Privacy Policy

Page Updated:
January 1, 2026

WPEngine, Inc. (“WP Engine,” “we,” “us,” “our”) maintains this Privacy Policy to inform you of our practices with regard to your information we collect from or about you as a data controller in connection with our websites (the “Sites”), through the provision of our products and services, or through any other means, including interactions we have with you online or offline. We may update this Privacy Policy from time to time by providing an updated version on our Sites. The current version of this Privacy Policy may be found at https://wpengine.com/legal/privacy/. By using a Site or our products and services you acknowledge that you have read and understand the practices described herein.

Please note, this Privacy Policy applies to our data processing activities as a controller of your data such as described above; it does not apply to data collected by our customers who use our products or services to create and manage their own websites, which may collect data from end-users, including personal data (“End-User Personal Data”). If End-User Personal Data is collected by our customers through our products or services, we are the processor and the customer is the controller of such data. We will only use and disclose End-User Personal Data as authorized or directed by the customer and in accordance with our agreement with that customer, or as required by law. If your End-User Personal Data is controlled by one of our customers, and you have concerns about the way that data is managed or wish to exercise your rights with respect to such data (including your rights of access, amendment, or deletion), please contact that customer directly.

If you are a customer who is subject to data privacy laws, including those of the European Union, the United Kingdom, and various states throughout the United States, the Data Privacy Addendum located at https://wpengine.com/legal/dpa/ as it may be updated from time to time governs the obligations between us with regard to personal data as defined by such laws.

1. Personal Data We Collect.
   1. Information You Give Us. In order for you to use our products, services, the features of our Sites, or otherwise engage with us, we will ask you for certain information (e.g. contact information, name, etc.). The amount and type of information that we gather depends on the nature of the interaction. For example, we ask visitors who would like to comment on our blog to provide a username. Those who purchase products or services from us are asked to provide additional information including, as necessary, the personal and financial information required to process transactions. In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with us. You can always refuse to supply personal data; however, doing so may prevent you from receiving our products or services, or engaging in other activities on the Sites. In no event will we ever request sensitive personal data (e.g. health information, religious preferences, etc.) from you, and we expressly request that you not provide any such sensitive personal data to us.
   2. Activity Logs. As is true of most websites, we gather certain information automatically through your use of our products and services, and other features of our Sites. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring or exit pages, the files viewed on the Sites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, clickstream data to analyze trends in the aggregate and administer the Site, and event data regarding how our products and services are used. 
   3. Cookies. We and our partners use cookies and similar technologies to analyze performance and trends, administer the Sites, track users’ movements around the Sites, personalize users’ experiences, and gather demographic information about our user bases as a whole. For more information about cookies and similar technologies, how we use them, and how you can exercise control over them, please read our Cookie Policy located at https://wpengine.com/legal/cookies/.

2. How We Use Personal Data. We will only use the personal data we collect as reasonably necessary for the following purposes:
   • to allow you to use and interact with the Sites;
   • to provide our products or services to you as a user or our customer;
   • to improve and troubleshoot the Sites and our products and services, including bug detection, diagnostics and error reporting;
   • to personalize your experience and customize the Sites, such as by delivering relevant content, saving preferences, and recommending products and features;
   • to understand how you as a user or our customer interact with our Sites and our products and services and advertisements;
   • to improve usability and effectiveness and inform our continued testing and development of the Sites and our products and services; 
   • to communicate with you from time to time in response to your requests for information or as may be relevant to your account with us;
   • to send marketing communications related to our products and services, including updates, promotions, news, offers, and similar content;
   • to allow us and our third-party partners to market and advertise our products and services that may be relevant to you;
   • to secure the Sites, products and services, detect fraud and security incidents, and protect against malicious, deceptive, fraudulent, or illegal activity;
   • as required by applicable law, legal process, or legal requirements pertaining to records retention or for internal administrative purposes; or
   • as specifically authorized by you in writing.

We will not share your phone number or consent preferences with third-parties for their marketing or promotional purposes.

We may de-identify or aggregate information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form. We may use and disclose (including to third-parties) de-identified and aggregate for any purpose, without limitation.

Legal Bases for Processing.  The laws in certain jurisdictions (such as those in the European Union and United Kingdom), require us to inform you of the "legal bases" on which we process your information. The legal bases for using your information as set out in this Privacy Policy are as follows:

• where we need to perform the contract we are about to enter into or have entered into with you for the products and services;
• where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests;  
• where we need to comply with a legal or regulatory obligation;   
• where we have your consent to process your information in a certain way. 

3. Disclosure to Third-Parties. We may disclose your personal data to third-parties as follows:
   • when we believe disclosure is reasonably required to comply with any law or legal request;
   • to enforce our legal and contractual rights, or to protect the rights and safety of others; 
   • to third-party service providers who help us provide our Sites or products and services and operate our business, which are only permitted to access and use your information for purposes of performing services for us or to comply with applicable legal requirements;
   • to third-party marketing, advertising, and advertising analytics partners to help market and advertise our products and services and provide you with advertising that may be relevant to you (consistent with any consent preferences you have elected); or
   • as part of a sale of our assets or a merger of our company.

We remain responsible for compliance with this Privacy Policy by third-parties to whom we disclose your personal data.

4. Procedures to Protect and Retain Personal Data. We have put in place appropriate procedures for safeguarding the personal data we collect. However, we cannot guarantee that personal data we collect will never be disclosed in a manner inconsistent with this Privacy Policy. We aim to follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. We may keep your personal data for the period required to meet the purposes described herein. Additionally, we will retain this information as required by law, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

5. Your Rights and Choices Over Personal Data that We Maintain. 
   If you would like to change information that we maintain about you, you may log into your account and change it or submit a support request for any information to which you don’t have access or the ability to change yourself. 
   
   Depending on where you live, you may have certain rights with respect to your information. For example, under the laws various states—such as California, Colorado, Connecticut, Oregon, and others—you may have the right to receive general information about our processing activities, confirm that we are processing your data, request access to all the personal data we process about you, to rectify or correct your data, to receive communication of your data in an interoperable format (if technically feasible), to restrict or oppose the processing of your personal data, to request the deletion of your personal data, and to opt out of the “sale” or “share” of your personal data (or suppress the use of your data for targeted advertising). If you are a California resident, please also see the section “California Residents” below for certain information specific to California residents. Subject to the laws of where you live, if that processing is justified by your prior consent, you may have the right to withdraw your consent at any time. Finally, in the event of a dispute concerning the processing of your personal data, you may have the possibility to file a complaint with the competent supervisory authority.  
   
   Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our products or services to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and certain account information. Applicable law may also permit you to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing such an authorized agent's request.  
   
   We will not discriminate against you for exercising any of your rights as provided for in applicable law. 
   
   Email Communications. You may opt out of receiving promotional and similar emails from us by following the “unsubscribe” instructions provided in the emails. Alternatively, you may contact us as described herein. You may not be able to opt out of all emails, including certain administrative or billing communications which are important to the ongoing maintenance of your account. 
   
   SMS Communications. If you have opted in to receiving SMS marketing messages from us, you may opt out at any time by replying with “STOP.”
   
   Sale/Share/Targeted Advertising Opt Out Rights. We do not sell personal information for monetary consideration. However, we may allow our third-party advertising and analytics partners to place cookies and similar tracking technologies on our Sites to help market our products and services and allow them to serve you more relevant advertisements as further described in our Cookie Policy located at https://wpengine.com/legal/cookies/. We may also share or use hashed contact information for this purpose. This activity is known as “sharing” or processing your personal information for targeted ads and may be considered “selling” your personal information under the laws in certain U.S. jurisdictions—such as California, Colorado, Connecticut, Oregon, and others. If you (or in applicable states, your authorized agent) would like to opt out of our use or disclosure of your information for such purposes, you can do so through the “Cookie Settings” link or “Do Not Sell or Share My Personal Information” link, in a Sites’ footer and following the instructions to opt out. Even if you opt out, you will still see advertising, it just may be less relevant to you, or it may be personalized for you based only on the data that we have collected about you. Please note that you must opt out on each device and each browser where you want your choice to apply. Your preference may be lost if you clear, or your browser is set to clear, cookies. If you have enabled a legally recognized browser-based opt out preference signal (such as Global Privacy Control) on your browser, we recognize such preference in accordance with and to the extent required by applicable law. You will need to turn this on for each browser you use to access our Sites.
   
   As described above, if you are an end user of one of our customers and you have concerns about the way that customer is managing your personal information or wish to exercise your rights with respect to such personal information (including your rights of access, amendment, or deletion), please contact that customer directly. We will only disclose, modify, block, or take any other action with respect to personal data for which our customer is a controller at the authorization or direction of the customer in accordance with our agreement with that customer, or as required by law.
   
   To inquire about any of your rights, please email us at [email protected] or submit a support request. We will respond to your request within the time period prescribed by applicable law.

6. EU-U.S. Data Privacy Framework, the UK Extension to the Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks. We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension of the EU-U.S. Data Privacy Framework (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPFs”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK-U.S. DPF. Further, we adhere to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. Under the DPFs, we are responsible for the processing of personal data that we collect from you and subsequently transfer to third parties acting as agents on our behalf. We comply with the DPF Principles for all onward transfers of personal data from the EU, UK (and Gibraltar), and Switzerland including the onward transfer liability provisions. The U.S. Federal Trade Commission has jurisdiction over our compliance with the DPFs. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including requests made to meet national security or law enforcement requirements. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider, Truste, (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions you may invoke binding arbitration when other dispute resolution procedures have been exhausted. This is more fully described on the Data Privacy Framework website located at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov.

7. California Residents. If you are a resident of the State of California, this Section addresses your rights and our obligations under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2023 (collectively the “California Privacy Laws”). If you are a resident of the State of California applying for a job with us, our Job Applicant Privacy Notice as provided during the application process through https://wpengine.com/careers/ also applies to you. Terms used in this Section have the same meaning as provided in the California Privacy Laws.
   
   Information We Collect. Our Site and products and services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, our Site and products and services have collected the following categories of personal information from visitors within the last 12 months:

Sales and Sharing of Personal Information. California residents have the right to opt out of the “sale” of their personal information and the “sharing” of their personal information for cross-context behavioral advertising purposes. We do not sell personal information for monetary consideration. However, we may allow our third-party advertising and analytics partners to place cookies and similar tracking technologies on our Sites to help market our products and services and allow them to serve you more relevant advertisements as further described in our Cookie Policy located at https://wpengine.com/legal/cookies/. We may also share or use hashed contact information for this purpose. This activity is known as “sharing” your personal information and may be considered “selling” your personal information under California law. If you or your authorized agent would like to opt out of our use or disclosure of your information for such purposes, you can do so through the “Do Not Sell or Share My Personal Information” link in a Sites’ footer and following the instructions to opt out. Even if you opt out, you will still see advertising, it just may be less relevant to you, or it may be personalized for you based only on the data that we have collected about you. Please note that you must opt out on each device and each browser where you want your choice to apply. Your preference may be lost if you clear, or your browser is set to clear, cookies. If you have enabled a legally recognized browser-based opt out preference signal (such as Global Privacy Control) on your browser, we recognize such preference in accordance and to the extent required by applicable law. You will need to turn this on for each browser you use to access our Sites.

Rights Regarding Your Information. If you are a California resident, you have the following rights with respect to your personal information:

• request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including: the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our business or commercial purpose for collecting or selling that personal information, and the categories of third parties with whom we sell or share that personal information. This information is provided in the Privacy Policy above. You also have the right to request the specific pieces of personal information we collected about you;
• request that we correct any inaccurate information we hold about you, subject to certain limitations under applicable law;
• request deletion of certain information we hold about you; and/or
• provide information about the financial incentives we offer you, if any.

Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide products and services to you. We also need to take reasonable steps to verify your identity before responding to a request; please see the “Exercising Your Rights” section.

You may designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent's request.  

Sensitive Personal Information. California Privacy Laws also allow you to limit the use or disclosure of your "sensitive personal information" (as defined in the California Privacy Laws) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the California Privacy Laws. 

Financial Incentives. We may offer you certain financial incentives permitted by the California Privacy Laws that can result in different prices, rates, or quality levels. Any California Privacy Laws-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Exercising Your Rights. 
To exercise the rights described above, you can contact us by email at [email protected] or submit a support request. Only you, or a business registered with the California Secretary of State that you authorize to act on your behalf, or a person you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. Your consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

As described above, if you are an end user of one of our customers and you have concerns about the way that customer is managing your personal information or wish to exercise your rights with respect to such personal information (including your rights of access, amendment, or deletion), please contact that customer directly. We will only disclose, modify, block, or take any other action with respect to personal data for which our customer is a controller at the authorization or direction of the customer in accordance with our agreement with that customer, or as required by law. 

Non-Discrimination. We will not discriminate against you for exercising any of your California Privacy Laws rights. 

Retention of Your Personal Information. Please see the “Procedures to Protect and Retain Personal Data” section above.

Shine the Light. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Sites or products and services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please see the “Exercising Your Rights” section for more information.