Privacy and Legal Policy - Introduction and summary
We recognize that privacy is extremely important to all visitors to our website. We do not share any individual information with anybody without your permission.
We use the open source Matomo (the former Piwik) tool to get information on how our website is used and use phplist to handle our newsletters. We use the open source marketing automation tool Mautic to track business users that did download resources like white papers or participate in webinars. From neither will we hand over individual data to anybody else and any privacy breaches we will disclose as soon as possible. Our security scanner is strictly based on publicly available information, that is the list of known vulnerabilities relevant for ownCloud/Nextcloud releases as well as any applied hardenings/settings we can scan without having access to the server.
Please note that nextcloud.com/news aggregates community blogs and we can not be held responsible for their opinions or content.
Our software, be it the Nextcloud server or the Android or iOS apps, do not sent any user data to us. The optional Usage Survey app can sent usage statistics like installed apps to us to help us improve our service. The Updater app, if enabled, sents Nextcloud version, PHP version and the channel it wants to the Nextcloud updater server to receive update information.
If you see any problems, please report it to firstname.lastname@example.org.
What personal information do we collect from the people that visit our blog, website or app?
When registering or submitting a form on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site.
Our apps only communicate with your own Nextcloud server and do not sent any data to us. The Play Store version equal to or newer than 1.5.0 for Nextcloud supports push notifications which use the Google servers. However Google does not have access to the actual notification data. Only a header with a subject is sent via Google, but in encrypted form, and the rest of the content is retrieved directly from your Nextcloud server and not sent through Google. The iOS client works in a similar way.
How do we use your information?
We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To improve our website in order to better serve you.
- To send periodic emails regarding your order or other products and services.
- To follow up with them after correspondence (live chat, email or phone inquiries)
A concrete example
As an example, we use the open source Mautic marketing automation tool. This is used for actions like emailing a whitepaper to people who entered their email address to receive it. In line with our business strategy of not monetizing home and small business users but aim for large enterprises, our goal is to ONLY track employees of companies using their work email. We try to drop all home/private users from the database as soon as we find out they are private users. For example, we remove contacts with an @gmail or @icloud address and keep obviously business related addresses (@acme @example-ltd @placeholder-corp.com). We then might follow up on a End-to-end Encryption white paper download a week later with an offer to download our Server-side Encryption white paper; or sent a follow-up email suggesting to read a new blog about encryption we wrote. Our goal is to keep potential customers informed and help them in their journey to become a Nextcloud user and customer, without bothering home users.
Of course, you can opt-out of any emails using the unsubscribe link on the bottom of these emails.
How do we protect visitor information?
We only provide articles, white papers and other information. We never ask for credit card numbers.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order and enters, submits, or accesses their information to maintain the safety of your personal information.
Do we use 'cookies'?
- Understand and save user's preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We do not use third-party services (like Google Analytics) that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer or firefox) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies settings.
If you disable cookies, some minor features might be disabled.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
According to the California Online Privacy Protection Act (CalOPPA) we agree to the following:
Users can visit our site anonymously.
Users are able to change their personal information:
- By emailing us
- By calling us
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
We do not allow or employ third-party behavioral tracking. Our website features no third party ads or tracking tools.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices, should a data breach occur we will notify the users via email within 7 business days
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
To be in accordance with CANSPAM we agree to the following:
- NOT use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
70192 Stuttgart Germany
HRB 227086 (AG München)
T +49 711 25 24 28 90
All product names and trademarks are the property of their respective owners, which might in no way be associated or affiliated with Nextcloud.
Last Edited on 2018-04-03