Read through the Wiz MSA [0] at section 6 which discusses “Customer Data” and among other things specifically asks Customer not to send HIPAA data (perhaps to sidestep the issue you just raised) and concludes with this:
—
Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
—
Or if reading terse legal documents isn’t your thing, go ahead and just read through Wiz’s own blog post about how their scanner works, which confirms they have full, direct access to customer EBS volume snapshots in the default “full SaaS” deployment model. [1]
Your point that due diligence would have taken issue with this might not be grounded in Google’s reality.
> [access to use customer data...] *to provide the Services and perform its obligations under this Agreement.*
"Services" – which you'll note is capitalized... lawyers do that for a reason – has a very specific meaning that very obviously does not include "whatever the fuck Google wants to do with it", nor "training general purpose AI models" in particular.
Why are you intentionally and blatantly misinterpreting Wiz's policies? Or are you just that good at ignoring/missing details in order to weave the story you've already decided to believe?
—
Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
—
Or if reading terse legal documents isn’t your thing, go ahead and just read through Wiz’s own blog post about how their scanner works, which confirms they have full, direct access to customer EBS volume snapshots in the default “full SaaS” deployment model. [1]
Your point that due diligence would have taken issue with this might not be grounded in Google’s reality.
0: https://wiz.pactsafe.io/legal#wiz-subscription-agreement
1: https://www.wiz.io/blog/the-wiz-approach-to-agentless-scanni...