(Updated: January 1, 2024)

TRUSTe

WPEngine, Inc. (“WP Engine,” “we,” “us,” “our”) maintains this Privacy Policy to inform you of our practices with regard to personal data we collect from or about you in connection with our web site (the “Site”) or through the provision of our services (the “Services”). We may update this Privacy Policy from time to time. We will notify you of any significant change by providing a notice on our web site or, if you are a customer, by whatever other means upon which we have mutually agreed. The current version of this Privacy Policy may be found at https://wpengine.com/legal/privacy/. By using the Site or the Services you acknowledge your consent to the practices described herein

If you are a customer who is subject to the privacy laws of the European Union, the United Kingdom, or the United States the Data Privacy Addendum located at https://wpengine.com/legal/dpa/ as it may be updated from time to time governs the obligations between us with regard to personal data as defined by such laws.

  1. Personal Data We Collect
    1. Information You Give Us. In order for you to use our Services and other features of our Site, we will ask you for some of your personal data (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. For example, we ask visitors who would like to comment on our blog to provide a username. Those who purchase Services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions. In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with us. You can always refuse to supply personal data; however, doing so may prevent you from receiving our Services or engaging in other activities on the Site. In no event will we ever request sensitive personal data (e.g. health information, religious preferences, etc.) from you, and we expressly request that you not provide any such sensitive personal data to us.
    2. Activity Logs. As is true of most websites, we gather certain information automatically through your use of our Services and other features of our Site. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring or exit pages, the files viewed on the Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, clickstream data to analyze trends in the aggregate and administer the site, event data regarding how the Services are used to collect and aggregate certain diagnostic and analytics information. We use analytical software to help us understand this information. This software sends information to its licensor. Other sites and companies may also use this software. As a result, the licensor may collect information that, when aggregated by them, allows them to identify you individually. We have no responsibility for this collection and use.
    3. Cookies. We and our partners use cookies and similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level.
      Ads appearing on our Site may be delivered to you by advertising partners who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers our use of cookies and does not cover the use of cookies by any advertisers. However, data tracking files used by us may also be used by these advertisers and, when combined with other information held by them, be used to identify you personally. For more information on third party cookies and instructions on how to opt-out of those cookies set by members of the National Advertising Initiative, please click here. Or, if you are located in the European Union, please visit the European Interactive Digital Advertising Alliance here.
    4. Information Collected by Our Customers. Our customers may collect personal data in connection with the Services we provide to them. WP Engine’s customers control the personal data they collect, and WP Engine will not use or disclose that personal data except as authorized or directed by the customer in the course of our provision of the Services and as governed by our agreement with that customer. If your personal data is controlled by one of our customers, and you have concerns about the way that data is managed or wish to exercise your rights with respect to such data (including your rights of access, amendment, or deletion), please contact that customer directly
  2. How We Use Personal Data. WP Engine will only use the personal data we collect as reasonably necessary for the following purposes:
      • to allow you to use and interact with the Site;
      • to provide the Services to you as our customer;
      • to inform our continued development of the Site and the Services;
      • to communicate with you from time to time in response to your requests for information or as may be relevant to your account with us;
      • to send marketing communications related to the services we provide;
      • as required by applicable law or legal requirements pertaining to records retention or for internal administrative purposes; or
      • as specifically authorized by you in writing

    We will not share your phone number or consent preferences with third parties/affiliates for their marketing/promotional purposes.

  3. Disclosure to Third Parties. We will not disclose your personal data to third parties except as follows:
    • when we believe disclosure is reasonably required to comply with any law or legal request;
    • to enforce our legal and contractual rights, or to protect the rights and safety of others;
    • to third parties who help us provide any part of the Site or the Services, to the limited extent required for such help, and on condition that they may not further disclose your data or use it for any other purpose; or
    • as part of a sale of our assets or a merger of our company.

    We remain responsible for compliance with this Privacy Policy by third parties to whom we disclose your personal data.

  4. Procedures to Protect Personal Data. We have put in place reasonable measures and appropriate procedures for implementing these policies and for safeguarding the personal data we collect. However, we cannot guarantee that personal data we collect will never be disclosed in a manner inconsistent with this Privacy Policy. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.
  5. Your Rights over Personal Data that We Maintain. Upon request, we will provide you with details regarding your personal data that has been collected by us or which is within our systems. If you would like to change information that we maintain about you, you may log into your account and change it or submit a support request for any information to which you don’t have access or the ability to change yourself. For changes or deletion of your Personal Data please write to us at: WPEngine, Inc., Attn: Legal Department, 504 Lavaca St., Ste. 1000, Austin, Texas 78701, or email [email protected]. We will respond to your request within a reasonable timeframe. You may opt-out of receiving most e-mails from us by following the “unsubscribe” instructions provided in the e-mails. Alternatively, you may contact us as described herein. Information covered by this Privacy Policy may be deleted upon your request, provided that such deletion may impact our ability to provide you with the Services. If you are our customer, you may not be able to opt out of all emails, including certain administrative or billing communications which are important to the ongoing maintenance of your account. We may keep your personal data for as long as reasonably required to meet the purposes described herein. Additionally, we will retain this information as required by law, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements
  6. EU-U.S. Data Privacy Framework, the UK Extension to the Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks. We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and as applicable, the UK Extension of the EU-U.S. Data Privacy Framework (“UK-U.S. DPF”) (collectively, the “DPFs”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK-U.S. DPF. Further, we adhere to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. Under the DPFs, we are responsible for the processing of personal data that we collect from you and subsequently transfer to third parties acting as agents on our behalf. We comply with the DPF Principles for all onward transfers of personal data from the EU, UK (and Gibraltar), and Switzerland including the onward transfer liability provisions. The U.S. Federal Trade Commission has jurisdiction over our compliance with the DPFs. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including requests made to meet national security or law enforcement requirements. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions you may invoke binding arbitration when other dispute resolution procedures have been exhausted. This is more fully described on the Data Privacy Framework website located at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov.
  7. California Residents. If you are a resident of the State of California, this Section addresses your rights and our obligations under the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2023 (collectively the “California Privacy Laws”). Terms used in this Section have the same meaning as provided in the California Privacy Laws.

    Information We Collect Our Site collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, our Site has collected the following categories of personal information from visitors within the last 12 months:

    Category: Identifiers.
    Examples: A real name, IP address, email address, account name, or other similar identifiers.

    Category: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
    Examples: A name, address, telephone number, and (if you are applying for a job) your current employment and employment history.

    Category: Internet or other similar network activity.
    Examples: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

    Category: Geolocation data.
    Examples: Physical location or movements.

    Personal information does not include:

    • Publicly available information from government records.
    • De-identified or aggregated consumer information.
    • Information excluded from the California Privacy Laws’ scope.

    We obtain the categories of personal information listed above from the following categories
    of sources:

    • Directly from you. For example, from forms you complete on our website.
    • Indirectly from you. For example, from observing your actions on our website or interactions with our advertisers.

    Use of Personal Information. We may use, or disclose the personal information we collect for one or more of the following business purposes:

    • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
    • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your personal information or as otherwise set forth in the California Privacy Laws.
    • We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

    Sharing Personal Information. We disclose all of the above categories of personal information to our third-party service providers subject, in each case, to a written contract that describes the business purpose of the disclosure and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

    Sales of Personal Information. We do not and will not sell your personal information.

    Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will provide:

    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business or commercial purpose for collecting or selling that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you (also called a data portability request).
    • The categories of personal information we sold to a purchaser, and the categories of recipients.
    • The categories of personal information we disclosed for a business purpose, and the categories of recipients.

    Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

    • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    • Debug products to identify and repair errors that impair existing intended functionality.
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et. seq.).
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

    Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, you can contact us by email at [email protected] or by phone at (877) 973-6446. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
    Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Non-Discrimination. We will not discriminate against you for exercising any of your California Privacy Laws rights. Unless permitted by the California Privacy Laws, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    However, we may offer you certain financial incentives permitted by the California Privacy Laws that can result in different prices, rates, or quality levels. Any California Privacy Laws-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

    California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an electronic message through our website or write us at our address listed on our webpage.