Product
Solutions
Enterprise
Customers
Docs
Blog
Pricing
Download
Schedule a demo
Get started - it's free!
Log in
© 2026

Procurement at Tailscale

Last validated:

This content is Tailscale Confidential Information.

This page describes the steps that Tailscale ("we" or "us") takes to evaluate and procure software or other services from you (the "vendor"). A Tailscale employee (the "point of contact" or "POC") will be designated to keep these steps on track and answer any questions you might have along the way. As part of our internal review and approval controls, you may also be requested to provide information to or meet with members of our Security, Legal, or Finance teams.

Expected Timeline

Our procurement process can take anywhere from a couple of weeks to months depending on the complexity of the product or service and other timing considerations.

Phase 1: Security review

Per Tailscale's Third Party Vendor Review Policy (part of our company Security Policies), Tailscale reviews vendor security practices before engaging with new vendors, and on a regular basis, to ensure vendors properly handle Tailscale's customer data, confidential data, and other data.

All vendors and tools must be reviewed and approved by the Tailscale Security team to ensure compliance with our security standards. As part of vendor evaluation and engagement, each vendor's security practices are reviewed to ensure they sufficiently protect Tailscale's and its customers' data. A vendor's requirements may change based on the risk classification of the assets they are handling, such as sensitive data or access to production resources, and may change throughout the lifetime of an engagement if a vendor's scope or responsibilities change.

We prefer to complete security reviews early in the process. To ensure the confidentiality of information shared during the review process, we ask all vendors to sign our NDA, which is 100% mutual and market standard. We have also enabled you to select from a predefined set of options on key terms such as confidentiality period, choice of law, and forum to ensure the NDA complies with your internal policies. We use a contract management system called SpotDraft. A SpotDraft account is optional for you to read and sign the document.

Review, complete, and sign our NDA.

Your POC will submit a ticket with the Tailscale Security team to kick off the review. Be prepared to provide the following documentation during this phase:

  • SOC 2 Type 1 or Type 2 (or SOC 3) report for an overview of your current security practices.
  • Your company's privacy policy.
  • A completed vendor security questionnaire (VSAQ). You must fill this out, download/export answers, and send it back to us.
  • For vendors offering AI products or features, provide documentation regarding your AI system and practices, including the following information:
    • Models being used.
    • Source of training data.
    • Whether Tailscale data or derived data is used to train the model or improve the AI system.
    • Can Tailscale opt-out and, if so, how?
    • Information about your responsible AI practices and AI risk management program.
  • Whether your offering requires JavaScript embeds. The Tailscale Security Team generally tries to avoid third-party JavaScript embeds in the product (login.tailscale.com).
  • Any other documentation or information regarding your security program and practices not already covered by the above.

We strive to complete security reviews within 10 business days of opening the ticket.

Phase 2: Pilots (optional)

If the POC chooses to run a pilot first, be aware of the following restrictions and requirements:

  • Running pilots requires the same full security review process.
  • Work with your POC to document the pilot success criteria and results appropriately.

Phase 3: Pricing discussions

A member of our Finance team may request to speak with you to discuss the quote and finalize the order pricing.

Phase 4: Final contract reviews and approvals

Depending on the nature of your contracts and the level of criticality of the products and services provided to Tailscale, this phase can take anywhere from 5 to 20 business days to complete.

Other than the NDA, Tailscale has no standard vendor agreements, so we will review and use yours. Be prepared to provide the following documents for our review at the appropriate time:

  • The primary customer terms and conditions such as Terms of Service, MSA, SOW, or similar.
  • The data processing agreement or addendum (DPA).
  • The order form, PO, or other ordering document.

We use SpotDraft to help facilitate reviews and approvals of all company contracts and request that all signatures be handled through SpotDraft.

Questions?

Reach out to your POC with any questions about what to expect.