Export Compliance
We are committed to abiding by the laws and regulations that apply to us as we conduct business around the world.
Our export compliance matrix and the below FAQS are provided to help our customers and partners better understand how our products are classified under the U.S. Export Administration Regulations (known as the “EAR”).
All information provided here is strictly informational and a recommendation only, and should be used by you in conjunction with the EAR when classifying our products for import and export purposes.
We make no representations or warranties as to the accuracy and reliability of the classifications listed in the export compliance matrix or the FAQ. Any use of these classifications by the user is at the user’s own risk. It is your responsibility to ensure that your use of our products is in compliance with the EAR. We are in no way responsible for any damages of any kind suffered by a user as a result of using or relying on these classifications or FAQ for any purpose.
Classification Matrix
| Sugar Products | Customer Description | ECCN | CCATS# | Export License Status |
|---|---|---|---|---|
| Sugar Mobile (binary) |
All customers | 5D992 – MMKT
742.15(b)(1) |
G163773 | NLR |
| Sugar Connectors offered by us via SugarExchange [1] (binary) |
All customers | 5D992 – MMKT
742.15(b)(3) |
G163771 | NLR |
| Sugar Connectors offered by us via SugarExchange [2] (binary) |
All customers | 5D992 – MMKT
742.15(b)(1) |
G163771 | NLR |
| Sugar Professional Sugar Enterprise (includes OEM Edition) Sugar Ultimate (source) |
All non-gov’t users and any Gov’t users in “approved” countries [3] | 5D002
740.17(b)(2)(i)(B) |
G163770 | NLR |
| Sugar Connectors and Sugar Plug-Ins offered by us via SugarExchange (source) |
All non-gov’t users and any Gov’t users in “approved” countries | 5D002
740.17(b)(2)(i)(B) |
G163771 | NLR |
| Sugar Professional Sugar Enterprise Sugar Ultimate (source) |
Gov’t users not in “approved” countries | 5D002 – Source
740.17(b)(2)(i)(B) |
G163770 | Export license required |
| Sugar Connectors and Sugar Plug-Ins offered by us via SugarExchange (source) |
Gov’t users not in “approved” countries | 5D002 – Source
740.17(b)(2)(i)(B) |
G163771 | Export license required |
Acronyms
ECCN = Export Control Classification Number
CCATS = Commodity Classification Automated Tracking System
NLR = No License Required
MMKT = Mass Market Eligible Products
- [1] Examples of these connectors include Sugar Connector for Marketo.
- [2] Examples of these plug-ins include the Microsoft Excel, Outlook and Word plugins or IBM Notes plugin.
- [3] You can find a list of currently approved countries here:
http://www.gpo.gov/fdsys/pkg/CFR-2012-title15-vol2/xml/CFR-2012-title15-vol2-part740-appNo–id428.xml
FAQs for Sugar Products
1. Why do the U.S. export laws apply to the Sugar products?
The U.S. Government controls the delivery or access to all tangible and intangible items of U.S. origin to those outside the U.S. or to non-U.S. citizens. While some items can be freely exported to most countries, other items (like software products or other technology) are subject to stricter controls.
2. Why are the Sugar products subject to stricter controls?
Like many software products, we use encryption that is designed to protect things like your passwords or data being transmitted between our product and other products you may integrate our product with. It’s because we offer software products with encryption (some of which are also provided in source code form) that the stricter controls apply.
3. Why are some Sugar products classified as “source” products and not others?
We use PHP and java script as the primary coding language for our core products and a number of its extensions. Because the code can’t be compiled into object code, the U.S. Government views our product as source code and why the additional restrictions around some government users apply.
Our other products, like our mobile app, are written in a different coding language that can be compiled into object code which is why they are classified differently.
4. I don’t want the source code for your core products or extensions. Can I get an object code version instead?
No. The code itself for those particular products can’t be compiled, meaning it’s not possible to convert the code from source code to an object code format.
5. Are my end users going to see the source code?
No. End users access and use with our products through a web browser or our mobile app. The UX (user experience) is no different than using any other web page or app on a mobile device.
6. How do I know if I’m a government user that requires a special export license to use your product?
As a general rule, a special license is required if you’re one of the following:
- A foreign central, regional or local government department, agency, or other entity performing governmental functions;
- A governmental research institutions;
- Governmental corporations or their separate business units (as defined in part 772 of the EAR) which are engaged in the manufacture or distribution of items or services controlled on the Wassenaar Munitions List; or
- An international governmental organizations (like the United Nations, the World Bank or the European Union).
If you qualify as a government user requiring a special license, we will let you know and then work with you to evaluate the next steps.
7. Are there any use restrictions that I should be aware of?
Yes. Our products can’t be used for in any prohibited activity described in Part 744 of the EAR, including certain nuclear, chemical or biological proliferation activities.
8. Are there any other restrictions I should be aware of?
The U.S. export laws are complicated. We strongly recommend you consult with your trade compliance experts or legal counsel to understand what you need to do to comply with the EAR and any other import laws for your own country that may also apply.
Here are a few things you should keep in mind:
A. Limits On What We Can Do. We are not allowed to do business with or provide our products or services to any company or person that is “restricted” because they are either:
- Located in countries or regions that are embargoed by the U.S. Government (i.e., Cuba, Iran, North Korea, Sudan, Syria and Crimea Region of Ukraine); or
- Listed in any U.S. published watch lists like the Specially Designated Nationals List, Denied Person’s List or Entity List or similar denied parties’ lists.
Because the list of countries or people may change from time to time, we urge you to consult the relevant regulations, including the EAR (15 CFR Part 730), and the U.S. Office of Foreign Assets Control sanctions program.
B. Limits on What You Can Do. You are not allowed to provide access to or a copy of our products or services to anyone that we can’t do business with or provide our own products or services to, unless you get permission from the U.S. Government. This means you can’t export, re-export or transfer or allow use by any “restricted” company or person or to any person or company in an embargoed country or region.
9. I can’t find the Sugar product I’m using in the classification matrix. What do I do?
You can email export@sugarcrm.com for assistance.
10. What is SugarCRM’s Encryption Registration Number (ERN)?
Our ERN is R104045.
11. Where can I learn more or get help on understanding the EAR or licensing requirements?
You can contact the Department of Commerce, Bureau of Industry and Security ( http://www.bis.doc.gov/) or Office of Foreign Assets Control ( http://www.treasury.gov/).
Environmental Policy
SugarCRM Inc. (“Sugar”) and its subsidiaries are committed to reducing its impact on the environment. Therefore, we consider the following principles to be company priorities:
- Sugar is committed to complying with all applicable environmental regulations.
- Sugar will monitor energy consumption and identify potential reductions in energy usage.
- Sugar will implement waste management strategies that promote waste minimization, re-use, recovery and recycling where appropriate. Where these options are not available, we will ensure that our waste is disposed of in a way that minimizes its impact on the environment.
- Sugar will train our staff on our environmental program and empower them to contribute and participate.
- Sugar will communicate our environmental commitment and efforts to our customers, staff, and our community.
To support these company priorities, Sugar will design measurable goals and strive for continuous improvement. SugarCRM has had no environmental fines or penalties of a material nature. However, if SugarCRM has any in the future they will post them to this web page.
Conflict Mineral Policy
SugarCRM Inc. and its subsidiaries are committed to ethical conduct and respecting human rights wherever we do business around the world.
We are aware of concerns that certain minerals sourced in conflict areas in the Democratic Republic of the Congo and adjoining countries may make their way into the supply chains of products used in the electronics industry.
All of our products are solely software-based offerings and are therefore free from conflict minerals (as those minerals are defined in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010).
Regulated Data
Companies and their Subscription Users are prohibited from inputting the following types of Regulated Data into Sugar Cloud: (1) Health Insurance Portability and Accountability (HIPAA) protected health information (PHI) data; (2) technical data controlled by International Traffic in Arms Regulations (ITAR) data; (3) Payment Card Industry Data Security Standard (PCI-DSS) personal data; and (4) Federal Information Security Modernization Act (FISMA) personal data.
Last Update: August 2018