Almost EVERYONE who tried headless systems said they saw benefits. Download the state of CMS now!

O’Reilly Report: Decoupled Applications and Composable Web Architectures - Download Now

Empower your teams & get a 582% ROI: See Storyblok's CMS in action

Skip to main content

Privacy Policy

Effective January 01, 2024

Section titled 1. Introduction 1. Introduction

Introduction. The protection and privacy of personal data is very important to Storyblok GmbH (“Storyblok”, “we” or “us”). With this privacy policy (the “Privacy Policy”) we inform you how we handle and process your personal data when you access our website, use our Storyblok Services or otherwise interact with us. Furthermore, it informs you about your rights and possibilities. Terms not defined otherwise herein have the meaning set forth in our General Terms and Conditions available under https://www.storyblok.com/legal/terms (“Terms”).

Personal Data. Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Applicable Laws. We comply with all applicable privacy and data protection laws, including the European General Data Protection Regulation (GDPR), Austrian Data Protection Act (Datenschutzgesetz, DSG), Austrian Telecommunications Act (Telekommunikationsgestz, TKG), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights and Enforcement Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act, Utah Consumer Privacy Act, and the Connecticut Data Privacy Act.

Disclaimer. The Storyblok Services are not directed to individuals under the age of 16 years. We do not knowingly collect personal information from individuals under the age of 16 years. If we become aware that an individual under the age of 16 years has provided us with personal data, we will take steps to delete such information. If you become aware that an individual under the age of 16 years has provided us with personal data, please contact our support services.

Section titled 2. Application of this Privacy Policy 2. Application of this Privacy Policy

Section titled 2.1. When does this Privacy Policy apply? 2.1. When does this Privacy Policy apply?

We process personal data from you in different ways:

  • From you as a Website Visitor. We process personal data (such as IP address, name, email address or contact information) you share with us when accessing our website or when interacting with us - either as a visitor, Customer or potential customer of our Storyblok Services.
  • From you as a Customer of our Storyblok Services. Our Storyblok Services are made available to our customers on a subscription basis under app.storyblok.com, subject to our Terms. In order to use the Storyblok Services, you - either directly or as an employee or other representative of our business customer and designated by our business customer - are required to sign-up for our Storyblok Services. We process personal data of you as our Customer and when interacting with us as a Customer or prospective Customer of our Storyblok Services.
  • From you as an employee of our business partner. We work with many business partners, as described below. To work with these partners, we collect business contact information and other related data from relevant employees of those business partners.
  • From you as an employee or prospective employee of Storyblok or our subsidiaries. We collect personal information from employees and job applicants as needed to establish and maintain our relationships and to meet legal requirements. For further information please see our Applicant Privacy Policy available under: https://www.storyblok.com/legal/applicants-privacy-policy. We provide a separate Employee Privacy Policy directly to employees.

When we process such data we are a data controller (“business” as defined in California law). We process your data in compliance with applicable laws and this Privacy Policy.

The exact type of data we collect depends on the relationship we have with you and the product or service you use. Applying your cookie management settings on our website, signing up for a newsletter, requesting to be contacted by our sales team, creating an account for our Storyblok Services, are all examples of actions you take that require you to share certain personal data with us that is specific to that particular interaction.

Section titled 2.2. When does this Privacy Policy not apply? 2.2. When does this Privacy Policy not apply?

This Privacy Policy does not apply when we process personal data on behalf of our Customer:

  • Personal Data included in Customer Content. A customer of our Storyblok Services can upload and manage a variety of content, such as texts, images, videos or other files to and via our Storyblok Services. Typically, this is editorial or marketing content intended for publication but Customer Content may contain personal data. We process this personal data according to the contract with our Customer.

In this context, Storyblok is a data processor (“contractor” as defined in California law) and not the controller. Storyblok will only process such data pursuant to our agreement. In such case our Customer agrees to enter into and be bound by the Storyblok Data Processing Agreement and all attachments thereto, which shall govern the processing of personal data included or part of their Customer Content.

Section titled 3. Reserved 3. Reserved

Section titled 4. How do we protect your personal data? 4. How do we protect your personal data?

General. Protection of your data is extremely important to us. We use physical, technical and organizational safeguards designed to protect your information and strive to protect your data in the best possible way.

Technical and organizational measures. We use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction and unauthorized access or use. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. We use appropriate technology and invest in technology and infrastructure to protect personal data. Access to our Storyblok Services is password protected. You should be the only person with access to your account. You are responsible for safeguarding the credentials to your account. If your login information is compromised or used without your permission, you need to notify us immediately so we can take steps to secure your account.

Certifications. Storyblok Services are provided by a Storyblok entity that has implemented an information security system that complies with ISO 27001 standards. The ISMS is audited and certified to ensure that the appropriate standards are fulfilled. The certification recognizes that all our products, operations, support processes and data storage protocols meet international security standards.

Reviews. We conduct thorough screenings and reviews of our systems, services and infrastructure taking into account security and compliance best practices, current risks, threats, vulnerabilities, technology, and changes in applicable legal requirements.

Trainings. Our staff has the obligation to secrecy in compliance with applicable law (§ 6 DSG) and undergoes regular training on data protection and confidentiality.

Trust Center. Learn more about our security measures in our Trust Center (https://www.storyblok.com/trust-center)

Section titled 5. Personal Data We Process 5. Personal Data We Process

Section titled 5.1 Website 5.1 Website

Our websites are made available to every internet user. We collect certain data when you visit our website and process data you, as a visitor, provide to us when accessing our website (storyblok.com).

Data we collect automatically from our website
Internet or other electronic network activity information - Log Files & Usage Information

Data processed. When you visit our website for information purposes we collect data about your access to our servers on which our website is stored for retrieval via the Internet (so-called server log files). This access data includes:

  • Requested content, the name of the website accessed
  • File, date and time of access/request
  • GMT time zone difference
  • access status / HTTP status code
  • Amount of data transferred
  • Message about successful retrieval
  • browser type, version and language version
  • operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider
  • access status / HTTP status code
  • performance numbers such as latencies and caching

Source of the data. Website visitors.

Purpose. We need to process these log files in order to ensure the functionality, stability and security of our website, for troubleshooting, to optimize marketing activities and to adjust our offer and our information on the websites accordingly. We may also use these data in connection with forensic investigations in the event of a security incident or to create aggregate user statistics.

Legal Basis. We process this data based on our legitimate interest in monitoring and improving our website and services.

Third Party Service Providers. We use Vercel, AWS and Netlify (see below) for hosting of our website.

Internet or other electronic network activity information - Cookies & Cookie Notice

Data processed. When visiting our website, we and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels). For further details on cookies we use please refer to our Cookie Settings (https://www.storyblok.com/cookie-settings)

When you visit our website for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences later, you can easily do so by clicking on the “Cookie Settings” link on the bottom of our website.

Please note that Essential Cookies cannot be disabled and if you decide to opt-out of Statistics Cookies, certain functionality of our websites may be impacted. You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.

Source of the data. Website visitors.

Purpose.We collect this data to analyze and regularly improve the use of our website, to provide functionality, to recognize you across different services and devices, to enhance your experience and to improve our marketing efforts. We may use the statistics obtained to improve our offer and make it more interesting for you as a visitor and user.

Legal Basis.The legal basis for processing of Essential Cookies is our legitimate interest to properly manage our website and improve our service. Statistical Cookies are processed based on your consent. For analytics and marketing we rely on your consent.

Third Party Service Providers. We use Segment to handle implementation of and data transfers to analytics and marketing service providers detailed below. In case you opt out only the Segment cookie will be placed and no IP Address will be transferred to our analytics and marketing Service Providers. When you do not consent only anonymized data will be shared with Google Analytics. No data will be shared with other service providers. In such case we process this data based on our legitimate interest to improve our Storyblok Services. When you consent, your data will be shared with third party service providers listed below. We process this data based on your consent.

Segment. We use Segment provided by Twilio Inc., 101 Spear Street, 1st Floor, San Francisco, California, 94105, United States of America, to collect and sort data from our website and to automate data transfer.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to our datacenter (AWS), Google Analytics, Google Ads, LinkedIn, Twitter, 6Sense, Facebook and G2. In such case we process your data based on your consent.

When you opt-out through our cookie banner, Segment will share anonymized data with our datacenter (AWS) for storage purposes and Google Analytics for aggregated analysis. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored. In such case we process your data based on our legitimate interest to improve our Website and offerings.

You can learn more about Segment and read its privacy policy under: Privacy Policy: https://www.twilio.com/en-us/legal/privacy

Google Analytics. We use Google Analytics v4 provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland to evaluate your use of the website, to compile reports on the website activities and to provide further services in connection with the use of the website and the internet. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to Google Analytics. The information generated by the Google Analytics cookie about your use of our website is usually transferred to a Google server in the United States and stored there. When you opt-out through our cookie banner, only the Segment cookie will be placed and only anonymized data will be transferred to Google.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can learn more about Google Analytics and read its privacy policy under: Privacy Policy: https://policies.google.com/privacy?hl=en-US

Google Ads. We use Google Ads provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Google Ads. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to Google Ads.

You can learn more about Google Ads and read its privacy policy under: https://policies.google.com/privacy?hl=en.

LinkedIn.We use LinkedIn advertising services provided by LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to LinkedIn. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to LinkedIn.

You can learn more about LinkedIn and read its privacy policy under: https://www.linkedin.com/legal/privacy-policy

Twitter/X. We use Twitter/X advertising services provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Twitter/X. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to Twitter/X.

You can learn more about Twitter/X and read its privacy policy under: https://twitter.com/en/privacy

6Sense. We use 6Sense services provided by 6sense Insights, Inc., 450 Mission Street, Suite 201, San Francisco, CA 94105, USA to improve promoting and marketing our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to 6Sense so that we can promote and market our products and services to you. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to 6Sense.

You can learn more about 6Sense and read its privacy policy under: https://6sense.com/privacy-policy/

Facebook. We use Facebook marketing services provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Facebook. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to Facebook.

You can learn more about Facebook and read its privacy policy under: https://mbasic.facebook.com/privacy/policy/printable/

G2. We use G2 services provided by G2.com, Inc., 100 S. Wacker Drive, Suite 600, Chicago, IL 60606, USA to promote and market our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to G2. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to G2.

You can learn more about G2 and read its privacy policy under: https://legal.g2.com/privacy-policy

Capterra. We use Capterra services provided by Capterra Inc., 1201 Wilson Blvd 9th Floor, Arlington, VA 22209, USA to promote and market our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to Capterra. When you opt-out through our cookie banner, no data of you as a visitor of our website will be transferred to Capterra.

You can learn more about Capterra and read its privacy policy under: https://www.capterra.com/legal/privacy-policy/

Browser Settings. If you want to avoid cookies, you can adjust your browser settings to (partly)reject them or get notifications when they're stored. Keep in mind that changing these settings might affect how a website functions. Removing existing cookies might not be entirely possible by adjusting settings alone; you might need to review your further browser settings after making changes. You can find more information on disabling cookies or managing settings in the links below:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US

Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Apple Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

Data you as our website visitor share directly with us
Identifiers - Contact Information & Communication

Contact Form/Email inquiries

Data Processed. When you contact us through our website or request information about our products or services, ask to be added to our email distribution list or Newsletter, we may collect your first name, last name, email address, country, phone number and other contact details to fulfill your request. When you do so in the course of a (potential) relationship between you, your organization, and us, we also collect your organization’s/employer’s name, industry, company size and your job title. When you communicate with us, we will receive and retain your communications and the information included in those messages.

Source of the data. Website visitors, customer, potential customer.

Purpose. We process Contact Information in order to offer, market, and sell our products and services to you or to reply to your request. We process your communications in order to communicate with you, to keep records of our communications with you, to enhance your experience, and to send you relevant information.

Legal Basis.The legal basis for this processing is fulfillment of a contract (pre-contractual measures) and our legitimate interests in taking steps, at your request, to enter into a contract with you and the proper administration of our website, business and communication with our users.

Third Party Service Providers. We use Vercel (see below) and Salesforce (see below) to manage the data received.

Chat

Data processed. When you submit data through the chat functionality we provide on our website we process the data you voluntarily disclose information when you use the chat functionality.

Source of the data. Website visitors.

Purpose. We will process this data to fulfill your request, to find out how customers or prospective customers use our Website and Services and to develop and grow them.

Legal Basis. We process this data to perform a contract or to carry out pre-contractual measures (Article 6 (1) b GDPR), to safeguard a legitimate interest (Article 6 (1) f GDPR).

Third Party Service Providers.We use Crisp (see below) to provide Chat functionality on our Website.

Newsletters

Data processed. In our email newsletters we inform you about our services and products. If you would like to receive our newsletter, you have to subscribe with your email address. We send newsletters and other electronic notifications only with your expressly consent if you’ve subscribed for it (double opt-in) or which is recorded during registration for a Storyblok account, or where there is a legal basis to do so (e.g. Art. 107 para 3 of the Austrian Telecommunications Act [TKG]). With the double opt-in procedure, we check whether you are the holder of the email address given or if its holder agrees with receiving electronic notifications. This procedure serves as proof in case a third party misuses an email address through registering to receive the newsletter without the knowledge of the entitled party. In the newsletter so-called web beacons (also called ClearGIFs or tracking pixels) might be used. Such web beacons provide us with a better understanding of our customers' interactions with the newsletter. They fulfill a similar function as cookies, but they are not visible to users. Information can be obtained via web beacons, in particular about whether an email was opened and whether the user’s system is capable of receiving HTML emails.

Source of the data. Website visitors.

Purpose. We offer the Newsletter to inform you about our services and products.

Legal Basis. We process this data lawfully based on your consent (Art 6 para 1 lit a GDPR). You may unsubscribe from our newsletter, e.g. by withdrawing your consent, at any time. You can unsubscribe when you are logged into your account and furthermore you will find a link to unsubscribe at the end of each notification. Please note that we will continue to process your personal data until you withdraw your consent to the storage of the data, so that we can prove consent previously given to receive newsletters. The processing of this data is limited to the purpose of a possible defense against claims and you have the right to request the deletion of your personal data.

Third Party Service Providers. We use Salesforce Marketing Cloud Account Engagement for managing Newsletters.

Social Media Sites

We maintain social media presence on different platforms:
  • Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

    Our site: https://www.facebook.com/storyblok

  • YouTube, operated by Google Ireland Limited, register number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland

    Our site: https://www.youtube.com/c/Storyblok-com

  • Instagram, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

    Our site: https://www.instagram.com/storybloklife/

  • Twitter, operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND

    Our site: https://twitter.com/storyblok

  • LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

    Our site: https://www.linkedin.com/company/storyblok

  • Twitch, operated by Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA

    Our site: https://www.twitch.tv/storyblok

  • Discord, operated by Discord Netherlands BV, Schiphol Boulevard 195, (1118 BG), Schiphol, Netherlands

    Our site: https://discord.com/invite/WmMYYQp

  • Vimeo, operated by Vimeo.com, Inc. 330 West 34th Street, 5th Floor, New York, New York 10001

    Our site: https://vimeo.com/storyblok

Data processed. If you interact with us on social media, we may also receive your user names on such social media platforms and associate such information with your other Contact Information.

If you click on a plug-in included in our website and provided by these (social) media networks, such plug-in is activated, a connection will be established to the respective network’s server and your data may be transmitted to such network. We have no control over the extent, and content, of personal data processed by the operator of the respective network following a click on the relevant plug-in. If you do not agree with the transfer of your data, please avoid activating any plug-ins.

When interacting with our social media channels we may have access to your publicly visible data (e.g. name and profile picture when you make a public comment on our page). Please review your profile settings to check which data is publicly available and to change which data can be shared by the platform.

When communicating with us via social media platforms we process data provided by you (e.g. posted articles, likes, direct messages, customer inquiries, comments, etc.). In addition to the data processing by us, other providers, in particular operators of social networks and platforms, also process personal user data. We have no influence on this data processing and are not responsible for it - the data processing takes place exclusively in the area of responsibility of the other providers.

In addition, we receive anonymous statistics from the social media operators about the use and popularity of our social media pages. The following information are processed:

  • Total number of followers (i.e. person following our channel)
  • Reach: number of people who see a specific post; number of interactions with a specific post; this enables us to review which topics are of great interest to our community
  • Demographic data of users: age, gender, place of residence, language.
  • Ad performance: How many people were reached by a post or paid ad? How many people have interacted with it?

Source of the data. Individuals contacting us via social media.

Purpose.We collect this data in order to offer, market, and sell our products and services to you and to communicate with active customers, prospective customers and interested social media users about our Storyblok Services, products, services and other news and in order to improve our social media presence.

Legal Basis. We process this data lawfully based on our legitimate interest (Article 6 (1) f GDPR).

Third Party Service Providers.When you access such social media platforms, the general terms and conditions, as well as the privacy policies of these operators, additionally apply. We would like to point out that user data may also be processed outside the European Union. This can result in risks for users due to different legal frameworks (e.g. it could make it more difficult to enforce data subject rights).

As part of the technical process of different social media platforms (e.g. Facebook, Twitter, etc.), these platforms will know when you click on content or a website you are visiting, if you are logged in to your social media account at the same time. Such information is collected by social media platforms and assigned to your social media accounts, regardless of whether you click on content of this platform or not. By logging out from your accounts, you may prevent such companies from associating the information collected with your accounts. The activities of those companies are not controlled by us and therefore, we do not assume any liability for damages that you may incur through the use of your data by these companies. For more information regarding tracking, cookies and similar technologies as well as opt-out possibilities, have a look at our Cookie Policy.

For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers (see below). In the case of requests for information and the assertion of data subject rights regarding data processing by other providers, we point out that these can be asserted with the below-mentioned providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information.

Professional or employment-related information - Applications & Job site

Data processed. When you apply for an open position at Storyblok, we process any personal data provided by you to us in this regard (e.g. name, address, e-mail address, CV, your photo, certificates, motivation letters and other information you provided to us). For further information please see our Applicant Privacy Policy available under: https://www.storyblok.com/legal/applicants-privacy-policy

Source of the data. Job applicants.

Purpose. Consider the applicant for employment.

Section titled 5.2 Customers 5.2 Customers

We collect and process following personal data when you are a customer of our Storyblok Services, interact with us and access the Storyblok Services via app.storyblok.com.

Data you as our Customer of the Storyblok Services share directly with us
Identifiers - Account Information

Data Processed. When you directly signup within our Storyblok Services, we will require you to enter your first name, last name, email address and a password. You also have the option of adding a username, and other details to your profile information to be displayed in our Storyblok Services. In case you use SSO we may only receive your unique identifier from the SSO provider instead of your email, depending on your configuration.

When you set up two-factor authentication we may ask you to enter a telephone number. You have the option to use that telephone number as the method for us to communicate verification codes to you to verify that it is you logging into your account.

Source of the data. Customer.

Purpose. We process Account Information to operate the Storyblok Services, to provide our products and services to you, to ensure the privacy and security of our Storyblok Services, to manage our relationships with you, to communicate with you, to keep records of our communications with you, to send you our notifications, and to promote our products and services to our customers.

Legal Basis. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract; where you give your content we base processing on your consent or, we base processing, where applicable, on our legitimate interests in the proper administration of our Storyblok Services and the proper management of our customer relationships.

Third Party Services. We use Salesforce to manage data relating to your account. We may enrich your data with publicly available data or with data we receive from our service providers which structure publicly available information for us. We use Mailchimp for transactional emails (password resets, space invites, confirmations etc.).

Identifiers - Your Communications & Feedback

Data Processed. The Storyblok Services may also include customer support, where you may choose to submit information regarding a problem you are experiencing with the Storyblok Service. The specific personal information requested will vary based on the purpose of the support. We may ask you for your contact information or also additional information to help us understand you and your support needs better.

We might conduct surveys or polls in which you may choose to participate. We process the data you decide to submit to our surveys. The specific personal information requested on these surveys will vary based on the purpose of the survey. We may ask you for your contact information or also additional information to help us understand you better as a customer. Your participation in and completion of any surveys or questionnaires is always voluntary.

The Storyblok Services may also include feature request forms or the option to give feedback, where you may choose to submit information regarding a feature or improvement you are suggesting for the Storyblok Services. We may ask you for your contact information or also additional information to help us understand you and your request better.

Source of the data. Customer.

Purpose. We process this information to find out how our customers or potential customers use our products and services; to provide support services to you; to improve our products and services; to provide better services to you, or other customers; to provide training to our staff and to develop and grow our business.

Legal Basis. We process this data lawfully for the performance of our contract and based on our legitimate interest in the proper administration and performance of our Storyblok Services and business and communications with our users.

Third Party Services. We use Crisp for chat functionality within our app. We use Atlassian Jira as our helpdesk or feature requests (storyblok.com/helpdesk).

Identifiers - Financial & Payment Information

Data Processed. If you choose to purchase products or services from us, we collect your name, contact information, and your payment information (which may include your credit card provider and expiration date, and other related billing information). Credit card numbers are not visible to Storyblok and payment information does not touch any Storyblok systems. Our payment processor will share your billing address with us.

Source of the data. Customer.

Purpose. We process Financial and Payment Information in order to provide our products and services to you and to keep records of those transactions. We’ll use your billing address for tax calculation and audit purposes.

Legal basis. The legal basis for this processing is the performance of a contract between you and us and taking steps, at your request, to enter into such a contract and our legitimate interests in the proper administration of our Storyblok Services and business.

Third Party Services. If you are a Self-Service customer we use Stripe to process payments; if you are an Enterprise Customer you may pay for our services via bank transfer; we share your data with Netsuite which is used as accounting tool.

Identifiers - Contact Information

Data Processed. When you contact us or request information about our products or services, we may collect your first name, last name, email address, country, phone number and other contact details to fulfill your request. When you do so in the course of a (potential) relationship between you, your organization, and us, we also collect your organization’s/employer’s name, industry, company size and your job title. When you communicate with us, we will receive and retain your communications and the information included in those messages.

Source of the data. Customer.

Purpose. We process Contact Information in order to offer, market, and sell our products and services to you or to reply to your request. We process your communications in order to communicate with you, to keep records of our communications with you, to enhance your experience, and to send you relevant information.

Legal Basis. The legal basis for this processing is fulfillment of a contract (pre-contractual measures) and our legitimate interests in taking steps, at your request, to enter into a contract with you and the proper administration of our Storyblok Services, business and communication with our users.

Third Party Services. We use Salesforce, Google Workspace, Crisp and Atlassian where you may communicate with us.

Data we collect automatically from our Storyblok Services
Internet or other electronic network activity information - Log Files & Usage Information

Data processed. When you access our app we collect data about your access to our servers on which our app is stored for retrieval via the Internet (so-called server log files).

This access data includes:

  • Requested content, the name of the website accessed
  • File, date and time of access/request
  • GMT time zone difference
  • access status / HTTP status code
  • Amount of data transferred
  • Message about successful retrieval
  • browser type, version and language version
  • operating system
  • Referrer URL (the previously visited page)
  • IP address
  • the requesting provider
  • access status / HTTP status code
  • performance numbers such as latencies and caching

Source of the data. Customer.

Purpose. We need to process these log files in order to ensure the functionality, stability and security of our app, for troubleshooting, to optimize marketing activities and to adjust our offer and our information on the websites/app accordingly. We may also use these data in connection with forensic investigations in the event of a security incident or to create aggregate user statistics.

Legal Basis. We process this data based on our legitimate interest in monitoring and improving our website/app and services.

Third Party Services. We share Log Files & Usage Information with our datacenter AWS.

Internet or other electronic network activity information - Cookies

Data processed. When visiting our app we and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels). For further details on cookies we use please refer to our Cookie Settings (https://www.storyblok.com/cookie-settings)

When you visit & access our app for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. If you decide to change your preferences later, you can easily do so by clicking on the “Cookie Settings” link on the bottom of our website/app.

Please note that Essential Cookies cannot be disabled and if you decide to opt-out of Statistics Cookies, certain functionality of our app may be impacted. You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our app to their full extent.

Source of the data. Customer.

Purpose. We collect this data to analyze and regularly improve the use of our website/app, to provide functionality, to recognize you across different services and devices, to enhance your experience and to improve our marketing efforts. We may use the statistics obtained to improve our offer and make it more interesting for you as a visitor and user.

Legal Basis. The legal basis for processing of Essential Cookies is our legitimate interest to properly manage our website/app and improve our service. Statistical Cookies are processed based on your consent. For analytics and marketing we rely on your consent.

Third Party Service Providers. We use Segment to handle implementation of and data transfers to analytics and marketing service providers detailed below.

In case you opt out only the Segment cookie will be placed and no IP Address will be transferred to our analytics and marketing Service Providers. When you do not consent only anonymized data will be shared with Google Analytics. No data will be shared with other service providers. In such case we process this data based on our legitimate interest to improve our Storyblok Services. When you consent, your data will be shared with third party service providers listed below. We process this data based on your consent.

Segment. We use Segment provided by Twilio Inc., 101 Spear Street, 1st Floor, San Francisco, California, 94105, United States of America, to collect and sort data from our app and to automate data transfer.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to our datacenter (AWS), Google Analytics, Hotjar, LinkedIn, Twitter, 6Sense, Facebook, G2 and Capterra. In such case we process your data based on your consent. When you opt-out through our cookie banner, Segment will share anonymized data with our datacenter (AWS) for storage purposes and Google Analytics for aggregated analysis. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored. In such case we process your data based on our legitimate interest to improve our Website and offerings.

You can learn more about Segment and read its privacy policy under: Privacy Policy: https://www.twilio.com/en-us/legal/privacy

Google Analytics. We use Google Analytics v4 provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland to evaluate your use of the app, to compile reports on the app activities and to provide further services in connection with the use of the app and the internet. In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Google Analytics. The information generated by the Google Analytics cookie about your use of our app is usually transferred to a Google server in the United States and stored there.

When you opt-out through our cookie banner, only the Segment cookie will be placed and only anonymized data will be transferred to Google.

You can also prevent the collection of data generated by the cookie and related to your use of the app (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can learn more about Google Analytics and read its privacy policy under: Privacy Policy: https://policies.google.com/privacy?hl=en-US

Hotjar. We use Hotjar services provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our Storyblok Service with user feedback. Hotjar usually uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our app. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Hotjar.

You can learn more about Hotjar and read its privacy policy at: https://www.hotjar.com/legal/policies/privacy/

LinkedIn. We use LinkedIn advertising services provided by LinkedIn Ireland Unlimited Company Wilton Plaza, Wilton Place, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to LinkedIn. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to LinkedIn.

You can learn more about LinkedIn and read its privacy policy under: https://www.linkedin.com/legal/privacy-policy.

Twitter/X. We use Twitter/X advertising services provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Twitter/X. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Twitter/X.

You can learn more about Twitter/X and read its privacy policy under: https://twitter.com/en/privacy

6Sense. We use 6Sense services provided by 6sense Insights, Inc., 450 Mission Street, Suite 201, San Francisco, CA 94105, USA to improve promoting and marketing our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to 6Sense so that we can promote and market our products and services to you. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to 6Sense.

You can learn more about 6Sense and read its privacy policy under: https://6sense.com/privacy-policy/

Facebook. We use Facebook marketing services provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland to promote and market our products and services, to create more tailored advertising on their platform and to provide products and services that may be of interest to you.

When you opt-in through our cookie banner, Segment will transmit Log Files & Usage Information to Facebook. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Facebook.

You can learn more about Facebook and read its privacy policy under: https://mbasic.facebook.com/privacy/policy/printable/

G2. We use G2 services provided by G2.com, Inc., 100 S. Wacker Drive, Suite 600, Chicago, IL 60606, USA to promote and market our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to G2. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to G2.

You can learn more about G2 and read its privacy policy under: https://legal.g2.com/privacy-policy

Capterra. We use Capterra services provided by Capterra Inc., 1201 Wilson Blvd 9th Floor, Arlington, VA 22209, USA to promote and market our products and services.

When you opt-in through our cookie banner, Log Files & Usage Information will be transmitted to Capterra. When you opt-out through our cookie banner, no data of you as a visitor of our app will be transferred to Capterra.

You can learn more about Capterra and read its privacy policy under: https://www.capterra.com/legal/privacy-policy/

Section titled 5.3 Information we receive from other sources 5.3 Information we receive from other sources

We receive information about you from other Service users, from third party services, related companies, and from our business and channel partners. We process this data lawfully based on Article 6 (1) a, b and f GDPR.


Third Party Sources
Third party service providers of business information & data enrichmentWe obtain business data from third parties. This information may include email addresses, the company an individual works for, job titles, phone numbers, and URLs of LinkedIn profiles. We obtain this information to expand our business through direct marketing, targeted advertising, and event promotion.
Publicly available informationWe may also use publicly available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from your company’s website URL or third party service providers (data enrichment). We use this information to help us understand our customer base better, such as your industry or the size of your company.
Other users of the ServicesOther users of our Storyblok Services may provide information about you when they submit content through the Storyblok Services. We receive your email address from other Storyblok Service users when they provide it in order to invite you to the Storyblok Services. Similarly, an administrator may provide your contact information when they designate you as another administrator for a Space, team or an enterprise or business account. We use this information to contact you.
Other services you link to your account

We receive information about you when you or your administrator enable third-party apps, integrate or link a third-party service with our Storyblok Services. For example, if you create an account or log into the Storyblok Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you.

You or your administrator may also integrate our Storyblok Services with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Storyblok Services. For example, you may authorize our Storyblok Services to access and display files from a third-party document-sharing service within the Storyblok Services interface. Or you may authorize our Storyblok Services to sync a contact list or address book so that you can easily connect with those contacts within the Services or invite them to collaborate with you on our Services. The information we receive when you link or integrate our Storyblok Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.

Storyblok PartnersWe work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products or generate leads for us etc.. We receive information from these partners, such as contact information, company name, what products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
OthersWe receive information about you and your activities on and off the Storyblok Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in, and engagement with, our Storyblok Services and online advertisements. We use this information to market our services.

Section titled 5.4 Special Category Data 5.4 Special Category Data

We collect, process, and disclose Special Category Data (“Sensitive Data” and “Characteristics of protected classes” under California law) only as required in the context of employment, as job applicants and employees would reasonably expect.

Section titled 5.5 Other Processing Activities 5.5 Other Processing Activities

We may also process personal information when necessary for the following:

  • The establishment, exercise, or defense of legal claims, whether in court, administrative, or other proceedings. (The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.)
  • Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice (The legal basis for this processing is our legitimate interest in the proper protection of our business.)
  • Compliance with applicable laws (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
  • Compliance with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by authorities and cooperation with law enforcement agencies concerning conduct or activity that we, a service provider, or a third party reasonably and in good faith believe may violate applicable law (The legal basis for this processing is compliance with a legal obligation applicable to Storyblok.)
  • Performing the tasks you have requested or to comply with your instructions or other contractual obligations between you and us;
  • Processing based on our legitimate interests

Section titled 5.6 How long do we keep your personal data? 5.6 How long do we keep your personal data?

CategoryDetails
Identifiers - Account InformationWe retain your account information until you delete or request the removal of your account. If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Storyblok Services.
Identifiers - Financial RecordsFinancial records have to be kept 7 years according to applicable law (e.g. § 132 BAO).
Internet or other electronic network activity information - Automatically Collected DataLog Files & Usage Information: 30 days in its original form.
Identifiers - Contact Form & ChatIf you provide us with your data by using our contact form or chat, we will store your data until we have answered your request. If you provide us with your data by using our contact form, we will store your data until we have answered your request. Any data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
Identifiers -Communication DataCommunication data will be processed until your inquiry is completed or as long as (pre-) contractual obligations apply.
Identifiers - Marketing Emails & NewsletterIf you have chosen to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.
Identifiers - Legal ClaimsAny data to defend against possible claims for damages are stored as necessary to safeguard your interests. The same applies to data for the enforcement of claims.
Internet or other electronic network activity information - CookiesFor the storage period of cookies please refer to the cookie section of this privacy notice. You may also delete cookies in your browser settings at any time.
Professional or employment-related information - Job ApplicationsFor further details on how long we process job application data please see our applicant privacy policy: https://www.storyblok.com/legal/applicants-privacy-policy.

Section titled 5.7 How to access and control your information 5.7 How to access and control your information

You can exercise some of the choices by logging into the Storyblok Services and using settings available within the Storyblok Services or your account. Where the Storyblok Services are administered for you by an administrator (see “Notice to Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in Section 7.2 below to request assistance.

You or an administrator can deactivate your access to a space. If you can deactivate your own access, that setting is available to you in the space settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Storyblok support. Please be aware that deactivating access to a space does not delete your information from that space; your added content remains visible to other Storyblok Service users based on your past participation within the Services. For example: if you have created a blog article in a specific space this blog article will still be available in that space.

Section titled 5.8. Notice to Users 5.8. Notice to Users

Our Storyblok Services are intended for both personal use and use by organizations. Where the Storyblok Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Storyblok Services.

Even if the Storyblok Services are not currently administered to you by an organization, if you are a member of a team administered by an organization, or if you use an email address provided by an organization (such as your work email address) to access the Storyblok Services, then the administrator of that team or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Storyblok Services at a later date. You will be notified if this happens.

Space administrators are able to restrict your access to and privileges within the respective space administrator controls. In some cases, enterprise administrators can also:

  • require you to reset your account password;
  • restrict, suspend or terminate your access to the Services or your account;
  • control your ability to edit, restrict, modify or delete account information;
  • change your account information, including profile information or the email address associated with your account;
  • access information in and about your account;
  • access or retain information stored as part of your account; and
  • enable or disable apps, custom field types, third-party apps, or other integrations.

If you do not want an administrator to be able to assert control over your account or use of the Storyblok Services, you should deactivate your membership with the relevant space or remove any email addresses containing a domain owned or controlled by the administrator entirely from your account. Once an administrator asserts control over your account or use of the Storyblok Services, you may no longer be able to withdraw membership or change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

You, your administrator or other Storyblok Service users may choose to add new functionality or change the behavior of the Storyblok Services by enabling third party Apps or Custom Field Types within the Storyblok Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. If you are an administrator or contact listed on an account, we share your details with the third-party app provider upon installation.

Section titled 6 HOW WE SHARE DATA 6 HOW WE SHARE DATA

Section titled 6.1 Introduction 6.1 Introduction

We do not sell, rent, or share your personal data for money or anything else of value, and have not done so within the last 12 months.

However, we do work together with other companies, contractors and service providers who help us run our business and operate our Storyblok Services. These companies provide services to help us deliver the Storyblok Services to you, provide you with customer support, process credit card payments, manage and contact you and other (potential) customers, provide marketing support, and otherwise improve our products and services.

Section titled 6.2 Disclosure of Personal Data 6.2 Disclosure of Personal Data

We may disclose (and have done so in the last 12 months) your personal data to the following categories of third parties:

CategoryDisclosure Contexts
Corporate AffiliatesWe disclose personal information to our affiliates and with their respective officers, directors, employees, accountants, attorneys and agents. Affiliates will only use the information as described in this notice. Note that “affiliates’ includes both parents and subsidiaries.
Acquisitions and Similar TransactionsWe may transfer any information we collect under this privacy policy in connection with any merger, reorganization, sale of company assets, dissolution, financing, or acquisition of all or a portion of the Storyblok businesses to another company or other similar event. In such cases, data we process of you may be part of the assets transferred in connection with the due diligence for any such transaction.
Legal Obligations and RightsWe may share any personal information to comply with legal obligations. This includes sharing data with: attorneys-at-law; service providers in connection with the prevention of money laundering; tax consultants and auditors; banks and insurance companies; courts and authorities; or other legal processes. We may also share personal information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of contract.
Service ProvidersSee below.
Professional AdvisorsWe share personal information with our insurers and other professional advisors and consultants, including attorneys, accountants, consultants, and auditors, that need access to your information to provide operational or other support services on our behalf.

Section titled 6.3. Service Providers 6.3. Service Providers

We disclose personal data to our service providers that help us to administer and provide the Storyblok Services; support our provision of products and services; send communications; provide technical support; and assist with other legitimate purposes.  The tables below show the disclosures we have made within the last 12 months.

We require all our service providers to undergo a thorough diligence process by our team to ensure that your data is adequately protected. This process includes a review of the data we plan to disclose to the service provider and the associated level of risk, the service provider’s security policies, measures, certifications and third party audits, and whether the service provider has a mature privacy program in place that respects the rights of data subjects.

Some of the service providers process your personal data, or have their seat, outside the European Economic Area. We may transfer your personal data outside the EEA on the condition that all appropriate safeguards required by applicable data laws are in place. We take care to ensure our partners regardless of location have sufficient safeguards in place to process and protect your personal data in line with our own data protection and information security standards.

Services we use to operate & provide the Storyblok Services
Service ProviderActivity/Business PurposeExternal link for additional information
Auth0

Auth0, Inc., 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, U.S.A.

Single-sign-on functionality and two-factor confirmation of your identity Website: https://auth0.com/

Privacy Policy: https://auth0.com/privacy

GDPR compliance information: https://auth0.com/docs/secure/data-privacy-and-compliance/gdpr and https://cdn.auth0.com/website/legal/FAQ-EU-Data-Transfers-US.pdf?_ga=2.78296279.2135754992.1616429671-2011951433.1612217395

DPA: https://cdn.auth0.com/website/legal/files/dpa/data-processing-addendum-8-20.pdf?_ga=2.258302026.118688053.1602587623-55110928.1602587623

AWS

Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxemburg

Cloud Infrastructure, DatabaseWebsite: https://aws.amazon.com/

Privacy Policy: https://aws.amazon.com/privacy/

GDPR compliance information: https://aws.amazon.com/compliance/gdpr-center/

DPA: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Crisp*

Crisp IM s.r.l., 2 boulevard de Launay in Nantes (44100), France

Chat functionalityWebsite: https://crisp.chat/

Privacy Policy: https://crisp.chat/en/privacy/

Elastic

Elasticsearch B.V., Keizersgracht 281, 1016 ED Amsterdam, The Netherlands

Database, Error Logging Website: https://www.elastic.co/

Privacy Policy: https://www.elastic.co/de/legal/privacy-statement

Google Analytics*

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Evaluation of use of website/app, compiling reports on the website/app activities; further services in connection with the use of the website/app and the Internet;Website: https://analytics.google.com/

Privacy Policy: https://policies.google.com/privacy?hl=en-US

Hotjar*

Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe

Analytics & heatmaps to understand user needs and user experienceWebsite https://www.hotjar.com/

Privacy Policy https://www.hotjar.com/legal/policies/privacy/

DPA: https://hotjar.eu1.echosign.com/public/esignWidget?wid=CBFCIBAA3AAABLblqZhCD2mDe9uD-eIJ_NMJ6uyc7WXcZ7Ck3KLJRpHO4IuDfWAOtPeZXiFCOXpG4oF174H0*

Mailchimp

The Rocket Science Group, LLC, 675, Ponce De Leon Ave Ne Suite 5000 Atlanta, GA 30308 United States

Management of email addresses and email communication, email analytics, transactional emails Website: https://mailchimp.com/

Privacy Policy: https://mailchimp.com/legal/privacy

GDPR compliance: https://mailchimp.com/de/gdpr/

Transparency Reports: https://mailchimp.com/transparency-report/

DPA: https://mailchimp.com/legal/data-processing-addendum/

Pusher

MessageBird UK Limited, Eighth Floor 6 New Street Square, New Fetter Lane, London, England, EC4A 3AQ

Notification service within Storyblok ServicesWebsite: https://pusher.com/

Privacy Policy: https://pusher.com/legal-archived/privacy-policy

Pusher Subprocessors: https://support.messagebird.com/hc/en-us/articles/4524524060305-MessageBird-Processors-Subprocessors

DPA: https://messagebird.com/en/legal/dpa

Satismeter*

SatisMeter, Inc., 612 Howard St., 4th Floor, San Francisco, CA 94105

Feedback collection, customer satisfaction evaluationWebsite: https://www.satismeter.com/

Privacy Policy: https://www.twilio.com/legal/privacy

Transparency Reports: https://www.twilio.com/legal/transparency

DPA: https://www.productboard.com/dpa

Segment*

Twilio Inc., 101 Spear Street, First Floor, San Francisco, California, 94105, United States

Data pipeline & toolkit; collection, cleaning and activation of dataWebsite: https://segment.com/

Privacy Policy: https://segment.com/legal/privacy/

Sentry

Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105

Recording, notifying and tracking errors to reproduce and fix crashesWebsite: https://sentry.io/

Privacy policy: https://sentry.io/privacy/ Transparency reports under: https://sentry.io/legal/transparency-report/

DPA: https://sentry.io/legal/dpa/

Stripe

Stripe Payments Europe, Ltd. The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland

Payments, analytics & business servicesWebsite: https://stripe.com/

Privacy Policy: https://stripe.com/privacy

DPA: https://stripe.com/at/legal/dpa

Twilio

Twilio Inc., 101 Spear Street, First Floor, San Francisco, California, 94105, United States

SMS authentication service for two-factor-authentication (2FA)Website https://www.twilio.com/

Privacy Policy: https://www.twilio.com/legal/privacy

Transparency Reports: https://www.twilio.com/legal/transparency

DPA: https://www.twilio.com/legal/data-protection-addendum

Unleash

Bricks Software AS Nedre Slottsgate 13 c/o Evolve, 0157 Oslo, Norway.

Feature rolloutsWebsite: https://www.getunleash.io/

Privacy Policy: https://www.getunleash.io/privacy-policy

DPA: https://www.getunleash.io/data-processing-agreement

Usabilityhub

UsabilityHub Pty Ltd, Collingwood, VIC 3066, Australia

Conducting surveysWebsite: https://usabilityhub.com/

Privacy Policy: https://app.usabilityhub.com/privacy

*As Enterprise Plus Customer you may opt-out from data being transferred to this service provider within the Storyblok Service (app.stroyblok.com).
Services we use in connection with our website/app
Service ProviderSubject Matter/Business PurposeExternal link for additional information
6sense

6Sense Insights, Inc. 450 Mission Street, Suite 201, San Francisco, CA 94105, USA

Uncover potential customers Website: https://6sense.com/

Privacy Policy: https://6sense.com/privacy-policy/

Algolia

Algolia, Inc, 301 Howard Street, Suite 300, San Francisco, CA 94105, USA

Website search engineWebsite: https://www.algolia.com/de/

Privacy Policy: https://www.algolia.com/de/policies/privacy/

AWS

Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxemburg

Website hosting, DatabaseWebsite: https://aws.amazon.com/?nc2=h_lg

Privacy Policy: https://aws.amazon.com/privacy/?nc1=f_pr

GDPR compliance information: https://aws.amazon.com/compliance/gdpr-center/

Capterra

Capterra Inc., 1201 Wilson Blvd 9th Floor, Arlington, VA 22209, USA

Promotion and marketing of our products and servicesWebsite: https://www.capterra.com/

Privacy Policy: https://www.capterra.com/legal/privacy-policy/

Facebook

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

AdvertisementsWebsite: https://www.facebook.com

Privacy Policy: https://mbasic.facebook.com/privacy/policy/printable/

G2

G2.com, Inc., 100 S. Wacker Drive, Suite 600, Chicago, IL 60606, USA

Promotion and marketing of our products and servicesWebsite: https://www.g2.com/

Privacy Policy: https://legal.g2.com/privacy-policy

Google Ads

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

AdvertisementWebsite: https://ads.google.com/intl/de_at/home/

Privacy Policy: https://policies.google.com/privacy?hl=de

Google Analytics

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Evaluation of use of website, compiling reports on the website activities; further services in connection with the use of the website and the Internet.Website: https://analytics.google.com/

Privacy Policy: https://policies.google.com/privacy?hl=en-US

Hotjar

Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe

Evaluation of use of websiteWebsite: https://www.hotjar.com/

Privacy Policy: https://www.hotjar.com/legal/policies/privacy/

LinkedInLinkedIn Inc.,

605 W Maude Ave, Sunnyvale, CA 94085, USA

NetworkingWebsite: https://www.linkedin.com/

Privacy Policy: https://de.linkedin.com/legal/privacy-policy?

Netlifly

Netlify, Inc. 44 Montgomery Street, Suite 300, San Francisco, California 94104, USA

HostingWebsite: https://www.netlify.com/

Privacy Policy: https://www.netlify.com/privacy/

Segment

Segment.io, Inc , Ardilaun Court, 112-114 St Stephen's Green, Dublin, Ireland

API for Customer BehaviorWebsite: https://segment.com/

Privacy Policy: https://segment.com/legal/privacy/

Twitter

Twitter Inc., 1355 Market St #900, San Francisco, CA 94103, United States

Messenger ServiceWebsite: https://twitter.com/

Privacy Policy: https://twitter.com/de/privacy

Vercel

Vercel Inc., 340 S Lemon Ave Suite 4133 Walnut, CA 91789 United States

Storage/hosting of website dataWebsite: https://vercel.com/

Privacy Policy: https://vercel.com/legal/privacy-policy

Services we use to support our business operations
Service ProviderSubject Matter/Business PurposeExternal link for additional information
Atlassian Jira Atlassian Pty Ltd,

Level 6, 341 George Street Sydney NSW 2000 Australia

Support ticket management solutionWebsite: https://www.atlassian.com/software/jira

Privacy Policy: https://www.atlassian.com/legal/privacy-policy

cal.com

Cal.com Inc., 2261 Market Street #4382, San Francisco, CA, 94114, USA

Meeting arrangementWebsite: https://cal.com/

Privacy Policy: https://cal.com/privacy

DocuSign

DocuSign Inc., 221 Main St. Suite 1550 San Francisco California 94105, USA

Electronic signing & sharing of contracts, notices and other documents Website: https://www.docusign.com/

Privacy Policy: https://www.docusign.com/privacy/

Easybill

easybill GmbH, Düsselstr.21 41564Kaarst, Germany

Customer invoice service Website: https://www.easybill.de/

Privacy Policy: https://www.easybill.de/datenschutz

Google Workspace

Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Collection of cloud computing, productivity and collaboration tools, software and products Website: https://workspace.google.com/

Privacy Policy: https://policies.google.com/privacy?hl=de

Mindtickle

Mindtickle Inc., 115 Sansome Street, Suite 700, San Francisco, California 94104, United States

Call recording; including AI transcriptWebsite: https://www.mindtickle.com/

Privacy Policy: https://www.mindtickle.com/privacy-policy/

Oracle Netsuite

Netsuite Inc., Neue Mainzer Str 46-50, 60311Frankfurt, Germany

Invoices, customer contacts etcWebsite: https://www.netsuite.com/portal/home.shtml

Privacy Policy: https://www.oracle.com/legal/privacy/

Outreach

Outreach Corporation, 70 Wilson St, London EC2A 2DB, UK

Automated emails after sign or if you indicate an interest in receiving information; tracking interaction with those emails.Website: https://www.outreach.io/

Privacy Policy: https://www.outreach.io/legal/privacy-policy/

Salesforce (Marketing Cloud)

SFDC Ireland Limited, a limited liability company incorporated in Ireland

Newsletter managementWebsite: https://www.salesforce.com/products/b2b-marketing-automation/

Privacy Policy: https://www.salesforce.com/de/company/privacy/

Salesforce

SFDC Ireland Limited, a limited liability company incorporated in Ireland

CRM providerWebsite: https://www.salesforce.com/

Privacy Policy: https://www.salesforce.com/de/company/privacy/

Zoom

Zoom Video Communications, Inc. Friesenplatz 4, 50672 Cologne, Germany

Video conferencingWebsite: https://zoom.us/

Privacy Policy: https://explore.zoom.us/de/privacy/

Section titled 7. YOUR RIGHTS  7. YOUR RIGHTS 

Section titled 7.1 Your Rights 7.1 Your Rights

In accordance with the provisions of the GDPR and other applicable privacy laws, you as a data subject may assert the following data protection rights against us, where we are controller:

  • Right to withdraw consent: You may revoke the consent you have given to us at any time (Art. 7 (3) GDPR). This has the consequence that we will no longer carry out the data processing covered by this consent in the future. Revoking your consent will not affect the lawfulness of processing based on consent before the withdrawal.
  • Right to know:  You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information was collected, the purpose for collecting the personal information, the categories of third parties to whom we disclosed your personal information, and the specific pieces of personal information we have collected about you.
  • Right of access: You have the right to obtain access to the personal data and information we have collected about you.
  • Right to rectification: You have the right to request that the data we hold about you be corrected if it is inaccurate or incomplete.
  • Right to erasure (“right to be forgotten”): You have the right to request the deletion of the data we hold about you without undue delay, unless other statutory provisions (e.g. statutory retention obligations) prevent this or there is an overriding interest on our part (e.g. to defend our rights and claims).
  • Right to restriction of processing (EU and EEA residents): You may request us to (temporarily) restrict the processing of your data in accordance with Art. 18 GDPR, for example when the personal data we hold about you may be inaccurate or unnecessary.
  • Right to data portability: You have the right to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a different controller without hindrance from us. 
  • Right to object (EU and EEA residents): You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.  Please tell us your exact reasons why we should stop processing your data. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.  
  • Right to opt out: You have the right to opt out of the processing of the personal data for purposes of 
    • direct marketing
    • targeted advertising 
    • the sale of personal data 
    • profiling in furtherance of decisions that produce legal or similarly significant effects concerning you 
  • Right of complaint (EU and EEA residents): If you believe that processing your data violates data protection laws, you have the right to file a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to complain in the member state of your habitual residence, place of work or place of the alleged infringement.

If you would like to register your complaint with the Austrian supervisory authority, please send your claim to:

Österreichische Datenschutzbehörde
Barichgasse 40 - 42
1030 Vienna, Austria
+43 1 52 152-0
dsb@dsb.gv.at

Section titled 7.2 How you can assert your rights 7.2 How you can assert your rights

You can assert your rights personally, in written form, as follows:

If you have any questions related to this privacy policy, please contact legal@storyblok.com

For matters related to security, please contact us at security@storyblok.com.

For Storyblok, Inc. privacy-related inquiries or concerns regarding this policy, you are encouraged to call our toll-free number for assistance and support: (844) 778-7714.

Storyblok Entities: 

Storyblok GmbH
Ing. Dominik Angerer
Peter-Behrens-Platz 2
4020 Linz, Austria

Storyblok Solutions GmbH: 
Ing. Dominik Angerer
Loquaiplatzt 12/2, 
1060 Vienna, Austria 

Storyblok, Inc.:
Ing. Dominik Angerer
129 Orange Street, 
19801 Wilmington, DE, United States

Your request must:

  • Provide sufficient information that allows us to verify you are the person about whom we collected personal information or an authorized representative of that person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may, under applicable law, require additional proof of your identity. You may designate an authorized agent to make a request for you. If you use an authorized agent, we may require the agent to submit proof that they are authorized to act on your behalf.

If we decline your request, partially or fully, you may appeal the decision to our senior management. Simply follow the same process for submitting a request and include “Appeal” in the request. 

We will not discriminate against you for exercising these rights.

Section titled 8. Miscellaneous 8. Miscellaneous

Links to other Websites. Our Privacy Policy also links to websites of third parties. We have no control over the content, or the data protection practices, of these websites. We recommend reading the data protection policies of any websites of third parties visited.

Changes to this Privacy Policy. We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Storyblok Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We will obtain your consent for any changes or adjustments to this privacy statement that can only be implemented with your consent as a data subject.

Handling Disputes. If there ever should be any concern or dispute relating to our data protection practices, we hope to be able to resolve such disputes between us in an amicable and mutually beneficial way. If you have a concern or dispute with us, you can raise your concern or dispute by contacting us either via email or by mail to Storyblok at the email or physical address listed in Section 7.2 above. 

If you are a visitor to our website you have the right to commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.

If you are our Customer and entered into our Terms, please see the relevant section on applicable law and jurisdiction of our Terms, which describes how disputes will be resolved between us.