Sitecore Usage Policy

v2.4 (December 2024)

Last Updated: December 2024

This Usage Policy applies to any products or services hosted by Sitecore (collectively, “Cloud Products”) on behalf of its customers (each a “Customer”). The terms of this Usage Policy may be updated by Sitecore periodically at Sitecore’s reasonable discretion by posting an updated version of this Usage Policy at www.sitecore.com/legal and such updates will be effective thirty (30) days after being posted. Subscribe here for notifications of updates.

The following terms are applicable to all Cloud Products:

A. Prohibited Use - As a Customer – what are my restrictions?

  1. Using the Cloud Products to violate the rights of others;
  2. Using the Cloud Products to harm, overload, disrupt, or gain unauthorized access to any service, network, system, device, data or account provided or owned by Sitecore or any third party, including any other user of the Cloud Products;
  3. Using the Cloud Products in any situation where Customer knows or should reasonably know that failure or fault of the Cloud Products could lead to death or injury of any person, or physical or environmental damage;
  4. Using the Cloud Products in a manner prohibited by applicable law, regulation or government order, including without limitation any laws regarding the export of data or software, email spamming, and distribution of malware;
  5. Scanning or testing for vulnerability on the SaaS Products (as defined here), including pen-testing, or otherwise engaging in actions that could compromise the security, integrity, availability or stability of the Cloud Products;
  6. Storing or uploading source code in the Cloud Products that contains malicious or harmful content;
  7. Erasing or removing any intellectual property right notice contained in the Cloud Products;
  8. Attempting to defeat, remove, or otherwise circumvent any software protection or monitoring mechanisms of the Cloud Products; and
  9. Authorizing or inducing any third party to do any of the above.

B. Obligations - As a Customer, what must I do?

  1. Upon written request from Sitecore, Customer must promptly remove any data or application stored in the Cloud Products that violates this Usage Policy;
  2. In the event Customer becomes aware of any known or suspected violation by its user(s) of this Usage Policy, Customer shall immediately: (a) provide notice to Sitecore of the violation, (b) suspend such user’s access to the Cloud Products, and (c) cooperate with Sitecore in any investigation of such known or suspected violation by Customer’s user(s);
  3. Customer acknowledges that the Cloud Products are designed with capabilities for Customer to access the Cloud Products without regard to geographic location and to transfer or otherwise move data and applications between the Cloud Products and other locations. Customer (and not Sitecore) shall authorize and manage all user accounts, as well as export control and geographic transfer of Customer’s data and applications;
  4. Customer shall be solely responsible for the accuracy, quality, content, legality and intellectual property ownership or right to Customer’s data and applications stored in the Cloud Products, including any applicable notice, takedown or other data security and data management policies. Sitecore reserves the right to review, refuse, or remove any or all Customer data or applications from the Cloud Products to comply with applicable law;
  5. Customer will require all of Customer’s authorized users to comply with this Usage Policy; and
  6. Unless back-up services are included in the Cloud Products that Customer orders from Sitecore, Customer is responsible for any backups of Customer Data used with the Cloud Products and will perform such backups on an environment separate from the Cloud Products.

The following additional terms are applicable to the use of Gen AI Functionality:

  1. Customer must comply with the Sitecore Gen AI Policy.

The following additional terms are ONLY applicable to Sitecore® Managed Cloud Standard and Managed Cloud Premium 2.0 Services, or any bundled license offering that includes Sitecore® Managed Cloud Standard or Manged Cloud Premium 2.0 Services

  1. 1. Customer must comply with the terms of the Microsoft Customer Agreement for Azure provided here https://azure.microsoft.com/en-us/support/legal/subscription-agreement/ .

The following additional terms are ONLY applicable to Sitecore® Email Experience Management Delivery Cloud Services (“EXM Services”):

  1. Customer must fully implement all required technical reputational features prior to using the EXM Services (in accordance with the Documentation); and
  2. Customer must comply with the message policy provided here: https://messagebird.com/en/legal/sparkpost-messaging-policy .

The following additional terms are ONLY applicable to the Sitecore® Send Services:

  1. Customer agrees to use the Sitecore Send Services in compliance with the Sitecore Send Messaging Policy;
  2. Notwithstanding anything to the contrary in the Agreement, if Customer is not in compliance with the Sitecore Send Messaging Policy, Sitecore may, in its sole discretion, take any action it deems appropriate regarding Customer’s access to the Sitecore Send Services, including without limitation, immediate suspension of Customer’s access to the Sitecore Send Services or termination of the Order for Sitecore Send Services without notice;
  3. Sitecore reserves the right to take applicable action(s) to verify that email campaigns sent using the Sitecore Send Services are compliant with the with the Sitecore Send Messaging Policy; and
  4. The Sitecore Send Services may contain links to websites or resources, owned or operated under the supervision of third parties other than Sitecore (“Linked Sites”), and Sitecore does not control and is not responsible for the operation, content, privacy policies or the security of such Linked Sites. Visiting and accessing Linked Sites occurs at Customer’s own responsibility and risk, without any involvement from, or liability of, Sitecore. Customer is responsible for reading and complying with the privacy statements and terms of use posted on any and all Linked Sites. Sitecore does not endorse, make any warranties and is not responsible for any data, software or other content and products or services available from Linked Sites. Customer acknowledges and agrees that Sitecore shall not be held liable, directly or indirectly, for any damage or loss relating to the use of or reliance upon such data, software or other content on any Linked Sites. Where the Sitecore Send Services refer through “links” or “hyperlinks” to Linked Sites, the owners and/or operators of Linked Sites bear full (civil and criminal) responsibility for the security, legitimacy and validity of their site content, to the exclusion of any liability of Sitecore.

The following additional terms are ONLY applicable to Netlify:

  1. Customer must comply with the acceptable use policy provided here: https://www.netlify.com/legal/acceptable-use-policy/.

Document Control:

Version Number

Revision Date

Summary of Changes

v2.4

December 2024

Clarification on vulnerability testing and storage of harmful source code, removal of terms regarding Managed Cloud Premium 1.0 which are no longer applicable (service has been transitioned out and discontinued), additional terms for the Netlify product, and non-substantive clarifications for ease of reading.

v.2.3

April 2024

Updated notification process to make it easier to receive updates and improve transparency. Added new sections to clarify position on vulnerability testing as well as harmful or malicious source code. Added a new Gen AI Policy section covering the introduction of generative AI functionality in the Cloud Products.

v2.2

November 2022

Updated policy by removing prohibition on using automated scripts to collect information.

v2.1

September 2021

Updated terms applicable to Sitecore Send.


Archived versions are available at here.