Privacy and Legal Policy

Introduction and summary

We recognize that privacy is extremely important to all visitors to our website. We do not share any individual information with anybody without your permission.

To download a whitepaper, you have to enter your email address. Unless you opt in for more information, we immediately delete your mail address from our database after sending the whitepaper.

Our website ocasionally embeds content, like YouTube videos (behind a click-through wall) and others. We don't share any of your data with the parties behind them, however, they can gather some information when you watch a video or click the captcha. We are always looking for ways to decrease data sharing here and input is welcome.

For traking and marketing automation we use the open source Matomo (the former Piwik) tool to get information on how our website is used and use phplist to handle our newsletters. We use the open source marketing automation tool Mautic to track business users that did download resources like white papers or participate in webinars and who did opt-in explicitly. From neither will we hand over individual data to anybody else and any privacy breaches we will disclose as soon as possible. We also delete, anonymize and remove data regularly.

Our security scanner is strictly based on publicly available information, that is the list of known vulnerabilities relevant for ownCloud/Nextcloud releases as well as any applied hardenings/settings we can scan without having access to the server. We only scan on-demand and store the results for a limited time.

Our forums on runs the open source discourse software. This is self-hosted and we do not share, disclose or otherwise distribute any data from it. You can disable your own account there if you need to. Note that this platform is meant for home users and home user questions! As enterprise visitor, please use our support portal. If you still use the forums, expect that we reach out to you at some point.

Our software, be it the Nextcloud server or the Android or iOS apps, are designed to not sent any user data to us. The optional Usage Survey app can sent usage statistics like installed apps to us to help us improve our service. You can review and approve the data before it is sent. We store the data aggregated and not per user, so a theft of our data can not be used to get any information about any specific installation. The Updater app, if enabled, sends Nextcloud version, PHP version, install time and the channel it wants to the Nextcloud updater server to receive update information. We store the install time and version on the instance to track statistics, all other data is discarded right away.

With regards to third party apps: we can not take any responsibility for third-party apps and the data they store or sent about users. We do have a policy in our app store against abusing private data and any app that is found to be in violation is removed and its author banned. However, we do not have the ability to check all code of all third party applications and thus we recommend you are careful when installing third party apps.

If you see any problems, please report it to

You can find details in our full privacy policy below.

Nextcloud Privacy Policy

Our privacy policy is written to help you find out how Nextcloud handles 'Personally identifiable information' (PII). PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

Like most websites, collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request.’s purpose in collecting non-personally identifying information is to better understand how’s visitors use its website. From time to time, may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website. also collects potentially personally-identifying information like Internet Protocol (IP) addresses. does not use such information to identify its visitors, however, and does not disclose such information to third parties unless legally obliged to do so.

We honour the do-not-track directive. won't track anything if this is enabled.

Furthermore, our website visit statistics tool Mamoto is configured to anonymize visitors' IP addresses data by not storing the last digits of all IP addresses.

When registering or submitting a form on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details. See below on what happens with that data.

When do we collect information?

On our websites:

We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site.

Nextcloud Files

Our apps only communicate with your own Nextcloud server and do not sent any data to us. The Play Store version equal to or newer than 1.5.0 for Nextcloud supports push notifications which use the Google servers. However Google does not have access to the actual notification data. Only a header with a subject is sent via Google, but in encrypted form, and the rest of the content is retrieved directly from your Nextcloud server and not sent through Google. The iOS client works in a similar way.

How do we use your information?

We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To improve our website in order to better serve you.
  • To send periodic emails regarding your order or other products and services.
  • To follow up with them after correspondence (live chat, email or phone inquiries)


We use the open source Mautic marketing automation tool. This is used for actions like emailing a whitepaper to people who entered their email address to receive it. If you enter an email address on our site, you agree with that (otherwise we can't sent you that white paper either). We might sent follow-up emails (like a reminder if you didn't download the white paper, or a notification of a new white paper), from which you can opt-out on the bottom of the emails.

In line with our business strategy of not monetizing home and small business users but aim for large enterprises, our goal is to ONLY track employees of companies using their work email. We try to drop all home/private users from the database as soon as we find out they are private users, of course after we have sent them the white paper they asked for. For example, we remove contacts with an @gmail or @icloud address and keep obviously business related addresses (@acme @example-ltd For those we then might follow up on a End-to-end Encryption white paper download a week later with an offer to download our Server-side Encryption white paper; or sent a follow-up email suggesting to read a new blog about encryption we wrote. Our goal is to keep potential customers informed and help them in their journey to become a Nextcloud user and customer, without bothering others.

Of course, you can opt-out of any emails using the unsubscribe link on the bottom of these emails. Note that you then don't get any emails from Mautic anymore: also not if you enter your mail again to get a white paper!

How do we protect visitor information?

We only provide articles, white papers and other information. We never ask for credit card numbers or other financial data.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order and enters, submits, or accesses their information to maintain the safety of your personal information.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. Cookies are used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user's preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We do not use third-party services (like Google Analytics) that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer or firefox) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies settings.

If you disable cookies, some minor features might be disabled.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. Think aggregated statistics (number of website visitors in a particular month) or trends ("we see an increase in the number of visitors from Asia").

Third-party links

We do not include or offer third-party products or services on our website.

According to the California Online Privacy Protection Act (CalOPPA) we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page or as a minimum on the first significant page after entering our website.

Our Privacy Policy link includes the word 'Privacy' and can be easily be found on the page specified above.

Users will be notified of any privacy policy changes on our Privacy Policy Page.

Users are able to change their personal information:

  • By emailing us
  • By calling us

How does our site handle do not track signals?

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?

We do not allow or employ third-party behavioral tracking. Our website features no third party ads or tracking tools.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices, should a data breach occur we will notify the users via email within 7 business days

We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions.

  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

    To be in accordance with CANSPAM we agree to the following:

    • NOT use false or misleading subjects or email addresses.
    • Identify the message as an advertisement in some reasonable way.
    • Include the physical address of our business or site headquarters.
    • Monitor third-party email marketing services for compliance, if one is used.
    • Honor opt-out/unsubscribe requests quickly.
    • Allow users to unsubscribe by using the link at the bottom of each email.


    If at any time you would like to unsubscribe from receiving future emails follow the instructions at the bottom of each email and we will promptly remove you from correspondence by that tool. Note that you have to unsubscribe separately from our newsletter and our marketing automation tool.

    Website source

    The source code of the website can be found in our GitHub repo. It is licensed under the AGPLv3 license.


    If there are any questions regarding this privacy policy you may contact us using the information below.

    Privacy Policy Changes

    Although most changes are likely to be minor, Nextcloud may change its Privacy Policy from time to time and at our sole discretion. We encourage visitors to frequently check this page for any changes to our Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

    Legal Notice

    Nextcloud GmbH
    Hirschstrasse 26
    70173 Stuttgart Germany

    HRB 227086 (AG München)
    T +49 711 25 24 28 90
    contact form

    Managing Director:
    Frank Karlitschek

    All product names and trademarks are the property of their respective owners, which might in no way be associated or affiliated with Nextcloud.

    Last Edited on 2019-05-15

  • Sie haben Javascript deaktiviert. Wir versuchen sicherzustellen, dass die Grundlagen unserer Website funktionieren, aber einige Funktionen fehlen.

    Diese Website verwendet Cookies. Durch Ihren Besuch akzeptieren Sie unsere Datenschutzrichtlinie In Ordnung