Skip to main content


Engaging our customers with trust

At Sitecore we understand the value of data, and the importance of protecting it. We aim to be transparent with our customers, partners, service providers, and web visitors about how we handle data in all your interactions with Sitecore, so that you know how your information is kept safe and secure.

For all legal documents, explore the new Legal Hub!

Access privacy, security, and compliance datasheets, white papers, brochures.
“Sitecore is committed to the privacy-first philosophy of the GDPR and emulating that in our processes and products. With that in mind, we have taken a number of steps to ensure our ongoing compliance and our Privacy Team is implementing an ongoing data protection plan that covers all areas of our business.“

Rachael Ormiston
Chief Privacy and Cyber Compliance Officer,

Frequently asked questions

  • Does Sitecore adhere to the GDPR and/or the CCPA?

    Like all globally engaged companies, Sitecore took a number of steps to implement the various requirements of the General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) and evolving global privacy laws into Sitecore’s business. This meant building our privacy, security and data governance teams and continuing to build our data strategy to ensure a robust data model for continuing adherence beyond the May 25th 2018 implementation dates of new laws.

    These steps included:

    • Building an accountable privacy team: With a Data Governance Committee comprised of Sitecore C-suite members from the Legal, HR, Finance, Marketing, Customer Operations, Product, and Sales teams, and supported by a Steering Group, Sitecore has implemented top-down awareness of our privacy and data governance framework to ensure accountability in all of our business processes.
    • Transparency, notice and choice: We have updated our Privacy Policy to ensure that those whose data we collect understand how it will be processed and can make informed choices about whether to share their data with us.
    • Organizational measures: We reviewed our internal processes to ensure that we have improved internal guidelines and thresholds on who we work with and engage as vendors, reviewing our contracts to ensure that appropriate contractual mechanisms are in place before sharing data, implementing structures that incorporate privacy by design in our product review cycles and establishing protocols for responding to data subject requests.
    • Technical measures: We have improved our internal security measures to ensure greater asset management and encryption on portable devices, as well as updating our internal security policies to deal with new legal requirements. Refer to the Trust Center security page for more information on Sitecore’s security framework.
    • Reviews: We have built into our business model reviews and audits to ensure that we continue to assess


  • What is an ISO certification?

    The International Organization for Standardization (“ISO”) is an independent, non-governmental international organization that creates and develops global standards.

  • Why is ISO certification important to Sitecore?

    Sitecore has recently obtained a number of ISO certifications, detailed on the Trust Center security page.

    ISO 27001 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance and continuous improvement of the ISMS.

    ISO 27017 is a security standard that provides guidance on the information security aspects of cloud computing. Sitecore uses this standard to supplementing the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.

    ISO 27018 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud. By providing cloud services, Sitecore acts as a data processor to its customers. Sitecore uses ISO 27018:2014 standard in order to protect the PII that it processes for its customers

    These standards are internationally recognized and demonstrates to our customers, partners and vendors that we have adopted best practices to manage the infrastructure of Sitecore’s ISMS and cloud offerings

  • How do I submit a support ticket?

    To contact Sitecore’s support team, please submit your support ticket via the Sitecore Support Portal at:

  • Is Sitecore a Processor or Controller of my Personal Information?

    Whether Sitecore is a Processor or Controller (as defined by applicable laws) will depend on your relationship with Sitecore and the purpose for which the data is being processed. Generally however, when Sitecore is entering into a relationship with our customers, Sitecore is a processor of personal information and a controller of Other Information. This will be detailed in the applicable Order Form or Agreement with Sitecore. When Sitecore is gathering the information on our website or for marketing activities, Sitecore is generally a controller of data.

  • How can I opt-out of Sitecore selling my data?

    Under the CCPA, a “sale” means providing to a third party personal information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. Based on our current understanding of the CCPA, we do not “sell” your personal information as defined in the CCPA. We will continue to monitor the regulations and clarifying guidance once available so that we can evolve our update our business practices as may be appropriate. If you have any questions on this, please reach out to [email protected].

  • Where can I find more Trust Center resources?


    Access more information, brochures and white papers about privacy and security at Sitecore.


  • How can I get in touch?

    • For questions, comments, or feedback regarding Sitecore’s privacy practices, contact us at [email protected].

    • To report a security vulnerability in the product, or to get support on how to use a product security feature, please contact Sitecore’s support team here.

    • For all other questions, please visit our company Contact us page.