Migrate to Netlify Today

Netlify announces the next evolution of Gatsby Cloud. Learn more

ContactSign Up

Gatsby Privacy Policy

Updated: November 1, 2022

What Changed: We revised our Privacy Notice to make it clearer, to add more information regarding our use of cookies and to add a discussion of personal information of persons located in the European Economic Area (“EEA”).

Who We Are

Gatsby, Inc. is a Delaware corporation with this contact information:

548 Market Street, Suite 36791, San Francisco, California 94104


Gatsby, Inc. provides a cloud-based, software-as-a-service to help companies develop custom  websites designed to allow for the easy addition of new capabilities and functions.  In this Privacy Notice we refer to the Gatsby software-as-a-service and the suite of services provided through the software-as-a-service as the “Gatsby Cloud.” We maintain websites to market the Gatsby Cloud at www.gatsbyjs.com and other websites controlled by us (collectively, the “Website”).

The Gatsby Cloud is a business to business solution offered primarily in the United States and the EEA. We license the Gatsby Cloud to business entities that design, develop and operate  commercial websites (our “Clients”).  Clients can access the Gatsby Cloud through our Website. https://www.gatsbyjs.com/dashboard/login. “Authorized Users” are persons who work for a Client and are authorized to access the Gatsby Cloud on behalf of the Client.  In order to provide the Gatsby Cloud we collect PII from our Clients. We also collect PII from our Authorized Users. 

Gatsby knows you care about how your personal information is used and shared and we take your privacy seriously.  We gather information about persons who interact with our Website and the Gatsby Cloud, people who attend our marketing events, and job candidates to enhance our business. Our Privacy Notice helps you understand what information we collect and receive and how we use it and the choices you have. This Privacy Notice does not cover the practices of companies we don’t own or control.

In this Privacy Notice personally identifiable information or “PII” means information that identifies, relates to or describes a particular person and information that is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person.

There are four sections to this Privacy Notice:

  1. PII we collect and why we collect it.

  2. How we share PII and why we share it.

  3. How we use online tracking technologies including cookies.

  4. General concepts that apply to all types of PII we collect.

1. PII we collect and why we collect it.

The Gatsby Cloud. The Gatsby Cloud will provide Gatsby with information related to websites of Gatsby’s Clients.  The specific types of information provided are determined by the way the related Client has configured the Gatsby Cloud. Gatsby limits its use of PII to the minimum required to provide the Gatsby Cloud to that specific Client. For example, if the Client provides PII to Gatsby in connection with its website source code build, then Gatsby will use this PII only to build the website for the Client. We do not provide database services for Clients, so we do not store such PII other than in connection with building the related Client’s website.



PII that you provide voluntarily

We may ask you to provide PII voluntarily on parts of our Website (such as contact forms), if you attend our marketing events or webinars, if you inquire about licensing the Gatsby Cloud or if you apply for a job with us.

The types of PII we ask you to provide may include your first and last name, your contact details (phone, email address and mailing address), employer and job title.

If you are an Authorized User and access the Gatsby Cloud, then you must provide an account login ID (such as your real name or a user name you create yourself), and a valid email address to create a user account.

We collect this PII for these business purposes:

- to send you direct marketing materials about the Gatsby Cloud  including marketing offers and resources, emails, newsletters and company updates

- to personalize the marketing emails we send you so they are more relevant to you, based on your Website interactions

- to respond to sales inquiries, demo requests and technical support questions you submit about the Gatsby Cloud

- to communicate with you about job opportunities with us

- to allow you to log in to the Gatsby Cloud, and authenticate you when you log in

- to provide the Gatsby Cloud to the related Client

- to provide customer support to you

PII provided voluntarily by other users of the Gatsby Cloud

Clients and Authorized Users of the Gatsby Cloud may provide PII about you when they submit content to the Gatsby Cloud, or when they invite you to use the Gatsby Cloud.

An administrator may provide your contact information to us when he or she designates you as an Authorized User of the Gatsby Cloud.

We collect this PII for these business purposes:

-   to allow you to log in to the Gatsby Cloud, and authenticate you when you log in

-   to provide the Gatsby Cloud to the related Client

 -   to provide customer support to you

PII that we collect automatically

If you visit our Website from your smartphone or other personal device then we collect some PII automatically. The PII we collect automatically includes identifiers and some technical information, such as:

-   the type of device you are using

-   the IP address of your device

-   other unique device identification numbers

-   the type of browser you use

-   your browser language

-   your location at a high level (country or city or zip code)

We also collect internet activity about how your device interacts with our Website and marketing materials, such as:

-   the Website pages you access

-   the links you click

-   how you interact with our marketing emails

If we combine your name, email address or phone number with the device information we collect automatically then we will treat the combined information as your PII.

If we need your consent to use your PII under applicable data protection laws then we will ask for your consent at that time and will clearly explain the purpose of our use of your PII. Once given, you may revoke your consent at any time.

If you are an Authorized User then the Gatsby Cloud may provide Gatsby and the related Client with information related to your interaction with the Gatsby Cloud. For example, all actions taken while interacting with the Gatsby Cloud may be logged along with your IP address, browser type, date and time stamps associated with transactions, Internet service provider, etc.

We collect this PII for these business purposes:

-   for business analytics, to understand how you use our Website 

-   to verify, maintain and improve the quality of our Website

-   to detect and prevent activities on our Website that are illegal or that do not comply with our terms of service

-   to detect and prevent security incidents, such as automated website clicks by bots

We collect this PII to provide the Gatsby Cloud to the related Client.

PII that we obtain from third party sources

We may obtain marketing leads from third parties that are the first and last name, email address and other contact information about persons likely to purchase the Gatsby Cloud.

We collect this PII only after we have confirmed that the third parties have your consent to share your PII or are otherwise legally permitted to disclose your PII to us.

We collect marketing and job leads for these business purposes:

-   to market the Gatsby Cloud to you

 -   to market job openings with us to you

Log Data: If the Client’s website is hosted by us. As we explained above, we deploy and host websites for our Clients. These Clients may collect PII from their End Users in connection with the products or services that they offer to End Users. If we host our Clients' websites , then we process information about End Users' actions taken on our Clients’ websites, for the purpose of completing the actions. For example, if an End User navigates to a specific website page we process this request to display the page. This information about End Users' actions may also include, but is not limited to, IP addresses, system configuration information, and other information about traffic to and from Clients' websites (collectively, the "Log Data"), as well as location Information derived from IP addresses. All of this information is stored on the Gatsby Cloud platform , but Clients are responsible for the content transmitted across our network (e.g., images, written content, graphics, etc.), as well as any PII they collect. Clients are also solely responsible for notifying their End Users of their PII collection, use, and disclosure. With respect to Log Data, we collect and use Log Data to operate, maintain, and improve the Gatsby Cloud to help us perform our obligations under our Client agreements. For example, Log Data can help us to detect new threats, identify malicious third parties, and provide more robust security protection for our Clients. It also helps us to improve the Gatsby Cloud platform.

If Gatsby receives information from Google APIs then Gatsby’s use and transfer of this information to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

GDPR: Our legal basis under the GDPR for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.  However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.  

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information.  However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

If you have questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” below.

2. How we share PII and why we share it.

We may disclose personal information to third parties for a variety of business or commercial purposes. This includes disclosure:

  • to our third-party services providers who provide data processing for our operational and commercial business purposes described in this Privacy Notice. For example, we share PII of Website visitors with our website hosting provider to support the operation of our Website. We share PII of Authorized Users collected through the Gatsby Cloud with our cloud hosting provider to support the operation of the Gatsby Cloud.

  • to our Clients, for the commercial purpose of providing the Gatsby Cloud;

  • to any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;

  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;

  • to any other person with your consent to the disclosure; and

  • as otherwise allowed by applicable data protection law.

3. How we use online tracking technologies including cookies.

Our third party service providers have access to your personal information only to perform certain tasks on our behalf and are obligated not to disclose or use it for any other purpose.

When you visit our Website, Gatsby and our third-party service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar technologies.

Like many website owners, Gatsby and our marketing partners, affiliates, or analytics or service providers, use automated data collection tools such as Cookies and similar technologies to collect certain information, in order to, among other things, to analyze trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole.

“Cookies” are small text files that are placed on your hard drive by a website’s computers. We may use session Cookies, persistent Cookies, and Web Beacons (defined below).We use Cookies to identify that you’ve accessed the Website. We also use these tracking technologies to help us better understand your behavior and facilitate and measure the effectiveness of our Website.

We also use web beacons to collect information about your engagement with us. Web beacons are tiny graphics that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon. Web beacons are embedded on web pages or in an email.

All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. On your mobile device, go to Settings, then go to the specific web-browser, and then to the Cookies section. Please note that certain features of the Website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.

Here is a description of the types of cookies Gatsby uses:

Required cookies.Required cookies make it possible for you to access the Website, navigate within the Website, and access information related to your account. Required cookies are necessary to operate the Website, so you can’t opt out of them.

Functionality Cookies. Functionality cookies allow the Website to remember information you have entered or preferences you select, and provide enhanced, more personal features. You can use your browser settings to opt out of functionality cookies. Note that opting out may affect the functionality of our Website for you.

Performance Cookies. These cookies collect data about how visitors use the Website or Gatsby Cloud, or both. This includes data like which Website pages visitors go to the most. These cookies don’t collect information that individually identifies visitors. The data these cookies collect is aggregated and intended to be de-identified and used to improve how the Website or Gatsby Cloud functions and performs.

Advertising Cookies. These cookies collect data about visitors’ use of the Website or Gatsby Cloud, or both.We use these cookies to deliver content to you that is relevant to your interests in Gatsby, including ads delivered on Gatsby sites and third-party sites.

Third party service providers that currently place performance cookies or similar technology within the Gatsby Cloud or the Gatsby Website include:


We use FullStory to help analyze traffic patterns on our Website.

Google Ads, Google Analytics, Google Tag Manager

We use Google Ads for sales conversion tracking.

We use Google Analytics to help analyze page statistics and user behavior with the Gatsby Website and Gatsby Services. 

We use Google Tag Manager to monitor and provide diagnostics about our Website visits.


We use Linkedin to analyze Website visitor metrics.


We use Marketo to manage marketing communications with visitors to the Gatsby Website.  

Twitter, Twitter Ads

We use Twitter to analyze page statistics and user behavior to the Gatsby Website and the Gatsby Services


We use Typekit for fonts on our Website.


We use Zoominfo to view which companies view our Website.

Security Cookies. We use Security Cookies for security purposes.

Advertising networks. We may work with online advertising networks, social media companies and other third-party services that use cookies, tracking technologies, or other information about your use of our Website and the Gatsby Cloud over time in order to display personalized or interest-based ads on other websites, through apps or services you may use, and on other devices you may use. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. Certain tracking technologies we use are related to advertising networks, and through those technologies we may share certain information such as IP addresses. Please note that the information we share with those advertising networks might be combined with other information about you that those networks may have collected from other sources.

To learn more about how to opt out of a variety of targeting and advertising cookies visit the Digital Advertising Alliance’s Consumer Choice page here: https://optout.aboutads.info/

Do Not Track Signals Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

4. General. This section outlines general concepts that apply to all types of PII we collect

A. How we secure your PII.

Gatsby uses appropriate physical, technical and administrative measures to protect your PII, both online and offline. These measures vary based on the nature of the PII. Gatsby has completed SOC2 Type II compliance. We provide more information about our security measures here:www.gatsbyjs.com/docs/conceptual/security-in-gatsby/.

Unfortunately, no data transmission over the internet or data storage system is guaranteed to be 100% secure. You should only access the Website and Gatsby Cloud within a secure environment. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below.

B. Data Transfers.

Our own data centers are located in the United States.

If you visit our Website or use the Gatsby Cloud or otherwise provide PII to us then your PII will be processed and stored in the United States, which may provide a different level of data security than in your country of residence.

In some cases which we describe above, Gatsby may share your PII with its data subprocessors such as its cloud hosting provider. Each of these subprocessors are limited to accessing or using this PII to provide their services to Gatsby only and must provide reasonable assurances that they will appropriately safeguard any PII provided by Gatsby. Each of these subprocessors using your PII has agreed in writing to use your PII in the United States only.

We have implemented safeguards to ensure an adequate level of data protection where your PII is transferred to countries outside the EEA, such as standard contractual clauses for the transfer of PII as approved by the European Commission (Art. 46 GDPR).

C. PII of Children

The Website and Gatsby Cloud are intended for use by businesses and are not directed to individuals under the age of eighteen (18). We do not knowingly collect PII of children under the age of 18. If we discover that we have collected PII of individuals under age 18, we will delete that information as quickly as possible. If you believe we have any information from or about anyone under the age of 18, please contact us at privacy@gatsbyjs.com.

D. Data Protection Rights

Gatsby supports your right to exercise your data protection rights under applicable laws. For example, If you are located in the EEA or are a California resident (or have these rights under applicable data protection laws of other jurisdictions) then:

  • You can request to know, access, correct, update or delete your personal information by contacting us using the contact details provided under the “Contact us” heading below, and we will fulfill your request in accordance with applicable data protection laws. We may need to verify your identity in order to action your request, including by asking for you to provide a government issued identification document. Once we have verified you, we will respond and comply with your specific requests.

  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under “Contact Us”.

California residents have the following rights:

  • This Privacy Notice describes the categories of personal information that we have collected, disclosed for a business purpose and sold over the preceding twelve (12) months.   Please refer to the sections headed “PII we collect and why we collect it" and “How we share PII and why we share it" for more information.  

  • You are entitled to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident and would like to request this information then please submit a request to Gatsby as described below at “Contact Us"

  • You have the right to opt out of the sale of your personal information, described in the Section “How we share PII and why we share it” If you wish to opt out from the sale of your personal information, you can do so by contacting us using  “Contact Us" below.

  • You have the right not to receive discriminatory treatment for the exercise of your privacy rights under California law.

If you are located in the EEA, you may also have the following rights:

  • You can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” below.

  • If we have collected and processed your personal information on the basis of your consent, then you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.  

If we need your consent to use your PII under applicable data protection laws then we will ask for your consent at that time and will clearly explain the purpose of our use of your PII. Once given, you may revoke your consent at any time.

We do not Sell Personal Information, as “Sell” and “Personal Information” are defined under the California Consumer Protection Act.

Have questions about the rights described above? Contacting us using the contact details provided under the “Contact us” heading below, and we will do our best to address your questions.

E. Data Retention and Deletion

Gatsby will retain your information as long as we have a legitimate interest or business purpose to retain the information, or as otherwise allowed by applicable law.  If you are an Authorized User then we will retain your Gatsby Cloud login credentials as long as your account is active.

F. Changes to this Notice

We are constantly trying to improve our Website and the Gatsby Cloud, so this Privacy Notice may need to change. If we change the Privacy Notice then we will notify you here in this Privacy Notice by describing the changes at the top of this Privacy Notice.

G. Contact Us

If you have any questions about this Privacy Policy or have requests pertaining to your data, please contact us:

  • by email at privacy@gatsbyjs.com

  • by mail at 548 Market Street, Suite 36791, San Francisco, California 94104

  • or through our Website at: https://www.gatsbyjs.com/contact-us

  • We prefer email. Please do not include payment information or sensitive information in your messages to us. Please note that e-mail communications are not always secure.

© 2023 Gatsby, Inc.