Welcome to the Webflow, Inc., (hereinafter, “Webflow,” “Company,” “us,” “our,” or “we”) EU & Swiss Privacy Policy (the “Policy”).
This Policy governs how Webflow processes the Personal Information of individuals located in the United Kingdom ("UK"), European Union (“EU”), European Economic Area (“EEA”), and Switzerland (collectively, the “Data Subjects”) that are visiting our website, www.webflow.com, and the other websites under the webflow.com domain (collectively, the “Sites”), or are Customers who use our SaaS product, web design software, tools, and related services (together with the Sites, the “Platform”).
This Policy explains how we collect, use, disclose, and protect Data Subjects’ information as part of the Service in accordance with data-protection laws in the UK, EU, EEA, and Switzerland (collectively the “Data Protection Laws”). Any discussion of your use of the Service in this Policy is meant to include your visits and other interactions with the Platform, whether or not you are a user of Webflow’s SaaS product.
Capitalized terms that are not defined in this Policy have the meaning given them in our Terms of Service or Global Privacy Policy including any relevant agreement, policy, or addendum incorporated therein and any amendments or modifications thereto.
By accessing and using our Platform, you signify your acceptance to the terms of this Policy. If you do not agree with or you are not comfortable with any aspect of this Policy, our Global Policy, or the Terms of Service, you should immediately discontinue access or use of our Platform. In the event of a conflict between the Global Privacy Policy and this Policy, this Policy supersedes the Global Privacy Policy.
HI THERE
Welcome to Webflow’s EU & Swiss Privacy Policy! In these boxes, you’ll find our plain-English version of the policy. It isn’t legally binding, so please use this it only as an aid.
This version of our Privacy Policy covers how we collect, use, disclose, and protect the data of those in the United Kingdom (UK), European Union (EU), European Economic Area (EEA), and Switzerland. It takes precedence over the Global Privacy Policy if there are any conflicts between the two.
As per usual with these sorts of things, your use of Webflow means you agree to these policies and terms. If you don’t agree, you shouldn’t use our service.
1. Our relationship to you
In order for you to understand Webflow’s data protection obligations and your rights to your Personal Information under this Policy, it is important that you identify which relationship(s) you have with Webflow.
- A “User” is an individual providing Personal Information to us via our website or other services, products or platforms, such as by signing up for our newsletter or making an account and posting on the Forums. Webflow is in a “data controller” relationship with Users.
- A “Customer” is a specific type of User that has engaged us to act as an agent (or, as a “Data Processor”) by obtaining services made available via through Platform. Webflow is in a “data processor” relationship with Customers.
- Webflow does not have a direct relationship with Customers’ End Users. A “Customer End User” is an individual that provides their Personal Information to our Customers. We do not control the purposes nor the means by which this Personal Information is collected, and we are not in a direct relationship with Customer End Users. For details about how Personal Information about Customer End Users is handled, please review our Customers’ privacy policies instead of this one, and contact them for further information.
Hereinafter we may refer to Customers and Users collectively as “you.”
BASICALLY...
This is the bit where we define our relationship to you.
If you’ve given us some personal information, such as by subscribing to our newsletter or joining our forum, then you’re a “User” of Webflow and we’re a “Data Controller” of your account information, such as your name and email address.
If you use Webflow, then you’re a “Customer” and Webflow is a “Data Processor” for you.
A “Customer End User” is someone who provides their personal information to our Customers. We have no direct relationship with them.
Note that these categories are not mutually exclusive — you might be all three!
2. Notice
Webflow provides notice to you through posted privacy policies and may provide additional "just-in-time" disclosures about the data collection, use, and sharing practices of specific Platform. The Global Privacy Policy generally describes our privacy practices, while this Policy is specific to Users and Customers located in the UK, EU, EEA, and Switzerland.
As a data processor, Webflow is not able to provide notice to or obtain consent from Customer End Users. To the extent required by law, Webflow supports Customers’ data-protection compliance efforts, but it is up to the Customer to ensure the appropriate data protection safeguards are in place before processing Personal Information from Customer End Users.
BASICALLY...
We use our privacy policies and other “just-in-time” methods (like cookie notifications and popups) to let you know about how we gather, use, and share data.
Obviously, we can’t do that for the visitors of any websites you create and host on Webflow, so it’s up to you/your clients to make sure you’re informing your website visitors about how you’re handling their data.
3. Collection of Personal Information
As described in the Global Privacy Policy, Webflow collects various types of Personal Information about you while you are using the Platform. Information that is anonymized or aggregated is not “Personal Information.”
In general, we collect the following types of Personal Information:
- Registration data: full name, email address, and optional social media account information (e.g., if logging in through your Google account).
- Profile data: biographical information, avatar, portfolio of work, skills, and/or freelance availability.
- Financial data: bank account information, payment card information, transaction history, and/or company billing information.
- Transaction data: information about the transactions you make on our Platform, such as the names of your clients, the projects you complete, when projects are published, and/or timestamps of certain actions.
- Online identifiers: geolocation/tracking details, browser fingerprint, OS, browser name and version, and/or IP addresses.
- Interaction data: survey responses, forum or blog posts, authentication data, security questions, public social networking posts, user ID, click-stream data, and other data collected via cookies and similar technologies. Please read our Cookie Policy for more information.
Any information that is disclosed in the forums or our blog becomes public information. This means that your posts are available to the public and may appear in search engines or other publicly available platforms, and may be “crawled” or searched by third parties. Your public posts can also be read, collected, or used by others to send you unsolicited messages. Be careful when posting on public parts of our Platform and do not post any information that you are not comfortable sharing publicly.
BASICALLY...
We collect various kinds of personal information while you’re using Webflow, and all of that data is protected by the policies outlined here. Anonymized info is, naturally, not considered personal.
Any info you post or share on our blog or forum becomes public and crawlable by search engines and other bots, because that’s how the internet works.
4. Purposes of processing
Under Data Protection Laws, we are required to notify you about our purposes of processing your Personal Information, as well as the legal basis for such processing.
Unless otherwise permitted by law, we may process your Personal Information:
- If you consent to the processing
- To satisfy our legal obligations
- If it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you
- In the public interest
- In your vital interests, or
- For our legitimate interests, such as to protect our property, rights, or the safety of Webflow, our customers, or others
To ensure network and information security.
We process your Personal Information to:
- Enhance the security of our Platform
- Combat spam or other malware or security risks
- Monitor and verify identity or service access
- To comply with applicable security laws and regulations
Without processing your Personal Information, we may not be able to ensure the security of our Platform.
To enforce Webflow’s terms and agreements.
We have Terms of Service and other policies that define how you can use our Platform. To ensure that you and others are using our Platform in accordance with such terms and policies, we may process your Personal Information to:
- Investigate, prevent and mitigate any potentially prohibited or illicit activities
- Enforce our agreements with third parties, and/or
- Collect fees based on your use of our Platform
We collect information about your account usage and monitor your interactions with our Platform. We may use any of your Personal Information collected on our Platform for these purposes. The consequences of not processing your Personal Information for such purposes is the termination of your account, as we cannot perform our Platform in accordance with our terms.
To provide our Platform.
We process your Personal Information to provide the Platform. For example, when you want to bill a client for your work, we collect registration, financial, transaction, and interaction data to send the bill to the client and obtain payment. We cannot provide you with Platform without such information.
To provide Service communications.
We may reach out to you to send you administrative or account-related information to keep you in the loop about our Platform, alert you of relevant security issues or updates, or provide other transaction-related information to you. While we generally use your registration data for this purpose, we may send personalized Service communications to you based on other Personal Information, such as interaction, payment, or transaction data. Without such communication, you may miss out on important developments relating to your account that may affect how you can use our Platform.
To ensure quality control.
We process your Personal Information for quality control and staff training to make sure we continue to provide you with accurate information. Without our quality-control measures, you may experience issues while using the Platform. For example, you may not be able to bill clients accurately or in a timely fashion, or you may encounter interruptions on our Platform.
To provide customer service.
When you contact our customer service channel, we process your Personal Information to respond to your questions, disputes, feedback, or issues with our Platform. We may process your Personal Information in response to another customer’s request, as relevant. Without processing your Personal Information for such purposes, we cannot respond to your requests.
To enhance your experience on our Platform.
We process your Personal Information to provide a personalized experience on our Platform and to implement your feedback or the preferences you request. For example, you may share parts of your social media account information with us for authentication. Without such processing of your Personal Information, we may not be able to ensure your continued enjoyment of part or all our Platform.
For research and development purposes.
We process your Personal Information to better understand you and the way you use and interact with our Platform. For example, interaction data can provide helpful insights that assist us with measuring, customizing, or improving current Platform. In addition, such information can help us develop new Platform for your enjoyment. Without such processing, we cannot ensure your continued enjoyment of our Platform.
To facilitate acquisitions, mergers, or other business transactions.
We may process any of your Personal Information as is necessary in the context of acquisitions, mergers, or other business transactions. We will try to notify you in advance if we intend to process your Personal Information for this purpose. You will have the option of terminating your account if you do not wish to have your Personal Information processed for such purposes.
To engage in marketing activities.
We may send you marketing communications from time to time. Such marketing communications may contain information about our events, partner events, or promotional offers. We may use your interaction and/or transaction data to provide you with targeted marketing communications. You can opt out of our marketing communications at any time and free of charge.
We will only use your Personal Information for the purposes above or for compatible purposes.
If we wish to share your Personal Information with third parties that are not described in this Policy or the Global Privacy Policy, we may request your permission as required by Data Protection Law. You may opt out of having your Personal Information shared with third parties, or from allowing us to use your Personal Information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. However, if you limit the way we use your Personal Information, certain features or Platform may not be available to you.
BASICALLY...
We have to let you know why we’re processing your personal info, and the legal basis for doing so. We may process your info:
- With your consent
- To satisfy legal obligations
- If we need to, to fulfill a contract with you, or to enter into a contract with you
- In the public interest
- In your vital interests
- Based on our legitimate interests
If we want to share your info with third parties not listed here or in our Global Privacy Policy, we’ll ask your permission when required by law. You may opt out of such sharing, but it’s possible that will limit your use of Webflow.
5. Third party sources of information
We only collect Personal Information about you from third parties that you voluntarily choose to connect with our Platform. For example, you can share Personal Information with us when you access our Site or Service through a third-party connection, or when you log in or connect an application to Webflow. We process this information for the purposes of performance of our contracts with you. For more information, please see Section 2 of the Global Privacy Policy.
BASICALLY...
We only collect your personal information from third parties that you choose to connect with Webflow, such as Google, if you choose to sign in with Google.
6. Third party recipients
Webflow conducts the majority of data processing activities required to provide you with the Platform. However, we do engage third-party service providers (“subprocessors”) to assist with supporting our Platform, including vendors in the following areas:
- Credit card or payment processors
- Cloud storage providers
- Customer support tools
- Product development tools
- IT and security service providers, and
- Marketing or analytics tools
Each service provider is vetted and bound by contractual obligations that are equivalent to the provision of this Policy or more stringent. See the “Accountability for Onward Transfers” section below for more information about our agreements with third parties.
BASICALLY...
We handle most of the data processing required for you to use Webflow ourselves, but we do use a few third-party services to handle things like payments, file storage, and analytics. All those services abide by policies like ours. More on that in the “Accountability for onward transfers” section below.
7. Retention
We are committed to keeping your Personal Information secure on our Platform. We limit our storage of your Personal Information to the amount of time necessary to fulfil the purposes for which we collected the Personal Information, including for the purposes of satisfying any legal, accounting, or reporting obligations, or to resolve disputes. Although retention laws and requirements vary by jurisdiction, we have some standard retention periods for parts of your Personal Information which are described below:
- Contact information collected for marketing purposes, such as your name and email address, is retained on an ongoing basis until you unsubscribe from our marketing communications. Thereafter we will add your contact information to our suppression list indefinitely to respect your unsubscribe request.
- Browser interaction data, such as cookies and trackers, is kept for a period of up to one year from expiry of the cookie or date of collection.
- Product analytics data is kept for up to 5 years, and automatically deleted on an ongoing basis.
If you have questions about retention periods that apply to any other data, please contact us at [email protected].
BASICALLY...
We’re dedicated to keeping your personal info safe. That’s why we only store your data as long as it’s necessary to fulfill the purpose it was collected for. This varies by data type and jurisdiction, but two of the most important are:
Your marketing contact info: which we keep for as long as you use the platform, or until you ask us to remove it
Your interaction data: which we keep no longer than a year from the date of collection, or from the cookie’s expiration date
Product usage data: which we keep for up to 5 years
‘Cause nobody likes a stale cookie.
8. International transfers
Webflow uses approved data transfer mechanisms to transfer your Personal Information in and out of the United States and other jurisdictions. In relation to transfers of Personal Information to the U.S., Webflow transfers Personal Information pursuant to EU-U.S. and Swiss-U.S. Data Privacy Framework as well as the UK Extension to the EU-U.S. Data Privacy Framework. Webflow is committed to complying with the Data Privacy Framework’s Principles. If you would like to submit a dispute under the Data Privacy Framework you may do so by following the instructions found here. In the event of the invalidation of the Data Privacy Framework, Webflow will transfer Personal Information using the Standard Contractual Clauses or other valid data transfer mechanism as set forth in the Data Processing Addendum.
BASICALLY...
We welcome the use of Standard Contractual Clauses and other approved data transfer mechanisms to transfer your personal data between jurisdictions.
9. Accountability for onward transfer
Webflow complies with the Data Privacy Framework Accountability for Onward Transfer Principle for all onward transfers of Personal Information from the UK, EU, EEA, and Switzerland, including the onward transfer liability provisions. Webflow contractually obligates third-party agents, service providers, and processors to provide the same level of protection as required by the Data Privacy Framework and under the Data Protection Laws. In addition, we limit and specify the purpose(s) for processing your Personal Information consistent with any notice provided to you and your consent.
Upon request by the United States International Trade Administration or Department of Commerce, Webflow will provide a summary or representative copy of the relevant privacy provisions of its agreement with service providers, processors, and third-party agents.
In certain situations, Webflow may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, to comply with a judicial proceeding or court order, or as otherwise required by law. In such an event, we will notify you unless we are prohibited by a binding legal order or applicable law.
BASICALLY...
We use contractual protections and other safeguards when it comes to transferring your personal information to the United States, and require that third parties we work with do so as well.
10. Security
We are committed to protecting the security of your Personal Information by using reasonable and appropriate physical, electronic, and administrative safeguards. Please refer to Section 6 of the Global Privacy Policy for more detailed information about our security safeguards.
BASICALLY...
We care about the security of your personal info. You can read more about our safeguards in section 6 of our Global Privacy Policy.
11. Direct marketing
Direct marketing includes any communications to you that are only based on advertising or promoting products and services. Transactional communications about your account or our Platform are not considered “direct marketing” communications.
We will only contact Customers by electronic means (including email) based on our legitimate interests or the Customer’s consent. When we rely on legitimate interest, we will only send you information about our Platform that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you do not want us to use your Personal Information in this way, or to pass your Personal Information on to third parties for marketing purposes, please go to the email settings for your account to opt out, click an unsubscribe link in your emails, or contact us at [email protected]. You can object to direct marketing at any time and free of charge.
BASICALLY...
Any communications that promote our product and/or services are considered “direct marketing.” If you’re a customer of ours, we’ll only send you direct marketing that’s related to your use of Webflow, unless you consent to receive other types of communications. If you’re not a customer, we will only send you marketing communications you consent to. You can always unsubscribe from your account email settings or by clicking the unsubscribe link in our emails.
12. Your rights
You have the rights to your Personal Information that are described below. You can exercise your rights by contacting us at [email protected] so that we may consider your request under applicable law. When we receive an individual rights request via email, we may take steps to verify your identity before complying with the request to protect your privacy and security.
- Right to withdraw consent. When we rely on your consent for processing of your Personal Information, you have the right to withdraw your consent at any time. However, the withdrawal of your consent will not affect the lawfulness of Webflow’s processing based on consent before your withdrawal.
- Right of access to and rectification of your Personal Information. You have a right to request a copy of your Personal Information stored with Webflow. We will provide a copy to you without undue delay subject to some fee associated with gathering of the information (as permitted by law). We may limit or deny your request if providing you with a copy could adversely affects the rights and freedoms of others. You may also request us to correct or update any inaccurate Personal Information stored by us.
- Right to erasure (or, “the right to be forgotten”). You have the right to request erasure of your Personal Information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented to, but no longer consent to; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. Your right to erasure is subject to limitations by relevant Data Protection Laws.
- Right to data portability. If we process your Personal Information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your Personal Information in a structured, commonly used, and machine-readable format, and to have us transfer your Personal Information directly to another data controller, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.
- Right to restriction of processing. You have the right to restrict our processing of your Personal Information where one of the following applies:
- You contest the accuracy of your Personal Information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your Personal Information.
- The processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead.
- We no longer need your Personal Information for the purposes of the processing, but it is required by you to establish, exercise, or defend legal claims.
- You have objected to processing, pending the verification of whether the legitimate grounds of Webflow’s processing override your rights.
Restricted Personal Information shall only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
- Notification of erasure, rectification, and restriction. We will communicate any rectification or erasure of your Personal Information or restriction of processing to each recipient to whom your Personal Information has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information. If we have made your Personal Information public and we are required to erase the Personal Information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your Personal Information that you have requested the erasure of any links to, or copy or replication of your Personal Information.
- Right to object to processing. Where the processing of your Personal Information is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your Personal Information as permitted by applicable law. We can continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your Personal Information, including profiling, which produces legal or similarly significant effects on you. There may be exceptions or limitations to this right as defined under relevant Data Protection Laws.
BASICALLY...
When it comes to your personal information, you have the right to:
- Withdraw consent
- Access and correction
- Be forgotten
- Enjoy data portability
- Restrict processing
- Have us notify relevant third parties of erasure, rectification, and restriction
- Object to processing
- Opt out of automated individual decision-making, including profiling
You also have the right to have us notify relevant third parties of any changes (including deletions) and/or restrictions.
Each of these rights has conditions, which are outlined in the legally binding portion.
13. Limitations to your rights
Your rights to your Personal Information are not without limits. Access may be denied when:
- Denial of access is required or authorized by law
- Granting access would have a negative impact on other's privacy
- Doing so protects our rights and properties, or
- Where the request is frivolous or vexatious
BASICALLY...
Your rights to your personal information aren’t unlimited, and may be denied under the listed conditions.
14. Recourse, enforcement, & liability
We will investigate and work expeditiously to resolve any complaints or disputes in accordance with this Policy and the Data Privacy Framework. If you have an inquiry or complaint regarding our privacy policies or practices, please contact us first at [email protected].
If you have an unresolved complaint or dispute arising under the requirements of the Data Privacy Framework, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism free of charge. Our independent dispute resolution mechanism is JAMS. For more information and to file a complaint, visit the JAMS website. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Framework.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel.
You have also a right to lodge a complaint with a competent supervisory authority.
BASICALLY...
If you have any questions or complaints related to this policy, you can email us at [email protected]. If we’re not able to resolve the situation with you, we may refer you to JAMS. If those methods don’t work, you may contact the Federal Trade Commission, seek binding arbitration before a Data Privacy Framework Panel, or file a complaint with a supervisory authority in a relevant member state.
15. Children's data
We recognize that some Data Protection Laws vary based on the age of consent. Depending on the jurisdiction, the age of consent can be between 13 to 16 years old. We do not knowingly request to collect Personal Information from any Data Subject under the age of consent as defined by the jurisdiction in which the Data Subject resides. If we are aware of or suspect that a Data Subject is under the age of consent, we will terminate the Data Subject’s account. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of consent using our Platform.
BASICALLY...
Some data protection laws vary according to age of consent, which can range from 13 to 16 years of age. We would never knowingly collect personal data from someone under their local age of consent. If you learn of anyone under the age of consent sharing their personal info with us, please let us know and we’ll act accordingly.
16. Changes to this Policy
We reserve the right to modify, update, or change this Policy from time to time in the usual course of business, so we encourage you to review this page periodically. Notwithstanding, when we change this Policy in a material manner, we will update the effective date at the top of this page and provide you with reasonable advance notice before the updates to this Policy become effective. Webflow may provide such notifications to you via email notice, written or hard copy notice, and/or through posting of such notice on the Platform. We reserve the right to determine the form and means of providing notifications to you. You may be required to click-to-accept or otherwise agree to the updated Policy, but in any event your continued use or access of the Platform after the effective date of the updated Policy shall constitute your agreement to the updated Policy. The Policy will be effective as of the date specified in the effective date at the top of this page, and will apply to your use of the Platform from that point forward. If we update this Policy in a non-material manner after the effective date, we will update the last modified date at the top of this page. If you choose not to agree to this Policy or any future updated Policy, you may not use or access (and must discontinue any use or access to) the Platform. Webflow is not responsible for any automatic filtering you or your network provider may apply to email notifications we send to the email address you provide us.
BASICALLY...
We may change our privacy policy from time to time. If we make any major changes, we’ll let you know by email or by a prominent notice on our site(s). As mentioned above, your continued use of the Platform means you agree to be bound by this privacy policy, so be sure to check it occasionally.
If we realize we forgot a punctuation mark somewhere or we need to make an immaterial change to some wording, we will update the Last Modified Date, so you can see the last time we touched the terms in any way. E.g. we will update the Last Modified date but will spare your inbox if our lawyers decide that they now prefer the word "regardless" over "notwithstanding."
17. Contact us
If you have any questions regarding this Policy or about the privacy practices of Webflow, please contact us by email at [email protected], or at:
Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103
BASICALLY...
We’re always happy to answer your questions, so if you have any, let us know!