- Acceptable use policy
- Contentful AI Terms of Service
- Digital Services Act
- DMCA takedown notice
- Marketplace terms
- Modern slavery and human trafficking statement
- Privacy at Contentful
- Service level agreement
- Terms of service
- Terms of service Developer Showcase
- Trademark and Brand Use Policy
- Trial Terms of Service
- Legal FAQ
- Security addendum
- Other versions of this document
1. CONTENTFUL AND OUR APPROACH TO PRIVACY
The Contentful group of companies, comprising Contentful GmbH in Germany, Contentful Inc. in the United States, and all other affiliates (“Contentful”, “we”, “us” or “our”), are committed to safeguarding your data and protecting your privacy.
Contentful provides a cloud-based content management services platform that allows users to manage content using Contentful APIs (the “Contentful Services”).
This Privacy Notice applies to data that identifies or is associated with you (“personal data”):
When you use the Contentful Services, either as an individual user or as a representative of an organization;
When you visit our websites (contentful.com, or any other website of ours that links to this Privacy Notice) (our “Site(s)”);
When you engage with us offline, for example where you attend our in-person events; and/or
That we receive from third parties.
Contentful determines the purposes and means of processing your personal data as described in this Privacy Notice and therefore acts as the controller (as defined under the General Data Protection Regulation or equivalent term under applicable data protection laws) of your personal data in this context.
This Privacy Notice does not apply to personal data contained in the content that our customers manage using the Contentful Services for publication purposes. We process such information on behalf of our customers who are the controllers under those circumstances.
If you are a job applicant, please see our Privacy Notice to Candidates.
2. INFORMATION YOU PROVIDE TO US AND HOW WE USE IT
We collect personal data directly from you that you choose to submit to us when you use the Contentful Services. This could be information you provide when you set up an account on the Contentful Services, or correspond with us via customer support tools, by e-mail or otherwise.
We also collect personal data that you provide to us via our Sites, for example, when you fill in a form, subscribe to our mailing lists, newsletters or other forms of marketing communications, or use some other feature of our Sites. In addition, we may collect personal data from you when you register for or attend events and interact with us in person.
The table below sets out in detail the categories of personal data we collect about you and how we use that information.
Description | How we use it |
---|---|
Contact and registration information. Such as your first name, last name, professional details (company, job title and function), email address, username and password. | Set up and authenticate your account and operate, maintain and provide to you the features and functionality of the Contentful Services including customer support, security, billing and customer management purposes. |
Communicate directly with you to respond to your queries (for example, support requests) and to send service-related emails (for example, account verification, change or updates to features of the Contentful Services, or technical and security notices). | |
Send you news, alerts, operational information and marketing communications in accordance with your preferences. | |
Payment information. Such as credit or debit card details and information on the transaction, such as the services purchased and date and time of the transaction. | Facilitate payment in order to operate, maintain and provide to you the features and functionality of the Contentful Services. |
Correspondence, interactions and event recordings. When you contact us directly (for example, by email or via our customer support tools) when you respond to customer surveys, register for or attend our events and trainings or visit our premises. We may take photos, videos, and audio recordings at our events. | Answer your questions and concerns, obtain your insights and feedback, provide you requested information and resolve your customer service issues. We also use your information to administer events and use audio visual recordings that you may appear in for promotional purposes. |
Your preferences. Such as preferences set for notifications, marketing communications, how the Contentful Services and Sites are configured or displayed. | Send you marketing and sales content in accordance with your marketing preferences. |
3. INFORMATION WE COLLECT AUTOMATICALLY AND HOW WE USE IT
We collect personal data automatically, such as information about the way in which you use the Contentful Services and Sites. We use this information to provide you the features and functionality of the Contentful Services and Sites, to monitor and improve them and to develop new products and services.
We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information. The types of tracking technologies and data collection tools we use may change over time as technology evolves. You can learn more about our use of cookies and similar tracking technologies, by visiting our Cookie Notice.
The table below sets out in detail the categories of personal data we automatically collect from you when you use the Contentful Services and Sites, as well as how we use that information.
Categories of personal data | How we use it |
---|---|
Information about the way you access and use the Contentful Services and Sites. In relation to the Contentful Services, for example, we collect information about when and how frequently you access the Contentful Services, how long you use it for, and the approximate location from which you access it. We also collect information about whether you access the Contentful Services from multiple devices, and other actions you take in connection with the Contentful Services. In relation to the Sites, for example, we collect information such as the site from which you came and the site to which you are going when you leave our Sites, the pages you visit on our Sites, the links you click, whether you open emails or click the links contained in emails, whether you access the Sites from multiple devices, and other actions you take. | Monitor and improve the Contentful Services and Sites and our business, to monitor and strengthen security, verify access to the Contentful Services and Sites, combat fraud, to troubleshoot and resolve technical issues and to inform the development of new Contentful products and services. |
Determine products and services that may be of interest to you. | |
Identifiers and other information about your device and its software. In relation to the Sites, for example, we collect information such as your IP address, hostname of your device, browser type, Internet service provider, device type / model / manufacturer, operating system, date and time of server request, and other such information. In relation to the Contentful Services, for example, we also log certain user activity, including log-in time-stamps and actions taken in the Contentful Services. | We may use this information to detect fraud or suspicious activity in relation to your account or for other security purposes. |
We use this information to present the Contentful Services and Sites to you on your device and to enhance and personalize your experience. |
4. INFORMATION WE RECEIVE FROM THIRD PARTIES AND HOW WE USE IT
We may receive information from third parties in certain situations, for example, from trusted partners that we work with that improve your experience of the Contentful Services and Sites, marketing information that we receive from third parties we work with in the context of running events or promotions, or that we collect from publicly available sources online. These are described in more detail in the table below.
Categories of personal data | How we use it |
---|---|
Information received from social media, or other third party accounts. If you choose to register or login to the Contentful Services using a third party account (such as Google or GitHub), we may receive information from those third parties. The data we receive is dependent on your privacy settings with those third parties. | We use this information to set up and authenticate your account and to operate, maintain and provide to you the features and functionality of the Contentful Services. |
Marketing and sales generation information. This may include your name, email address, business postal address, phone number and other similar business contact information. | We use this information for marketing purposes, to assess whether you may be interested in the Contentful Services, to contact you with marketing and promotional information and to conduct surveys and market research. |
5. LEGAL BASES FOR EUROPEAN REGION RESIDENTS
If you are accessing or using the Contentful Sites or Services from the EEA, Switzerland or the UK (the “European Region”), we are required to have a “legal basis” in order to process your personal data. We use different legal bases depending on the purpose for which we process your personal data, as set out below.
Contractual necessity
If you are an individual user, we process your personal data for the performance of a contract to which you are a party. This contract would be any agreement between you and Contentful in connection with the provision of the Contentful Services. We process your personal data under this legal basis primarily to set up and operate the Contentful Services, including authenticating your account, to send service-related communications, to facilitate payments, and for customer support purposes.
Legitimate interests
If you visit our Sites or are a user of the Contentful Services on behalf of an organization, we process your personal data for our legitimate interests, namely:
To administer and provide the Contentful Services to the organization you represent;
To monitor, resolve issues and make improvements to the Contentful Services and Sites, and to develop new Contentful products and services;
To administer events and trainings;
To inform our marketing activities and for promotional purposes; and
To protect our business and your account from fraud and related activities.
Consent
We will process your personal data for specific purposes where you have provided your consent. If we rely on your consent, you can revoke your consent at any time.
Compliance with a legal obligation
We will process your personal data where processing is necessary for compliance with a legal obligation. For example, where we are legally required to process and retain payment or transaction information for tax and reporting purposes.
6. HOW LONG WE WILL STORE YOUR INFORMATION
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
7. DISCLOSURES OF YOUR PERSONAL DATA
We may disclose your personal data to the categories of third parties and in the circumstances as set out below:
Pursuant to your instructions. When requested, we will disclose or facilitate disclosing your personal data with third parties pursuant to your instructions.
Service providers. We may disclose your personal data with third party vendors and other service providers that perform services for us or on our behalf, which may include: providing security and fraud prevention; professional services such as legal and accounting services; billing services; mailing, email, chat or other customer relationship or support services; marketing, survey or analytics services; or web hosting.
Third party applications including social media services. If you register or log in to the Contentful Services using your account with a third party application such as a social media provider, we disclose limited data with that third party to facilitate your access.
If you install third-party applications or extensions in your use of the Contentful Services (via the Contentful Marketplace), the providers of such applications and extensions, and the providers of third-party services that the apps and extensions may connect with, will receive your identifiers and other data that you authorize such applications, extensions and third-party services to access.Other companies within the Contentful group. We may disclose your personal data within the Contentful group of companies as reasonably necessary for our day to day business operations.
Third parties in the context of a corporate transaction: We may disclose your personal data to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. Such a transaction might involve disclosing personal data to prospective or actual purchasers, sellers and their advisers.
Law enforcement, regulators and other parties for legal reasons: We may disclose your personal data to comply with our legal obligations, and to protect our rights. We will disclose your personal data if we are legally required to do so, such as in response to a court order or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands, or to comply with requirements of mandatory applicable law. We may also disclose your personal data as necessary to enforce terms of a contract that you have agreed to, including to protect the rights, property, or safety of Contentful, its users, or any other person, and to prevent fraud and abuse of the Contentful Services.
8. CALIFORNIA RESIDENTS
Categories and sources of personal data In accordance with the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act, we are required to disclose certain information about how we collect personal data of individuals resident in California, and how we use, retain and disclose that data. Note that the term “personal data” in this section has the meaning given to the term “personal information” in the CCPA. In the last 12 months, we have collected the following categories of personal data:
Identifiers (e.g., name, email address, or other similar identifiers);
Those listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (e.g., name, address, email address);
Characteristics which may be protected classifications under California or federal law (e.g., gender and marital status);
Commercial information (e.g., transaction data);
Internet or other similar network activity; Geolocation data (e.g., general location derived from an IP address);
Sensory data (e.g., audio, video);
Professional or employment-related information; and Inferences drawn from the preceding categories of personal data.
Within these categories of personal data, we may also collect the following categories of sensitive personal information (as defined in the CCPA) in connection with the Contentful Services: account log-in, financial account, debit card, or credit card number, in combination with any required security or access codes, password, or credentials allowing access to the account. We do not use or disclose sensitive personal information for any purpose not expressly permitted under the CCPA.
We obtain these categories of personal data directly from you or from devices on which you access or use the Contentful Services or Sites, as well as from the following categories of sources: our business partners and affiliates; third parties you direct to disclose information to us; social media providers; and as described above in the “Information you provide to us or we collect, and how we use it”, “Information we collect from you automatically, and how we use it” and “Information we collect from third parties and how we use it” sections of this Privacy Notice.
Use and disclosure of personal data
We use this personal data for the purposes described above in the “Information you provide to us or we collect, and how we use it”, “Information we collect from you automatically, and how we use it” and “Information we collect from third parties and how we use it” sections of this Privacy Notice.
We disclose this personal data as described above in the “Disclosures of your personal data” section of this Privacy Notice. In addition, we share (as that term is defined in the CCPA) identifiers, as well as Internet or other similar network activity, to advertising providers that tailor online ads to your interests based on information they collect about your online activity (known as interest-based advertising).
Retention of personal data
We retain this personal data as described above in the “How long we will store your information” section of this Privacy Notice.
9. SECURING YOUR PERSONAL DATA
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, abuse, loss and other disruption. To this end, we regularly review our security measures and adapt them to current standards. Contentful is certified according to the ISO 27001 standard and continuously invests in and improves its security practices. You can find out more by visiting Security at Contentful.
10. INTERNATIONAL DATA TRANSFERS
The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are accessing the Contentful Services or Sites from the European Region, your personal data will be processed outside of the European Region, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an adequate level of protection for personal data; or (ii) the transfer is made pursuant to appropriate safeguards. Such appropriate safeguards include the standard contractual clauses adopted by the European Commission or corresponding contractual clauses adopted by Swiss or UK authorities that are in place between the relevant Contentful affiliates or between Contentful and our third-party service providers. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Notice.
Data Privacy Framework
Contentful complies with the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (together, the “DPF”) as set forth by the US Department of Commerce.
Contentful has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles regarding the transfer of personal data from the European Union and the UK in reliance on the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework, respectively. Contentful has also certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US Data Privacy Framework. If there is any conflict between the terms in this Privacy Notice and the EU-US Data Privacy Framework Principles and/or the Swiss-US Data Privacy Framework Principles (together, the “DPF Principles”), the DPF Principles shall govern. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the DPF, Contentful commits to resolve all complaints regarding our collection and use of your personal data. Please contact us using the details set out in the “Contact Us” section below.
Any complaints that remain unresolved by Contentful will be referred to JAMS, an independent alternative dispute resolution organization based in the US. Individuals whose complaints have not been satisfactorily addressed can visit JAMS’ website at https://www.jamsadr.com/dpf-dispute-resolution for details on how to file a complaint. As a last resort, complaints that remain unresolved after pursuing these recourse mechanisms may be subject to binding arbitration. For more information, please refer to Annex 1 of the DPF Principles.
Contentful is liable for the processing of personal data it receives under the DPF and transfers to a third party acting as agent on its behalf. Contentful shall remain liable under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles, unless Contentful proves that it is not responsible for the event giving rise to the damage.
The US Federal Trade Commission has jurisdiction over Contentful’s compliance with the DPF. Contentful may be required to disclose personal data it receives under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
11. CONTROL OVER YOUR INFORMATION AND PRIVACY RIGHTS
Cookie settings and Global Privacy Control
We have implemented a cookie consent manager on our Sites and Contentful Services which allows you to view the current list of cookies implemented and to manage your cookie preferences. Visitors to our Sites can click the “Cookie Preferences” link at the bottom of our Site and users of the Contentful Services can visit the “Account Settings” page of the web-app within the Contentful Services.
Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales and sharing (please refer to the Rights of California residents section below for more information on right to opt-out of sales and sharing). We will respect your choices indicated by a GPC setting when we detect a relevant signal, as required by applicable law. Please refer to our Cookie Notice for information on other general browser settings and opt-out mechanisms.
Marketing preferences
Occasionally, we may contact you with information about our products and services that we feel will be of interest to you, in accordance with applicable law. You can stop receiving promotional email communications from us by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences in our Email Subscription Center. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Contentful Services, technical and security notices).
Rights of European Region residents
If you reside in the European Region, in accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
Right of access. The right to obtain access to your personal data along with certain related information.
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format, or to request the transfer of your personal data to another person.
Right to rectification. You have the right to have rectified any inaccurate or incomplete personal data we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
Right to withdraw consent. If you have provided consent for the processing of your personal data, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
You have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case.
In some cases, these rights may be available in limited circumstances or where certain grounds apply. For example, we may not be able to delete your personal data if we need to process that data in order to continue to provide the Contentful Services to your organization, or where allowing access to your personal data would adversely affect the rights and freedoms of others. We may also need to verify your identity before we can fulfill your request.
If you wish to exercise one of these rights, please see Your Privacy Choices. You also have the right to lodge a complaint to your local data protection authority.
Rights of California residents
If you reside in California, you have the following rights in respect of your personal data that we hold:
Right of information and access. You may request information about and access to your personal data that we process in accordance with the CCPA.
Right to erasure. You may request deletion of your personal data in accordance with the CCPA.
Right of correction: You have the right to request that any inaccuracies in your personal data be corrected, taking into account the nature of the personal data and the purposes of the processing of your personal data.
Right to opt-out of the sale or sharing of your personal data. We have third party cookies on our Sites to assist us with analyzing our marketing effectiveness and providing you with tailored content and advertising. We may share cookie data, as well as other personal data about you, with service providers (for example using your email address to obtain firmographic information about the company you work for) or with our business partners, such as in case of joint events organized with such partners.
To opt out of the sharing or sale (as those terms are defined under the CCPA) of your personal data for the purposes of online analytics and advertising, you can manage your cookie preferences and/or, if your browser supports it, enable the GPC as described in the Cookie Settings and Global Privacy Control section above. You may also make a request via Your Privacy Choices.
Right to non-discrimination: You have the right to receive non-discriminatory treatment if and when you exercise your rights to access, delete, or opt-out under the CCPA. This means we cannot, for example, deny goods or services to you or charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, due to you having exercised your rights.
Rights of residents of other US States
Depending on the state in which you reside, you may have the following rights in relation to the personal data we hold about you:
Right of access. You may have the right to obtain:
confirmation of whether, and where, we are processing your personal data;
information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
information about the categories of recipients with whom we may share your personal data; and
a copy of the personal data we hold about you.
Right of portability. You may have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
Right to correction. You may have the right to obtain rectification or correction of any inaccurate or incomplete personal data we hold about you.
Right to deletion. You may have the right, in some circumstances, to require us to delete or erase your personal data.
Right to restriction. You may have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
Right to opt-out. You may have the right to opt-out of certain processing activities. For example, you may have the right to opt-out of the use of your personal data for targeted advertising purposes, or to “sell” or “share” your personal data with third parties in certain contexts.
Right to control over automated decision-making/profiling. The right to direct us not to use automated decision-making or profiling for certain purposes.
Right to withdraw consent. If you have provided consent for the processing of your personal data, you may have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
Right to appeal. In the event that we decline to take action on a request exercising one of your rights set forth above, you have the right to appeal our decision.
Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights.
In some cases, we may be unable to honor your requests. For example, we may not be able to delete your personal data if we are prohibited by law from doing so. We may also need to verify your identity before we can fulfill your request. If you wish to exercise one of these rights, please see Your Privacy Choices.
12. LINKS TO THIRD PARTY SITES
The Contentful Services and Sites may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for their notices. Please check the individual notices before you submit any information to those websites.
13. INFORMATION ABOUT CHILDREN
The Contentful Services and our Sites are not directed at persons under 16. We do not knowingly or intentionally collect or solicit personal data from anyone under the age of 16. If we learn that we have inadvertently collected personal data from a child under 16, we will delete that information as quickly as possible. If you believe that we might have any information about a child under 16, please contact us using the details set out in the “Contact Us” section below.
14. CHANGES TO THIS PRIVACY NOTICE
Please read this Privacy Notice carefully and note that we may change it. We may change it specifically if the Contentful Services or our Sites evolve, if how we engage with you offline changes, or if relevant laws or their application change. We recommend that you read this Privacy Notice from time to time and take a copy for your files. We will post new versions of this Privacy Notice on our Sites and identify new notices with the date they take effect.
15. CONTACT US
If you have any questions about our processing of your personal data, please contact us by email at privacy@contentful.com. Our data protection officer can be contacted at dpo@contentful.com.