Legal
Privacy Policy
How the Mage-OS Association collects, uses, and protects your personal information.
Last Updated: December 2024
At a Glance
We believe in transparency. Here is a quick summary of our privacy practices:
- We collect minimal data - Only what is necessary to operate our website and services
- We never sell your data - Your information is not shared with advertisers or data brokers
- You have full control - Access, correct, or delete your data at any time
- We use cookies responsibly - Analytics cookies only with your consent
- We are GDPR compliant - Full rights for EEA residents, similar protections for everyone
For complete details, please read the full policy below.
Table of Contents
- Data Controller
- What Data We Collect
- Legal Basis for Processing
- Cookies and Tracking
- Third-Party Services
- How Long We Retain Your Data
- Your Rights Under GDPR
- Your Rights Under CCPA
- Children’s Privacy
- Data Security
- International Data Transfers
- Changes to This Policy
- Contact Us
Data Controller
The Mage-OS Association is the data controller responsible for your personal information.
Mage-OS Association Website: https://mage-os.org/ Email: info@mage-os.org
The Mage-OS Association is a non-profit association formed by people within the Magento community to represent and further the interests of that community as a whole: merchants, developers, agencies, and all of the many people supporting and supported by this ecosystem.
We are fully committed to protecting your personal information and take your privacy seriously.
What Data We Collect
We may collect and process the following types of personal data:
Website Usage Data
- IP address and browser user agent string
- Pages visited and interaction data (when you consent to analytics)
Comments and User Contributions
- Name, email address, and website URL (if provided)
- Comment content
- IP address for spam detection
Account Information
If you register on our website, we collect:
- Username and email address
- Profile information you choose to provide
Newsletter and Communications
- Name and email address
- Company name (if provided)
- Subscription preferences
Media Uploads
If you upload images to the website, we recommend avoiding images with embedded location data (EXIF GPS), as visitors may be able to extract this information.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Consent: When you opt-in to newsletters, accept cookies, or submit comments
- Legitimate Interests: For website security, spam prevention, and improving our services
- Contract Performance: When you register for an account or use our services
- Legal Obligation: When we are required to retain data for legal or regulatory purposes
Cookies and Tracking
We use cookies to enhance your experience on our website. Below is a detailed breakdown of the cookies we use.
Essential Cookies
| Cookie Name | Purpose | Duration |
|---|---|---|
cookieyes-consent | Stores your cookie consent preferences | 1 year |
These cookies are required for the website to function properly and cannot be disabled.
Analytics Cookies
If you accept cookies, our analytics implementation may add the following cookies:
| Cookie Name | Purpose | Duration |
|---|---|---|
_ga | Google Analytics - distinguishes unique users | 2 years |
_ga_* | Google Analytics - maintains session state | 2 years |
These cookies help us understand how visitors use our website so we can improve it. You can opt out of analytics tracking at any time through your cookie preferences.
Comment Cookies
If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so you do not have to fill in your details again when leaving another comment. These cookies last for one year.
Authentication Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Browser test cookie | Determines if your browser accepts cookies | Session (discarded when you close browser) |
| Login cookies | Stores your login session | 2 days (or 2 weeks with “Remember Me”) |
| Screen options | Stores your display preferences | 1 year |
Logging out of your account removes login cookies.
Embedded Content
Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves as if you visited that website directly. These websites may collect data about you, use cookies, and track your interaction with the embedded content.
Managing Your Cookie Preferences
You can manage your cookie preferences at any time by:
- Using our cookie consent banner when you first visit the site
- Clearing cookies through your browser settings
- Adjusting your browser settings to block certain types of cookies
Third-Party Services
We use the following third-party services that may process your data:
Newsletter Services (MailerLite)
We use MailerLite for newsletter subscriptions and member management. When you subscribe:
- Your name, email address, and company name (if provided) are sent to MailerLite
- By confirming your subscription through double-opt-in email, additional data such as IP address and mail agent may be sent
For details, see the MailerLite Privacy Policy.
Analytics (Google Analytics)
We use Google Analytics to understand how visitors interact with our website. This service processes:
- Pages visited and time spent
- Device and browser information
- Geographic location (country/region level)
You can opt out by declining analytics cookies or using Google’s opt-out browser add-on.
Gravatar
An anonymized hash of your email address may be provided to the Gravatar service to display your profile picture with comments. See the Automattic Privacy Policy.
Spam Detection
Visitor comments may be checked through an automated spam detection service to protect against spam and malicious content.
Password Resets
If you request a password reset, your IP address will be included in the reset email for security purposes.
What We Never Share
We will not share your name, email address, or company name with any other third party without your explicit consent. We do not sell your personal data to anyone.
How Long We Retain Your Data
| Data Type | Retention Period |
|---|---|
| Comments and metadata | Indefinitely (for moderation purposes) |
| User account data | Until you delete your account or request deletion |
| Newsletter subscriptions | Until you unsubscribe or request deletion |
| Analytics data | According to our analytics provider’s policy |
For users registered on our website, we store personal information provided in user profiles. Users can view, edit, or delete their personal information at any time (except usernames). Website administrators can also access and edit this information.
Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, please contact us at info@mage-os.org.
Please note that some data may be retained for administrative, legal, or security purposes even after a deletion request.
Your Rights Under CCPA
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions
- Right to Opt-Out: You have the right to opt out of the sale of your personal information (note: we do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
To exercise these rights, please contact us at info@mage-os.org. We will verify your identity before fulfilling your request.
Children’s Privacy
Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at info@mage-os.org. We will take steps to delete such information from our systems.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
- Encryption at Rest: Sensitive data is encrypted when stored
- Access Controls: Data access is limited to authorized personnel on a need-to-know basis
- Regular Audits: We conduct regular security assessments and updates
- Incident Response: We have procedures in place to detect, investigate, and respond to potential data breaches
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately.
International Data Transfers
Some of our third-party service providers may be located outside the European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- Significant Changes: For material changes that affect how we process your personal data, we will notify you by email (if you have provided one) and/or by posting a prominent notice on our website before the changes take effect
- Minor Changes: For minor updates (such as clarifications or formatting), we will update the “Last Updated” date at the top of this policy
We encourage you to review this privacy policy periodically to stay informed about how we protect your information. Your continued use of our website after any changes indicates your acceptance of the updated policy.
Contact Us
For any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
Email: info@mage-os.org Website: https://mage-os.org/
Response Times
We aim to respond to all legitimate requests within one month. If your request is complex or you have made multiple requests, we may need additional time (up to two additional months) and will notify you accordingly.
Data Protection Inquiries
For specific data protection inquiries, please include “Privacy Request” in your email subject line to help us route your request appropriately. When making a request, please provide:
- Your name and contact information
- A description of your request
- Any relevant details that will help us identify your data
We are committed to resolving any complaints about our collection or use of your personal data. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
