MODX Privacy Policy

This Policy explains how we collect and use your data at MODX as well as your choices for how we handle your personal information.

Effective May 25, 2018 (Previous Policy in force until May 24, 2018)

#About Your Privacy at MODX

MODX considers user privacy paramount, and we take great care in keeping the information of the visitors, users, and Customers ("Users" or "You") private and secure. This "Privacy Policy" explains how MODX Systems, LLC (collectively "MODX", "MODX Cloud" or "we", or "us", or "our") collects, uses and shares your personal information in connection with your use of modx.com, modx.co, modx.cloud or modxcloud.com, including all subdomains (collectively, the "Sites") and our services.

This Policy also explains your choices for how we handle your personal information. For convenience, the Sites and our services are collectively referred to as the "Service." This Privacy Policy applies only to personal information of users of the Site or Service. This policy does not apply to any third-party Services, which are governed by their own privacy policies. We have tried to keep this simple, but if you have any questions or concerns about any terms or information in this document, please email us at [email protected]. Your privacy is very important to us whether you're new to MODX or a long-time user. Please take the time to learn how we use your personal information.

We recommend Users within the European Union read the important information in the section entitled, Information for Users from the European Union

Table of Contents

  1. About Your Privacy at MODX
  2. MODX's Service and Client User Data
  3. Information We Collect From You
    1. Information You Provide to Us
    2. Information Automatically Collected
  4. How We Use Your Personal Information
    1. To Provide the Service
    2. To Communicate with You
    3. To Comply with Laws
    4. With Your Consent
    5. To Create Anonymous Data for Analytics
    6. For Compliance, Fraud Prevention and Safety
  5. Sharing Your Information
  6. Sensitive Personal Information
  7. Changes to Your Personal Information
  8. Choice
    1. Access, Update, Correct, or Delete Your Information
    2. Access to Data Controlled by Our Clients
    3. Marketing Communications
    4. Testimonials
    5. Tracking and Targeted Advertising
    6. Choosing not to share your personal information
  9. Security
  10. Notification of Breach
  11. International Transfer
  12. Other Sites and Services
  13. Social Media Widgets
  14. User Generated Content
  15. Children
  16. Information for Users from the European Union
    1. Personal Information
    2. Controller and Data Protection Officer
    3. Legal Basis for Processing
    4. Use for New Purposes
    5. Retention
    6. Your Rights
  17. Cross-Border Data Transfer
  18. Changes to this Privacy Policy
  19. Questions

#MODX's Service and Client User Data

Customers of our Service ("Clients") use it to host, manage, and develop websites, applications, and similar online projects for themselves or for their customers.

Client User Data may include, without limitation, information about the identity of Client users, such as name, postal address, e-mail address, IP address and phone number.

This Privacy Policy does not apply to Client User Data or to Client Services, and we are not responsible for our Clients' handling of Client User Data. Our Clients have their own policies regarding the collection, use, and disclosure of your personal information.

To learn about how a particular Client handles your personal information, we encourage you to read the Client's privacy statement. Our use of Client User Data provided by our Clients in connection with our Services is subject to the written agreement between MODX and Client. This Privacy Policy also does not apply to websites, applications, or services operated by other parties or that display or link to different privacy statements. For residents and citizens of the European Union or EEA, with regard to Client User Data, MODX is a Data Processor as defined in Article 4 of the EU General Data Protection Regulation.

#Information We Collect From You

We collect personal information about you in the following ways:

#Information You Provide to Us

Personal information that you may provide through the Service or otherwise communicate with us includes:

  • Identity information, such as your first name, last name, username or similar identifier, title, and date of birth;
  • Contact information, such as your postal address, email address and telephone number;
  • Profile information, such as your username and password, interests, preferences, feedback and survey responses;
  • Support, feedback and correspondence, such as report a problem with Service, receive customer support or otherwise correspond with us, information you provide in your responses to surveys, when you participate in market research activities,;
  • Financial information, such as your credit card or other payment card details;
  • Transaction information, such details about purchases you make through the Service and billing details;
  • Usage information, such as information about how you use the Service and interact with us;
  • Marketing information, such your preferences for receiving marketing communications and details about how you engage with them;
  • Information we get from others. We may obtain additional information about you from third-party sources to enrich your experience on the MODX.com website and provide you with more relevant information related to our service offerings.

#Information Automatically Collected

Our servers may automatically record certain information about how you use our Site (we refer to this information as "Log Data"), including both Clients and casual visitors. Log Data may include information such as a user's Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site is used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third-partiesto analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users' needs and preferences.

MODX and our partners use cookies or similar technologies to analyze trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole. Users can control the use of cookies at their individual browser levels.

#How We Use Your Personal Information

#To Provide the Service

If you have a MODX or MODX Cloud account, we use your personal information:

  • to operate, maintain, administer and improve the Service;
  • to manage and communicate with you regarding your Service account, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages;
  • to process payments you make through the Service;
  • to better understand your needs and interests, and personalize your experience with the Service; and
  • to respond to your Service-related requests, questions and feedback.

#To Communicate with You

If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you MODX-related marketing communications if permitted by law but will provide you with the ability to opt out.

#To Comply with Laws

We use your personal information as necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third-party marketing communications. You may revoke consent or unsubscribe at any time.

#To Create Anonymous Data for Analytics

We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.

#For Compliance, Fraud Prevention and Safety

We use your personal information as we believe necessary or appropriate to:

  • enforce the terms and conditions that govern the Service;
  • protect our rights, privacy, safety or property, and/or that of you or others; and
  • protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

#Sharing Your Information

We do not share or sell the personal information that you provide us with to other organizations without your express consent, except as described in this Privacy Policy. We disclose personal information to third-parties under the following circumstances:

  • Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.
  • Service Providers. We may employ third-party companies and individuals to administer and provide the Service on our behalf (such as bill and credit card payment processing, customer support, hosting, email delivery, and database management services). These third-parties are permitted to use your personal information only to perform these tasks in a manner consistent with this Privacy Policy and are obligated not to disclose or use it for any other purpose.
  • Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Compliance with Laws and Law Enforcement; Protection and Safety. MODX may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to:
    • comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities;
    • enforce the terms and conditions that govern the Service;
    • protect our rights, privacy, safety or property, and/or that of you or others; and
    • protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • Business Transfers. MODX may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

#Sensitive Personal Information

We ask that you not send to us or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.

If you send or disclose any sensitive personal information to us (such as when you submit user generated content to the Site), you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of the above mentioned sensitive personal information, you must not provide it.

#Changes to Your Personal Information

It is important that the personal information we hold about you is accurate. Please let us know if your personal information changes during your relationship with us by updating your Site profilewhen logged into the Site, or emailing change requests to [email protected].

#Choice

#Access, Update, Correct, or Delete Your Information

All MODX account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. MODX account holders may also contact us at [email protected] to accomplish the foregoing or if you have additional requests or questions.

#Access to Data Controlled by Our Clients

MODX has no direct relationship with the individuals whose personal information is contained within the Client User Data processed by our Service. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients should direct their request the Client. You may also contact us at [email protected] if you have additional questions or concerns.

#Marketing Communications

#Email

You may opt-out of marketing-related emails by logging in and changing your account settings or by clicking on a link at the bottom of each such email. You may continue to receive Service-related and other non-marketing emails.

#Telephone

We may contact you by telephone, with your consent where applicable, for marketing purposes (including by automatic dialer and/or prerecorded message). If you do not want to receive marketing calls, please contact customer support through the support links on the appropriate Site or [email protected]. You do not need to agree to receive automated marketing phone calls or from us to use the Services.

#Text, SMS, Push Notification

We may contact you by text message, with your consent where applicable, for marketing purposes (including by automatic system or precomposed message). If you do not want to receive marketing messages, please contact customer support through the support links on the appropriate Site or [email protected]. You do not need to agree to receive automated marketing texts from us to use the Services.

#Cookies

For information about how to manage and opt out from cookies, please visit our Cookie Policy.

#Testimonials

If you gave us consent to post a testimonial to our site, but wish to update or delete it, please email us at [email protected] to request its change or removal.

#Tracking and Targeted Advertising

We may allow service providers and other third-parties to use cookies and other tracking technologies to track your browsing activity over time and across our Site and third-party websites. We may also partner with third-party ad networks to either display advertising on our Sites, to manage our advertising on other sites, or to provide you targeted advertisements based upon your interests on our Site or on third-party sites. You may opt-out of having your personal information used for targeted ads by clicking here (or if you are in the European Union, here), but you may still receive generic ads. Other companies' use of their tracking technologies is subject to their own privacy policies. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track or similar signals. To find out more about "Do Not Track," please visit allaboutdnt.com.

In some of our communications, we use tracking means, such as a "click-through URL" linked to content on the Site. We track this data to help us measure the effectiveness of our customer communications.

For further information about tracking, please visit our Cookie Policy.

#Choosing not to share your personal information

Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to close your account. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.

#Security

MODX Cloud is concerned with the security of the data we have collected and uses commercially reasonable measures to prevent unauthorized access to that information. These measures include:

  • Internal policies
  • Handling procedures
  • Employee training
  • Restricted physical access
  • Technical elements relating to data access controls.

In addition, MODX uses standard security protocols and mechanisms to facilitate the exchange and the transmission of sensitive data, such as credit card details. Encrypted point-to-point connections are used to communicate between systems to protect customer financial information, as well as encrypting vital information that customers input through the Site.

Although reasonable efforts are made to secure network communications and the Site, MODX cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure.

#Notification of Breach

In the event that personal information has been acquired—or is reasonably believed to have been acquired—by an unauthorized person, MODX will notify the affected individual of the breach by email or if MODX is unable to contact the individual by email,we will attempt to reach you by alternate means such as telephone, text or regular mail. Notice will be given promptly, consistent with the legitimate needs of law enforcement and any measures necessary for MODX or law enforcement to determine the scope of the breach and to ensure or restore the integrity of the data system. MODX may delay notification if MODX or a law enforcement agency determines that the notification will impede a criminal investigation, and in such case, notification will not be provided unless and until MODX or the law enforcement agency determines that notification will not compromise the investigation.

#International Transfer

MODX is headquartered in the United States and has affiliates and service providers in other countries. Your personal information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. European Union users should read the important information provided below about transfer of personal information outside of the European Economic Area.

#Other Sites and Services

The Service may contain links to other websites and services. These links are not an endorsement, authorization, or representation that we are affiliated with that third-party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

#Social Media Widgets

Our Site may include social media features, such as the Facebook "like" button and widgets, such as the "share this" button. These features may collect your personal information and track your use of the Site. These social media features are either hosted by a third-party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing such functionality.

#User Generated Content

We may make available on our Site, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.

#Children

MODX does not knowingly acquire or receive personal information from children under 16. If we later learn that any user of our Service is under the age of 16, we will take appropriate steps to remove that user's information from our account database and will restrict that individual from future access to the Service.

#Information for Users from the European Union

#Personal Information

References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European data protection legislation.

#Controller and Data Protection Officer

MODX Systems, LLC, is the controllerof your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at [email protected]. See the Questions section below for additional contact details.

We only use your personal information as permitted by law. We are required to inform you of the legal basisof our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at [email protected].

Processing Purpose Legal Basis
To provide the Service Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service
To communicate with you
To create anonymous data for analytics
For compliance, fraud prevention and safety
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with laws Processing is necessary to comply with our legal obligations
With your consent Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at [email protected].

#Use for New Purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

#Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for seven (7) years after they cease being customers for tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

#Your Rights

Where the European Union's General Data Protection Regulation 2016/679 ("GDPR") applies, in certain circumstances and subject to data processing agreements, you have rights in relation to the personal information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please contact [email protected]. Please note that for each of the rights below (Access, Portability, Correction, etc.), we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

#Access

You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.

#Portability

You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable electronic format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third-party.

#Correction

You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

#Erasure

You may request that we erase the personal information we hold about you in the following circumstances:

  • Where you believe it is no longer necessary for us to hold the personal information;
  • We are processing it on the basis of your consent and you wish to withdraw your consent;
  • We are processing your data on the basis of our legitimate interest and you object to such processing;
  • You no longer wish us to use your data to send you marketing; or
  • You believe we are unlawfully processing your data.

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.

#Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:

  • You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
  • We wish to erase the personal information as the processing we are doing is unlawful but you want us to simply restrict the use of that data;
  • We no longer need the personal information for the purposes of the processing but you require us to retain the data for the establishment, exercise, or defense of legal claims; or
  • You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.

#Objection

You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by contacting [email protected].

#Cross-Border Data Transfer

Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:

  • Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third-countries.
  • For transfers to third-parties in the United States, ensuring they participate in the E.U.-U.S. Privacy Shield Framework.

Please email [email protected] if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

#Changes to this Privacy Policy

We retain the right to modify this Privacy Policy at any time. We encourage you to review this page from time to time, for the latest information on our privacy practices. If we make material changes to this Privacy Policy you will be notified via email (if you have an account where we have your contact information) or another manner through the Service that we believe reasonably likely to reach you (which may include posting a new privacy policy on our Site, or a specific announcement on this page or on our blog).

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Service, or as otherwise indicated at the time of posting. In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

#Questions

If you have any questions or concerns about our Privacy Policy, please email us at [email protected]. If you wish to send us a postal letter:


Last edited on September 3, 2020.

Launch a MODX site with ease

Turn your code into a MODX-powered digital experience and deploy with confidence.

Request a Demo Plans & Pricing

Got questions? Contact us to ask or schedule a demo. Want to self-host? Download MODX