Changes to Tailscale terms and conditions documents
On June 30, 2025, Tailscale updated the following legal documents that may apply to your use of our services or websites:
- Terms of Service
- Main Service Agreement
- Data Processing Addendum
- Special Terms
- Acceptable Use Policy
The following information outlines the changes made to these documents. Be advised that this is a high-level summary of the most recent updates to these documents. Ensure you've read and understood the complete documents before you use our products or services.
You can also view how these documents have changed over time and subscribe to updates on GitHub to receive notifications when future updates occur. If you have questions about these updates, contact the Tailscale Legal team at legal@tailscale.com.
Terms of Service and Main Service Agreement
Tailscale originally started by connecting user devices to other user devices. Now, we have customers and users connecting a wider range of things, including devices, machines, and services. To accommodate this subtle but important change in how tailnets are built and used, we've updated some of our key definitions, resulting in ripple effects to other terms. Therefore, we've made adjustments and clarified terms.
Key definitional changes:
- Customer Data was previously used to refer to your traffic, but we found that this terminology became confusing over time. Instead, we now refer to what we previously called "Customer Data" as Traffic, and "Customer Data" now means simply the data and information related to the configuration and management of your tailnet that you submit to the platform.
- Usage Data updated to include machine-generated data or metadata, such as telemetry and log data. Importantly, Usage Data does not include your Traffic.
- Tailscale Solution is updated to cover all the various use cases for Tailscale.
- Tailscale Services is added as a new term added to address our support, implementation, and other service packages, and the new defined term Services to refer to everything that we offer.
Key definitional changes comparison:
| Defined term | Former definition | New definition |
|---|---|---|
| Customer Data | "any data, information, records, files, communications and other content that is transmitted from one Customer Endpoint to one or more other Customer Endpoints using the Tailscale Solution and can only be encrypted/decrypted by the Customer." | "any data or information related to the configuration and management of Customer networks created using the Tailscale Solution (each network a "tailnet") that are generated by or submitted to the Hosted Software by Customer, Permitted Users or Client Endpoints." |
| Traffic (formerly known as "Customer Data") | "any data, information, records, files, communications and other content that is transmitted from one Customer Endpoint to one or more other Customer Endpoints using the Tailscale Solution and can only be encrypted/decrypted by the Customer." | "the Customer records, files, communications, and other content and data that are transmitted over customer channels using the Tailscale Solution." |
| Personal Data | "includes "personal data," "personal information," "personally identifiable information," and similar terms, and such terms will have the same meaning as defined by applicable Data Privacy Laws, that is Processed in connection with the performance of the Tailscale Solution under your Agreement." | "includes "personal data," "personal information," "personally identifiable information," and similar terms, and such terms will have the same meaning as defined by applicable Data Privacy Laws, that is Processed in connection with the performance of the Services under your Agreement." |
| Usage Data | "information, data and metadata resulting from the ordinary course operation and use of the Tailscale Solution for limited internal business purposes related to the ongoing operation, development and protection of the Tailscale Solution, including security and fraud prevention, product analytics, research, debugging and improvement, and billing and customer account management" | "any machine-generated data or metadata resulting from the ordinary course operation or use of the Tailscale Solution that are created, collected, derived or discovered by the Tailscale Solution, including telemetry and log data. Usage Data do not include Traffic." |
You'll see these key definitional changes now reflected throughout the documents. In particular, Section 5, regarding Data Protection, was updated in light of changes to the definitions of Customer Data, Traffic, and Usage Data:
- Data Processing Addendum is updated to cover all Customer Data. With more machine-to-machine and service-to-service use cases, it can be challenging to determine what constitutes personal data and what does not. Fortunately, our security measures apply to all Customer Data regardless of whether it's technically Personal Data.
- Traffic and Usage Data is updated to provide clearer provisions.
- Security measures and shared responsibility model are updated to include expressly incorporated language because it's an important part of our product.
Here are other notable changes that we've made:
- Reorganized the provisions on Feedback (2.7), Research (2.8), and Publicity (12.6), and clarified the Publicity provisions to provide more information on when and how to opt-out of logo rights.
- Clarified the provision on Taxes (3.3).
- Added language about purchases through marketplaces and other channel partners (3.6). As a result, this language was removed from the Special Terms.
- Clarified the parties' termination rights (4.2 and 4.3 in the MSA and 4.3 in the TOS).
- Added details to Confidentiality to ensure alignment with standard NDA commitments (6).
- Added language in our rep and warranty disclaimer to ensure we can continue to prioritize the security, confidentiality, integrity, availability, or reliability of the Services (7.3).
- Removed customer's obligation to indemnify us for "combination … with other software…" to avoid confusion with Tailscale's indemnification obligations (9.2).
- Added "gross negligence, willful misconduct, and fraud" as an express exclusion from the standard liability cap (10.3).
- Added a new provision for U.S. Government customers (11.2).
- Added a new provision for customers in the E.U. who are "financial entities" under the EU Digital Operational Resilience Act, including incorporation of our new EU DORA Addendum for those customers (11.3).
- Clarified the language around Evaluation Periods (12.1) and Force Majeure (12.5).
Data Processing Addendum
As noted above, the primary change to our Data Processing Addendum (DPA) is that it now encompasses all Customer Data. We have also added language regarding our security measures and the shared responsibility model to the Terms of Service and the Main Service Agreement. You'll see these and other key definitional changes reflected in this update to the DPA.
Other changes to note that we've made:
- Acknowledgement about data covered by HIPAA, FERPA, and GLBA is moved from the general terms to the DPA, and the language is clarified (2.3).
- Security Measures information is refreshed to include substantially more information about how we secure the Tailscale Solution (Schedule D). For more information about security at Tailscale, refer to our Security page.
Acceptable Use Policy
Tailscale aims to make networking and connectivity easier, safer, and more secure. And our Acceptable Use Policy is an important part of that promise. With this update, we have added more context around the purpose of our Acceptable Use Policy and clarified information regarding prohibitions on use, safety guidelines, and policy enforcement. We also made it clear that we expect the same guardrails to apply in communications with our Support Team and other Tailscale employees.