👀 Get a glimpse of Kirby 5 Learn more
Skip to content
    Search by Algolia Algolia

    Privacy Policy

    Who we are

    The company behind Kirby CMS and the responsible data controller for this website is the Content Folder GmbH & Co. KG.

    Content Folder GmbH & Co. KG
    Böhmer Weg 22
    69151 Neckargemünd
    Germany
    Email: support@getkirby.com

    Our general manager responsible for data protection is Bastian Allgeier.

    You can contact us any time via email or the postal address above, if you have questions about our privacy policy.

    How we collect data

    This is an overview of how we handle your personal data. Please see the sections below for further details.

    On this website

    https://getkirby.com (including subdomains not mentioned otherwise)

    We don't collect any personal data of our website visitors except server logs. We use the following third parties to improve our website performance:

    • KeyCDN:
      To speed up access to our site across the globe and to reduce the image file size
    • Algolia:
      To provide a really good search experience for our website and documentation

    In addition, we use YouTube and CARTO to display videos and maps with your consent.

    If you voluntarily contribute website content such as plugin profiles, cookbook recipes or an entry on our community map, we use the personal data in such content for display on this website according to the respective purpose.

    In our licensing hub we keep licensing information to enable license activations and upgrades and to check the license status of Kirby projects.

    Read more ›

    Personal Demo

    The Personal Demo you can access from the Try page stores a shortened hash of your IP address to protect you against cross-site scripting attacks (known as XSS attacks) and to prevent the creation of too many demo instances per user.

    The demo server temporarily stores content that you enter in your demo instance. This data is completely deleted when the demo instance expires or when you delete your instance manually.

    Other personal data except server logs is not collected by the Personal Demo.

    Read more ›

    Partner Directory

    https://getkirby.com/partners

    Our partner directory connects our curated partners with those interested to build Kirby projects. To make this possible, we process personal data of our partners and interested people.

    Read more ›

    Shop

    https://getkirby.com/buy

    Our shop is provided by Paddle. They collect the data about your purchases.

    Read more ›

    Forum

    https://forum.getkirby.com

    Our support forum is provided by Discourse. Your personal data in the forum is collected on their servers.

    Read more ›

    Feedback Platform

    https://feedback.getkirby.com

    Our feedback platform is provided by Nolt. Your personal data on the feedback platform is collected on their servers.

    Read more ›

    Emails

    All emails sent to and from the getkirby.com domain (except newsletters) are processed by our email hosting provider Fastmail.

    Read more ›

    Newsletter

    https://getkirby.com/kosmos

    If you sign up to our newsletter, your data is being collected by our newsletter service Newstroll.

    Read more ›

    Your rights

    GDPR is all about your rights as users and we think this is great! You can exercise your rights by sending us an email at support@getkirby.com.

    You can access information on all data stored about you

    Contact us and we will provide you with all information on data we have about you.

    You have the right to be ‘forgotten’ by us

    Let us know and we will delete all your personal data that we store.

    You have the right to correct any personal data stored about you

    If there's any personal data about you that should be corrected by us, please let us know.

    You have the right to withdraw your consent

    If you subscribed to our Kosmos newsletter, you can unsubscribe at any time. You can do this on your own with the unsubscribe link in each of our newsletters. But we are also happy to do this for you if you want. Just let us know.

    If you created an account in our forum and no longer want to use it, we will anonymize your profile on your request. All your personal data (username, email address and user profile) will then be deleted. If you prefer to have all of your anonymized posts deleted as well, please let us know.

    The same applies to any personal website content you have contributed, such as plugin profiles, cookbook recipes or an entry on our community map. If you'd like us to remove your personal data in such content, please let us know.

    You have the right to port your data to another service

    We will give you a copy of your data in a plain text format so that you can provide it to another service.

    You have the right to file a complaint regarding our use of your data

    Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.

    Website

    License information

    Our license hub at https://hub.getkirby.com keeps the information about Kirby licenses. We only store the information that is necessary to enable license activations and upgrades and to check the license status of Kirby projects. Specifically we store the customer's email address, the order number(s), the license type(s) and license code(s), the dates of purchase and first activation, the activated website domain(s) and upgrade status.

    We collect this data during the checkout and activation processes. We delete the data as soon as it is no longer needed for the mentioned purposes (for example when a license is terminated).

    The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

    Contributed content

    If you voluntarily contribute website content such as plugin profiles, cookbook recipes or an entry on our community map, we use the personal data in such content for display on this website according to the respective purpose.

    We collect the content via clearly labeled forms on our website or via contributions to the website's source code. We delete your personal data on your request or as soon as the content is no longer relevant for its purpose.

    The basis for data processing is Art. 6 (1) (a) GDPR, which allows the processing of data with your consent.

    Cookies

    Our website only sets cookies for the following purposes:

    Feature Reason Basis for data processing
    License hub To enable secure authentication Art. 6 (1) (b) GDPR (to fulfill a contract or for measures preliminary to a contract)
    Our shop when visiting the "Buy" page To optimize the licensing experience Art. 6 (1) (f) GDPR (our legitimate interests)
    Visits to our website with an affiliate link To attribute purchases to the correct affiliate Art. 6 (1) (f) GDPR (our legitimate interests)

    All cookies set and used on our website are first-party cookies. We do not set cookies for any other purpose.

    Analytics and tracking

    We do not use any trackers, social media buttons or analytics services on our website.

    TLS transport encryption

    This site uses TLS transport encryption to protect the transmission of sensitive data and prevent manipulation by eavesdroppers. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and when the lock icon is displayed in your browser's address bar.

    If TLS transport encryption is activated, the data you transfer to us cannot be read by third parties.

    Hosting

    The servers for our website are provided by:

    Hetzner Online GmbH
    Industriestr. 25
    91710 Gunzenhausen
    Germany

    Hetzner complies with GDPR. The servers are located in their data center in Nuremberg, Germany. You can find their privacy policy here: https://www.hetzner.com/legal/privacy-policy/

    We use the services of Ploi to manage our servers:

    Ploi
    Amperestraat 16J, 3861NC
    Nijkerk
    Gelderland
    The Netherlands

    Ploi complies with GDPR. You can find their privacy policy here: https://ploi.io/privacy-policy

    Server log files

    We automatically collect and store information that your browser transmits to us in "server log files" on our Hetzner servers. These are:

    • Browser type and browser version
    • Operating system used
    • Referrer URL
    • Host name of the accessing computer
    • Time of the server request
    • IP address

    This data will not be combined with data from other sources.

    The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

    Third-party services

    We use the following third-party services to improve the performance and usability of our site:

    KeyCDN

    We use a content delivery network to provide faster access to our CSS, JavaScript, images and font files from anywhere around the world. Our CDN is provided by:

    proinity LLC (KeyCDN)
    Reichenauweg 1
    8272 Ermatingen
    Switzerland

    KeyCDN complies with GDPR. You can find their privacy policy here: https://www.keycdn.com/privacy

    Algolia

    Our site-wide search is running on a third-party search service. We index only the content that is already publicly available on our site in order to make it searchable for you. The search is provided by:

    Algolia SAS
    55 Rue d’Amsterdam
    75008 Paris
    France

    Algolia complies with GDPR. You can find their privacy policy here: https://www.algolia.com/policies/privacy/

    YouTube

    We embed YouTube videos (for example screencasts) in relevant places on our site. YouTube is provided by:

    Google Ireland Limited
    Gordon House
    Barrow Street
    Dublin 4
    Ireland

    We use YouTube's privacy-enhanced mode that reduces the privacy impact according to YouTube's documentation. In addition, we only load videos after you have consented to this data processing by clicking on the video.

    Once a YouTube video is loaded, we cannot control the data processing carried out by Google/YouTube. They may store cookies or local storage data and use them for personalization. If you are logged in to YouTube, they may be able to link your visit to your personal profile.

    Google complies with GDPR. You can find their privacy policy here: https://policies.google.com/privacy

    CARTO

    To display our community map, external map data is loaded from CARTO. We only load the map after you have consented to this data processing. By loading the external map data, your browser only sends your IP address, browser version and requested map area(s). This data is processed by:

    CARTO
    307 5th Ave #9
    10016, New York
    USA

    Your consent is stored within your local browser session so that subsequent requests within the same session directly load the community map. Once your session ended, new consent is required next time you want to load the map.

    CARTO complies with GDPR. You can find their privacy policy here: https://carto.com/privacy

    Personal Demo

    Cookies

    Like any Kirby website, the demo instances set a session cookie when you log in to the Panel. You can read more about this in our privacy guide.

    The demo server also sets a first-party cookie to remember your current demo instance to allow you to get back to your personal demo while it is active.

    We do not set cookies for any other purpose.

    The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, in this case to ensure the functionality of the demo.

    IP address

    Our demo manager software at https://trykirby.com temporarily stores the IP address of the user who created the demo instance. We need it to protect you against cross-site scripting attacks (known as XSS attacks) and to prevent the creation of too many demo instances per user.

    Because the IP address is stored as a shortened hash only, we cannot convert it back to the actual IP address.

    The IP address is collected during the creation of the demo instance and deleted when the demo instances expires or when you delete your instance manually.

    The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

    Content

    The demo server temporarily stores content that you enter in your demo instance. This data is completely deleted when the demo instance expires or when you delete your instance manually.

    The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, in this case to ensure the functionality of the demo.

    Analytics and tracking

    We do not use any trackers in the Personal Demo.

    TLS encryption

    Like with our website, connections to the Personal Demo are always encrypted with TLS. See the section on our website's TLS encryption for more details.

    Hosting

    The servers for the Personal Demo are provided by:

    Hetzner Online GmbH
    Industriestr. 25
    91710 Gunzenhausen
    Germany

    Hetzner complies with GDPR. You can find Hetzner's privacy policy here: https://www.hetzner.com/legal/privacy-policy/

    To ensure good performance of the demo, we use multiple server zones, currently in Nuremberg, Germany and Hillsboro, USA. When you create a new demo instance, your web browser automatically selects the server with the lowest latency – commonly the server physically closest to you.

    We use the services of Ploi to manage our servers:

    Ploi
    Amperestraat 16J, 3861NC
    Nijkerk
    Gelderland
    The Netherlands

    Ploi complies with GDPR. You can find their privacy policy here: https://ploi.io/privacy-policy

    Server log files

    We automatically collect and store information that your browser transmits to us in "server log files" on our Hetzner servers. These are:

    • Browser type and browser version
    • Operating system used
    • Referrer URL
    • Host name of the accessing computer
    • Time of the server request
    • IP address
    • PHP errors that may occur in the demo

    This data will not be combined with data from other sources.

    The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

    Third-party services

    We use the following third-party service to improve the performance and usability of the Personal Demo:

    KeyCDN

    We use a content delivery network to provide faster access to our CSS, JavaScript, images and font files from anywhere around the world. Our CDN is provided by:

    proinity LLC (KeyCDN)
    Reichenauweg 1
    8272 Ermatingen
    Switzerland

    KeyCDN complies with GDPR. You can find their privacy policy here: https://www.keycdn.com/privacy

    Partner Directory

    We store and process information of businesses who have applied to become partners. This information may include personal data such as names, email addresses, social media handles and profile photos. We process this data to perform review and certification, to publish the partner listing and to keep track of the partnership term.

    We also store and process information of project leads submitted by interested people, which may contain personal data depending on the project request. We process this data to match the project requests to our partners.

    The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

    Third-party services

    We use the following third-party for our partner directory:

    Airtable

    We use Airtable to manage partnerships and project requests:

    Airtable
    799 Market St., 8th Floor
    San Francisco
    CA 94103
    USA

    Airtable complies with GDPR. You can find their privacy policy here: https://www.airtable.com/company/privacy

    Shop

    Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

    Paddle.com Market Limited
    Judd House
    18-29 Mora Street
    London, EC1V 8BT
    United Kingdom

    Paddle complies with GDPR. You need to agree to their terms of service and privacy policy whenever you buy a license. We don't store your billing data anywhere else. You can find Paddle's privacy policy and the addresses of Paddle's EU and USA branches here: https://paddle.com/privacy/

    Feedback Platform

    Our feedback platform is provided by Nolt:

    Nolt Software Inc.
    6D - 7398 Yonge St. Unit # 320
    Thornhill, L4J 8J2
    Ontario
    Canada

    Nolt is GDPR compliant. You can find the privacy policy of Nolt here: https://nolt.io/help/privacy

    Support Forum

    Our support forum is running on an open-source forum software called Discourse and the hosting is provided by the company behind the forum software, Civilized Discourse Construction Kit, Inc. The company's EU representative is:

    M. Régis Hanol
    Civilized Discourse Construction Kit, Inc.
    78 Allée Primavera
    Centre UBIDOCA, 15232
    Pringy
    74370 Annecy
    France

    The hosted Discourse forum is GDPR compliant. You can find the privacy policy of Discourse here: https://meta.discourse.org/privacy

    Emails

    All emails sent to and from the getkirby.com domain (except newsletters) are processed by our email hosting provider Fastmail:

    Fastmail Pty Ltd
    PO Box 234
    Collins Street West
    VIC 8007
    Australia

    Fastmail is GDPR compliant. You can find the privacy policy of Fastmail here: https://www.fastmail.com/privacy/

    Newsletter

    You can sign up to our monthly Kirby Kosmos newsletter to receive updates about Kirby, plugins, themes and other news around Kirby and the web. We never sign you up automatically. You have to use the sign up form on our website or during the Paddle checkout and confirm your subscription with the double-opt in process. To sign up we require and verify your email address and you can provide an optional name.

    All subscriber data is collected by the German newsletter service Newstroll:

    NEWSTROLL
    Marco Ahrendt
    Maustäle 18
    72793 Pfullingen
    Germany

    Newstroll offers analytics tools to check if newsletters have been opened and links have been clicked. We have disabled tracking on the subscriber level and only get access to the analytics for the entire list of subscribers. We only use those analytics to check how interesting and relevant our newsletters are over time. We never use them to analyze individual subscribers.

    You can unsubscribe from our newsletter at any time. This can be done by using the unsubscribe link in every newsletter or by sending an email to support@getkirby.com and we will handle it for you.

    Newstroll complies with GDPR. You can find our more about their privacy policy on their site (German): https://www.newstroll.de/datenschutz/

    Your Kirby installation

    On your own Kirby-powered websites, you or your clients are their own data controllers and fully responsible for complying with applicable privacy legislation. While Kirby is designed with privacy in mind, there are some situations in which user privacy might be affected. Head over to our privacy guide to learn more.

    Questions & Feedback

    We try to keep our privacy policy as transparent and easy to understand as possible. Please let us know if we can improve it further or if you have any other questions: support@getkirby.com

    Updates

    We will regularly check and update this privacy policy if necessary.
    Last update: June 30, 2024