Statamic, Privacy, and You
Last updated on December 13th, 2019.
To the extend that our products and services can provide their functionality without doing so, we prefer to avoid collecting data from you.
The rest of this policy details what do we track and/or store, how that data is used, and what you can do to opt out and exercise your rights via GDPR or other similar regulations.
We use modern security measures to protect collected data, and limit access to only those employees who require access to perform their jobs. We may be legally required to disclose collected data to law enforcement or government agencies in some situations.
By creating an account on statamic.com, downloading the Statamic application, addons, or themes, you agree to the collection and use of information in accordance with this policy.
Information We Collect
User-Provided Information: You provide us information about yourself, such as your name, e-mail address, and other personally identifiable information (all referred to as “Personal Information”) if you register for a User account with the Service. If you correspond with us by email, we may retain the content of your email messages, your email address and our responses. We may also retain any messages you send through the Service. You may provide us information in user content, such as your public profile and comments that you post to the Service.
Passive and Programmatic Collection: Third party services (detailed below), our licensing server, and/or cookies may collect additional information, including IP Address, browser type, browser version, pages of our site you visit, the time and date of your visit, time spent on those pages, unique device identifiers, and other diagnostic data.
How We Use Your Information
We only use your data to improve our products and services, notify you of changes to our service, to detect, prevent, and address technical issues, and to provide you with news and general information about our products and services.
Sharing Your Information
We will never, ever resell your data to 3rd parties.
Sometimes customer information is shared with third parties in order to provide the product or service you are requesting; for example, we share information with Stripe (payment processing), Intercom (technical support), and Marketplace Sellers (if you purchased or acquired their addon or theme). We minimize the sharing of your personal information to as little data as necessary.
We will always ask for your consent before sharing your personal information with third parties for purposes other than those set forth herein.
Security of your Personal Data
We follow industry standards on information security management for personal information we collect and store. No method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use all possible means to protect your personal data, no one can guarantee its absolute security.
Third-Party Vendor Services
We are unable to control what any third party does with your personal information. Third parties will usually have their own privacy policies for personal information we provide them, and we recommend that you read their privacy policies so that you can understand the manner in which your personal information will be handled by these third parties. Some third parties are located in different jurisdictions than either you or us and thus your personal information and the protection thereof may become subject to the laws of such jurisdiction in which that third party is located.
We use the following third party services:
- Credit card processing for purchases from our website is provided by Stripe.
- Collection and aggregation of usage analytics and crash logs is provided by Sentry.
- Email newsletter services are provided by Mailchimp
- Customer Support and email correspondence is provided by Intercom.
- Privacy-first web analytics are provided by Fathom.
- Spam prevention is provided by Akismet
- Bot detection is provided by Google Recaptcha
- We use Basecamp and Slack as internal communication tools. Customer information may pass through these services as support processes occur.
As you might expect, we keep backups of company data so that a catastrophic data loss event doesn’t put us out of business. Although collected personal data expires from our “active” data set according to the schedules mentioned above, it may persist in backups for up to 6 months. Backups are only accessible to specially privileged employees who perform system administration tasks. We consider the backups “cold storage” and we don’t pull data from them unless a significant data loss event has occurred.
- To enable essential functions of the Service
- To prevent bots and spam
- To store your preferences
Rights of EU Citizens Under GDPR
Citizens of the EU may exercise their rights under the General Data Protection Regulation, such as the rights of access and erasure, by contacting us with their request. We recommend emailing the request to firstname.lastname@example.org.
At said request, we will delete all personal information we use about you for marketing or product development purposes, except those required by law.
Please note that as we are located in the United States, when you provide us with your Personal Information we will process it in countries outside the European Economic Area (“EEA”), such as the United States, which may not provide the same level of data protection as in your jurisdiction. This is necessary in order to perform our services. Regardless of where your personal information is located, we will adopt measures to protect your Personal Information as set out below.
Please also be aware that there is nothing we can do to make your Statamic installation 100% compliant. It is impossible, however unfortunate, for self-hosted software to do that on your behalf. We are more than happy to explore what features you need, as a developer community, to help with compliance, make your lives easier, and improve them over time.
Promotion of Statamic Installs
We do not use the Statamic licensing server when deciding what sites to promote.
If your site is publicly identifiable as running on Statamic, we may use it to showcase what is possible with Statamic. For example, if you have promoted it on social media, website design galleries, or 3rd Party tools like Builtwith (which identifies the site using the HTML “Powered By” Header enabled by default) can identify the site as running on Statamic. You can disable the “Powered By” header in your system settings if you wish to keep your platform of choice private.
We will remove any promotional use of your site or brand logo at your request. Just email us at email@example.com.
We are not liable for anything you do with our products, services, or information on websites and social media accounts. What you build with Statamic is up to you.
Questions and Feedback
Our privacy policies might change or be edited for clarity over time. Up-to-date information will always be available from this page.
Please contact us if you have any questions about our data collection or privacy policies. We’ll be more than happy to discuss them with you.