CrowdStrike

Refund Rules

CrowdStrike operates on annual contract terms (1-3 years) with no mid-cycle refunds for unused capacity. However, they may provide credits for service issues or significant outages through their SLA. Early termination typically requires paying remaining contract balance. For over-deployment situations (deployed endpoints exceeding licensed count), they require true-up payments rather than offering refunds for the excess.

Credit Policies

CrowdStrike offers Service Level Agreement (SLA) credits for platform availability issues, typically 99.9% uptime guarantee with credits for outages. They may provide credits for major service disruptions or failed deployments. Some credits available for unused module entitlements when downgrading at renewal. Professional services credits sometimes offered for implementation issues, but standard API usage or inactive endpoints don't qualify for automatic credits.

Contractual Terms

Auto-renewal clauses standard with 60-90 day cancellation notice required. Price increases typically capped at 5-8% annually. Minimum license commitments often required (500+ endpoints). True-up clauses for over-deployment with quarterly or annual reconciliation. Module licensing tied to base platform - can't reduce base Prevent while keeping advanced modules. Early termination fees usually 50-100% of remaining contract value.

Integration Complexity

Technical Notes

OAuth 2.0 Client Credentials flow with API client creation required in Falcon console. Rate limits vary by endpoint (100-500 req/min). Pagination required for large environments (5000 max per query). Multiple Customer IDs (CIDs) in enterprise environments require separate API calls. GovCloud customers use different API endpoints. Key scopes needed: Hosts:Read, Host Groups:Read, Detections:Read, Sensor Download:Read. API responses include rich metadata for cost optimization analysis including last_seen timestamps, sensor status, and platform details.