As an open source CMS, we place a high priority on data protection and privacy. Our protective measures are clear, comprehensive, advanced, and built into every level of our data-gathering process.

No obfuscation tolerated. We clearly spell out what data we collect and why, as well as how we use it, process it, and who can access it. Delve into TYPO3 with a confidence rooted in knowledge.

We’re transparent about how TYPO3 collects, processes, and uses data in our comprehensive privacy policy. You’ll learn:

• Your data rights
• How we record data
• Any third-parties and their data privacy policies
• Storage duration
• Non-EU data transfers

With robust security measures at technical and organizational levels, TYPO3 expends every effort to ensure the confidentiality of our data. We plan ahead, collaborate, and act with urgency when needed to protect user data from unauthorized access, use, or disclosure.

• Regular security updates. We ensure that the system is up-to-date with the latest security standards.
• Encryption. Data you transmit to us, including transactions, uses SSL and/or TLS encryption.
• Strict access control. Our user roles are configurable to define the scope and impact of activity.
• Security features. We use password hashes, anonymized IP addresses, HTTPS/TL support, and Same-site Cookies.
• Data protection training. All people in official roles, such as team leads and co-leads receive regular data protection trainings.

As a membership organization, TYPO3 collects user data through subscriptions, events, purchases, training, and more. However, our commitment to data minimization means we only collect and process operational data. Any data beyond the functional runs a higher risk of compromising our users’ privacy, and that’s a non-starter for us.

• Regular process reviews.
• Privacy-friendly default settings.
• An automatic purge of old user data with TYPO3’s Scheduler module.
• Deletion of personal data at user request.

As an open source CMS, user rights are inviolable to us. We operate from the premise that all personal data has the right to be protected. With the ability to access, modify, or delete your data through your user account, your control is guaranteed.

• Listening. We collaborate with the community to address privacy-related concerns, including a monthly Consultation Hour.
• Active opt-in. The data-gathering process requires your explicit consent.
• Fine control. Users can object or restrict the processing of their data through their My TYPO3 account.
• Information availability. Access to the source, recipients, and purposes of your archived personal data.

We align closely with the GDPR, the strongest data privacy and protection law of the land. As regulations are continually added or changed, we keep pace. We regularly assess and update our privacy policy and data processing activities for ongoing compliance.

• Customized data protection with third-party GDPR extensions.
• TYPO3’s community-driven GDPR Initiative to track our data protection goals.

All people in official roles, such as team leads and co-leads, Association Board and Business Control Committee members, receive regular data protection trainings.