Netlify’s commitment to protect your data
Netlify is committed to helping users understand the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) and to comply with its requirements. We’ve partnered with legal experts in Europe and the US to ensure that our products and contractual commitments are in line with GDPR regulations.
We’ll also continue monitoring best practices around GDPR and CCPA compliance and update our commitments if they change.
Types of Personally Identifiable Information (PII) we collect
- Access logs including the IP addresses of your site visitors, stored for less than 30 days
- Login information
- Customer contact information (company name, email, phone, physical business address)
Your obligations around data about your customers which you collect via Netlify
If you use our service to collect Personally Identifiable Information from your visitors, via form submission or other methods, you are solely responsible for its disposition.
What rights do I have regarding my information?
Residents of the European Union (EU) and California have strong rights related to the use of your data. Netlify chooses to apply these rights to all customers regardless of location.
Under EU GDPR, EU residents rights include the following:
- The right to access – You have the right to request copies of your personal data.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate or incomplete. If you have an account with Netlify, you can make some of these corrections directly by logging in to your account.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Under UK GDPR, UK residents rights include the following:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Under CCPA, California residents rights include the following:
- Request that a business delete any personal data about the consumer that a business has collected.
- Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
- Request that a business that sells a consumer's personal data, not sell the consumer's personal data. Please note that Netlify does not sell person data
- Right to non-discrimination of service or price if you exercise your privacy rights
EU and UK Representative
Pursuant to Article 27 of the European Union (EU) and United Kingdom (UK) General Data Protection Regulation, VeraSafe has been appointed as Netlify’s representative in the European Union and United Kingdom for data protection matters. VeraSafe can be contacted in addition to email@example.com, only on matters related to the processing of personal data.
For EU residents, to make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
For UK residents, to make such an inquiry, please contact VeraSafe using this contact form or via telephone at: +44 (20) 4532 2003. Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment London SE1 7TL
Data Processing Agreement (DPA)
You may download our DPA here:
Email the completed and signed DPA to firstname.lastname@example.org. The DPA has been pre-signed on behalf of Netlify. Upon receipt of the validly completed DPA by Netlify at this email address, the DPA will become legally binding.