Contentful is a cloud-based content management platform. Our typical customer can be an online publisher using Contentful to create a smart phone app for serving sports news. Contentful helps the customer with the underlying technical infrastructure, so that:
The structure of your content is completely flexible and can be defined by a member of your team in accordance with the requirements of your project (e.g. articles, FAQs, product information, hotel reviews, landing pages, promotional in-app material and so on). Similarly, your development team is free to integrate content into any application, device type or platform. For example, content can be loaded into a website, mobile apps, smart watches, car navigation systems, digital signage, ATMs, map overlays, chat bots, or smart TVs.
A non-technical overview of Contentful’s service is available at: www.contentful.com/why-contentful/.
Contentful is a content management system, not a generic database. Your editorial team can use Contentful to create, store and manage a variety of content formats - from text and images to location data and structured item lists. As a rule, all this content is intended for the wider public and is freely accessible through your websites, mobile apps, digital kiosks, etc. The public nature of editorial content means it is not subject to confidentiality or privacy restrictions.
Since Contentful was built from the ground up to serve editorial content, that has certain legal and technical implications for the type of content you deliver through our platform. You should be fine storing typical editorial content which includes:
We strongly discourage you from storing any sensitive, regulated, or ephemeral content on our platform, including:
Contentful has its main offices in Berlin, Germany and San Francisco, California. We therefore follow the strict German and European data protection rules (General Data Protection Regulation, GDPR) as well as the California Consumer Privacy Act (CCPA). We apply the same strict policies and practices throughout our organization, be it Berlin or our San Francisco office or a remote worker.
First off, it’s important to understand that Contentful provides infrastructure and services for its customers to manage their content that they specifically wish to publish. As such, the content is typically non-sensitive editorial content that customers want to publish, and have the right to publish, and it doesn’t usually contain personal data.
So what kind of personal data does Contentful process?
Your content that you upload to and manage on the Contentful platform and services may contain personal data, such as images of people. We do not know because we do not monitor your content, nor do we access your content unless you ask us to, for example to provide technical customer support. Our services will process your content for you and serve the content via application programming interfaces (APIs) and Content Delivery Network (CDNs) to your web, mobile and other applications for your end users to enjoy.
Because you as the customer build your own front-end applications that integrate with our "back-end" content management infrastructure, you are in control of the user experience (including privacy and data processing) in the front-end applications. We know nothing about the end users of your applications. We merely receive request headers from the incoming content requests (API calls) to be able to deliver your content to your apps. We do not have any means to identify or track an individual end user of your applications.
If you are using the Contentful web app to manage your content, Contentful requires the user’s name, email address and web app password and logs the IP address of the web app user. These are necessary pieces of information that are required for Contentful to provide the service, authenticate users and protect the service and your content.
That’s it. We process very limited personal data, all for purposes of providing and securing the service and your content. We do not track or profile end users via our service. Nor do we monitor or access your content unless you ask us to, for example to provide technical customer support. We simply provide content infrastructure to enable you to deliver and manage content in your applications.
Where is customer content and customer personal data stored?
We use certified and secure servers provided by Amazon Web Services (AWS) and a select few Content Delivery Network (CDN) providers. Please see our security overview and backup overview to learn more.
How does Contentful secure adequate level of data protection outside of the European Union?
As between you, our customer, and Contentful we will enter into a data processing agreement to govern our processing of your personal data. If needed, this will include so called standard contractual clauses approved by the EU Commission for transfer of personal data from the EU to countries outside of the EU. If you are a Contentful customer and you require a data processing agreement, please raise a support ticket in your Contentful account under the category 'Security & Privacy'.
As between Contentful and its vendors like AWS, Contentful enters into similar data processing agreements, including the standard contractual clauses or other legally approved data transfer mechanisms to ensure adequate level of data protection to the extent personal data is transferred outside of the EU.
What are you doing to ensure compliance with data protection laws?
Although the Contentful services are intended for managing non-sensitive, public, editorial content, Contentful takes privacy and security seriously. This includes complying with the GDPR and the CCPA. Here are some highlights of our initiatives with regards to privacy and security:
Contentful provides the ready-to-use infrastructure for powering your content-driven applications. Thanks to our service, your development team can channel its efforts to building out modules providing high business value and launching new projects quickly, instead of building, scaling and maintaining the underlying plumbing.
By focusing on developing, managing and scaling content infrastructure for thousands of customers, Contentful can ensure that your content is delivered faster, stays more secure, and is always accessible. All this, at a fraction of the cost it takes to achieve similar performance levels with an in-house team.
Contentful is a cloud-based content infrastructure with application programming interfaces for developers and additional tooling (software development kits) for specific programming languages. Contentful develops and operates its service as a multi-tenant environment.
This means that your organization does not need to run any software (besides the presentation layer in which content is displayed) on your systems, but instead is granted access to the content stored in the Contentful cloud-based backend.
Due to its cloud-based architecture, Contentful does not ship installable proprietary software. Contentful is solely used as a cloud service, all intellectual property rights of the Contentful platform stay with Contentful. This also means that Contentful does not provide customer-specific tailored services or software or other professional services more usual in custom-built IT projects.
Contentful hosts and delivers content for the world’s largest organizations during a routine day and during the high-traffic events like Black Friday or the Super Bowl. We make an effort to provide a reliable service.
Contentful has been highlighted as a top vendor by industry analysts such as Gartner and Forrester. To date, Contentful has received about $45m in funding from some of the world’s most recognized investors.
Our self-service tier is built for the highest degree of automation, which permits us to offer self-service plans at low prices.
Adding custom payment terms or payment methods would result in high running costs and make the current plan prices untenable.
For this reason, we only accept payments by credit card on the self-service tier. Get in touch with our sales team for the improved enterprise version of Contentful, where we also support purchase orders, wire transfers (ACH, SEPA) and checks.
Just as for payment methods, offering custom legal terms would incur a lot of additional costs making it unsustainable for us to offer self-service plans at the current price levels.
For this reason, we do not support any changes to our online terms nor signing of any additional agreements nor carrying out of custom security audits on our self-service tier.
If you require more flexibility, contact our sales team to find out about the premium enterprise version of Contentful, where we offer more room for custom agreements.