Craft Privacy Policy

By using any of our products, services, or software applications (together, the “Services”) or whether you’re simply visiting this website, you are agreeing to the terms of this Privacy Policy and, as applicable, the Pixel & Tonic Terms & Conditions. We will update this Privacy Policy and when we do we will put a notice on our site. We may also update you by other means such as email or social media accounts. By continuing to use this website or the Services after these changes are posted, you agree to the revised policy.

Collection of Information and How We Use It #

We collect data from you. Sometimes this is done passively through software like Google Analytics or “cookies.” Sometimes this is done programmatically through software like our Craftnet licensing server. And sometimes you choose to give us your data voluntarily, during technical support for example. 

When you provide us with personal information in any of the manners above, we imply that you consent to us collecting and storing such information. We only use your personal information to help us improve the work we do for you. You can request that we delete or remove your personal data.

For cookies we follow US law. We cannot guarantee that our cookies or 3rd party cookies will meet your country of residence legal requirements. If you think we’re in violation of your country of residence requirements, please email hello@craftcms.com.

How We Use Your Information #

We will definitely use your data to help us improve our products and services. For example, improving the Plugin store UI, the usefulness of our websites, feature updates, sales responses, etc...

We Can Promote Publicly Identifiable Craft Installs #

We do not use Craftnet license information when deciding what sites to promote.

If your site is publicly identifiable as using Craft, we may use your site to showcase what is possible with Craft. This may be a tweet, blog post, or other use. We will never disclose any personal information, code, or customer information if we showcase your Craft install.

We determine if a site is publicly identifiable in the following ways:

  1. You have publicly said something about it (blog post, Tweet, etc...).
  2. 3rd Party tools like Builtwith, Wappalyzer, or What Runs identify your site as a Craft using the information Craft sends in the HTML "Powered by Header." This is a common HTML code level methodology to identify software. This is enabled by default in Craft CMS.
  3. If you disable the "powered by" header, we assume you do not want it known that the site is on Craft and we won't promote it. You can disable it by setting $sendPoweredByHeader to false in your General Config file.

We will remove any promotional use of your site or your brand logo at your request. Just email us at hello@craftcms.com.

Sharing Your Information with Third Parties #

We will never resell your data to 3rd parties.

Sometimes we share your information with third parties in order to provide you with the product or service you are requesting; for example, we share information with Stripe (payment processing), Front App (technical support), Google Analytics (improving our website for you), and 3rd Party Plugin Store Developers (because you purchased or acquired their plugin). We minimize this sharing of your personal information as much as possible.

In certain limited circumstances, we may also be required to share your personal information with third parties to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. We have not been required by any government to provide customer information to them. Your personal information may also be shared with a company that acquires our business by any means.

We are unable to control what any third party does with your personal information. Third parties will usually have their own privacy policies for personal information we provide them, and we recommend that you read their privacy policies so that you can understand the manner in which your personal information will be handled by these third parties. Some third parties are located in different jurisdictions than either you or us and thus your personal information and the protection thereof may become subject to the laws of such jurisdiction in which that third party is located.

When you click on links connected to our Services, they may direct you away from our software or website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements as they are third parties.

We will always ask for your consent before sharing your personal information with third parties for purposes other than those set forth herein.

Sharing Your Information with Developers in the Plugin Store #

If you install or purchase a plugin from the Craft Plugin Store your information will be shared with that 3rd party developer. We require all developers who distribute plugins in the Plugin Store to adhere to this same Privacy Policy but we are not liable or responsible for what they do with your information.

If you feel a 3rd Party developer is misusing your personal information that was acquired through the Plugin store, please email hello@craftcms.com.

Deleting or Removing Your Personal Information #

At your request, we will delete all personal information we use about you for marketing or product development purposes.

At your request, we will delete all personal information from your Developer Support account or any technical support or any sales history unless we determine that we are required to keep the data as required by law. For example, if you work for an agency or an organization but you are not the owner of the license, we may be required by law to keep your technical support or sales data. In such circumstances, we will notify you.

Please note that for your Craft ID account, we will delete your account if requested unless you have transferred a license to a 3rd party. Once you have transferred a license to a 3rd party, we are required by law to keep your purchase and transaction data, which includes some of your personal information. In this case, we can disable your account on request but not delete it.

To request any of the above, please email hello@craftcms.com.  

Security of your Personal Data #

We follow industry standards on information security management for personal information we collect and store. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.

Limited Liability #

We are not liable for anything you do with our products, services, or information on our websites and social media accounts.

GDPR Addendum #

We will be updating our Terms of Service and Privacy Policy to support GDPR. We will notify all customers by email when they are ready.

We have a Data Processing Addendum available for customers.

For Craft CMS and Craft Commerce specifically, please be aware that there is nothing we can do to make your installation 100% compliant. It is simply impossible for self-hosted software to do that on your behalf. Our goal is to understand what tools Craft could have that will help you with compliance and improve them over time to reduce the cost and effort of reaching compliance.

If you have specific GDPR concerns in our services, products, or terms that you would like us to consider, please let us know at hello@craftcms.com.