Product-Specific Terms

Last Updated: April 16, 2024
Download as PDF

These Product-Specific Terms are a part of the Order Form under which the Customer ordered the Kong Product. The Order Form and these Product-Specific Terms are governed by the Kong Customer Agreement or other master agreement for the purchase of subscriptions to Kong Products entered into by Customer or an Affiliate of Customer (“Agreement”). If the Customer and Kong have entered into a Kong Konnect Cloud Addendum, a reference to the Agreement also includes the Kong Konnect Cloud Addendum.

These Product-Specific Terms adjust certain terms of the Agreement, solely with respect to the applicable Product listed below, if Customer has ordered the Product. Except as otherwise modified in these Product-Specific Terms, all other terms and conditions of the Agreement will remain in full force and effect. All capitalized terms not defined in these Product-Specific Terms will have the meaning given to them in the Agreement. On and after the date of the Order Form, any reference to the Agreement means the Agreement as modified by these Product-Specific Terms. In the event of a conflict between these Product-Specific Terms and the terms of the Agreement less these Product-Specific Terms, these Product-Specific Terms will prevail for the purposes of the applicable Product.

KONG GATEWAY ENTERPRISE, KONG MESH

Kong Gateway Enterprise is Kong’s customer self-managed (on-premises) API gateway management software. Kong Mesh is Kong’s customer self-managed (on-premises) service mesh.

Software is Self-Managed by Customer. Each of Kong Gateway Enterprise and Kong Mesh are not Cloud Services. Kong does not collect or process Customer Payload Data through the Products. Accordingly, notwithstanding anything to the contrary, Customer Payload Data is not Customer Content (or any comparable defined term) under the Agreement.

Verification. At Kong's request, Customer will promptly provide Kong with a Software-generated report verifying that Customer is using the Software in accordance with this Agreement and any purchased usage limits under an Order Form.

Disablement of Usage Data Telemetry. Customer may choose to disable the feature in the Software which permits transmission of Usage Data to Kong, in which case Kong will not collect Usage Data automatically from the Software.

SBOM. The Software Bill of Materials, including Third Party Open Source, for Kong Gateway Enterprise is found at https://docs.konghq.com/gateway/latest/support/sbom/ (or such updated URL provided by Kong from time to time).

KONG KONNECT HYBRID

Kong Konnect Hybrid refers to a hybrid SaaS and on-premises deployment where the Customer uses the Kong-hosted Kong Konnect Cloud Service as the control plane for Kong software instances self-managed by the Customer in the Customer Network Environment.

With Kong Konnect Hybrid, Customer Payload Data is under the Customer’s control in the Customer Network Environment. Customer Payload Data is not transferred to, processed or stored by the Kong-hosted Kong Konnect Cloud Service.

KONG KONNECT DEDICATED CLOUD GATEWAYS

Kong Konnect Dedicated Cloud Gateways is a fully-hosted API management Cloud Service, where the Customer uses Kong Konnect as the control plane for single tenant Kong Gateway instances managed by Kong.

With Dedicated Cloud Gateways, the Customer’s network traffic, including Customer Payload Data, is processed through the single tenant Kong-hosted Kong Gateway instances managed by Kong. This traffic is proxied and not stored or at rest within Kong-controlled network infrastructure other than possible transitory caching.

Customer Content Definition. The definition of Customer Content in the Agreement is replaced with the following:

Customer Content” means data and information submitted by or for Customer to the Cloud Services, and any Customer Payload Data routed to, passed through, processed and/or cached on or within, or otherwise transmitted or routed using the Cloud Service by Customer. Customer Content does not include Account Information or Usage Data.

Data Processing Addendum” or “DPA” means the then-current data processing addendum found at https://konghq.com/legal/data-protection-addendum (or such updated URL provided by Kong from time to time).

Personal Data in Customer Content. To the extent that Kong processes Customer Content on behalf of Customer that includes personal data, Kong will handle the personal data in compliance with the DPA.

No Payment Cardholder Information. Customer may not store or process any payment cardholder information (PCI) in its use of the Cloud Services.

No Protected Health Information. Customer may not store or process protected health information (PHI) using the Cloud Services.

Network Traffic. Kong may monitor and inspect the traffic on the Cloud Services, including any related logs as necessary to perform the Cloud Services and to derive and compile Usage Data. To the extent Usage Data includes any personal data, Kong will handle it in compliance with applicable data protection laws.

Customer Content Retrieval and Deletion. The following will apply to the exclusion of any term in the Agreement related to post-termination or expiration availability of the Cloud Services or Customer Content:

Notwithstanding anything in the Agreement, Kong will have no obligation to store, cache or make available through the Cloud Services any Customer Payload Data or other Customer Content on termination or expiration of the Agreement or a Subscription Term (if not renewed).

KONG INSOMNIA

Kong Insomnia is a hybrid SaaS and on-prem API development and testing platform. The software is a desktop application, and the SaaS portion provides for central administration and optional storage of API specifications or projects and related data (“Project Data”). Kong Insomnia also provides local and the Customer’s own Git storage alternatives for Project Data as well as the ability for Customer administrators to centrally control what storage options Customer teams can use.

No Personal Data. Customer may not store or process any personal data in Project Data through the Cloud Services.

No Payment Cardholder Information or Protected Health Information. Customer may not store or process any payment cardholder information (PCI) or protected health information (PHI) in Project Data through the Cloud Services.

Use of Third-Party Hosting Services. If Customer’s Project Data includes personal data, PCI or PHI, the Customer must configure the Product to host the Project Data locally or through the Customer’s own Git storage alternatives.

Customer Content Retrieval and Deletion. The following will apply to the exclusion of any term in the Agreement related to post-termination or expiration availability of the Cloud Services or Customer Content:

Notwithstanding anything in the Agreement, Kong will have no obligation to store, cache or make available through the Cloud Services any Customer Content on termination or expiration of the Agreement or a Subscription Term (if not renewed).