🚀 A new era: Kirby 4 Get to know
Skip to content

Privacy Policy

Who we are

The company behind Kirby CMS and the responsible data controller for this website is the Content Folder GmbH & Co. KG.

Content Folder GmbH & Co. KG
Böhmer Weg 22
69151 Neckargemünd
Germany
Email: support@getkirby.com

Our general manager responsible for data protection is Bastian Allgeier.

You can contact us any time via email or the postal address above, if you have questions about our privacy policy.

How we collect data

This is an overview of how we handle your personal data. Please see the sections below for further details.

On this website

https://getkirby.com (including subdomains not mentioned otherwise)

We don't collect any personal data of our website visitors except server logs. We use the following third parties to improve our website performance:

  • KeyCDN:
    To speed up access to our site across the globe and to reduce the image file size
  • Algolia:
    To provide a really good search experience for our website and documentation

In addition, we use YouTube and CARTO to display videos and maps with your consent.

If you voluntarily contribute website content such as plugin profiles, cookbook recipes or an entry on our community map, we use the personal data in such content for display on this website according to the respective purpose.

In our licensing hub we keep licensing information to enable license activations and upgrades and to check the license status of Kirby projects.

Read more ›

Personal Demo

The Personal Demo you can access from the Try page stores a shortened hash of your IP address to protect you against cross-site scripting attacks (known as XSS attacks) and to prevent the creation of too many demo instances per user.

The demo server temporarily stores content that you enter in your demo instance. This data is completely deleted when the demo instance expires or when you delete your instance manually.

Other personal data except server logs is not collected by the Personal Demo.

Read more ›

Partner Directory

https://getkirby.com/partners

Our partner directory connects our curated partners with those interested to build Kirby projects. To make this possible, we process personal data of our partners and interested people.

Read more ›

Shop

https://getkirby.com/buy

Our shop is provided by Paddle. They collect the data about your purchases.

Read more ›

Forum

https://forum.getkirby.com

Our support forum is provided by Discourse. Your personal data in the forum is collected on their servers.

Read more ›

Feedback Platform

https://feedback.getkirby.com

Our feedback platform is provided by Nolt. Your personal data on the feedback platform is collected on their servers.

Read more ›

Emails

All emails sent to and from the getkirby.com domain (except newsletters) are processed by our email hosting provider Fastmail.

Read more ›

Newsletter

https://getkirby.com/kosmos

If you sign up to our newsletter, your data is being collected by our newsletter service Newstroll.

Read more ›

Your rights

GDPR is all about your rights as users and we think this is great! You can exercise your rights by sending us an email at support@getkirby.com.

You can access information on all data stored about you

Contact us and we will provide you with all information on data we have about you.

You have the right to be ‘forgotten’ by us

Let us know and we will delete all your personal data that we store.

You have the right to correct any personal data stored about you

If there's any personal data about you that should be corrected by us, please let us know.

If you subscribed to our Kosmos newsletter, you can unsubscribe at any time. You can do this on your own with the unsubscribe link in each of our newsletters. But we are also happy to do this for you if you want. Just let us know.

If you created an account in our forum and no longer want to use it, we will anonymize your profile on your request. All your personal data (username, email address and user profile) will then be deleted. If you prefer to have all of your anonymized posts deleted as well, please let us know.

The same applies to any personal website content you have contributed, such as plugin profiles, cookbook recipes or an entry on our community map. If you'd like us to remove your personal data in such content, please let us know.

You have the right to port your data to another service

We will give you a copy of your data in a plain text format so that you can provide it to another service.

You have the right to file a complaint regarding our use of your data

Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.

Website

License information

Our license hub at https://hub.getkirby.com keeps the information about Kirby licenses. We only store the information that is necessary to enable license activations and upgrades and to check the license status of Kirby projects. Specifically we store the customer's email address, the order number(s), the license type(s) and license code(s), the dates of purchase and first activation, the activated website domain(s) and upgrade status.

We collect this data during the checkout and activation processes. We delete the data as soon as it is no longer needed for the mentioned purposes (for example when a license is terminated).

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contributed content

If you voluntarily contribute website content such as plugin profiles, cookbook recipes or an entry on our community map, we use the personal data in such content for display on this website according to the respective purpose.

We collect the content via clearly labeled forms on our website or via contributions to the website's source code. We delete your personal data on your request or as soon as the content is no longer relevant for its purpose.

The basis for data processing is Art. 6 (1) (a) GDPR, which allows the processing of data with your consent.

Cookies

Our website only sets cookies for the following purposes:

Feature Reason Basis for data processing
License hub To enable secure authentication Art. 6 (1) (b) GDPR (to fulfill a contract or for measures preliminary to a contract)
Our shop when visiting the "Buy" page To optimize the licensing experience Art. 6 (1) (f) GDPR (our legitimate interests)
Visits to our website with an affiliate link To attribute purchases to the correct affiliate Art. 6 (1) (f) GDPR (our legitimate interests)

All cookies set and used on our website are first-party cookies. We do not set cookies for any other purpose.

Analytics and tracking

We do not use any trackers, social media buttons or analytics services on our website.

TLS transport encryption

This site uses TLS transport encryption to protect the transmission of sensitive data and prevent manipulation by eavesdroppers. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and when the lock icon is displayed in your browser's address bar.

If TLS transport encryption is activated, the data you transfer to us cannot be read by third parties.

Hosting

The servers for our website are provided by:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Hetzner complies with GDPR. The servers are located in their data center in Nuremberg, Germany. You can find their privacy policy here: https://www.hetzner.com/legal/privacy-policy/

We use the services of Ploi to manage our servers:

Ploi
Amperestraat 16J, 3861NC
Nijkerk
Gelderland
The Netherlands

Ploi complies with GDPR. You can find their privacy policy here: https://ploi.io/privacy-policy

Server log files

We automatically collect and store information that your browser transmits to us in "server log files" on our Hetzner servers. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

Third-party services

We use the following third-party services to improve the performance and usability of our site:

KeyCDN

We use a content delivery network to provide faster access to our CSS, JavaScript, images and font files from anywhere around the world. Our CDN is provided by:

proinity LLC (KeyCDN)
Reichenauweg 1
8272 Ermatingen
Switzerland

KeyCDN complies with GDPR. You can find their privacy policy here: https://www.keycdn.com/privacy

Algolia

Our site-wide search is running on a third-party search service. We index only the content that is already publicly available on our site in order to make it searchable for you. The search is provided by:

Algolia SAS
55 Rue d’Amsterdam
75008 Paris
France

Algolia complies with GDPR. You can find their privacy policy here: https://www.algolia.com/policies/privacy/

YouTube

We embed YouTube videos (for example screencasts) in relevant places on our site. YouTube is provided by:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

We use YouTube's privacy-enhanced mode that reduces the privacy impact according to YouTube's documentation. In addition, we only load videos after you have consented to this data processing by clicking on the video.

Once a YouTube video is loaded, we cannot control the data processing carried out by Google/YouTube. They may store cookies or local storage data and use them for personalization. If you are logged in to YouTube, they may be able to link your visit to your personal profile.

Google complies with GDPR. You can find their privacy policy here: https://policies.google.com/privacy

CARTO

To display our community map, external map data is loaded from CARTO. We only load the map after you have consented to this data processing. By loading the external map data, your browser only sends your IP address, browser version and requested map area(s). This data is processed by:

CARTO
307 5th Ave #9
10016, New York
USA

Your consent is stored within your local browser session so that subsequent requests within the same session directly load the community map. Once your session ended, new consent is required next time you want to load the map.

CARTO complies with GDPR. You can find their privacy policy here: https://carto.com/privacy

Personal Demo

Cookies

Like any Kirby website, the demo instances set a session cookie when you log in to the Panel. You can read more about this in our privacy guide.

The demo server also sets a first-party cookie to remember your current demo instance to allow you to get back to your personal demo while it is active.

We do not set cookies for any other purpose.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, in this case to ensure the functionality of the demo.

IP address

Our demo manager software at https://trykirby.com temporarily stores the IP address of the user who created the demo instance. We need it to protect you against cross-site scripting attacks (known as XSS attacks) and to prevent the creation of too many demo instances per user.

Because the IP address is stored as a shortened hash only, we cannot convert it back to the actual IP address.

The IP address is collected during the creation of the demo instance and deleted when the demo instances expires or when you delete your instance manually.

The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

Content

The demo server temporarily stores content that you enter in your demo instance. This data is completely deleted when the demo instance expires or when you delete your instance manually.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract, in this case to ensure the functionality of the demo.

Analytics and tracking

We do not use any trackers in the Personal Demo.

TLS encryption

Like with our website, connections to the Personal Demo are always encrypted with TLS. See the section on our website's TLS encryption for more details.

Hosting

The servers for the Personal Demo are provided by:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Hetzner complies with GDPR. You can find Hetzner's privacy policy here: https://www.hetzner.com/legal/privacy-policy/

To ensure good performance of the demo, we use multiple server zones, currently in Nuremberg, Germany and Hillsboro, USA. When you create a new demo instance, your web browser automatically selects the server with the lowest latency – commonly the server physically closest to you.

We use the services of Ploi to manage our servers:

Ploi
Amperestraat 16J, 3861NC
Nijkerk
Gelderland
The Netherlands

Ploi complies with GDPR. You can find their privacy policy here: https://ploi.io/privacy-policy

Server log files

We automatically collect and store information that your browser transmits to us in "server log files" on our Hetzner servers. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
  • PHP errors that may occur in the demo

This data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data for the purposes of our legitimate interests, in this case to ensure network and information security.

Third-party services

We use the following third-party service to improve the performance and usability of the Personal Demo:

KeyCDN

We use a content delivery network to provide faster access to our CSS, JavaScript, images and font files from anywhere around the world. Our CDN is provided by:

proinity LLC (KeyCDN)
Reichenauweg 1
8272 Ermatingen
Switzerland

KeyCDN complies with GDPR. You can find their privacy policy here: https://www.keycdn.com/privacy

Partner Directory

We store and process information of businesses who have applied to become partners. This information may include personal data such as names, email addresses, social media handles and profile photos. We process this data to perform review and certification, to publish the partner listing and to keep track of the partnership term.

We also store and process information of project leads submitted by interested people, which may contain personal data depending on the project request. We process this data to match the project requests to our partners.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Third-party services

We use the following third-party for our partner directory:

Airtable

We use Airtable to manage partnerships and project requests:

Airtable
799 Market St., 8th Floor
San Francisco
CA 94103
USA

Airtable complies with GDPR. You can find their privacy policy here: https://www.airtable.com/company/privacy

Shop

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

Paddle.com Market Limited
Judd House
18-29 Mora Street
London, EC1V 8BT
United Kingdom

Paddle complies with GDPR. You need to agree to their terms of service and privacy policy whenever you buy a license. We don't store your billing data anywhere else. You can find Paddle's privacy policy and the addresses of Paddle's EU and USA branches here: https://paddle.com/privacy/

Feedback Platform

Our feedback platform is provided by Nolt:

Nolt Software Inc.
6D - 7398 Yonge St. Unit # 320
Thornhill, L4J 8J2
Ontario
Canada

Nolt is GDPR compliant. You can find the privacy policy of Nolt here: https://nolt.io/help/privacy

Support Forum

Our support forum is running on an open-source forum software called Discourse and the hosting is provided by the company behind the forum software, Civilized Discourse Construction Kit, Inc. The company's EU representative is:

M. Régis Hanol
Civilized Discourse Construction Kit, Inc.
78 Allée Primavera
Centre UBIDOCA, 15232
Pringy
74370 Annecy
France

The hosted Discourse forum is GDPR compliant. You can find the privacy policy of Discourse here: https://meta.discourse.org/privacy

Emails

All emails sent to and from the getkirby.com domain (except newsletters) are processed by our email hosting provider Fastmail:

Fastmail Pty Ltd
PO Box 234
Collins Street West
VIC 8007
Australia

Fastmail is GDPR compliant. You can find the privacy policy of Fastmail here: https://www.fastmail.com/privacy/

Newsletter

You can sign up to our monthly Kirby Kosmos newsletter to receive updates about Kirby, plugins, themes and other news around Kirby and the web. We never sign you up automatically. You have to use the sign up form on our website or during the Paddle checkout and confirm your subscription with the double-opt in process. To sign up we require and verify your email address and you can provide an optional name.

All subscriber data is collected by the German newsletter service Newstroll:

NEWSTROLL
Marco Ahrendt
Maustäle 18
72793 Pfullingen
Germany

Newstroll offers analytics tools to check if newsletters have been opened and links have been clicked. We have disabled tracking on the subscriber level and only get access to the analytics for the entire list of subscribers. We only use those analytics to check how interesting and relevant our newsletters are over time. We never use them to analyze individual subscribers.

You can unsubscribe from our newsletter at any time. This can be done by using the unsubscribe link in every newsletter or by sending an email to support@getkirby.com and we will handle it for you.

Newstroll complies with GDPR. You can find our more about their privacy policy on their site (German): https://www.newstroll.de/datenschutz/

Your Kirby installation

On your own Kirby-powered websites, you or your clients are their own data controllers and fully responsible for complying with applicable privacy legislation. While Kirby is designed with privacy in mind, there are some situations in which user privacy might be affected. Head over to our privacy guide to learn more.

Questions & Feedback

We try to keep our privacy policy as transparent and easy to understand as possible. Please let us know if we can improve it further or if you have any other questions: support@getkirby.com

Updates

We will regularly check and update this privacy policy if necessary.
Last update: June 30, 2024