Service Pre-GA Offerings Terms”). Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Meta's Llama 3.1 Model (and Meta’s Llama Models now existing or released in the future) hosted in Palantir's model hub environment(s) (“Llama Model Service”) | Customer’s use of AIP leveraging the Llama Model Service shall comply with the Llama 3.1 Community License Agreement (https://github.com/meta-llama/llama-models/blob/main/models/llama3_1/LICENSE), which includes the Llama 3.1 Acceptable Use Policy (https://llama.meta.com/llama3_1/use-policy/), and any license terms and/or acceptable use policies applicable to any other Llama Model(s) (now existing or released in the future) made available as part of the Llama Model Service.. |
Effective August 10th 2024 to August 27th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall comply with the Anthropic Bedrock AI Services Agreement (available at https://s3.amazonaws.com/EULA/Anthropic-EULA-1023.pdf), and (c) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry; and (d) shall, with respect to Customer’s use of applicable models that meet the definition of “Pre-GA Offerings” in the Google Model Service Pre-GA Offerings Terms (defined below) made available via the Google Model Service, comply with Google’s “Pre-GA Offerings Terms” subsection in the “General Service Terms” section of the Google Cloud Platform Service Specific Terms, available at https://cloud.google.com/terms/service-terms (the “Google Model Service Pre-GA Offerings Terms”). Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Meta's Llama 3.1 Model hosted in Palantir's model hub environment(s) (“Llama 3.1 Model Service”) | Customer’s use of AIP leveraging the Llama 3.1 Model Service shall comply with the Llama 3.1 Community License Agreement (https://github.com/meta-llama/llama-models/blob/main/models/llama3_1/LICENSE), which includes the Llama 3.1 Acceptable Use Policy (https://llama.meta.com/llama3_1/use-policy/). |
Effective August 10th 2024 to August 10th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall comply with the Anthropic Bedrock AI Services Agreement (available at https://s3.amazonaws.com/EULA/Anthropic-EULA-1023.pdf), and (c) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry; and (d) shall, with respect to Customer’s use of applicable models that meet the definition of “Pre-GA Offerings” in the Google Model Service Pre-GA Offerings Terms (defined below) made available via the Google Model Service, comply with Google’s “Pre-GA Offerings Terms” subsection in the “General Service Terms” section of the Google Cloud Platform Service Specific Terms, available at https://cloud.google.com/terms/service-terms (the “Google Model Service Pre-GA Offerings Terms”). Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Meta's Llama 3.1 Model hosted in Palantir's model hun envoronment(s) (“Llama 3.1 Model Service”) | Customer’s use of AIP leveraging the Llama 3.1 Model Service shall comply with the Llama 3.1 Community License Agreement (https://github.com/meta-llama/llama-models/blob/main/models/llama3_1/LICENSE), which includes the Llama 3.1 Acceptable Use Policy (https://llama.meta.com/llama3_1/use-policy/). |
Effective June 7th 2024 to August 10th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall comply with the Anthropic Bedrock AI Services Agreement (available at https://s3.amazonaws.com/EULA/Anthropic-EULA-1023.pdf), and (c) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry; and (d) shall, with respect to Customer’s use of applicable models that meet the definition of “Pre-GA Offerings” in the Google Model Service Pre-GA Offerings Terms (defined below) made available via the Google Model Service, comply with Google’s “Pre-GA Offerings Terms” subsection in the “General Service Terms” section of the Google Cloud Platform Service Specific Terms, available at https://cloud.google.com/terms/service-terms (the “Google Model Service Pre-GA Offerings Terms”). Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Effective May 6th 2024 to June 7th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry; and (d) shall, with respect to Customer’s use of applicable models that meet the definition of “Pre-GA Offerings” in the Google Model Service Pre-GA Offerings Terms (defined below) made available via the Google Model Service, comply with Google’s “Pre-GA Offerings Terms” subsection in the “General Service Terms” section of the Google Cloud Platform Service Specific Terms, available at https://cloud.google.com/terms/service-terms (the “Google Model Service Pre-GA Offerings Terms”). Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Effective December 15th 2023 to May 6th 2024
DownloadTable of Contents
Customer’s use of AIP may leverage the following Models hosted in a third party environment (each a “Third Party Model Service”).
Third Party Model Service | Additional Terms |
OpenAI Models hosted in Palantir’s Microsoft Azure Environment (“Azure OpenAI Model Service”) | (a) Customer’s use of AIP leveraging the Azure OpenAI Model Service shall comply with the Azure OpenAI Code of Conduct (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=%2Fazure%2Fcognitive- services%2Fopenai%2Fcontext%2Fcontext); (b) Customer shall only use AIP leveraging the Azure OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); and (c) Customer shall not use AIP leveraging the Azure OpenAI Model Service (i) to generate, distribute, or modify any output from the Azure OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by Azure or Palantir applicable to the Azure OpenAI Model Service. |
Models hosted in Palantir’s Amazon Web Services Environment (“AWS Model Service”) | Customer’s use of AIP leveraging Anthropic Models through the AWS Model Service (a) shall comply with the Anthropic Code of Conduct (https://console.anthropic.com/legal/aup), and (b) shall not facilitate or engage in the following: (i) design, market, help distribute or utilize weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life; (ii) covertly tracking, targeting, or surveilling individuals, i.e., searching for or gathering information on an individual or group in order to track, target or report on their identity, including using the product for facial recognition, covert tracking, battlefield management applications or predictive policing; (iii) automated determination of financing eligibility of individuals, i.e., making automated decisions about the eligibility of individuals for financial products and creditworthiness; (iv) automated determination of employment and housing decisions, i.e., making automated decisions about the employability of individuals or other employment determinations or decisions regarding eligibility for housing, including leases and home loans; (v) any law enforcement application, except for the following permitted applications by U.S. law enforcement organizations: back office uses including call center support, document summarization, and accounting; or (vi) analysis of data for the location of missing persons and other applications, provided that such applications do not otherwise violate or impair the liberty, civil liberties, or human rights of natural persons. Customer hereby agrees that its use of AIP leveraging Models (other than Anthropic Models) through the AWS Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through AIP or the Documentation. Customer acknowledges that Amazon Web Services, Inc. may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the AWS Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the AWS Model Service). |
Google Models hosted in Palantir’s Google Cloud Services Environment (“Google Model Service”) | Customer’s use of AIP leveraging the Google Model Service (a) shall comply with the Google Generative AI Prohibited Use Policy (https://policies.google.com/terms/generative-ai/use-policy); (b) shall comply with the Google Cloud Platform Acceptable Use Policy (https://cloud.google.com/terms/aup); and (c) shall not reasonably be expected to lead to death, personal injury, or environmental damage, including operation of nuclear facilities, air traffic control, life support systems, or weaponry. Customer acknowledges that Google LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the Google Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Google Model Service). |
OpenAI Models hosted by OpenAI (“OpenAI Model Service”) | Customer’s use of AIP leveraging the OpenAI Model Service (a) shall comply with the OpenAI Usage Policies (https://openai.com/policies/usage-policies); (b) if and only as applicable, shall comply with the applicable OpenAI Service Terms (https://openai.com/policies/service-terms); (c) Customer shall only use AIP leveraging the OpenAI Model Service to (i) submit content to be summarized for pre-defined topics built into AIP and cannot use AIP as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the OpenAI Model Service; and (d) Customer shall not use AIP leveraging the OpenAI Model Service (i) to generate, distribute, or modify any output from the OpenAI Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the OpenAI Model Service. Customer acknowledges that OpenAI, LLC may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of AIP leveraging the OpenAI Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the OpenAI Model Service). |
Effective June 27th 2023 to December 15th 2023
DownloadSummary of changes
Table of Contents
Effective June 23rd 2023 to June 27th 2023
DownloadTable of Contents
Effective May 17th 2023 to June 23rd 2023
DownloadTable of Contents
Palantir’s proprietary software-as-a-service offering(s) leveraging artificial intelligence (including but not limited to language models and other modeling services) (“Models”), including OpenAI’s Models hosted in Palantir’s Microsoft Azure environment, as set forth in the Documentation and/or the Agreement.
Effective May 17th 2023 to May 17th 2023
DownloadTable of Contents
Palantir’s proprietary software-as-a-service offering(s) leveraging artificial intelligence (including but not limited to language models and other modeling services) (“Models”), including OpenAI’s Models hosted in Palantir’s Microsoft Azure environment, as set forth in the Documentation and/or the Agreement.
Effective May 2nd 2023 to May 17th 2023
DownloadTable of Contents
Effective May 1st 2023 to May 2nd 2023
DownloadTable of Contents
PALANTIR COGNITIVE SERVICES ADDENDUM
The customer (“Customer”) agreeing to the terms of this Palantir Cognitive Services Addendum (the “Addendum”) and the Palantir Technologies entity that is the signatory to the Agreement (“Palantir”; each a “Party” and collectively the “Parties”), have entered into an agreement governing Customer’s use of the Service (the “Agreement”). This Addendum is incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. If there is a conflict in meaning between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
Certain Definitions.
“Azure OpenAI Cognitive Service” means any Cognitive Service leveraging OpenAI’s Models hosted in Palantir’s Microsoft Azure environment.
“Documentation” means any technical documentation for the Service made available in connection with the Service.
“Service” means Palantir’s proprietary software-as-a-service offering(s) set forth in the Agreement.
“Cognitive Service(s)” means any parts of the Service that leverage cognitive modelling services (including but not limited to language models) (“Models”), including but not limited to the Azure OpenAI Cognitive Service, as set forth in the Documentation and/or the Agreement.
Customer use of Cognitive Services.
Cognitive Services Use. The Cognitive Services employ artificial intelligence and machine learning techniques, including use of Models. Because of the statistical methods underlying the foregoing techniques, output of the Cognitive Services may be incorrect, incomplete, or biased. Accordingly, Customer’s use of the Cognitive Services is at its own risk and Customer shall be solely responsible for any actions it takes on the basis of any Cognitive Services output. Customer further agrees to evaluate (including through review by a natural person) any Cognitive Services output prior to taking any actions or making any decisions on its basis. Access to the Cognitive Services forms part of the Service and is subject to relevant terms and conditions of the Agreement applicable to the Service, and Customer’s right and/or license (as applicable) to use the Cognitive Services is determined by its right and/or license to use and/or access the Service as provided in the Agreement. Customer may only use data in connection with the Cognitive Services for which Customer and/or its user has received all consents, authorizations, approvals, and/or agreements necessary to permit such use and/or processing under applicable law, regulation, or agreement(s). Customer shall not use the Cognitive Services to attempt to obtain any information that may violate third party rights or applicable laws or regulations, including classified information. Customer’s access and use of the Cognitive Services shall comply with all applicable laws and regulations. Customer shall be fully responsible and liable for its users’ use and access of the Cognitive Services.
Azure OpenAI Cognitive Service Use. Customer’s use of the Azure OpenAI Cognitive Service shall comply with the Azure OpenAI Code of Conduct(https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct?context=/azure/cognitive-services/openai/context/context). Customer shall only use the Azure OpenAI Cognitive Service to: (a) submit content to be summarized for pre-defined topics built into the Azure OpenAI Cognitive Service and cannot use the Azure OpenAI Cognitive Service as an open-ended summarizer (examples of such prohibited use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (b) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (c) search trusted source documents such as internal Customer documentation; (d) ask questions and receive answers from trusted source documents such as internal Customer documentation; or (e) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL).
Restrictions. Customer will not (and will not allow any third party to): (a) decompile, disassemble, scan, reverse engineer, or attempt to discover any source code, algorithms, weights of the underlying models, or underlying ideas of any Cognitive Service; (b) use any Cognitive Service in attempt to train or develop another Model; or (c) represent that any output from the Cognitive Services was generated by a natural person when it was not.
Fees. Customer’s use of Cognitive Services shall accrue fees on the same terms as Customer’s use of the Service pursuant to the Agreement. Notwithstanding the foregoing, if the Agreement does not include separate fees for use of Cognitive Services, Palantir reserves the right to begin charging for use of any Cognitive Service upon providing Customer thirty (30) days’ notice to opt in or otherwise lose access to the Cognitive Services.
Suspension of Services. If Palantir reasonably determines that: (a) Customer’s access or use of any Model violates applicable law, regulation, or any material term of the Agreement, including this Addendum; (b) Palantir providing any part of any Cognitive Service would violate applicable (in force or forthcoming) law, regulation, or agreements; or (c) Palantir’s provision of any part of any Cognitive Service poses undue security risk to Palantir or its customers, Palantir reserves the right to disable, suspend, or terminate Customer’s access to all or any part of the Cognitive Services. Palantir will notify Customer prior to exercising the foregoing right concurrent or prior to such exercise.
Disclaimer. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE AGREEMENT, THE COGNITIVE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY OTHER WARRANTIES OF ANY KIND AND PALANTIR HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, ORAL OR WRITTEN, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, TITLE, SATISFACTORY QUALITY, OR FITNESS FOR A PARTICULAR PURPOSE. WITHOUT LIMITING THE FOREGOING LIMITATION, PALANTIR DOES NOT WARRANT THAT THE COGNITIVE SERVICES WILL MEET CUSTOMER REQUIREMENTS OR GUARANTEE ANY QUALITY, RESULTS, OUTCOMES, OR CONCLUSIONS OR THAT OPERATION OF THE COGNITIVE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE. PALANTIR IS NOT RESPONSIBLE FOR ANY DECISIONS OR ACTIONS CUSTOMER TAKES BASED UPON OR INFORMED BY OUTPUT FROM ANY COGNITIVE SERVICE. PALANTIR IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD PARTY SERVICES PROVIDED IN THE COURSE OF DELIVERING ANY COGNITIVE SERVICES, INCLUDING MICROSOFT AZURE WITH RESPECT TO THE AZURE OPENAI COGNITIVE SERVICE (INCLUDING WITHOUT LIMITATION, UPTIME GUARANTEES, OUTAGES, FAILURES, OR ANY OTHER GUARANTEES IN ANY SERVICE LEVEL AGREEMENT BETWEEN THE PARTIES), CUSTOMER’S INPUT TO THE COGNITIVE SERVICES, OR OUTPUT FROM THE COGNITIVE SERVICES (INCLUDING BUT NOT LIMITED TO COMPLETENESS, OR ACCURACY OF OUTPUT FROM COGNITIVE SERVICES, OR WHETHER THE OUTPUT FROM ANY COGNITIVE SERVICE INFRINGES OR VIOLATES ANY THIRD PARTY’S RIGHTS, INCLUDING INTELLECTUAL PROPERTY AND CONTRACTUAL RIGHTS).
Miscellaneous. This Addendum and any dispute or claim (including any non-contractual disputes or claims) arising out of or in connection with it, or its subject matter or formation, shall be governed by and construed in accordance with the laws that govern the Agreement and the dispute resolution provisions therein. If any provision of this Agreement shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and be enforceable. No waiver of any breach shall be deemed a waiver of any subsequent breach.
Use Case Restrictions
Effective April 25th 2024
DownloadTable of Contents
PALANTIR USE CASE RESTRICTIONS
By using the Palantir Foundry Platform or Palantir’s AI Platform (“AIP”) (including any other technology made available by Palantir to Customer “Palantir Technology”, which term if otherwise defined in the Agreement shall for purposes of these Palantir Use Case Restrictions have the definition provided in the Agreement), Customer agrees to abide by the following use case restrictions. Any capitalized terms not defined in these Use Case Restrictions will have the meaning provided to them in the Palantir Terms of Service, or any applicable agreement governing Customer’s use of the Palantir Technology (the “Agreement”).
In accordance with the Agreement, you and the Customer you represent (including such Customer’s users) will not use the Palantir Technology for any Prohibited Use Case. Customer must obtain Palantir’s prior written approval to use or permit any of Customer’s users to use the Palantir Technology for any Use Cases Requiring Pre-Approval.
Prohibited Use Cases:
- Political parties, committees, campaigns, or organizations workflows
- Offensive cyber workflows
- Predictive policing efforts
- Influencing union organizing efforts
- Facial recognition for surveillance workflows
- Predatory targeting workflows
- Clinical judgment or decision making, medical advice, diagnostic or therapeutic purposes, and/or as a medical device or accessory (as defined by the applicable law).
Use Cases Requiring Pre-Approval:
- Any use of government data
- Law enforcement workflows (including, but not limited to, investigative watchlists)
- Immigration enforcement, monitoring, or surveillance workflows
- Mobility collecting, monitoring, or tracking workflows
- Video analysis workflows (e.g., CCTV)
- Tobacco, controlled substances, or illicit drugs related workflows
- Gambling related workflows.
- Employee monitoring workflows
- Biometric identity verification workflows
- Social media data use
Effective February 1st 2024 to April 25th 2024
DownloadTable of Contents
PALANTIR USE CASE RESTRICTIONS
By using the Palantir Foundry Platform or Palantir’s AI Platform (“AIP”) (including any other technology made available by Palantir to Customer “Palantir Technology”, which term if otherwise defined in the Agreement shall for purposes of these Palantir Use Case Restrictions have the definition provided in the Agreement), Customer agrees to abide by the following use case restrictions. Any capitalized terms not defined in these Use Case Restrictions will have the meaning provided to them in the Palantir Terms of Service, or any applicable agreement governing Customer’s use of the Palantir Technology (the “Agreement”).
In accordance with the Agreement, you and the Customer you represent (including such Customer’s users) will not use the Palantir Technology for any Prohibited Use Case. Customer must obtain Palantir’s prior written approval to use or permit any of Customer’s users to use the Palantir Technology for any Use Cases Requiring Pre-Approval.
Prohibited Use Cases:
- Political parties, committees, campaigns, or organizations workflows
- Offensive cyber workflows
- Predictive policing efforts
- Influencing union organizing efforts
- Facial recognition for surveillance workflows
- Predatory targeting workflows
- Clinical judgment or decision making, medical advice, diagnostic or therapeutic purposes, and/or as a medical device or accessory (as defined by the applicable law).
Use Cases Requiring Pre-Approval:
- Law enforcement workflows (including, but not limited to, investigative watchlists)
- Immigration enforcement, monitoring, or surveillance workflows
- Mobility collecting, monitoring, or tracking workflows
- Video analysis workflows (e.g., CCTV)
- Tobacco, controlled substances, or illicit drugs related workflows
- Gambling related workflows.
- Employee monitoring workflows
- Biometric identity verification workflows
- Social media data use
Terms of Service (Self Service)
Effective May 24th 2024
DownloadTable of Contents
PALANTIR TERMS OF SERVICE
COUNTRY-SPECIFIC ADDENDUM
Effective April 22nd 2024 to May 24th 2024
DownloadTable of Contents
PALANTIR TERMS OF SERVICE
COUNTRY-SPECIFIC ADDENDUM
Effective December 15th 2023 to April 22nd 2024
DownloadTable of Contents
PALANTIR TERMS OF SERVICE
COUNTRY-SPECIFIC ADDENDUM
Effective September 22nd 2023 to December 15th 2023
DownloadTable of Contents
Effective May 24th 2023 to September 22nd 2023
DownloadTable of Contents
Effective May 10th 2023 to May 24th 2023
DownloadTable of Contents
Effective March 2nd 2023 to May 10th 2023
DownloadTable of Contents
Data Protection Addendum (Enterprise Self Service)
Effective May 2nd 2024
DownloadTable of Contents
PALANTIR DATA PROTECTION ADDENDUM (“DPA”)
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information” or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way, Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway, Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way, Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
29 August 2023 | Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
12 December 2023 | General update to align this DPA with our global DPA terms, including edits to the Data Subject Rights and Data Transfers sections. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
- [Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority. - The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
Effective January 11th 2024 to May 2nd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information” or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the terms “processor”, “service provider” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way, Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway, Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way, Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
29 August 2023 | Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
12 December 2023 | General update to align this DPA with our global DPA terms, including edits to the Data Subject Rights and Data Transfers sections. This update is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective November 20th 2023 to January 11th 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “business” under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”) and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated as personal data, personal information, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of third party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure, AI services and alerting and encrypted notification | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and AI services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI services can be the United States and other regions as they become available. | Standard Contractual Clauses |
29 August 2023 | Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective or Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Effective October 30th 2023 to November 20th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “business” under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”) and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated as personal data, personal information, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of third party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure, AI services and alerting and encrypted notification | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and AI services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | United States | Standard Contractual Clauses |
29 August 2023 | Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective or Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
30 October 2023 | Addition of OpenAI LLC as a Third-Party Subprocessor. Authorization for subprocessing by this additional subprocessor is considered effective for Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Effective August 30th 2023 to October 30th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “business” under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”) and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated as personal data, personal information, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of third party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure, AI services and alerting and encrypted notification | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and AI services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
29 August 2023 | Addition of alerting and encrypted notification services for the purpose of using AWS. This update is considered effective or Agreements entered on or after the date of this update, unless subject to separate written agreement between Palantir and Customer. |
Effective May 12th 2023 to August 30th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “business” under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”) and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated as personal data, personal information, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of third party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure and cognitive services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and cognitive services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the cognitive service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and cognitive services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective February 8th 2023 to May 12th 2023
DownloadTable of Contents
PALANTIR DATA PROTECTION ADDENDUM (“DPA”)
Version 1.1 – February 8, 2023
1 DEFINITIONS
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “business” under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”) and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated as personal data, personal information, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of third party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
2 TERM
3 SCOPE AND APPLICATION
4 ROLES OF THE PARTIES
5 CUSTOMER PROCESSING OF PERSONAL DATA
6 PALANTIR PROCESSING OF PERSONAL DATA
8 SECURITY
9 AUDIT
10 DEALINGS WITH DATA PROTECTION AUTHORITIES AND DATA PROTECTION IMPACT ASSESSMENTS
11 ACCOUNTABILITY
12 DATA SUBJECT RIGHTS
13 DATA INCIDENT
14 DATA TRANSFERS
15 LIABILITY
16 GENERAL TERMS
17 GOVERNING LAW AND JURISDICTION
EXHIBIT A
LIST OF APPROVED SUB-PROCESSORS
Part I – Sub-Processors
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure (Microsoft Azure) and | One Microsoft Way Redmond, WA 98052, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
PART II – Palantir Affiliates
EXHIBIT B
Subject Matter and Details of Customer Personal Data Processing
EXHIBIT C
Definition of Completions
Effective February 2nd 2023 to February 8th 2023
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Customer, any of Customer’s affiliate(s) from time to time which are subject to Data Protection Laws and are permitted to use the Services pursuant to the Terms of Service between Customer and Palantir, but are not a party to the Terms of Service and shall include, without being limited to, all entities listed in Exhibit A, Part II, of the present DPA, and, in respect of Palantir, any Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data;
- “Country” means a country, state, territory or economic union that have implemented applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data subject to Data Protection Laws that Customer, including Users, provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, an independent public authority responsible for monitoring the application of Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement;
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates;
- “Europe” means the European Union, the European Economic Area, Switzerland and the United Kingdom (“UK”);
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Permitted User” user permitted by the Customer to access the Services;
- “Personal Data” means any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws);
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including as applicable the term “service provider” and any equivalent or similar terms that address the same responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under Section 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer or individual’s personal information by a business to a third party for valuable consideration; or whether for valuable consideration or for no consideration, for the third party's commercial purposes;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including the EU SCCs in relation to exports of personal data from the EEA (and where more than one set of such clauses has been approved, those that most closely approximate the EU SCCs); or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs, in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers;
- “Sub-Processor” means a provider of Third Party Services, or Palantir's Affiliate engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under Data Protection Laws.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure (Microsoft Azure) and | One Microsoft Way Redmond, WA 98052, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Data Protection Addendum - Consumer
Effective December 15th 2023
DownloadTable of Contents
1 DEFINITIONS
Capitalized terms used but not defined in this DPA shall have the meanings provided in the agreement. The following capitalized terms will have the meanings indicated below:
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Palantir, any of Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term "controller", “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “CRM Data" means Personal Data relating to Customer and Processed by Palantir in its capacity as a Controller in accordance with the terms of Palantir’s Privacy Statement including but not limited to Customer name, email address, correspondence, Customer billing related information and any feedback provided by Customer to Palantir in relation to its use of the Palantir Technology;
- “Customer Personal Data” means any Personal Data (but excluding CRM Data) contained within Customer Data subject to Data Protection Laws that Customer , provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws, to the extent applicable to the Processing of Customer Personal Data by Palantir and/or Customer under the Agreement;
- “Data Protection Officer” means the natural person or company appointed to act as such under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term "data subject", "consumer" and any other similar or equivalent terms under applicable Data Protection Laws;
- “Europe” means the European Economic Area, Switzerland and the United Kingdom (“UK”), and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as amend or replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as "personal data", "personal information", "personally identifiable information" or any other similar or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms "process", "processes" and "processed" will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including, as applicable, the terms "processor", “service provider” and any equivalent or similar terms that address the same or similar responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- "Special Category Data" means Personal Data receiving additional protection under applicable Data Protection Laws, and includes but is not limited to, where applicable, (i) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data, as well as data concerning a person's health, sex life, or sexual orientation; (ii) Personal Data relating to criminal convictions or offences, and (iii) any information treated as "special category data", "sensitive personal information", "sensitive data" or "criminal convictions data", or in a similar way under applicable Data Protection Laws;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including: (i) where the EU GDPR applies, the EU SCCs in relation to exports of Personal Data from the EEA (and in countries where more than one set of standard data protection clauses have been approved, those that most closely approximate the EU SCCs); (ii) where the UK GDPR applies, the UK Addendum in relation to exports of Personal Data from the UK; or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs; in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be that form of clauses applying to Controller to Processor transfers;
- “Sub-Processor” means a provider of third party services, or Palantir's Affiliate, engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement;
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws; and
- "UK Addendum" means the international data transfer addendum to the EU SCCs issued by the UK Information Commissioner under s. 119A of the Data Protection Act 2018, or such other addendum as may amend or replace the addendum from time to time.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure and cognitive services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and cognitive services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the cognitive service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and cognitive services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
(iii) in relation to Restricted Transfers of Customer Personal Data from the UK, the UK Addendum shall apply completed on the following basis (with any replacements or amendments made to the UK Addendum after the date of this DPA being completed as most closely approximate the following items):
Effective May 12th 2023 to December 15th 2023
DownloadTable of Contents
1 DEFINITIONS
Capitalized terms used but not defined in this DPA shall have the meanings provided in the agreement. The following capitalized terms will have the meanings indicated below:
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Palantir, any of Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term "controller", “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “CRM Data" means Personal Data relating to Customer and Processed by Palantir in its capacity as a Controller in accordance with the terms of Palantir’s Privacy Statement including but not limited to Customer name, email address, correspondence, Customer billing related information and any feedback provided by Customer to Palantir in relation to its use of the Palantir Technology;
- “Customer Personal Data” means any Personal Data (but excluding CRM Data) contained within Customer Data subject to Data Protection Laws that Customer , provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws, to the extent applicable to the Processing of Customer Personal Data by Palantir and/or Customer under the Agreement;
- “Data Protection Officer” means the natural person or company appointed to act as such under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term "data subject", "consumer" and any other similar or equivalent terms under applicable Data Protection Laws;
- “Europe” means the European Economic Area, Switzerland and the United Kingdom (“UK”), and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as amend or replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as "personal data", "personal information", "personally identifiable information" or any other similar or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms "process", "processes" and "processed" will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including, as applicable, the terms "processor", “service provider” and any equivalent or similar terms that address the same or similar responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- "Special Category Data" means Personal Data receiving additional protection under applicable Data Protection Laws, and includes but is not limited to, where applicable, (i) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data, as well as data concerning a person's health, sex life, or sexual orientation; (ii) Personal Data relating to criminal convictions or offences, and (iii) any information treated as "special category data", "sensitive personal information", "sensitive data" or "criminal convictions data", or in a similar way under applicable Data Protection Laws;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including: (i) where the EU GDPR applies, the EU SCCs in relation to exports of Personal Data from the EEA (and in countries where more than one set of standard data protection clauses have been approved, those that most closely approximate the EU SCCs); (ii) where the UK GDPR applies, the UK Addendum in relation to exports of Personal Data from the UK; or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs; in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be that form of clauses applying to Controller to Processor transfers;
- “Sub-Processor” means a provider of third party services, or Palantir's Affiliate, engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement;
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws; and
- "UK Addendum" means the international data transfer addendum to the EU SCCs issued by the UK Information Commissioner under s. 119A of the Data Protection Act 2018, or such other addendum as may amend or replace the addendum from time to time.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting, infrastructure and cognitive services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting, infrastructure and cognitive services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the cognitive service is East US, South Central US, West Europe and/or other Microsoft Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting, infrastructure and cognitive services (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer) | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
Effective May 1st 2023 to May 12th 2023
DownloadTable of Contents
1 DEFINITIONS
Capitalized terms used but not defined in this DPA shall have the meanings provided in the agreement. The following capitalized terms will have the meanings indicated below:
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting Country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means in respect of Palantir, any of Palantir’s affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit C of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term "controller", “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Country” means a country, state, province, territory or economic union that have implemented applicable Data Protection Laws;
- “CRM Data" means Personal Data relating to Customer and Processed by Palantir in its capacity as a Controller in accordance with the terms of Palantir’s Privacy Statement including but not limited to Customer name, email address, correspondence, Customer billing related information and any feedback provided by Customer to Palantir in relation to its use of the Palantir Technology;
- “Customer Personal Data” means any Personal Data (but excluding CRM Data) contained within Customer Data subject to Data Protection Laws that Customer , provides or makes available to Palantir in connection with the Agreement;
- “Data Incident” means any breach of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means, a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all laws and regulations as amended from time to time regarding data protection, privacy, electronic communications and marketing laws, to the extent applicable to the Processing of Customer Personal Data by Palantir and/or Customer under the Agreement;
- “Data Protection Officer” means the natural person or company appointed to act as such under applicable Data Protection Laws;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term "data subject", "consumer" and any other similar or equivalent terms under applicable Data Protection Laws;
- “Europe” means the European Economic Area, Switzerland and the United Kingdom (“UK”), and “European” shall have the equivalent related meaning;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as amend or replace them from time to time;
- “GDPR” means, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and/or the EU GDPR as implemented or amended in the United Kingdom (“UK GDPR”);
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as "personal data", "personal information", "personally identifiable information" or any other similar or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms "process", "processes" and "processed" will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of the Controller, including, as applicable, the terms "processor", “service provider” and any equivalent or similar terms that address the same or similar responsibilities under applicable Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a Country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration;
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- "Special Category Data" means Personal Data receiving additional protection under applicable Data Protection Laws, and includes but is not limited to, where applicable, (i) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data, as well as data concerning a person's health, sex life, or sexual orientation; (ii) Personal Data relating to criminal convictions or offences, and (iii) any information treated as "special category data", "sensitive personal information", "sensitive data" or "criminal convictions data", or in a similar way under applicable Data Protection Laws;
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting Country from time to time to legitimise exports of Personal Data from that Country, including: (i) where the EU GDPR applies, the EU SCCs in relation to exports of Personal Data from the EEA (and in countries where more than one set of standard data protection clauses have been approved, those that most closely approximate the EU SCCs); (ii) where the UK GDPR applies, the UK Addendum in relation to exports of Personal Data from the UK; or (b) where the applicable exporting Country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs; in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular Country, the clauses that shall apply shall be that form of clauses applying to Controller to Processor transfers;
- “Sub-Processor” means a provider of third party services, or Palantir's Affiliate, engaged by or on behalf of Palantir to Process Customer Personal Data in connection with the Agreement;
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws; and
- "UK Addendum" means the international data transfer addendum to the EU SCCs issued by the UK Information Commissioner under s. 119A of the Data Protection Act 2018, or such other addendum as may amend or replace the addendum from time to time.
Authorized Third-Party Sub-Processors | ||||
Sub-Processor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure (Microsoft Azure) and | One Microsoft Way Redmond, WA 98052, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
(iii) in relation to Restricted Transfers of Customer Personal Data from the UK, the UK Addendum shall apply completed on the following basis (with any replacements or amendments made to the UK Addendum after the date of this DPA being completed as most closely approximate the following items):
Use Case Restrictions (Legacy Self-Service)
Effective May 1st 2024
DownloadTable of Contents
- Promoting, supporting, assisting, or opposing political parties, committees, campaigns, or organizations
- Offensive cyber purposes, including but not limited to, using or accessing the Palantir Technology for the purposes of accessing without authorization or attempting to gain unauthorized access to third-party servers, databases, computer systems, or data, and using or accessing the Palantir Technology for or on behalf of entities (including state actors) intending to accomplish the latter purposes
- Influencing labor union organizing efforts
- Facial recognition for surveillance workflows
- Law enforcement and government workflows (including but not limited to investigative watchlists and predictive policing)
- Mobility tracking workflows that collect, monitor, or track the physical movement of identifiable individuals
- Video analysis workflows (including but not limited to use in connection with CCTV monitoring and surveillance)
- Immigration enforcement, monitoring, or surveillance workflows
- Promoting, distributing, developing, manufacturing, selling, providing, policing, regulating, or other activities related to tobacco, gambling, or controlled or illicit substances
- Predatory targeting including but not limited to workflows related to or involving gambling, tobacco, alcohol, or controlled or illicit substances
- Employee monitoring (including but not limited to insider threat or insider trading workflows)
- Biometric identity verification workflows
- Social media data use, scraping, or collection
- Engaging in or supporting spamming activities or communications, or marketing activities or communications in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (15 U.S.C. § 7701 et seq.), the Telephone Consumer Protection Act (47 U.S.C. § 227), and all other applicable laws prohibiting spam or otherwise governing transmission of marketing materials and/or communications
- Clinical judgment or decision making, medical advice, diagnostic or therapeutic purposes, and/or as a medical device or accessory (as defined by the applicable law).
Effective February 1st 2024 to May 1st 2024
DownloadTable of Contents
- Promoting, supporting, assisting, or opposing political parties, committees, campaigns, or organizations
- Offensive cyber purposes, including but not limited to, using or accessing the Palantir Technology for the purposes of accessing without authorization or attempting to gain unauthorized access to third-party servers, databases, computer systems, or data, and using or accessing the Palantir Technology for or on behalf of entities (including state actors) intending to accomplish the latter purposes
- Influencing labor union organizing efforts
- Facial recognition for surveillance workflows
- Law enforcement and government workflows (including but not limited to investigative watchlists and predictive policing)
- Mobility tracking workflows that collect, monitor, or track the physical movement of identifiable individuals
- Video analysis workflows (including but not limited to use in connection with CCTV monitoring and surveillance)
- Immigration enforcement, monitoring, or surveillance workflows
- Promoting, distributing, developing, manufacturing, selling, providing, policing, regulating, or other activities related to tobacco, gambling, or controlled or illicit substances
- Predatory targeting including but not limited to workflows related to or involving gambling, tobacco, alcohol, or controlled or illicit substances
- Employee monitoring (including but not limited to insider threat or insider trading workflows)
- Biometric identity verification workflows
- Social media data use, scraping, or collection
- Engaging in or supporting spamming activities or communications, or marketing activities or communications in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (15 U.S.C. § 7701 et seq.), the Telephone Consumer Protection Act (47 U.S.C. § 227), and all other applicable laws prohibiting spam or otherwise governing transmission of marketing materials and/or communications
- Clinical judgment or decision making, medical advice, diagnostic or therapeutic purposes, and/or as a medical device or accessory (as defined by the applicable law).
Effective February 2nd 2023 to February 1st 2024
DownloadTable of Contents
- Promoting, supporting, assisting, or opposing political parties, committees, campaigns, or organizations
- Offensive cyber purposes, including but not limited to, using or accessing the Palantir Technology for the purposes of accessing without authorization or attempting to gain unauthorized access to third-party servers, databases, computer systems, or data, and using or accessing the Palantir Technology for or on behalf of entities (including state actors) intending to accomplish the latter purposes
- Influencing labor union organizing efforts
- Facial recognition for surveillance workflows
- Law enforcement and government workflows (including but not limited to investigative watchlists and predictive policing)
- Mobility tracking workflows that collect, monitor, or track the physical movement of identifiable individuals
- Video analysis workflows (including but not limited to use in connection with CCTV monitoring and surveillance)
- Immigration enforcement, monitoring, or surveillance workflows
- Promoting, distributing, developing, manufacturing, selling, providing, policing, regulating, or other activities related to tobacco, gambling, or controlled or illicit substances
- Predatory targeting including but not limited to workflows related to or involving gambling, tobacco, alcohol, or controlled or illicit substances
- Employee monitoring (including but not limited to insider threat or insider trading workflows)
- Biometric identity verification workflows
- Social media data use, scraping, or collection
- Engaging in or supporting spamming activities or communications, or marketing activities or communications in violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (15 U.S.C. § 7701 et seq.), the Telephone Consumer Protection Act (47 U.S.C. § 227), and all other applicable laws prohibiting spam or otherwise governing transmission of marketing materials and/or communications
Affirmation of Separate Agreement
Effective July 25th 2023
DownloadTable of Contents
Terms of Service (Apollo)
Effective March 20th 2024
DownloadTable of Contents
Effective December 16th 2023 to March 20th 2024
DownloadTable of Contents
Effective October 31st 2023 to December 16th 2023
DownloadTable of Contents
Terms of Service (AIP Now)
Effective October 2nd 2024
DownloadTable of Contents
Effective June 25th 2024 to October 2nd 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective June 20th 2024 to June 25th 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective May 20th 2024 to June 20th 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective May 6th 2024 to May 20th 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective May 3rd 2024 to May 6th 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective May 1st 2024 to May 3rd 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Effective May 1st 2024 to May 1st 2024
DownloadTable of Contents
PALANTIR AIP NOW TERMS OF SERVICE
Data Protection Addendum (AIP Now)
Effective May 23rd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data that is subject to Data Protection Laws;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all applicable laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of a Controller, including as applicable the terms “processor”, “service provider” “contractor” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws as applicable;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Oracle America, Inc. | Cloud hosting and infrastructure. | 500 Oracle Parkway, Redwood Shores, CA 94065 | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
Effective May 3rd 2024 to May 23rd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data that is subject to Data Protection Laws;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all applicable laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of a Controller, including as applicable the terms “processor”, “service provider” “contractor” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws as applicable;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
Effective May 1st 2024 to May 3rd 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data that is subject to Data Protection Laws;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all applicable laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of a Controller, including as applicable the terms “processor”, “service provider” “contractor” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws as applicable;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
Effective May 1st 2024 to May 1st 2024
DownloadTable of Contents
- “Adequate Country” means a country that may import Personal Data and is deemed by the governing authority of the exporting country to provide an adequate level of data protection under the applicable Data Protection Laws;
- “Affiliate” means an entity that, directly or indirectly, owns or controls or is owned or controlled by, or is under common ownership or control with, a Party. As used herein, “control” means the power to direct, directly or indirectly, the management or affairs of an entity and “ownership” means the beneficial ownership of more than fifty percent of the voting equity securities or other equivalent voting interests of an entity. In respect of Palantir, Affiliate shall include, without being limited to, all entities listed in Exhibit A, Part II and any other Palantir affiliates from time to time;
- “Completions” has the meaning given to it in Exhibit D of this DPA;
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data and includes, as applicable, the term “controller” “business” and any other similar or equivalent terms under applicable Data Protection Laws;
- “Customer Personal Data” means any Personal Data contained within Customer Data that is subject to Data Protection Laws;
- “Data Incident” means any breach, as defined by applicable Data Protection Laws, of Palantir’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or otherwise controlled by Palantir;
- “Data Protection Authority” means a competent authority responsible for enforcing the application of the relevant Data Protection Laws, and includes, as applicable, any data protection authority, privacy regulator, supervisory authority, Attorney General, state privacy agency or any governmental body or agency enforcing Data Protection Laws;
- “Data Protection Laws” means all applicable laws and regulations as amended from time to time regarding data protection, consumer privacy, electronic communications and marketing laws to the extent applicable to the Processing of Customer Personal Data by Palantir under the Agreement, such as:
- California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”);
- California Privacy Rights Act of 2020 (“CPRA”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”);
- The EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018 (“UK GDPR”); and
- The Switzerland Federal Data Protection act of 19 June 1992 as replaced and/or updated from time to time (“FDP”).
- “Data Protection Officer” means the natural person or company appointed where necessary under applicable Data Protection Laws to ensure an organization's compliance with Data Protection Laws and cooperate with the Data Protection Authorities;
- “Data Subject” means the identified or identifiable person to whom Personal Data relates, and includes, as applicable, the term “consumer” and any other similar or equivalent terms under Applicable Data Protection Laws;
- “DPA Effective Date” means the Effective Date of the Agreement;
- “EEA” means the European Economic Area;
- “EU SCCs” means the standard contractual clauses for use in relation to exports of Personal Data from the EEA approved by the European Commission under Commission Implementing Decision 2021/914, or such other clauses as replace them from time to time;
- “Personal Data” means: (a) any information relating to (i) an identified or identifiable natural person and/or (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws), and (b) any information treated or receiving similar treatment as “personal data”, “personal information”, “personally identifiable information or any similar, or equivalent terms under applicable Data Protection Laws;
- “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The terms “process”, “processes” and “processed” will be interpreted accordingly;
- “Processor” means the entity which Processes Personal Data on behalf of a Controller, including as applicable the terms “processor”, “service provider” “contractor” and any equivalent or similar terms that address the same, or similar, responsibilities under applicable Data Protection Laws as applicable;
- “Request” means a request from a Data Subject or anyone acting on their behalf to exercise their rights under Data Protection Laws;
- “Restricted Transfer” means a transfer, or onward transfer, of Personal Data from a country where such transfer would be restricted or prohibited by applicable Data Protection Laws (or by the terms of a data transfer agreement put in place to address the data transfer restrictions of Data Protection Laws) without implementing safeguards such as the Standard Contractual Clauses to be established under clause 14 below;
- “Security Documentation” means the Documentation describing the security standards that apply to the Service as provided by or on behalf of Palantir from time to time;
- “Sell” or “Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for valuable consideration.
- “Service” shall have the meaning as set out in the Agreement and this DPA.
- “Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Data Subject’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions in which no money is exchanged;
- “Subprocessor” means any processor or service provider who processes personal data on behalf of Palantir for the purpose of providing the Service as set out in the Agreement, Exhibit A and any other relevant applicable exhibits of this DPA.
- “Standard Contractual Clauses” or “SCCs” means either (a) the standard data protection clauses approved pursuant to the Data Protection Laws of the applicable exporting country from time to time to legitimise exports of Personal Data from that country, or (b) where the applicable exporting country has Data Protection Laws that regulate the export of personal data but no approved standard data protection clauses, the EU SCCs shall apply- in each case incorporating the appropriate Completions, and where more than one form of such approved clauses exists in respect of a particular country, the clauses that shall apply shall be: (i) in respect of any situation where Customer acts as a Controller of Customer Personal Data, that form of clauses applying to Controller to Processor transfers; and (ii) in respect of any situation where Customer acts as a Processor of Customer Personal Data, that form of clauses applying to Processor to Processor transfers; and
- “Technical and Organisational Measures” means the technical and organisational measures agreed by the Parties in the Agreement and any additional technical and organisational measures implemented by Palantir pursuant to its obligations under applicable Data Protection Laws.
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services and AI services. | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | Cloud hosting and infrastructure, and AI services (Microsoft Azure) | One Microsoft Way Redmond, WA 98052, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services is East US, South Central US, West Europe and other Azure regions as they become available. | Standard Contractual Clauses |
Google LLC | Cloud hosting and infrastructure (Google Cloud Platform) and AI services. | 1600 Amphitheatre Parkway Mountain View, 94043 CA, USA | The location for the purpose of providing the cloud hosting service is as selected by Customer in the Order Form or, as applicable, other parts of the Agreement. The location for the purpose of providing the AI services are all regions available for features of Generative AI on Google Vertex AI and other regions as they become available. | Standard Contractual Clauses |
Proofpoint, Inc. | Alerting and encrypted notification service. | 892 Ross Drive, Sunnyvale, CA 94089, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement. | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
OpenAI LLC | AI services | 3180 18th Street, San Francisco, CA 94110, USA | The location for the purpose of providing the AI service can be the United States and other regions as they become available. | Standard Contractual Clauses |
Authorized Third-Party Subprocessors | ||||
Subprocessor | Purpose | Registered Address | Location | Transfer Mechanism |
Amazon Web Services, Inc. | Cloud hosting and infrastructure, alerting and encrypted notification services | 410 Terry Avenue North, Seattle, WA 98109, USA | As selected by Customer in the Order Form or, as applicable, other parts of the Agreement | Standard Contractual Clauses |
Microsoft Corporation | User authentication as an identity provider (where selected as chosen identity provider by Customer). | One Microsoft Way Redmond, WA 98052, USA | United States | Standard Contractual Clauses |
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. ↑
Terms of Service (AIP Self-Service)
Effective May 6th 2024
DownloadTable of Contents
Effective May 2nd 2024 to May 6th 2024
DownloadTable of Contents
Effective April 9th 2024 to May 2nd 2024
DownloadTable of Contents
Effective April 8th 2024 to April 9th 2024
DownloadTable of Contents
Palantir Third Party Model Activation Addendum - Anthropic Claude via AWS
Effective June 7th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - ANTHROPIC CLAUDE VIA AWS
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via AWS Bedrock, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Amazon Web Services Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Anthropic Acceptable Use Policy (available at https://console.anthropic.com/legal/aup), the Anthropic Bedrock AI Services Agreement (available at https://s3.amazonaws.com/EULA/Anthropic-EULA-1023.pdf), and the AWS Acceptable Use Policy (available at https://aws.amazon.com/aup/), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service). - Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Amazon Web Services | 410 Terry Avenue North, Seattle, WA 98109, USA |
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Effective March 18th 2024 to June 7th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - ANTHROPIC CLAUDE VIA AWS
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via AWS Bedrock, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Amazon Web Services Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Anthropic Acceptable Use Policy (available at https://console.anthropic.com/legal/aup) and the AWS Acceptable Use Policy (available at https://aws.amazon.com/aup/), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service). - Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Amazon Web Services | 410 Terry Avenue North, Seattle, WA 98109, USA |
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Effective March 18th 2024 to March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - ANTHROPIC CLAUDE VIA AWS
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via AWS Bedrock, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Amazon Web Services Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Anthropic Acceptable Use Policy (available at https://console.anthropic.com/legal/aup) and the AWS Acceptable Use Policy (available at https://aws.amazon.com/aup/), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service). - Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Amazon Web Services | 410 Terry Avenue North, Seattle, WA 98109, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Palantir Third Party Model Activation Addendum - Microsoft Azure OpenAI
Effective March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - MICROSOFT AZURE OPENAI
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence models (including but not limited to language models and other modeling services).
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via Microsoft Azure, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Microsoft Corporation.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Code of Conduct for Azure OpenAI Services (available at https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct) and the Microsoft Universal License Terms For Online Services (available at https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Microsoft Corporation | One Microsoft Way, Redmond, WA 98052, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Effective March 18th 2024 to March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - MICROSOFT AZURE OPENAI
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence models (including but not limited to language models and other modeling services).
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via Microsoft Azure, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Microsoft Corporation.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Code of Conduct for Azure OpenAI Services (available at https://learn.microsoft.com/en-us/legal/cognitive-services/openai/code-of-conduct) and the Microsoft Universal License Terms For Online Services (available at https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Microsoft Corporation | One Microsoft Way, Redmond, WA 98052, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Palantir Third Party Model Activation Addendum - Google Cloud Platform
Effective March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - GOOGLE CLOUD PLATFORM
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via Google Cloud, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Google LLC.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Generative AI Prohibited Use Policy (available at https://policies.google.com/terms/generative-ai/use-policy) and the Google Cloud Platform Acceptable Use Policy (available at https://cloud.google.com/terms/aup), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Google LLC | 1600 Amphitheatre Parkway, Mountain View, 94043 CA, USA |
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Effective March 18th 2024 to March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - GOOGLE CLOUD PLATFORM
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via Google Cloud, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Google LLC.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Generative AI Prohibited Use Policy (available at https://policies.google.com/terms/generative-ai/use-policy) and the Google Cloud Platform Acceptable Use Policy (available at https://cloud.google.com/terms/aup), each as applicable.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
Google LLC | 1600 Amphitheatre Parkway, Mountain View, 94043 CA, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Palantir Third Party Model Activation Addendum - OpenAI
Effective March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - OPENAI
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via OpenAI, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means OpenAI LLC.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants (a) that its use of the Service shall comply with the OpenAI Usage Policies (available at https://openai.com/policies/usage-policies),(b) that its use of the Service shall comply with the Sharing & Publication Policy (available at https://openai.com/policies/sharing-publication-policy), each as applicable, (c) that Customer shall only use the Service leveraging the Third Party Model Service to (i) submit content to be summarized for pre-defined topics built into the Service and cannot use the Service as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the Third Party Model Service; and (d) that Customer shall not use the Service leveraging the Third Party Model Service (i) to generate, distribute, or modify any output from the Third Party Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the Third Party Model Service.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
OpenAI LLC | 3180 18th Street, San Francisco, CA 94110, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Effective March 18th 2024 to March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - OPENAI
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Process(ing)” means as defined in the Agreement or, if undefined, then any operation or set of operations which is performed upon Customer’s information, whether or not by automatic means.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Subprocessor” means any processor engaged by Palantir to Process personal data for the purpose of providing the Service.
- “Third Party Model Service” means the Model made available via OpenAI, as additionally defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means OpenAI LLC.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants (a) that its use of the Service shall comply with the OpenAI Usage Policies (available at https://openai.com/policies/usage-policies),(b) that its use of the Service shall comply with the Sharing & Publication Policy (available at https://openai.com/policies/sharing-publication-policy), each as applicable, (c) that Customer shall only use the Service leveraging the Third Party Model Service to (i) submit content to be summarized for pre-defined topics built into the Service and cannot use the Service as an open-ended summarizer (examples of such permitted use include but are not limited to summarization of call center transcripts, technical reports, and product reviews); (ii) analyze inputs using classification, sentiment analysis of text, or entity extraction (examples of such permitted use include but are not limited to analyzing product feedback sentiment, analyzing support calls and transcripts, and refining text-based search with embeddings; (iii) search trusted source documents such as internal Customer documentation; (iv) ask questions and receive answers from trusted source documents such as internal Customer documentation; (v) code generation or transformation scenarios (examples of such permitted use include but are not limited to converting one programming language to another, generating docstrings for functions, or converting natural language to SQL); or (vi) fine-tune Models as provided as part of AIP and the Third Party Model Service; and (d) that Customer shall not use the Service leveraging the Third Party Model Service (i) to generate, distribute, or modify any output from the Third Party Model Service that the Customer knew or should have known was infringing or likely to infringe a third party’s intellectual property or other proprietary rights (including if such infringement is caused by Customer’s combination of such output with third party products or services); or (ii) while disabling, ignoring, or otherwise circumventing, without authorization, any relevant citation, filtering, or safety features or restrictions provided by OpenAI applicable to the Third Party Model Service.
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
- Data Protection Agreement Amendment
This Addendum hereby amends the clauses concerning processing of personal data (“DPA”) which form part of the Agreement. If there is a conflict in meaning between the Agreement and this Section 3 of the Addendum, this Addendum shall prevail and control.
The Parties agree to appoint the following Subprocessor:
Subprocessor | Address |
OpenAI LLC | 3180 18th Street, San Francisco, CA 94110, USA |
Palantir and each Subprocessor have entered into a services agreement which include data protection terms that are substantially similar to the DPA and integrate any necessary personal data transfer mechanisms.
Palantir’s online data protection agreement available at https://www.palantir.com/data-protection/agreement/3791/ provides details on the Processing performed by the listed Subprocessors.
Palantir Third Party Model Activation Addendum - Llama2
Effective August 20th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM – LLAMA2
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I AGREE” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions (defined below) and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Effective March 18th 2024 to August 20th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM – LLAMA2
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama Community License (available at https://ai.meta.com/llama/license/), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://ai.meta.com/llama/use-policy/).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Effective March 18th 2024 to March 18th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM – LLAMA2
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT "I ACCEPT” OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama Community License (available at https://ai.meta.com/llama/license/), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://ai.meta.com/llama/use-policy/).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Palantir Third Party Model Activation Addendum - Llama3
Effective August 20th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - LLAMA3
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT [["I AGREE”]] OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions (defined below) and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama 3 Community License (available at https://llama.meta.com/llama3/license/), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://llama.meta.com/llama3/use-policy/) (together, the “Third Party Model Service Terms and and Conditions”).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
Effective May 15th 2024 to August 20th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - LLAMA3
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT [["I AGREE”]] OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama 3 Community License (available at https://llama.meta.com/llama3/license/ \), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://llama.meta.com/llama3/use-policy/).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Customer acknowledges that the Third Party Model Service Provider may collect and temporarily retain pseudonymized security classifier metadata related to Customer’s use of the Service leveraging the Third Party Model Service (which metadata, for the avoidance of doubt, shall not include the contents of Customer’s prompts provided to or output received from the Third Party Model Service).
Palantir Third Party Model Activation Addendum - Llama3.1
Effective August 15th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - LLAMA3.1
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT [["I AGREE”]] OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions (defined below) and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama 3.1 Community License (available at https://github.com/meta-llama/llama-models/blob/main/models/llama3_1/LICENSE), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://llama.meta.com/llama3_1/use-policy/ ) (together, the “Third Party Model Service Terms and Conditions”).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Effective August 15th 2024 to August 15th 2024
DownloadTable of Contents
PALANTIR THIRD PARTY MODEL ACTIVATION ADDENDUM - LLAMA3.1
BY SELECTING “I ACCEPT” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY ENABLING, ACCESSING OR OTHERWISE USING THE THIRD PARTY MODEL SERVICE IN CONNECTION WITH THE SERVICE, YOU CONFIRM THAT YOU HAVE READ THIS ADDENDUM, THAT YOU UNDERSTAND THE TERMS OF THE ADDENDUM, AND THAT YOU AND (IF APPLICABLE) THE ENTITY THAT YOU REPRESENT ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO ACCEPT THE TERMS OF THIS AGREEMENT ON BEHALF OF CUSTOMER AS ITS AUTHORIZED LEGAL REPRESENTATIVE. IF YOU DO NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT SELECT [["I AGREE”]] OR EQUIVALENT OR OTHERWISE AGREE TO THE TERMS AND CONDITIONS WHERE SUCH OPTION IS MADE AVAILABLE AND DO NOT ENABLE, ACCESS, OR OTHERWISE USE THE THIRD PARTY MODEL SERVICE.
PALANTIR’S ACCEPTANCE IS EXPRESSLY CONDITIONED UPON YOUR ASSENT TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, TO THE EXCLUSION OF ALL OTHER TERMS; IF THESE TERMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
This Third Party Model Activation Addendum between Customer and Palantir (each a “Party” and collectively the “Parties”) and any exhibits, amendments, or addendums thereto (the “Addendum”), shall be effective as of the date You select “I agree” or equivalent or otherwise use or access the Third Party Model Service in connection with the Service (the “Effective Date”). The Parties have previously entered into an agreement governing Customer’s use of Palantir’s proprietary software-as-a-service offerings(s) including any exhibits, Annexes, attachments, amendments or addenda (the “Agreement”). This Addendum is hereby incorporated into the Agreement. Any capitalized terms used but not defined in this Addendum shall have the meaning provided in the Agreement. In the event of any conflict or inconsistency between the Agreement and this Addendum, this Addendum shall prevail and control. This Addendum will remain in effect until any expiration or termination of the Agreement pursuant thereto.
- Definitions
- “Customer” for the purposes of this Addendum means the entity that has contracted with Palantir to use the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Model” means any artificial intelligence (including but not limited to language models and other modeling services) models.
- “Palantir” means Palantir Technologies Inc. or the applicable affiliate thereof that has contracted with Customer for the Service, in connection with which the Third Party Model Service will be enabled pursuant to this Addendum.
- “Service” means Customer’s instance of Palantir’s proprietary software-as-a-service offering(s) for which Customer has separately contracted in the Agreement, and in connection with which the Third Party Model Service will be enabled.
- “Third Party Model Service” means the Llama Materials, as defined in the Third Party Model Service Terms and Conditions (defined below) and as made available by Palantir via the Service.
- “Third Party Model Service Provider” means Meta Platforms, Inc.
- “You” means the natural person selecting “I Agree” (or equivalent) where such option is made available, or by enabling, accessing, or otherwise using the Third Party Model Service in connection with the Service.
- Third Party Model Service Terms
Customer represents, warrants, and covenants that its use of the Service shall comply with the Llama 3.1 Community License (available at https://github.com/meta-llama/llama-models/blob/main/models/llama3_1/LICENSE), which includes the Llama Acceptable Use Policy incorporated by reference (and available at https://llama.meta.com/llama3_1/use-policy/ ) (together, the “Third Party Model Service Terms and Conditions”).
Customer hereby agrees that its use of the Service leveraging Models through the Third Party Model Service shall comply with any acceptable use policies or codes of conduct applicable to such Models, as made available to Customer through the Service, or the Documentation.
Palantir DevCon Fellowship Contest Official Rules
Effective October 1st 2024
DownloadTable of Contents
Palantir DevCon Fellowship Contest (“Contest”) Official Rules (“Rules”)
No purchase necessary to participate in this Contest. A purchase will not increase your chances of winning.
Void where prohibited by law. Winners may be required to respond to notification and other communications from Sponsor within forty-eight (48) hours from date of notification (or other specified timeframe or an alternate winner may be named in Sponsor’s sole discretion), as more fully described below.
Important: Please read these Rules for this Contest, which are a contract, carefully before taking any step to participate. Without limitation, this contract includes indemnities to Sponsor (as defined below) from you and a limitation of your rights and remedies. By taking any step to participate, you agree to be bound by these Rules and represent that you satisfy all of the eligibility requirements.
To utilize the prize, entrants must be available to travel to San Francisco Bay Area, California, USA between November 13 -14, 2024.
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY SUBMITTING A VIDEO (AS DEFINED BELOW) TO SPONSOR OR OTHERWISE PARTICIPATING IN THE CONTEST (AS DEFINED HEREIN), YOU CONFIRM THAT YOU (“YOU” OR “YOUR” OR (AS APPLICABLE) PARTICIPANT (AS DEFINED BELOW)) HAVE READ THESE RULES (AS DEFINED HEREIN), THAT YOU UNDERSTAND THE TERMS OF THE RULES, AND THAT YOU ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THESE RULES. SPONSOR: Palantir Technologies Inc. 1200 17th Street, Floor 15 Denver, Colorado, USA 80202 (“Sponsor”).
OVERVIEW: The Contest begins on September 19, 2024 and ends at 11:59 pm EDT October 16, 2024 (“Submission Period”). Eligible individuals may participate by creating and submitting an original video showcasing their Palantir Artificial Intelligence Platform (“AIP”) workflow from their Developer Tier (as defined below) account (“Video”) in accordance with these Rules during the Submission Period. “Developer Tier” means a Build with AIP Developer Tier account that can be created by signing up at https://signup.palantirfoundry.com/signup?signupPermitCode=BUILD_WITH_AIP&tracking-code=build.palantir.com. A Developer Tier account is free and may require agreement to additional terms (including the Palantir AIP Now Terms of Service available at https://palantir.pactsafe.io/aip-now-6493.html). Videos submitted in accordance with these Rules will be evaluated by Sponsor in accordance with the judging procedures detailed under the “Winner Selection/Notification” section below.
ELIGIBILITY: This Contest is open only to individuals who: (1) are at least eighteen (18) years of age as of the start of the Submission Period; (2) reside in USA, Canada, United Kingdom, or the Republic of India; and (3) have a Developer Tier account. Those who meet these eligibility requirements and take steps to participate are referred to as “Participants” in these Rules. Participants must have authorized access to their Developer Tier account before they create the Video and fill out the Submission Form.
Personnel, employees, officers, directors, members, managers, agents, and representatives of Sponsor and any other entities participating in the administration of this Contest, Sponsor, or any of their respective corporate partners, parent companies, divisions, subsidiaries, affiliates, successors in interest, and advertising, promotion, and public relations agencies, judges and their employers, employees, managers, agents and representatives (collectively, the “Released Parties”) and any family member or member of the same household (whether or not related) of any such persons are not eligible to participate or win this Contest. For purposes of this Contest, the term “family members” is defined as any spouse, partner, parent, legal guardian, child, sibling, grandparent, grandchild, or in-law.
Limit of one (1) entry per person.
HOW TO PARTICIPATE: During the Submission Period, create a an original video that is a screen recording showcasing your Palantir Artificial Intelligence Platform (AIP) workflow in your Developer Tier account (“Video”). Submitting a Video requires a Developer Tier account (as described in the “Overview” section, above). To submit a Video, Participants must:
- Upload your Video to YouTube as an “unlisted” video.
- Fill out Palantir’s Participant submission form via Marketo available at http://palantir.com/devcon-fellowship (“Submission Form”) and include the unlisted YouTube link to your Video.
- Use LASTNAME_FIRSTNAME_DEVCON_SUBMISSION in the title name.
Your Video must demonstrate a solution in your Developer Tier account to a problem you define in your Video, where such solution entails a workflow of consequence in your Developer Tier account. Your Video must show how you approached the problem, why you chose to manipulate the data in the way you did, who your anticipated users are, and the impact you expect this workflow to drive. Your Video must meet the “Submission Requirements” set forth in these Rules to be eligible.
Participant’s Developer Tier account associated with the Video, Video, any accompanying copy, and all other accompanying or linked material (collectively, “Participant Content”) must comply with (i) these Rules, (ii) “Submission Requirements” detailed below, and (iii) the terms and guidelines applicable to the platform where the Participant Content is posted, for example, YouTube’s Terms of Use https://www.youtube.com/t/terms.
Sponsor’s platform clock will be the official timekeeper for this Contest. Videos must be submitted and received by Sponsor during the Submission Period and all participation must be in strict accordance with the instructions and restrictions in these Rules. For purposes of this Contest, submitting or attempting to submit a Video does not constitute proof of actual receipt of the Video for purposes of this Contest. Those who do not abide by these Rules and the instructions of Sponsor and provide all required Participant Content may, in Sponsor’s sole discretion, be disqualified. Videos that are incomplete, lost, late, misdirected, mutilated, fraudulent, illegitimate, incomprehensible, garbled, or generated by a macro, bot, or other automated means will not be accepted and will be void. Videos or participation made on behalf of a Participant by a third party not affiliated or associated with that Participant (as determined by Sponsor in its sole discretion) or originating through any commercial promotion subscription, notification, or participating services will be declared invalid and disqualified for this Contest. No Released Party will have any responsibility or liability for any dispute regarding any Participant, including the identity of any natural person associated with a Developer Tier account. If any dispute regarding a Video or Participant cannot be resolved to Sponsor's satisfaction, the Video will be deemed ineligible. VIDEOS OR PARTICIPATION MAY NOT BE ACKNOWLEDGED. IN FACT, SUBMISSIONS MAY BE DESTROYED AFTER THE SUBMISSION PERIOD. KEEP A COPY OR THE ORIGINAL OF EACH ELEMENT OF THE ENTRY, INCLUDING YOUR VIDEO. ANY VIDEO THAT DOES NOT CONFORM TO THE REQUIREMENTS IN THESE RULES MAY, IN SPONSOR’S SOLE DISCRETION, BE DEEMED INELIGIBLE.
SUBMISSION REQUIREMENTS: Your Participant Content must meet all of the requirements in these Rules, including the following, or the associated entry will be disqualified:
- All aspects of the Participant Content must be originally created, and solely owned, by Participant (or be in the public domain) unless third party content is validly licensed and permitted pursuant to Sponsor’s instructions in these Rules. Sponsor reserves the right to request proof of compliance with this requirement or Video may be subject to disqualification.
- Participant Content may only be created using artificial intelligence or other machine learning tools specifically permitted by Sponsor (which permission extends to the software developed by Participant to form the Developer Tier accounts).
- Participant Content must not infringe, misappropriate, or violate any rights of any third party including, without limitation, copyright (including moral rights), trademark, trade secret, or rights of privacy or publicity and may not feature any other brand names, products, logos, or businesses other than Participant’s, if applicable and permitted by Sponsor, unless specifically permitted in these Rules.
- Participant Content must not include information or content that is false, fraudulent, deceptive, misleading, defamatory (include trade libel), disparaging, harassing, threatening, profane, obscene, pornographic, hateful, indecent, inappropriate, inconsistent with the Palantir Use Case Restrictions available at https://palantir.pactsafe.io/aip-now-6493.html#ucr-985315, or injurious to any Released Party or any other party.
- Participant Content must not contain or describe any harmful or illegal activity or content or in any way violate any federal, state, or local laws, rules, or regulations.
- Participant Content must be suitable for presentation in a public forum.
- Participant Content must not suggest, depict, or describe any inappropriate, unlawful, or dangerous behavior.
- Participant may not be, or be determined to likely be (at Sponsor’s sole discretion), operating as a representative, official, or asset of a foreign power (included but not limited to any government or government instrumentality).
- Participant Content must be in English.
- Participant Content must be no more than two (2) minutes long.
- Videos must be made via the Submission Form with the unlisted YouTube link submitted.
- You agree that your participation in the Contest and agreement to these Rules and any Released Party’s display and use of the Participant Content permitted under these Rules will not violate any agreement to which you are a signatory or party.
- To the fullest extent permitted by applicable law, you agree to indemnify the Released Parties against any and all claims from any third party for any use or reuse by any Released Party of the Participant Content permitted under these Rules.
WINNER(S) SELECTION/NOTIFICATION: At the end of the Submission Period, eligible Videos will be judged by a panel of Sponsor-selected judges (“Judges”). The Judges will use the following criteria, weighted evenly, (the “Criteria”) to evaluate the entries:
- Technical accomplishment of the workflow described in the Video;
- Creativity of ideas demonstrated by the Video of the workflow; and
The Judges will choose fifteen (15) of the top-scoring Videos based upon the Criteria (“Winners”). All Judges’ decisions are final and binding in all matters relating to this Contest.
Each Participant acknowledges that other Participants may have created ideas and concepts contained in their Video that may have familiarities or similarities to their Video, and that they will not be entitled to any compensation or right to negotiate with the Released Parties because of these familiarities or similarities.
Sponsor or its representative may contact Participants for verification purposes and administration of the Contest. Winners will be chosen as specifically described, and not using any random drawing or method incorporating chance. If no Videos (or less Videos than stated number of intended winners) meet the requirements set forth in the “How to Participate” section and/or do not adhere to the Submission Requirements, no, or less, Videos will be selected.
Sponsor may contact potential Winners via email at the address Winner provided in the Submission Form. Potential Winners must respond in accordance with Sponsor’s instructions and required timing or recognition may be forfeited.
To the extent required and allowed by applicable law, Sponsor will honor requests that Winner or potential Winner information not be published or posted online. A UK Winner may object to their surname and county/region being made publicly available. If any prize, prize notification, or Contest-related communication is rejected, faulty, or undeliverable; or if Winner or potential Winner fails to comply with these Rules, the prize may, in Sponsor’s sole discretion, be forfeited and an alternate Winner may be selected (time permitting) based on the original method of Winner selection or other method that is fair in Sponsor’s sole discretion. Sponsor is not obligated to pursue more than three (3) alternate Winners for any prize for any reason, in which case such prize may go unawarded. Sponsor reserves the right to modify the notification procedures and applicable deadlines for responding in connection with the selection of any alternate potential Winner, if any. If a prize is legitimately claimed, it will be awarded. Upon prize forfeiture or inability to use a prize or portion of a prize by a Winner or potential Winner, Sponsor will have no responsibility or liability to that individual. To claim a prize, Winner(s) must follow the directions in the prize notification. Failure to comply with Sponsor’s or its representative’s instructions, or these Rules may, in Sponsor’s sole discretion, result in disqualification from this Contest and forfeiture of any prize potentially won. Decisions of Sponsor are final on all matters relating to this Contest, including interpretation of these Rules, determining the Winners, and awarding of the prize(s).
PRIZE(S) AND APPROXIMATE RETAIL VALUE (ARV): Fifteen (15) Winners subject to verification, will each receive an invitation and admission for one (1) to the Palantir DevCon November 13 – 14, 2024 in San Francisco Bay Area, California, USA, round-trip economy-class air travel to an airport in or near San Francisco Bay Area, California, USA, and hotel accommodations for two (2) nights at a hotel of Sponsor’s choosing. Meals and ground transportation are not included.
ARV of each prize to be awarded: $1,125.
Total ARV of all prizes to be awarded: $16,875.
Actual retail value of the prize may vary depending on location of the Winner’s residence, market conditions, changes in value of components (e.g., air transportation and hotel rates) and other reasons. The Released Parties are not responsible for, and Winner will not receive, the difference between the actual value of the prize at the time of prize fulfillment and the stated ARV in these Rules or in any Contest-related correspondence or materials. The Winner must travel from a Sponsor-selected airport on Sponsor-selected dates or the prize may be forfeited and an alternate Winner named. Failure to complete the trip does not relieve the Winner of their tax obligations associated with winning the prize. Specific travel arrangements not specified in these Rules will be made and determined in Sponsor’s sole discretion. All tickets are subject to the terms and conditions specified thereon. Travel must originate from and end at the same airport. It is the Winner’s sole responsibility to comply with all travel requirements, which may include, without limitation, presenting a valid passport, visa and/or other necessary identification (including photograph) at the time of travel. Flight schedules are subject to change without notice. Winner may be required to provide a credit card at time of hotel check-in to cover hotel incidentals. WINNER AGREES THAT THE RELEASED PARTIES ARE NOT RESPONSIBLE IN ANY WAY FOR ANY ADDITIONAL EXPENSES, OMISSIONS, DELAYS, OR RE-ROUTING RESULTING FROM ANY ACTS OF ANY GOVERNMENT OR AUTHORITY. Sponsor is not responsible for a potential Winner’s inability to accept or use the prize for any reason. All travel arrangements must be made through Sponsor or its designee. The Released Parties are not responsible for any act or omissions whatsoever by the air carriers, hotels, venue operators, transportation companies, benefit providers or any other persons providing any prize-related services or accommodations. The Released Parties are not liable for any missed events, opportunities or expenses incurred as a consequence of flight cancellation/delay or ground transportation delay. No refund or compensation will be made in the event of the cancellation or delay of any transportation or other benefit element except at the sole and absolute discretion of the Released Parties. Winners is responsible for obtaining travel insurance (and all other forms of insurance) at their option and hereby acknowledges that the Released Parties have not and will not obtain or provide travel insurance or any other form of insurance. Lost, stolen or damaged airline tickets, travel vouchers or certificates will not be replaced or exchanged. Any taxes (federal, state, provincial/territorial, and local) and all expenses not specifically mentioned herein, are not included as part of any benefits, and are solely the Winner’s responsibility, including, but not limited to: hotel taxes, additional ground transportation at the Winner’s destination(s), carrier fees, government charges, fees associated with procuring visas, room service, bag check fees, parking fees, laundry service, food, beverages, merchandise, souvenirs, telephone calls, tips, gratuities and service charges. Transportation carrier and hotel policies and regulations apply. Travel and lodging are subject to availability.
All prize and prize fulfillment details not specifically stated in these Rules will be determined by Sponsor in its sole discretion. If any potential Winner(s) cannot receive a prize from Sponsor per their employer’s policies, that potential Winner will forfeit the prize won and Sponsor will have no further obligation to that Winner. All taxes (federal, state, and local), as well as any expenses not specified in these Rules as being provided as part of the prize, are the sole responsibility of each Winner. Sponsor is not responsible for, and will not replace any, lost, mutilated, or stolen prize or prize component, or any prize/prize component that is undeliverable or does not reach a Winner because of incorrect or changed contact information. If a Winner does not accept or use the entire prize, the unaccepted or unused part of the prize will be forfeited and Sponsor will have no further obligation with respect to that prize or portion of the prize. Sponsor is not responsible for any inability of any Winner to accept or use any prize (or portion of any prize) for any reason. Winner(s) is/are strictly prohibited from selling, auctioning, trading or otherwise transferring any part of a prize, except with Sponsor’s permission, which may be granted or withheld for any reason in its sole discretion. No transfers, prize substitutions or cash redemptions will be made, except at Sponsor’s sole discretion. Sponsor reserves the right to substitute any stated prize or portion of any prize with another prize or portion of a prize of equal or greater value for any reason, including, without limitation, prize unavailability. No more than the stated prizes will be awarded. Participants waive the right to assert, as a cost of winning any prize, any and all costs of verification and redemption or travel to claim or use the prize and any liability and publicity which might arise from claiming or seeking to claim said prize.
LICENSE: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute Participant’s name, likeness, voice, biographical information, any quotes attributable to him or her, any other indicia of persona and the Video (regardless of whether altered, changed, modified, edited, used alone, or used with other material in the Released Parties’ sole discretion) to administer the Contest and promote the Contest.
Each Participant hereby acknowledges and agrees that the relationship between the Participant and each of the Released Parties is not a confidential, fiduciary, or other special relationship, and that the Participant’s decision to submit a Video for purposes of the Contest does not place any of the Released Parties in a position that is any different from the position held by members of the general public with regard to elements of the Video (including, without limitation, the Video), other than as set forth in these Rules. Each Participant understands and acknowledges that the Released Parties have wide access to ideas, text, images, videos and other creative materials. Each Participant also acknowledges that many ideas may be competitive with, similar to, or identical to their Video and/or each other in idea, components, format, or other respects. Each Participant acknowledges and agrees that such Participant will not be entitled to any compensation as a result of any Released Party’s use of any such similar or identical material that has or may come to such Released Party from other sources. Each Participant acknowledges and agrees that Sponsor does not now and will not have in the future any duty or liability (direct or indirect; vicarious, contributory, or otherwise) with respect to the infringement or protection of the Participant’s copyright or other proprietary rights in and to their Video. Each Participant acknowledges that, with respect to any claim by Participant relating to or arising out of a Released Party’s actual or alleged exploitation or use of any Video, or other material submitted in connection with the Contest, the damage, if any, thereby caused to the applicable Participant will not be irreparable or otherwise sufficient to entitle such Participant to seek injunctive or other equitable relief or in any way enjoin the production, distribution, exhibition, or other exploitation of any Released Party production or material, created or derived from a Video, and Participant’s rights and remedies in any such event are strictly limited to the right to recover damages, if any, in an action at law.
LIMITATION OF LIABILITY & DISCLAIMER OF WARRANTIES: Nothing in these Rules limits, excludes, or modifies or purports to limit, exclude, or modify any statutory consumer guarantee or any implied condition or warranty, the exclusion of which from these rules would contravene any statute or cause any part of these rules to be void (“Non-Excludable Guarantees”). Subject to the limitations in the preceding sentence and to the maximum extent permitted by any mandatory provisions of applicable law, the Released Parties exclude from these Rules all conditions, warranties, and rules implied by statute, general law, or custom, except for liability in relation to a Non-Excludable Guarantee. Subject to any Non-Excludable Guarantees, each Participant agrees to release, hold harmless, and indemnify (i.e., defend and/or reimburse) the Released Parties from any liability whatsoever for injuries or damages of any kind sustained in connection with the Contest, including, without limitation, any injury, damage, death, loss, or accident to person or property (however (but only if required by law in your jurisdiction), this release, hold harmless, and indemnification commitment does not apply to cases of bodily injury or loss of life or to the extent that any death or personal injury is caused by the negligence of Sponsor or other third party, where liability to the injured party cannot be excluded by law).
To the fullest extent permitted by applicable law, each Participant understands and agrees that all rights under section 1542 of the Civil Code of California and any similar law of any eligible jurisdiction are expressly waived by them. Section 1542 reads as follows:
“A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.”
ADDITIONAL DISCLAIMERS: The Released Parties are not responsible and/or liable for any of the following, whether caused by a Released Party, the Participant, or by human error (except to the extent that any of the following occur for reasons within Sponsor’s reasonable control, if applicable law in your jurisdiction of residence dictates that liability to the injured party in such a case cannot be excluded by law): Videos made by illegitimate means (such as, without limitation, by an automated computer program); any lost, late, materials; any error, omission, interruption, defect, or delay in transmission or communication; viruses or technical or mechanical malfunctions; interrupted or unavailable telephonic, cellular, cable, or satellite systems; errors, typos or misprints in these Rules, in any Contest-related advertisements, or other materials; failures of electronic equipment, computer hardware, or software; lost or unavailable network connections or any failed, incorrect, incomplete, inaccurate, garbled or delayed electronic communications; technical or human error which may occur in the administration of the Contest or the processing of Videos; or any injury or damage to persons or property which may be caused, directly or indirectly, in whole or in part, from Participant’s participation in the Contest. Released Parties are not responsible for electronic communications that are undeliverable because of any form of active or passive filtering of any kind, or for insufficient space in a person’s account(s) to receive messages. Released Parties are not responsible, and may disqualify a Participant, if any contact information provided by the Participant does not work or changes without giving prior written notice to Sponsor. Without limiting any other provision in these Rules, the Released Parties are not responsible or liable to any Participant or Winners (or any person claiming through such Participant or Winner) if any of the Contest activities or Released Parties’ operations or activities are affected by any cause or event beyond the sole and reasonable control of the applicable Released Party (as determined by Sponsor in its sole discretion), including, without limitation, by reason of any acts of God, equipment failure, threatened or actual terrorist acts, air raid, act of public enemy, war (declared or undeclared), civil disturbance, insurrection, riot, epidemic, pandemic, fire, explosion, earthquake, flood, hurricane, unusually severe weather, blackout, embargo, labor dispute or strike (whether legal or illegal), labor or material shortage, transportation interruption of any kind, work slowdown, any law, rule, regulation, action, order, or request adopted, taken, or made by any governmental or quasi-governmental entity (whether or not such governmental act proves to be invalid), or any other cause, whether or not specifically mentioned above.
GENERAL RULES: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute the Video to administer and promote the Contest as described in these Rules, and each such person releases all Released Parties from any and all liability related to such authorized uses.
Sponsor’s decisions will be final in all matters relating to this Contest, including interpretation of these Rules, and selection of the Winners. All Participants, as a condition of entry, agree to be bound by these Rules and the decisions of Sponsor. Failure to comply with these Rules may result in disqualification from the Contest. Participants further agree to not damage or cause interruption of the Contest and/or prevent others from participating in the Contest. Sponsor reserves the right to restrict or void participation from any IP address, email address or domain, account, or device if any suspicious Video and/or participation is detected. Sponsor reserves the right, in its sole discretion, to void Videos or other participation by any person who Sponsor believes has attempted to tamper with or impair the administration, security, fairness or proper play of this Contest. In the event there is an alleged or actual ambiguity, discrepancy or inconsistency between disclosures or other statements contained in any Contest-related materials and these Rules (including any alleged discrepancy or inconsistency within these Rules), it will be resolved by Sponsor in its sole discretion. Participants waive any right to claim ambiguity in the Contest or these Rules. If Sponsor determines (at any time and in its sole discretion) that any Winner or potential Winner is disqualified, ineligible, in violation of these Rules, or engaging in behavior that Sponsor deems obnoxious, inappropriate, threatening, illegal or that is intended to annoy, abuse, or harass any other person or entity, Sponsor reserves the right to disqualify such Winner or potential Winner, even if the disqualified Winner(s) or potential Winner(s) may have been notified or displayed or announced anywhere. Sponsor’s failure to, or decision not to, enforce any provision in these Rules will not constitute a waiver of that or any other provision. The invalidity or unenforceability of any provision of these Rules will not affect the validity or enforceability of any other provision. In the event that any provision is determined to be invalid or otherwise unenforceable or illegal, these Rules will otherwise remain in effect and will be construed as if the invalid or illegal provision were not contained in these Rules. If the Contest is not capable of running as planned, for any reason, Sponsor reserves the right, in its sole discretion, to cancel, modify or suspend the Contest or run the Contest based on eligible Videos received prior to cancellation, modification, or suspension, if any, or as otherwise deemed fair and appropriate by Sponsor. If any person supplies false information, participates or submits Videos by fraudulent means, or is otherwise determined to be in violation of these Rules in an attempt to win, Sponsor may disqualify that person and seek damages from him or her and that person may be prosecuted to the full extent of the law. If any dispute regarding a Video cannot be resolved to Sponsor’s satisfaction, such Video will be deemed ineligible. CAUTION: ANY ATTEMPT TO DAMAGE ANY ONLINE SERVICE OR WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE CONTEST VIOLATES CRIMINAL AND CIVIL LAWS. IF SUCH AN ATTEMPT IS MADE, SPONSOR MAY DISQUALIFY ANY PARTICIPANT MAKING SUCH ATTEMPT AND MAY SEEK DAMAGES TO THE FULLEST EXTENT PERMITTED BY LAW.
DISPUTES/GOVERNING LAW: Except where prohibited by law, any and all disputes, claims, and causes of action between a Participant and any Released Party arising out of or connected with this Contest, the determination of any Winner awarded must be resolved individually, without resort to any form of class action. Further, in any such dispute, under no circumstances will a Participant be permitted or entitled to win or receive, and hereby waives all rights to claim punitive, incidental or consequential damages, or any other damages, including attorneys’ fees, other than the Participant’s actual out-of-pocket expenses (if any), not to exceed ten United States dollars, and each Participant further waives all rights to have damages multiplied or increased.
This Contest, these Rules, and any dispute arising under or related to this Contest and/or Rules (whether for breach of contract, tortious conduct or otherwise) will be governed, construed, and interpreted under the internal laws of the state of California, USA, without reference or giving effect to its conflicts of law principles or rules that would cause the application of any other jurisdiction’s laws and, if that is not possible, then the laws of the United Kingdom. Any legal actions, suits, or proceedings related to this Contest (whether for breach of contract, tortious conduct, or otherwise) will be brought exclusively in the state or federal courts located in or having jurisdiction over San Mateo County, California, USA and each Participant irrevocably accepts, submits, and consents to the exclusive jurisdiction and venue of these courts with respect to any legal actions, suits, or proceedings arising out of or related to this Contest, and if that is not possible, then such actions, suits or proceedings will be brought in the courts having jurisdiction over London, United Kingdom. Unless prohibited by applicable law, all Participants waive any and all objections to jurisdiction and venue in these courts and hereby submit to the jurisdiction of those courts. If required under applicable law, nothing in these Rules will limit the right of any participant to bring proceedings (including third party proceedings) against Sponsor in a court of competent jurisdiction located within the participant’s jurisdiction (as applicable).
PRIVACY: By participating, you consent to the collection, storage, processing, and transmission of your submitted personal data by Sponsor and its affiliated companies for the purposes of conducting this Contest. The personal data collected is subject to applicable data protection laws and Palantir’s Privacy Policy.
WINNER’S LIST/RULES: To find out the first initial, last name, and country of the Winners, send an email within 90 days of the Submission Period to devcon-fellowship@palantir.com (Sponsor’s email for the purposes of this Contest) with the subject: “DevCon Fellowship Contest Winner List Request”. One (1) Winner information request per person/email address will be fulfilled. Requests for Winner information must be received no later than three (3) months following the end of the Submission Period. For a copy of these Official Rules, no later than the end of the Submission Period visit https://palantir.pactsafe.io/devcon-rules-6917.html.
THIRD PARTIES: Reference within any Contest-related materials to any third party in connection with prizes and/or third-party websites, products, or services are for reference and identification purposes only and not intended to suggest endorsement, sponsorship, or affiliation with Sponsor or this Contest.
Effective September 19th 2024 to October 1st 2024
DownloadTable of Contents
Palantir DevCon Fellowship Contest (“Contest”) Official Rules (“Rules”)
No purchase necessary to participate in this Contest. A purchase will not increase your chances of winning.
Void where prohibited by law. Winners may be required to respond to notification and other communications from Sponsor within forty-eight (48) hours from date of notification (or other specified timeframe or an alternate winner may be named in Sponsor’s sole discretion), as more fully described below.
Important: Please read these Rules for this Contest, which are a contract, carefully before taking any step to participate. Without limitation, this contract includes indemnities to Sponsor (as defined below) from you and a limitation of your rights and remedies. By taking any step to participate, you agree to be bound by these Rules and represent that you satisfy all of the eligibility requirements.
To utilize the prize, entrants must be available to travel to San Francisco Bay Area, California, USA between November 13 -14, 2024.
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY SUBMITTING A VIDEO (AS DEFINED BELOW) TO SPONSOR OR OTHERWISE PARTICIPATING IN THE CONTEST (AS DEFINED HEREIN), YOU CONFIRM THAT YOU (“YOU” OR “YOUR” OR (AS APPLICABLE) PARTICIPANT (AS DEFINED BELOW)) HAVE READ THESE RULES (AS DEFINED HEREIN), THAT YOU UNDERSTAND THE TERMS OF THE RULES, AND THAT YOU ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THESE RULES. SPONSOR: Palantir Technologies Inc. 1200 17th Street, Floor 15 Denver, Colorado, USA 80202 (“Sponsor”).
OVERVIEW: The Contest begins on September 19, 2024 and ends at 11:59 pm EDT October 9, 2024 (“Submission Period”). Eligible individuals may participate by creating and submitting an original video showcasing their Palantir Artificial Intelligence Platform (“AIP”) workflow from their Developer Tier (as defined below) account (“Video”) in accordance with these Rules during the Submission Period. “Developer Tier” means a Build with AIP Developer Tier account that can be created by signing up at https://signup.palantirfoundry.com/signup?signupPermitCode=BUILD_WITH_AIP&tracking-code=build.palantir.com. A Developer Tier account is free and may require agreement to additional terms (including the Palantir AIP Now Terms of Service available at https://palantir.pactsafe.io/aip-now-6493.html). Videos submitted in accordance with these Rules will be evaluated by Sponsor in accordance with the judging procedures detailed under the “Winner Selection/Notification” section below.
ELIGIBILITY: This Contest is open only to individuals who: (1) are at least eighteen (18) years of age as of the start of the Submission Period; (2) reside in USA, Canada, United Kingdom, or the Republic of India; and (3) have a Developer Tier account. Those who meet these eligibility requirements and take steps to participate are referred to as “Participants” in these Rules. Participants must have authorized access to their Developer Tier account before they create the Video and fill out the Submission Form.
Personnel, employees, officers, directors, members, managers, agents, and representatives of Sponsor and any other entities participating in the administration of this Contest, Sponsor, or any of their respective corporate partners, parent companies, divisions, subsidiaries, affiliates, successors in interest, and advertising, promotion, and public relations agencies, judges and their employers, employees, managers, agents and representatives (collectively, the “Released Parties”) and any family member or member of the same household (whether or not related) of any such persons are not eligible to participate or win this Contest. For purposes of this Contest, the term “family members” is defined as any spouse, partner, parent, legal guardian, child, sibling, grandparent, grandchild, or in-law.
Limit of one (1) entry per person.
HOW TO PARTICIPATE: During the Submission Period, create a an original video that is a screen recording showcasing your Palantir Artificial Intelligence Platform (AIP) workflow in your Developer Tier account (“Video”). Submitting a Video requires a Developer Tier account (as described in the “Overview” section, above). To submit a Video, Participants must:
- Upload your Video to YouTube as an “unlisted” video.
- Fill out Palantir’s Participant submission form via Marketo available at http://palantir.com/devcon-fellowship (“Submission Form”) and include the unlisted YouTube link to your Video.
- Use LASTNAME_FIRSTNAME_DEVCON_SUBMISSION in the title name.
Your Video must demonstrate a solution in your Developer Tier account to a problem you define in your Video, where such solution entails a workflow of consequence in your Developer Tier account. Your Video must show how you approached the problem, why you chose to manipulate the data in the way you did, who your anticipated users are, and the impact you expect this workflow to drive. Your Video must meet the “Submission Requirements” set forth in these Rules to be eligible.
Participant’s Developer Tier account associated with the Video, Video, any accompanying copy, and all other accompanying or linked material (collectively, “Participant Content”) must comply with (i) these Rules, (ii) “Submission Requirements” detailed below, and (iii) the terms and guidelines applicable to the platform where the Participant Content is posted, for example, YouTube’s Terms of Use https://www.youtube.com/t/terms.
Sponsor’s platform clock will be the official timekeeper for this Contest. Videos must be submitted and received by Sponsor during the Submission Period and all participation must be in strict accordance with the instructions and restrictions in these Rules. For purposes of this Contest, submitting or attempting to submit a Video does not constitute proof of actual receipt of the Video for purposes of this Contest. Those who do not abide by these Rules and the instructions of Sponsor and provide all required Participant Content may, in Sponsor’s sole discretion, be disqualified. Videos that are incomplete, lost, late, misdirected, mutilated, fraudulent, illegitimate, incomprehensible, garbled, or generated by a macro, bot, or other automated means will not be accepted and will be void. Videos or participation made on behalf of a Participant by a third party not affiliated or associated with that Participant (as determined by Sponsor in its sole discretion) or originating through any commercial promotion subscription, notification, or participating services will be declared invalid and disqualified for this Contest. No Released Party will have any responsibility or liability for any dispute regarding any Participant, including the identity of any natural person associated with a Developer Tier account. If any dispute regarding a Video or Participant cannot be resolved to Sponsor's satisfaction, the Video will be deemed ineligible. VIDEOS OR PARTICIPATION MAY NOT BE ACKNOWLEDGED. IN FACT, SUBMISSIONS MAY BE DESTROYED AFTER THE SUBMISSION PERIOD. KEEP A COPY OR THE ORIGINAL OF EACH ELEMENT OF THE ENTRY, INCLUDING YOUR VIDEO. ANY VIDEO THAT DOES NOT CONFORM TO THE REQUIREMENTS IN THESE RULES MAY, IN SPONSOR’S SOLE DISCRETION, BE DEEMED INELIGIBLE.
SUBMISSION REQUIREMENTS: Your Participant Content must meet all of the requirements in these Rules, including the following, or the associated entry will be disqualified:
- All aspects of the Participant Content must be originally created, and solely owned, by Participant (or be in the public domain) unless third party content is validly licensed and permitted pursuant to Sponsor’s instructions in these Rules. Sponsor reserves the right to request proof of compliance with this requirement or Video may be subject to disqualification.
- Participant Content may only be created using artificial intelligence or other machine learning tools specifically permitted by Sponsor (which permission extends to the software developed by Participant to form the Developer Tier accounts).
- Participant Content must not infringe, misappropriate, or violate any rights of any third party including, without limitation, copyright (including moral rights), trademark, trade secret, or rights of privacy or publicity and may not feature any other brand names, products, logos, or businesses other than Participant’s, if applicable and permitted by Sponsor, unless specifically permitted in these Rules.
- Participant Content must not include information or content that is false, fraudulent, deceptive, misleading, defamatory (include trade libel), disparaging, harassing, threatening, profane, obscene, pornographic, hateful, indecent, inappropriate, inconsistent with the Palantir Use Case Restrictions available at https://palantir.pactsafe.io/aip-now-6493.html#ucr-985315, or injurious to any Released Party or any other party.
- Participant Content must not contain or describe any harmful or illegal activity or content or in any way violate any federal, state, or local laws, rules, or regulations.
- Participant Content must be suitable for presentation in a public forum.
- Participant Content must not suggest, depict, or describe any inappropriate, unlawful, or dangerous behavior.
- Participant may not be, or be determined to likely be (at Sponsor’s sole discretion), operating as a representative, official, or asset of a foreign power (included but not limited to any government or government instrumentality).
- Participant Content must be in English.
- Participant Content must be no more than two (2) minutes long.
- Videos must be made via the Submission Form with the unlisted YouTube link submitted.
- You agree that your participation in the Contest and agreement to these Rules and any Released Party’s display and use of the Participant Content permitted under these Rules will not violate any agreement to which you are a signatory or party.
- To the fullest extent permitted by applicable law, you agree to indemnify the Released Parties against any and all claims from any third party for any use or reuse by any Released Party of the Participant Content permitted under these Rules.
WINNER(S) SELECTION/NOTIFICATION: At the end of the Submission Period, eligible Videos will be judged by a panel of Sponsor-selected judges (“Judges”). The Judges will use the following criteria, weighted evenly, (the “Criteria”) to evaluate the entries:
- Technical accomplishment of the workflow described in the Video;
- Creativity of ideas demonstrated by the Video of the workflow; and
The Judges will choose fifteen (15) of the top-scoring Videos based upon the Criteria (“Winners”). All Judges’ decisions are final and binding in all matters relating to this Contest.
Each Participant acknowledges that other Participants may have created ideas and concepts contained in their Video that may have familiarities or similarities to their Video, and that they will not be entitled to any compensation or right to negotiate with the Released Parties because of these familiarities or similarities.
Sponsor or its representative may contact Participants for verification purposes and administration of the Contest. Winners will be chosen as specifically described, and not using any random drawing or method incorporating chance. If no Videos (or less Videos than stated number of intended winners) meet the requirements set forth in the “How to Participate” section and/or do not adhere to the Submission Requirements, no, or less, Videos will be selected.
Sponsor may contact potential Winners via email at the address Winner provided in the Submission Form. Potential Winners must respond in accordance with Sponsor’s instructions and required timing or recognition may be forfeited.
To the extent required and allowed by applicable law, Sponsor will honor requests that Winner or potential Winner information not be published or posted online. A UK Winner may object to their surname and county/region being made publicly available. If any prize, prize notification, or Contest-related communication is rejected, faulty, or undeliverable; or if Winner or potential Winner fails to comply with these Rules, the prize may, in Sponsor’s sole discretion, be forfeited and an alternate Winner may be selected (time permitting) based on the original method of Winner selection or other method that is fair in Sponsor’s sole discretion. Sponsor is not obligated to pursue more than three (3) alternate Winners for any prize for any reason, in which case such prize may go unawarded. Sponsor reserves the right to modify the notification procedures and applicable deadlines for responding in connection with the selection of any alternate potential Winner, if any. If a prize is legitimately claimed, it will be awarded. Upon prize forfeiture or inability to use a prize or portion of a prize by a Winner or potential Winner, Sponsor will have no responsibility or liability to that individual. To claim a prize, Winner(s) must follow the directions in the prize notification. Failure to comply with Sponsor’s or its representative’s instructions, or these Rules may, in Sponsor’s sole discretion, result in disqualification from this Contest and forfeiture of any prize potentially won. Decisions of Sponsor are final on all matters relating to this Contest, including interpretation of these Rules, determining the Winners, and awarding of the prize(s).
PRIZE(S) AND APPROXIMATE RETAIL VALUE (ARV): Fifteen (15) Winners subject to verification, will each receive an invitation and admission for one (1) to the Palantir DevCon November 13 – 14, 2024 in San Francisco Bay Area, California, USA, round-trip economy-class air travel to an airport in or near San Francisco Bay Area, California, USA, and hotel accommodations for two (2) nights at a hotel of Sponsor’s choosing. Meals and ground transportation are not included.
ARV of each prize to be awarded: $1,125.
Total ARV of all prizes to be awarded: $16,875.
Actual retail value of the prize may vary depending on location of the Winner’s residence, market conditions, changes in value of components (e.g., air transportation and hotel rates) and other reasons. The Released Parties are not responsible for, and Winner will not receive, the difference between the actual value of the prize at the time of prize fulfillment and the stated ARV in these Rules or in any Contest-related correspondence or materials. The Winner must travel from a Sponsor-selected airport on Sponsor-selected dates or the prize may be forfeited and an alternate Winner named. Failure to complete the trip does not relieve the Winner of their tax obligations associated with winning the prize. Specific travel arrangements not specified in these Rules will be made and determined in Sponsor’s sole discretion. All tickets are subject to the terms and conditions specified thereon. Travel must originate from and end at the same airport. It is the Winner’s sole responsibility to comply with all travel requirements, which may include, without limitation, presenting a valid passport, visa and/or other necessary identification (including photograph) at the time of travel. Flight schedules are subject to change without notice. Winner may be required to provide a credit card at time of hotel check-in to cover hotel incidentals. WINNER AGREES THAT THE RELEASED PARTIES ARE NOT RESPONSIBLE IN ANY WAY FOR ANY ADDITIONAL EXPENSES, OMISSIONS, DELAYS, OR RE-ROUTING RESULTING FROM ANY ACTS OF ANY GOVERNMENT OR AUTHORITY. Sponsor is not responsible for a potential Winner’s inability to accept or use the prize for any reason. All travel arrangements must be made through Sponsor or its designee. The Released Parties are not responsible for any act or omissions whatsoever by the air carriers, hotels, venue operators, transportation companies, benefit providers or any other persons providing any prize-related services or accommodations. The Released Parties are not liable for any missed events, opportunities or expenses incurred as a consequence of flight cancellation/delay or ground transportation delay. No refund or compensation will be made in the event of the cancellation or delay of any transportation or other benefit element except at the sole and absolute discretion of the Released Parties. Winners is responsible for obtaining travel insurance (and all other forms of insurance) at their option and hereby acknowledges that the Released Parties have not and will not obtain or provide travel insurance or any other form of insurance. Lost, stolen or damaged airline tickets, travel vouchers or certificates will not be replaced or exchanged. Any taxes (federal, state, provincial/territorial, and local) and all expenses not specifically mentioned herein, are not included as part of any benefits, and are solely the Winner’s responsibility, including, but not limited to: hotel taxes, additional ground transportation at the Winner’s destination(s), carrier fees, government charges, fees associated with procuring visas, room service, bag check fees, parking fees, laundry service, food, beverages, merchandise, souvenirs, telephone calls, tips, gratuities and service charges. Transportation carrier and hotel policies and regulations apply. Travel and lodging are subject to availability.
All prize and prize fulfillment details not specifically stated in these Rules will be determined by Sponsor in its sole discretion. If any potential Winner(s) cannot receive a prize from Sponsor per their employer’s policies, that potential Winner will forfeit the prize won and Sponsor will have no further obligation to that Winner. All taxes (federal, state, and local), as well as any expenses not specified in these Rules as being provided as part of the prize, are the sole responsibility of each Winner. Sponsor is not responsible for, and will not replace any, lost, mutilated, or stolen prize or prize component, or any prize/prize component that is undeliverable or does not reach a Winner because of incorrect or changed contact information. If a Winner does not accept or use the entire prize, the unaccepted or unused part of the prize will be forfeited and Sponsor will have no further obligation with respect to that prize or portion of the prize. Sponsor is not responsible for any inability of any Winner to accept or use any prize (or portion of any prize) for any reason. Winner(s) is/are strictly prohibited from selling, auctioning, trading or otherwise transferring any part of a prize, except with Sponsor’s permission, which may be granted or withheld for any reason in its sole discretion. No transfers, prize substitutions or cash redemptions will be made, except at Sponsor’s sole discretion. Sponsor reserves the right to substitute any stated prize or portion of any prize with another prize or portion of a prize of equal or greater value for any reason, including, without limitation, prize unavailability. No more than the stated prizes will be awarded. Participants waive the right to assert, as a cost of winning any prize, any and all costs of verification and redemption or travel to claim or use the prize and any liability and publicity which might arise from claiming or seeking to claim said prize.
LICENSE: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute Participant’s name, likeness, voice, biographical information, any quotes attributable to him or her, any other indicia of persona and the Video (regardless of whether altered, changed, modified, edited, used alone, or used with other material in the Released Parties’ sole discretion) to administer the Contest and promote the Contest.
Each Participant hereby acknowledges and agrees that the relationship between the Participant and each of the Released Parties is not a confidential, fiduciary, or other special relationship, and that the Participant’s decision to submit a Video for purposes of the Contest does not place any of the Released Parties in a position that is any different from the position held by members of the general public with regard to elements of the Video (including, without limitation, the Video), other than as set forth in these Rules. Each Participant understands and acknowledges that the Released Parties have wide access to ideas, text, images, videos and other creative materials. Each Participant also acknowledges that many ideas may be competitive with, similar to, or identical to their Video and/or each other in idea, components, format, or other respects. Each Participant acknowledges and agrees that such Participant will not be entitled to any compensation as a result of any Released Party’s use of any such similar or identical material that has or may come to such Released Party from other sources. Each Participant acknowledges and agrees that Sponsor does not now and will not have in the future any duty or liability (direct or indirect; vicarious, contributory, or otherwise) with respect to the infringement or protection of the Participant’s copyright or other proprietary rights in and to their Video. Each Participant acknowledges that, with respect to any claim by Participant relating to or arising out of a Released Party’s actual or alleged exploitation or use of any Video, or other material submitted in connection with the Contest, the damage, if any, thereby caused to the applicable Participant will not be irreparable or otherwise sufficient to entitle such Participant to seek injunctive or other equitable relief or in any way enjoin the production, distribution, exhibition, or other exploitation of any Released Party production or material, created or derived from a Video, and Participant’s rights and remedies in any such event are strictly limited to the right to recover damages, if any, in an action at law.
LIMITATION OF LIABILITY & DISCLAIMER OF WARRANTIES: Nothing in these Rules limits, excludes, or modifies or purports to limit, exclude, or modify any statutory consumer guarantee or any implied condition or warranty, the exclusion of which from these rules would contravene any statute or cause any part of these rules to be void (“Non-Excludable Guarantees”). Subject to the limitations in the preceding sentence and to the maximum extent permitted by any mandatory provisions of applicable law, the Released Parties exclude from these Rules all conditions, warranties, and rules implied by statute, general law, or custom, except for liability in relation to a Non-Excludable Guarantee. Subject to any Non-Excludable Guarantees, each Participant agrees to release, hold harmless, and indemnify (i.e., defend and/or reimburse) the Released Parties from any liability whatsoever for injuries or damages of any kind sustained in connection with the Contest, including, without limitation, any injury, damage, death, loss, or accident to person or property (however (but only if required by law in your jurisdiction), this release, hold harmless, and indemnification commitment does not apply to cases of bodily injury or loss of life or to the extent that any death or personal injury is caused by the negligence of Sponsor or other third party, where liability to the injured party cannot be excluded by law).
To the fullest extent permitted by applicable law, each Participant understands and agrees that all rights under section 1542 of the Civil Code of California and any similar law of any eligible jurisdiction are expressly waived by them. Section 1542 reads as follows:
“A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.”
ADDITIONAL DISCLAIMERS: The Released Parties are not responsible and/or liable for any of the following, whether caused by a Released Party, the Participant, or by human error (except to the extent that any of the following occur for reasons within Sponsor’s reasonable control, if applicable law in your jurisdiction of residence dictates that liability to the injured party in such a case cannot be excluded by law): Videos made by illegitimate means (such as, without limitation, by an automated computer program); any lost, late, materials; any error, omission, interruption, defect, or delay in transmission or communication; viruses or technical or mechanical malfunctions; interrupted or unavailable telephonic, cellular, cable, or satellite systems; errors, typos or misprints in these Rules, in any Contest-related advertisements, or other materials; failures of electronic equipment, computer hardware, or software; lost or unavailable network connections or any failed, incorrect, incomplete, inaccurate, garbled or delayed electronic communications; technical or human error which may occur in the administration of the Contest or the processing of Videos; or any injury or damage to persons or property which may be caused, directly or indirectly, in whole or in part, from Participant’s participation in the Contest. Released Parties are not responsible for electronic communications that are undeliverable because of any form of active or passive filtering of any kind, or for insufficient space in a person’s account(s) to receive messages. Released Parties are not responsible, and may disqualify a Participant, if any contact information provided by the Participant does not work or changes without giving prior written notice to Sponsor. Without limiting any other provision in these Rules, the Released Parties are not responsible or liable to any Participant or Winners (or any person claiming through such Participant or Winner) if any of the Contest activities or Released Parties’ operations or activities are affected by any cause or event beyond the sole and reasonable control of the applicable Released Party (as determined by Sponsor in its sole discretion), including, without limitation, by reason of any acts of God, equipment failure, threatened or actual terrorist acts, air raid, act of public enemy, war (declared or undeclared), civil disturbance, insurrection, riot, epidemic, pandemic, fire, explosion, earthquake, flood, hurricane, unusually severe weather, blackout, embargo, labor dispute or strike (whether legal or illegal), labor or material shortage, transportation interruption of any kind, work slowdown, any law, rule, regulation, action, order, or request adopted, taken, or made by any governmental or quasi-governmental entity (whether or not such governmental act proves to be invalid), or any other cause, whether or not specifically mentioned above.
GENERAL RULES: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute the Video to administer and promote the Contest as described in these Rules, and each such person releases all Released Parties from any and all liability related to such authorized uses.
Sponsor’s decisions will be final in all matters relating to this Contest, including interpretation of these Rules, and selection of the Winners. All Participants, as a condition of entry, agree to be bound by these Rules and the decisions of Sponsor. Failure to comply with these Rules may result in disqualification from the Contest. Participants further agree to not damage or cause interruption of the Contest and/or prevent others from participating in the Contest. Sponsor reserves the right to restrict or void participation from any IP address, email address or domain, account, or device if any suspicious Video and/or participation is detected. Sponsor reserves the right, in its sole discretion, to void Videos or other participation by any person who Sponsor believes has attempted to tamper with or impair the administration, security, fairness or proper play of this Contest. In the event there is an alleged or actual ambiguity, discrepancy or inconsistency between disclosures or other statements contained in any Contest-related materials and these Rules (including any alleged discrepancy or inconsistency within these Rules), it will be resolved by Sponsor in its sole discretion. Participants waive any right to claim ambiguity in the Contest or these Rules. If Sponsor determines (at any time and in its sole discretion) that any Winner or potential Winner is disqualified, ineligible, in violation of these Rules, or engaging in behavior that Sponsor deems obnoxious, inappropriate, threatening, illegal or that is intended to annoy, abuse, or harass any other person or entity, Sponsor reserves the right to disqualify such Winner or potential Winner, even if the disqualified Winner(s) or potential Winner(s) may have been notified or displayed or announced anywhere. Sponsor’s failure to, or decision not to, enforce any provision in these Rules will not constitute a waiver of that or any other provision. The invalidity or unenforceability of any provision of these Rules will not affect the validity or enforceability of any other provision. In the event that any provision is determined to be invalid or otherwise unenforceable or illegal, these Rules will otherwise remain in effect and will be construed as if the invalid or illegal provision were not contained in these Rules. If the Contest is not capable of running as planned, for any reason, Sponsor reserves the right, in its sole discretion, to cancel, modify or suspend the Contest or run the Contest based on eligible Videos received prior to cancellation, modification, or suspension, if any, or as otherwise deemed fair and appropriate by Sponsor. If any person supplies false information, participates or submits Videos by fraudulent means, or is otherwise determined to be in violation of these Rules in an attempt to win, Sponsor may disqualify that person and seek damages from him or her and that person may be prosecuted to the full extent of the law. If any dispute regarding a Video cannot be resolved to Sponsor’s satisfaction, such Video will be deemed ineligible. CAUTION: ANY ATTEMPT TO DAMAGE ANY ONLINE SERVICE OR WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE CONTEST VIOLATES CRIMINAL AND CIVIL LAWS. IF SUCH AN ATTEMPT IS MADE, SPONSOR MAY DISQUALIFY ANY PARTICIPANT MAKING SUCH ATTEMPT AND MAY SEEK DAMAGES TO THE FULLEST EXTENT PERMITTED BY LAW.
DISPUTES/GOVERNING LAW: Except where prohibited by law, any and all disputes, claims, and causes of action between a Participant and any Released Party arising out of or connected with this Contest, the determination of any Winner awarded must be resolved individually, without resort to any form of class action. Further, in any such dispute, under no circumstances will a Participant be permitted or entitled to win or receive, and hereby waives all rights to claim punitive, incidental or consequential damages, or any other damages, including attorneys’ fees, other than the Participant’s actual out-of-pocket expenses (if any), not to exceed ten United States dollars, and each Participant further waives all rights to have damages multiplied or increased.
This Contest, these Rules, and any dispute arising under or related to this Contest and/or Rules (whether for breach of contract, tortious conduct or otherwise) will be governed, construed, and interpreted under the internal laws of the state of California, USA, without reference or giving effect to its conflicts of law principles or rules that would cause the application of any other jurisdiction’s laws and, if that is not possible, then the laws of the United Kingdom. Any legal actions, suits, or proceedings related to this Contest (whether for breach of contract, tortious conduct, or otherwise) will be brought exclusively in the state or federal courts located in or having jurisdiction over San Mateo County, California, USA and each Participant irrevocably accepts, submits, and consents to the exclusive jurisdiction and venue of these courts with respect to any legal actions, suits, or proceedings arising out of or related to this Contest, and if that is not possible, then such actions, suits or proceedings will be brought in the courts having jurisdiction over London, United Kingdom. Unless prohibited by applicable law, all Participants waive any and all objections to jurisdiction and venue in these courts and hereby submit to the jurisdiction of those courts. If required under applicable law, nothing in these Rules will limit the right of any participant to bring proceedings (including third party proceedings) against Sponsor in a court of competent jurisdiction located within the participant’s jurisdiction (as applicable).
PRIVACY: By participating, you consent to the collection, storage, processing, and transmission of your submitted personal data by Sponsor and its affiliated companies for the purposes of conducting this Contest. The personal data collected is subject to applicable data protection laws and Palantir’s Privacy Policy.
WINNER’S LIST/RULES: To find out the first initial, last name, and country of the Winners, send an email within 90 days of the Submission Period to devcon-fellowship@palantir.com (Sponsor’s email for the purposes of this Contest) with the subject: “DevCon Fellowship Contest Winner List Request”. One (1) Winner information request per person/email address will be fulfilled. Requests for Winner information must be received no later than three (3) months following the end of the Submission Period. For a copy of these Official Rules, no later than the end of the Submission Period visit https://palantir.pactsafe.io/devcon-rules-6917.html.
THIRD PARTIES: Reference within any Contest-related materials to any third party in connection with prizes and/or third-party websites, products, or services are for reference and identification purposes only and not intended to suggest endorsement, sponsorship, or affiliation with Sponsor or this Contest.
Effective September 17th 2024 to September 19th 2024
DownloadTable of Contents
Palantir DevCon Fellowship Contest (“Contest”) Official Rules (“Rules”)
No purchase necessary to participate in this Contest. A purchase will not increase your chances of winning.
Void where prohibited by law. Winners may be required to respond to notification and other communications from Sponsor within forty-eight (48) hours from date of notification (or other specified timeframe or an alternate winner may be named in Sponsor’s sole discretion), as more fully described below.
Important: Please read these Rules for this Contest, which are a contract, carefully before taking any step to participate. Without limitation, this contract includes indemnities to Sponsor (as defined below) from you and a limitation of your rights and remedies. By taking any step to participate, you agree to be bound by these Rules and represent that you satisfy all of the eligibility requirements.
To utilize the prize, entrants must be available to travel to Palo Alto, California, USA between November 13 -14, 2024.
BY SELECTING “I AGREE” (OR EQUIVALENT) WHERE SUCH OPTION IS MADE AVAILABLE, OR BY SUBMITTING A VIDEO (AS DEFINED BELOW) TO SPONSOR OR OTHERWISE PARTICIPATING IN THE CONTEST (AS DEFINED HEREIN), YOU CONFIRM THAT YOU (“YOU” OR “YOUR” OR (AS APPLICABLE) PARTICIPANT (AS DEFINED BELOW)) HAVE READ THESE RULES (AS DEFINED HEREIN), THAT YOU UNDERSTAND THE TERMS OF THE RULES, AND THAT YOU ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THESE RULES. SPONSOR: Palantir Technologies Inc. 1200 17th Street, Floor 15 Denver, Colorado, USA 80202 (“Sponsor”).
OVERVIEW: The Contest begins on September 19, 2024 and ends at 11:59 pm EDT October 9, 2024 (“Submission Period”). Eligible individuals may participate by creating and submitting an original video showcasing their Palantir Artificial Intelligence Platform (“AIP”) workflow from their Developer Tier (as defined below) account (“Video”) in accordance with these Rules during the Submission Period. “Developer Tier” means a Build with AIP Developer Tier account that can be created by signing up at https://signup.palantirfoundry.com/signup?signupPermitCode=BUILD_WITH_AIP&tracking-code=build.palantir.com. A Developer Tier account is free and may require agreement to additional terms (including the Palantir AIP Now Terms of Service available at https://palantir.pactsafe.io/aip-now-6493.html). Videos submitted in accordance with these Rules will be evaluated by Sponsor in accordance with the judging procedures detailed under the “Winner Selection/Notification” section below.
ELIGIBILITY: This Contest is open only to individuals who: (1) are at least eighteen (18) years of age as of the start of the Submission Period; (2) reside in USA, Canada, United Kingdom, or the Republic of India; and (3) have a Developer Tier account. Those who meet these eligibility requirements and take steps to participate are referred to as “Participants” in these Rules. Participants must have authorized access to their Developer Tier account before they create the Video and fill out the Submission Form.
Personnel, employees, officers, directors, members, managers, agents, and representatives of Sponsor and any other entities participating in the administration of this Contest, Sponsor, or any of their respective corporate partners, parent companies, divisions, subsidiaries, affiliates, successors in interest, and advertising, promotion, and public relations agencies, judges and their employers, employees, managers, agents and representatives (collectively, the “Released Parties”) and any family member or member of the same household (whether or not related) of any such persons are not eligible to participate or win this Contest. For purposes of this Contest, the term “family members” is defined as any spouse, partner, parent, legal guardian, child, sibling, grandparent, grandchild, or in-law.
Limit of one (1) entry per person.
HOW TO PARTICIPATE: During the Submission Period, create a an original video that is a screen recording showcasing your Palantir Artificial Intelligence Platform (AIP) workflow in your Developer Tier account (“Video”). Submitting a Video requires a Developer Tier account (as described in the “Overview” section, above). To submit a Video, Participants must:
- Upload your Video to YouTube as an “unlisted” video.
- Fill out Palantir’s Participant submission form via Marketo available at http://palantir.com/devcon-fellowship (“Submission Form”) and include the unlisted YouTube link to your Video.
- Use LASTNAME_FIRSTNAME_DEVCON_SUBMISSION in the title name.
Your Video must demonstrate a solution in your Developer Tier account to a problem you define in your Video, where such solution entails a workflow of consequence in your Developer Tier account. Your Video must show how you approached the problem, why you chose to manipulate the data in the way you did, who your anticipated users are, and the impact you expect this workflow to drive. Your Video must meet the “Submission Requirements” set forth in these Rules to be eligible.
Participant’s Developer Tier account associated with the Video, Video, any accompanying copy, and all other accompanying or linked material (collectively, “Participant Content”) must comply with (i) these Rules, (ii) “Submission Requirements” detailed below, and (iii) the terms and guidelines applicable to the platform where the Participant Content is posted, for example, YouTube’s Terms of Use https://www.youtube.com/t/terms.
Sponsor’s platform clock will be the official timekeeper for this Contest. Videos must be submitted and received by Sponsor during the Submission Period and all participation must be in strict accordance with the instructions and restrictions in these Rules. For purposes of this Contest, submitting or attempting to submit a Video does not constitute proof of actual receipt of the Video for purposes of this Contest. Those who do not abide by these Rules and the instructions of Sponsor and provide all required Participant Content may, in Sponsor’s sole discretion, be disqualified. Videos that are incomplete, lost, late, misdirected, mutilated, fraudulent, illegitimate, incomprehensible, garbled, or generated by a macro, bot, or other automated means will not be accepted and will be void. Videos or participation made on behalf of a Participant by a third party not affiliated or associated with that Participant (as determined by Sponsor in its sole discretion) or originating through any commercial promotion subscription, notification, or participating services will be declared invalid and disqualified for this Contest. No Released Party will have any responsibility or liability for any dispute regarding any Participant, including the identity of any natural person associated with a Developer Tier account. If any dispute regarding a Video or Participant cannot be resolved to Sponsor's satisfaction, the Video will be deemed ineligible. VIDEOS OR PARTICIPATION MAY NOT BE ACKNOWLEDGED. IN FACT, SUBMISSIONS MAY BE DESTROYED AFTER THE SUBMISSION PERIOD. KEEP A COPY OR THE ORIGINAL OF EACH ELEMENT OF THE ENTRY, INCLUDING YOUR VIDEO. ANY VIDEO THAT DOES NOT CONFORM TO THE REQUIREMENTS IN THESE RULES MAY, IN SPONSOR’S SOLE DISCRETION, BE DEEMED INELIGIBLE.
SUBMISSION REQUIREMENTS: Your Participant Content must meet all of the requirements in these Rules, including the following, or the associated entry will be disqualified:
- All aspects of the Participant Content must be originally created, and solely owned, by Participant (or be in the public domain) unless third party content is validly licensed and permitted pursuant to Sponsor’s instructions in these Rules. Sponsor reserves the right to request proof of compliance with this requirement or Video may be subject to disqualification.
- Participant Content may only be created using artificial intelligence or other machine learning tools specifically permitted by Sponsor (which permission extends to the software developed by Participant to form the Developer Tier accounts).
- Participant Content must not infringe, misappropriate, or violate any rights of any third party including, without limitation, copyright (including moral rights), trademark, trade secret, or rights of privacy or publicity and may not feature any other brand names, products, logos, or businesses other than Participant’s, if applicable and permitted by Sponsor, unless specifically permitted in these Rules.
- Participant Content must not include information or content that is false, fraudulent, deceptive, misleading, defamatory (include trade libel), disparaging, harassing, threatening, profane, obscene, pornographic, hateful, indecent, inappropriate, inconsistent with the Palantir Use Case Restrictions available at https://palantir.pactsafe.io/aip-now-6493.html#ucr-985315, or injurious to any Released Party or any other party.
- Participant Content must not contain or describe any harmful or illegal activity or content or in any way violate any federal, state, or local laws, rules, or regulations.
- Participant Content must be suitable for presentation in a public forum.
- Participant Content must not suggest, depict, or describe any inappropriate, unlawful, or dangerous behavior.
- Participant may not be, or be determined to likely be (at Sponsor’s sole discretion), operating as a representative, official, or asset of a foreign power (included but not limited to any government or government instrumentality).
- Participant Content must be in English.
- Participant Content must be no more than two (2) minutes long.
- Videos must be made via the Submission Form with the unlisted YouTube link submitted.
- You agree that your participation in the Contest and agreement to these Rules and any Released Party’s display and use of the Participant Content permitted under these Rules will not violate any agreement to which you are a signatory or party.
- To the fullest extent permitted by applicable law, you agree to indemnify the Released Parties against any and all claims from any third party for any use or reuse by any Released Party of the Participant Content permitted under these Rules.
WINNER(S) SELECTION/NOTIFICATION: At the end of the Submission Period, eligible Videos will be judged by a panel of Sponsor-selected judges (“Judges”). The Judges will use the following criteria, weighted evenly, (the “Criteria”) to evaluate the entries:
- Technical accomplishment of the workflow described in the Video;
- Creativity of ideas demonstrated by the Video of the workflow; and
The Judges will choose fifteen (15) of the top-scoring Videos based upon the Criteria (“Winners”). All Judges’ decisions are final and binding in all matters relating to this Contest.
Each Participant acknowledges that other Participants may have created ideas and concepts contained in their Video that may have familiarities or similarities to their Video, and that they will not be entitled to any compensation or right to negotiate with the Released Parties because of these familiarities or similarities.
Sponsor or its representative may contact Participants for verification purposes and administration of the Contest. Winners will be chosen as specifically described, and not using any random drawing or method incorporating chance. If no Videos (or less Videos than stated number of intended winners) meet the requirements set forth in the “How to Participate” section and/or do not adhere to the Submission Requirements, no, or less, Videos will be selected.
Sponsor may contact potential Winners via email at the address Winner provided in the Submission Form. Potential Winners must respond in accordance with Sponsor’s instructions and required timing or recognition may be forfeited.
To the extent required and allowed by applicable law, Sponsor will honor requests that Winner or potential Winner information not be published or posted online. A UK Winner may object to their surname and county/region being made publicly available. If any prize, prize notification, or Contest-related communication is rejected, faulty, or undeliverable; or if Winner or potential Winner fails to comply with these Rules, the prize may, in Sponsor’s sole discretion, be forfeited and an alternate Winner may be selected (time permitting) based on the original method of Winner selection or other method that is fair in Sponsor’s sole discretion. Sponsor is not obligated to pursue more than three (3) alternate Winners for any prize for any reason, in which case such prize may go unawarded. Sponsor reserves the right to modify the notification procedures and applicable deadlines for responding in connection with the selection of any alternate potential Winner, if any. If a prize is legitimately claimed, it will be awarded. Upon prize forfeiture or inability to use a prize or portion of a prize by a Winner or potential Winner, Sponsor will have no responsibility or liability to that individual. To claim a prize, Winner(s) must follow the directions in the prize notification. Failure to comply with Sponsor’s or its representative’s instructions, or these Rules may, in Sponsor’s sole discretion, result in disqualification from this Contest and forfeiture of any prize potentially won. Decisions of Sponsor are final on all matters relating to this Contest, including interpretation of these Rules, determining the Winners, and awarding of the prize(s).
PRIZE(S) AND APPROXIMATE RETAIL VALUE (ARV): Fifteen (15) Winners subject to verification, will each receive an invitation and admission for one (1) to the Palantir DevCon November 13 – 14, 2024 in Palo Alto, California, USA, round-trip economy-class air travel to an airport in or near Palo Alto, California, USA , and hotel accommodations for two (2) nights at a hotel of Sponsor’s choosing. Meals and ground transportation are not included.
ARV of each prize to be awarded: $1,125.
Total ARV of all prizes to be awarded: $16,875.
Actual retail value of the prize may vary depending on location of the Winner’s residence, market conditions, changes in value of components (e.g., air transportation and hotel rates) and other reasons. The Released Parties are not responsible for, and Winner will not receive, the difference between the actual value of the prize at the time of prize fulfillment and the stated ARV in these Rules or in any Contest-related correspondence or materials. The Winner must travel from a Sponsor-selected airport on Sponsor-selected dates or the prize may be forfeited and an alternate Winner named. Failure to complete the trip does not relieve the Winner of their tax obligations associated with winning the prize. Specific travel arrangements not specified in these Rules will be made and determined in Sponsor’s sole discretion. All tickets are subject to the terms and conditions specified thereon. Travel must originate from and end at the same airport. It is the Winner’s sole responsibility to comply with all travel requirements, which may include, without limitation, presenting a valid passport, visa and/or other necessary identification (including photograph) at the time of travel. Flight schedules are subject to change without notice. Winner may be required to provide a credit card at time of hotel check-in to cover hotel incidentals. WINNER AGREES THAT THE RELEASED PARTIES ARE NOT RESPONSIBLE IN ANY WAY FOR ANY ADDITIONAL EXPENSES, OMISSIONS, DELAYS, OR RE-ROUTING RESULTING FROM ANY ACTS OF ANY GOVERNMENT OR AUTHORITY. Sponsor is not responsible for a potential Winner’s inability to accept or use the prize for any reason. All travel arrangements must be made through Sponsor or its designee. The Released Parties are not responsible for any act or omissions whatsoever by the air carriers, hotels, venue operators, transportation companies, benefit providers or any other persons providing any prize-related services or accommodations. The Released Parties are not liable for any missed events, opportunities or expenses incurred as a consequence of flight cancellation/delay or ground transportation delay. No refund or compensation will be made in the event of the cancellation or delay of any transportation or other benefit element except at the sole and absolute discretion of the Released Parties. Winners is responsible for obtaining travel insurance (and all other forms of insurance) at their option and hereby acknowledges that the Released Parties have not and will not obtain or provide travel insurance or any other form of insurance. Lost, stolen or damaged airline tickets, travel vouchers or certificates will not be replaced or exchanged. Any taxes (federal, state, provincial/territorial, and local) and all expenses not specifically mentioned herein, are not included as part of any benefits, and are solely the Winner’s responsibility, including, but not limited to: hotel taxes, additional ground transportation at the Winner’s destination(s), carrier fees, government charges, fees associated with procuring visas, room service, bag check fees, parking fees, laundry service, food, beverages, merchandise, souvenirs, telephone calls, tips, gratuities and service charges. Transportation carrier and hotel policies and regulations apply. Travel and lodging are subject to availability.
All prize and prize fulfillment details not specifically stated in these Rules will be determined by Sponsor in its sole discretion. If any potential Winner(s) cannot receive a prize from Sponsor per their employer’s policies, that potential Winner will forfeit the prize won and Sponsor will have no further obligation to that Winner. All taxes (federal, state, and local), as well as any expenses not specified in these Rules as being provided as part of the prize, are the sole responsibility of each Winner. Sponsor is not responsible for, and will not replace any, lost, mutilated, or stolen prize or prize component, or any prize/prize component that is undeliverable or does not reach a Winner because of incorrect or changed contact information. If a Winner does not accept or use the entire prize, the unaccepted or unused part of the prize will be forfeited and Sponsor will have no further obligation with respect to that prize or portion of the prize. Sponsor is not responsible for any inability of any Winner to accept or use any prize (or portion of any prize) for any reason. Winner(s) is/are strictly prohibited from selling, auctioning, trading or otherwise transferring any part of a prize, except with Sponsor’s permission, which may be granted or withheld for any reason in its sole discretion. No transfers, prize substitutions or cash redemptions will be made, except at Sponsor’s sole discretion. Sponsor reserves the right to substitute any stated prize or portion of any prize with another prize or portion of a prize of equal or greater value for any reason, including, without limitation, prize unavailability. No more than the stated prizes will be awarded. Participants waive the right to assert, as a cost of winning any prize, any and all costs of verification and redemption or travel to claim or use the prize and any liability and publicity which might arise from claiming or seeking to claim said prize.
LICENSE: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute Participant’s name, likeness, voice, biographical information, any quotes attributable to him or her, any other indicia of persona and the Video (regardless of whether altered, changed, modified, edited, used alone, or used with other material in the Released Parties’ sole discretion) to administer the Contest and promote the Contest.
Each Participant hereby acknowledges and agrees that the relationship between the Participant and each of the Released Parties is not a confidential, fiduciary, or other special relationship, and that the Participant’s decision to submit a Video for purposes of the Contest does not place any of the Released Parties in a position that is any different from the position held by members of the general public with regard to elements of the Video (including, without limitation, the Video), other than as set forth in these Rules. Each Participant understands and acknowledges that the Released Parties have wide access to ideas, text, images, videos and other creative materials. Each Participant also acknowledges that many ideas may be competitive with, similar to, or identical to their Video and/or each other in idea, components, format, or other respects. Each Participant acknowledges and agrees that such Participant will not be entitled to any compensation as a result of any Released Party’s use of any such similar or identical material that has or may come to such Released Party from other sources. Each Participant acknowledges and agrees that Sponsor does not now and will not have in the future any duty or liability (direct or indirect; vicarious, contributory, or otherwise) with respect to the infringement or protection of the Participant’s copyright or other proprietary rights in and to their Video. Each Participant acknowledges that, with respect to any claim by Participant relating to or arising out of a Released Party’s actual or alleged exploitation or use of any Video, or other material submitted in connection with the Contest, the damage, if any, thereby caused to the applicable Participant will not be irreparable or otherwise sufficient to entitle such Participant to seek injunctive or other equitable relief or in any way enjoin the production, distribution, exhibition, or other exploitation of any Released Party production or material, created or derived from a Video, and Participant’s rights and remedies in any such event are strictly limited to the right to recover damages, if any, in an action at law.
LIMITATION OF LIABILITY & DISCLAIMER OF WARRANTIES: Nothing in these Rules limits, excludes, or modifies or purports to limit, exclude, or modify any statutory consumer guarantee or any implied condition or warranty, the exclusion of which from these rules would contravene any statute or cause any part of these rules to be void (“Non-Excludable Guarantees”). Subject to the limitations in the preceding sentence and to the maximum extent permitted by any mandatory provisions of applicable law, the Released Parties exclude from these Rules all conditions, warranties, and rules implied by statute, general law, or custom, except for liability in relation to a Non-Excludable Guarantee. Subject to any Non-Excludable Guarantees, each Participant agrees to release, hold harmless, and indemnify (i.e., defend and/or reimburse) the Released Parties from any liability whatsoever for injuries or damages of any kind sustained in connection with the Contest, including, without limitation, any injury, damage, death, loss, or accident to person or property (however (but only if required by law in your jurisdiction), this release, hold harmless, and indemnification commitment does not apply to cases of bodily injury or loss of life or to the extent that any death or personal injury is caused by the negligence of Sponsor or other third party, where liability to the injured party cannot be excluded by law).
To the fullest extent permitted by applicable law, each Participant understands and agrees that all rights under section 1542 of the Civil Code of California and any similar law of any eligible jurisdiction are expressly waived by them. Section 1542 reads as follows:
“A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party.”
ADDITIONAL DISCLAIMERS: The Released Parties are not responsible and/or liable for any of the following, whether caused by a Released Party, the Participant, or by human error (except to the extent that any of the following occur for reasons within Sponsor’s reasonable control, if applicable law in your jurisdiction of residence dictates that liability to the injured party in such a case cannot be excluded by law): Videos made by illegitimate means (such as, without limitation, by an automated computer program); any lost, late, materials; any error, omission, interruption, defect, or delay in transmission or communication; viruses or technical or mechanical malfunctions; interrupted or unavailable telephonic, cellular, cable, or satellite systems; errors, typos or misprints in these Rules, in any Contest-related advertisements, or other materials; failures of electronic equipment, computer hardware, or software; lost or unavailable network connections or any failed, incorrect, incomplete, inaccurate, garbled or delayed electronic communications; technical or human error which may occur in the administration of the Contest or the processing of Videos; or any injury or damage to persons or property which may be caused, directly or indirectly, in whole or in part, from Participant’s participation in the Contest. Released Parties are not responsible for electronic communications that are undeliverable because of any form of active or passive filtering of any kind, or for insufficient space in a person’s account(s) to receive messages. Released Parties are not responsible, and may disqualify a Participant, if any contact information provided by the Participant does not work or changes without giving prior written notice to Sponsor. Without limiting any other provision in these Rules, the Released Parties are not responsible or liable to any Participant or Winners (or any person claiming through such Participant or Winner) if any of the Contest activities or Released Parties’ operations or activities are affected by any cause or event beyond the sole and reasonable control of the applicable Released Party (as determined by Sponsor in its sole discretion), including, without limitation, by reason of any acts of God, equipment failure, threatened or actual terrorist acts, air raid, act of public enemy, war (declared or undeclared), civil disturbance, insurrection, riot, epidemic, pandemic, fire, explosion, earthquake, flood, hurricane, unusually severe weather, blackout, embargo, labor dispute or strike (whether legal or illegal), labor or material shortage, transportation interruption of any kind, work slowdown, any law, rule, regulation, action, order, or request adopted, taken, or made by any governmental or quasi-governmental entity (whether or not such governmental act proves to be invalid), or any other cause, whether or not specifically mentioned above.
GENERAL RULES: By participating, except where prohibited by law, each Participant grants to the Released Parties (and their agents, successors, and assigns) the irrevocable, transferable, sublicensable, absolute right and permission to use, edit, modify, copy, reproduce, and distribute the Video to administer and promote the Contest as described in these Rules, and each such person releases all Released Parties from any and all liability related to such authorized uses.
Sponsor’s decisions will be final in all matters relating to this Contest, including interpretation of these Rules, and selection of the Winners. All Participants, as a condition of entry, agree to be bound by these Rules and the decisions of Sponsor. Failure to comply with these Rules may result in disqualification from the Contest. Participants further agree to not damage or cause interruption of the Contest and/or prevent others from participating in the Contest. Sponsor reserves the right to restrict or void participation from any IP address, email address or domain, account, or device if any suspicious Video and/or participation is detected. Sponsor reserves the right, in its sole discretion, to void Videos or other participation by any person who Sponsor believes has attempted to tamper with or impair the administration, security, fairness or proper play of this Contest. In the event there is an alleged or actual ambiguity, discrepancy or inconsistency between disclosures or other statements contained in any Contest-related materials and these Rules (including any alleged discrepancy or inconsistency within these Rules), it will be resolved by Sponsor in its sole discretion. Participants waive any right to claim ambiguity in the Contest or these Rules. If Sponsor determines (at any time and in its sole discretion) that any Winner or potential Winner is disqualified, ineligible, in violation of these Rules, or engaging in behavior that Sponsor deems obnoxious, inappropriate, threatening, illegal or that is intended to annoy, abuse, or harass any other person or entity, Sponsor reserves the right to disqualify such Winner or potential Winner, even if the disqualified Winner(s) or potential Winner(s) may have been notified or displayed or announced anywhere. Sponsor’s failure to, or decision not to, enforce any provision in these Rules will not constitute a waiver of that or any other provision. The invalidity or unenforceability of any provision of these Rules will not affect the validity or enforceability of any other provision. In the event that any provision is determined to be invalid or otherwise unenforceable or illegal, these Rules will otherwise remain in effect and will be construed as if the invalid or illegal provision were not contained in these Rules. If the Contest is not capable of running as planned, for any reason, Sponsor reserves the right, in its sole discretion, to cancel, modify or suspend the Contest or run the Contest based on eligible Videos received prior to cancellation, modification, or suspension, if any, or as otherwise deemed fair and appropriate by Sponsor. If any person supplies false information, participates or submits Videos by fraudulent means, or is otherwise determined to be in violation of these Rules in an attempt to win, Sponsor may disqualify that person and seek damages from him or her and that person may be prosecuted to the full extent of the law. If any dispute regarding a Video cannot be resolved to Sponsor’s satisfaction, such Video will be deemed ineligible. CAUTION: ANY ATTEMPT TO DAMAGE ANY ONLINE SERVICE OR WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE CONTEST VIOLATES CRIMINAL AND CIVIL LAWS. IF SUCH AN ATTEMPT IS MADE, SPONSOR MAY DISQUALIFY ANY PARTICIPANT MAKING SUCH ATTEMPT AND MAY SEEK DAMAGES TO THE FULLEST EXTENT PERMITTED BY LAW.
DISPUTES/GOVERNING LAW: Except where prohibited by law, any and all disputes, claims, and causes of action between a Participant and any Released Party arising out of or connected with this Contest, the determination of any Winner awarded must be resolved individually, without resort to any form of class action. Further, in any such dispute, under no circumstances will a Participant be permitted or entitled to win or receive, and hereby waives all rights to claim punitive, incidental or consequential damages, or any other damages, including attorneys’ fees, other than the Participant’s actual out-of-pocket expenses (if any), not to exceed ten United States dollars, and each Participant further waives all rights to have damages multiplied or increased.
This Contest, these Rules, and any dispute arising under or related to this Contest and/or Rules (whether for breach of contract, tortious conduct or otherwise) will be governed, construed, and interpreted under the internal laws of the state of California, USA, without reference or giving effect to its conflicts of law principles or rules that would cause the application of any other jurisdiction’s laws and, if that is not possible, then the laws of the United Kingdom. Any legal actions, suits, or proceedings related to this Contest (whether for breach of contract, tortious conduct, or otherwise) will be brought exclusively in the state or federal courts located in or having jurisdiction over San Mateo County, California, USA and each Participant irrevocably accepts, submits, and consents to the exclusive jurisdiction and venue of these courts with respect to any legal actions, suits, or proceedings arising out of or related to this Contest, and if that is not possible, then such actions, suits or proceedings will be brought in the courts having jurisdiction over London, United Kingdom. Unless prohibited by applicable law, all Participants waive any and all objections to jurisdiction and venue in these courts and hereby submit to the jurisdiction of those courts. If required under applicable law, nothing in these Rules will limit the right of any participant to bring proceedings (including third party proceedings) against Sponsor in a court of competent jurisdiction located within the participant’s jurisdiction (as applicable).
PRIVACY: By participating, you consent to the collection, storage, processing, and transmission of your submitted personal data by Sponsor and its affiliated companies for the purposes of conducting this Contest. The personal data collected is subject to applicable data protection laws and Palantir’s Privacy Policy.
WINNER’S LIST/RULES: To find out the first initial, last name, and country of the Winners, send an email within 90 days of the Submission Period to devcon-fellowship@palantir.com (Sponsor’s email for the purposes of this Contest) with the subject: “DevCon Fellowship Contest Winner List Request”. One (1) Winner information request per person/email address will be fulfilled. Requests for Winner information must be received no later than three (3) months following the end of the Submission Period. For a copy of these Official Rules, no later than the end of the Submission Period visit https://palantir.pactsafe.io/devcon-rules-6917.html.
THIRD PARTIES: Reference within any Contest-related materials to any third party in connection with prizes and/or third-party websites, products, or services are for reference and identification purposes only and not intended to suggest endorsement, sponsorship, or affiliation with Sponsor or this Contest.