Duo grants you a limited right to use the service for your own internal business purposes only during the subscription period, and all ownership of the software and service remains with Duo.
This analysis describes what Duo Security's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The license is explicitly non-transferable and non-sublicensable, meaning customers cannot share access with third parties, resell the service, or transfer their subscription without Duo's authorization.
Your organization's right to use Duo is limited to internal business use during the subscription term, and you cannot transfer, sublicense, or allow third parties outside your organization to use the service under your account without potentially violating the agreement.
How other platforms handle this
You retain any and all of your rights to any content you submit, post or display on or through the Services ('User Content') and you are responsible for protecting those rights. By submitting User Content through the Services, you hereby grant to Unity a non-exclusive, worldwide, royalty-free, fully...
By submitting Content to Shopify, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later deve...
Customer grants Snowflake the right to host, copy, transmit, display, and otherwise use Customer Data and Customer Applications as reasonably necessary to provide the Services in accordance with this Agreement.
Monitoring
Duo Security has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Subject to the terms and conditions of this Agreement, Duo grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Subscription Term solely for Customer's internal business purposes. Duo and its licensors retain all right, title, and interest in and to the Services, including all related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.— Excerpt from Duo Security's Duo Terms of Service
(1) REGULATORY LANDSCAPE: Intellectual property licensing terms are governed by contract law and do not directly implicate specific consumer protection regulations, though unauthorized sublicensing could create third-party liability exposure. (2) GOVERNANCE EXPOSURE: Low. The license scope is standard for enterprise SaaS and the limitations on transfer and sublicensing are widely observed in the industry. The primary risk is inadvertent non-compliance by managed service providers or organizations that provide Duo-protected services to external clients. (3) JURISDICTION FLAGS: Organizations operating as managed service providers should assess whether providing Duo-protected services to their own clients constitutes sublicensing under this clause. Duo offers a separate MSP program that likely addresses this use case. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that the licensed use scope covers all intended deployment scenarios, including shared services environments, outsourced IT functions, and affiliate entities. (5) COMPLIANCE CONSIDERATIONS: Software asset management programs should track Duo license counts and deployment scope to ensure compliance with the internal business purposes restriction.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The license is explicitly non-transferable and non-sublicensable, meaning customers cannot share access with third parties, resell the service, or transfer their subscription without Duo's authorization.
Your organization's right to use Duo is limited to internal business use during the subscription term, and you cannot transfer, sublicense, or allow third parties outside your organization to use the service under your account without potentially violating the agreement.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duo Security.