Privacy and Security
Mautic has created this Privacy and Security Policy to apply to all our cloud-based services (the “Services”) marketed here on Mautic.com. The goal of this policy is to demonstrate our commitment to the privacy and data security of:
- Visitors to the Mautic.com website and any sub-domains of this site
- Users of the Mautic Cloud marketing automation platform at Mautic.net (Pro customers and Free users)
- Our customers' contacts that are stored in their Mautic Cloud accounts
Collection of Information by Mautic
Information that site visitors may choose to provide to Mautic via our website
On this website, we collect information that you provide to us directly. For example, we collect information when you create an account, participate in any interactive features of the Services, fill out a form, pay for subscriptions, apply for a job, communicate with us via third party social media sites, request customer support or otherwise communicate with us. Such Personally Identifiable Information (“PII”) may include your name, email address, company name, phone number and any other requested information which you choose to provide. Mautic, Inc. makes every reasonable effort to maintain GDPR-compliance in our internal marketing operations.
Information Mautic collects automatically through customers’ use of our Services
Our Website includes social media features, such as the “share this” button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These features are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policies of the company providing them. We may also obtain information from other sources and combine that with information we collect through our Services. Mautic, Inc. makes every reasonable effort to maintain GDPR-compliance in our internal operations.
Information Mautic collects on behalf of our customers about their contacts
As part of the configuration and setup of our Services, customers can choose whether they want to use Mautic to collect & track information about their contacts. The type and amount of information collected about their contacts is determined by the customer. If the customer chooses to use Mautic to collect & track information about their contacts, Mautic will employ technologies such as: cookies, beacons, tags and scripts.
Mautic enables customers to collect and store Personally Identifiable Information (“PII”), which may include contacts' names, email addresses, phone numbers, job titles, company names and any other PII which our customers choose to request. Mautic does not recommend or support that customers store financial- or health-related information about their contacts or site visitors in their Mautic account. If a customer chooses to collect and store any protected health information (PHI) or financial information in their Mautic account, the customer acknowledges that Mautic, Inc. shall be held blameless. The customer takes complete responsibility for this decision, and any resulting outcomes related to information security of their contacts.
Mautic does not rent or sell information collected about our site visitors, customers or customers' contacts. Information that Mautic collects will be shared only with its employees and best-of-breed infrastructure vendors who are absolutely necessary to deliver our Services. PII about our customers or their contacts cannot be seen or accessed by other Mautic customers, prospects or open source community members.
The Mautic Cloud platform enables customers to achieve GDPR compliance in their marketing automation efforts. Mautic Cloud Free users can view this GDPR Help Center article; Mautic Cloud Pro customers can speak with their Customer Success Manager for hands-on assistance.
Use of Information by Mautic
Mautic may use the PII of our site visitors and customers for various purposes, including the following:
- Provide customer service, including technical notices, updates, security alerts and support as well as responding to your inquiries, including sending requested materials;
- Link or combine with information we get from others to help understand your needs in order to provide, maintain and improve our Services;
- Provide and deliver the products and services you request, process transactions and send you related information, including confirmations and invoices,
- Communicate with you about products, services, offers, promotions, and events offered by Mautic, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage and activities in connection with our Services;
- Provide business information for Mautic, including for data analysis, audits, developing new products, etc.;
- Detect, investigate and prevent fraud and other illegal activities and protect the rights and property of Mautic and others;
- Personalize and improve the Services and provide marketing communications, content or features that are relevant to specific profiles; and
- Carry out any other purpose indicated to you at the time the information was collected
Sharing of Information by Mautic
We may be required to transfer and disclose information, including PII, in response to lawful requests by public and governmental authorities and law enforcement agencies, including to comply with national security or law enforcement requirements.
General Data Protection Regulation (GDPR)
In addition to offering an EU-based datacenter for our paying customers, the Mautic Cloud platform (both the free and pro versions) does enable users to achieve GDPR compliance in their marketing automation efforts. For further details on these capabilities, please see Mautic's GDPR page.
For EU and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Mautic is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Mautic’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Mautic remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Mautic proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Mautic commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Mautic by email at firstname.lastname@example.org
Mautic has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Questions, Concerns and Contact Information
Your privacy is important to us and Mautic has implemented industry-standard technical and administrative measures to protect your personal information. If you have any questions, concerns or complaints regarding the way we collect and handle your information, including if you have reason to believe that your personal information has been compromised, please contact us by email at email@example.com or by regular mail at 10 Cabot Road, Medford, MA 02155 ATTN: Privacy Team.
Because email communications are not always secure, please do not include sensitive information in your emails to us (i.e. credit card information). Mautic will take all privacy complaints seriously and will use all commercially reasonable efforts to resolve such concerns in a timely and efficient manner. For this purpose, we request that you provide reasonable cooperation, including providing us with any relevant information that we may need.
Mautic employs procedural and technological measures that are designed to help protect the personally identifiable information of our customers and their contacts. This includes preventative measures against the loss, unauthorized access, disclosure, alteration or destruction of sensitive data. Mautic may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to your personally identifiable information, including sensitive data.
Mautic also places internal restrictions on which employees within the company may access a customer's account to help prevent unauthorized access to PII of our customers or their contacts. These precautions take into account the risks involved in the processing, the nature of personally identifiable information, and best practices in the industry for security and data protection.
Furthermore, Mautic leverages top-tier global hosting providers in both North America and in Europe to deliver a highly scalable cloud-computing platform. This provides our customers with high availability, dependability and security, without compromising the flexibility we require to deliver solutions to our customers.
Most recently updated: September 2018