Privacy Policy

Last updated: October 15, 2025

Introduction

Mortar CMS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mortarcms.com and use our content management services (the "Service").

This policy applies to all users of our Service, including visitors to our website and customers who create accounts to use our platform.

Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, password, and organization details
  • Profile Information: Optional profile picture, bio, and contact preferences
  • Payment Information: Billing address and payment method details (processed securely by third-party payment processors)
  • Content: Website content, articles, media files, and other data you upload to our platform
  • Communications: Messages you send to us, including support requests and feedback

Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Analytics Data: Website performance metrics, user engagement statistics, and traffic sources
  • Cookies and Tracking: Session cookies, preference cookies, and analytics tracking pixels

Third-Party Integrations

When you connect third-party services (Google Analytics, social media accounts, etc.), we may receive information from those services according to their privacy policies and your authorization.

How We Use Your Information

Primary Uses

  • Provide, operate, and maintain our Service
  • Process transactions and manage your account
  • Improve and personalize your experience
  • Communicate with you about your account and our services
  • Provide customer support and respond to inquiries
  • Send important notices about service changes or updates
  • Analyze usage patterns to improve our platform
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

Marketing and Advertising

We may use your information to provide you with targeted advertisements, promotional offers, and marketing communications that may be of interest to you. This includes:

  • Personalized Offers: Tailoring service recommendations and promotional offers based on your usage patterns, subscription history, and preferences
  • Targeted Advertising: Displaying relevant advertisements for our services and features through our platform, email campaigns, and third-party advertising networks
  • Feature Recommendations: Suggesting platform features, integrations, or upgrades that align with your content management needs
  • Industry-Relevant Content: Sharing educational content, webinars, and resources related to your website's industry or content focus
  • Cross-Platform Marketing: Using aggregated and anonymized data to improve our advertising effectiveness across different channels

Your Marketing Preferences

You can control your marketing preferences and opt out of promotional communications at any time by:

  • • Updating your account settings in the platform
  • • Clicking "unsubscribe" links in our emails
  • • Contacting us at privacy@mortarcms.com

Note: You will continue to receive essential service communications regardless of your marketing preferences.

Data Analytics for Business Intelligence

We analyze customer data in aggregated and anonymized forms to understand market trends, improve our services, and develop new features. This analysis helps us better serve our customer base and enhance the overall platform experience.

How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud hosting and infrastructure providers
  • Payment processing services
  • Email delivery services
  • Analytics and monitoring tools
  • Customer support platforms
  • Advertising networks and marketing platforms
  • Customer relationship management (CRM) systems

Advertising Partners

We may share certain information with advertising partners and networks to deliver targeted advertisements and measure campaign effectiveness:

  • Hashed Email Addresses: We may share hashed versions of email addresses with advertising platforms for audience matching and lookalike audience creation
  • Usage Patterns: Aggregated and anonymized usage data to help advertising partners understand audience interests and behaviors
  • Conversion Data: Information about actions taken on our platform (such as sign-ups or upgrades) to measure advertising effectiveness
  • Demographic Information: General demographic and industry information to help target relevant advertisements

We do not sell your personal information to advertisers. All data sharing with advertising partners is governed by strict contractual agreements that require them to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Protect our rights, property, or safety, or that of our users
  • Investigate potential violations of our Terms of Service
  • Prevent fraud or other illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure data centers with physical security measures
  • Employee training on data protection practices
  • Incident response procedures for security breaches

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

Your Privacy Rights

General Rights

You have the right to:

  • Access and review your personal information
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Restrict certain processing of your information

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, including data used for advertising purposes
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Opt-Out: Opt out of the sale of personal information and certain sharing for targeted advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Limit Sensitive Personal Information: Request that we limit the use of sensitive personal information

California Advertising Disclosures

Categories of Personal Information Used for Advertising:

  • • Contact information (email addresses, in hashed form)
  • • Usage and interaction data
  • • Professional and employment information
  • • Inferences about preferences and interests

Third Parties We Share With: Advertising networks, social media platforms, email marketing services, and analytics providers.

European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Obtain confirmation of processing and access to your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests

Exercise Your Rights

To exercise any of these rights, including submitting a Data Subject Access Request (DSAR) or Right to be Forgotten request, please contact us at:

compliance@mortarcms.com

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

Types of Cookies We Use

  • Essential Cookies: Required for the platform to function properly
  • Performance Cookies: Help us analyze how you use our service
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (with your consent)
  • Advertising Cookies: Enable personalized advertising and measure ad performance across websites and platforms
  • Social Media Cookies: Allow sharing content on social platforms and track engagement from social media campaigns

Third-Party Advertising Cookies

We work with third-party advertising partners who may place cookies on your device to:

  • Show you relevant advertisements on other websites
  • Measure the effectiveness of advertising campaigns
  • Create audience segments for targeted marketing
  • Prevent you from seeing the same advertisement repeatedly
  • Understand your interests and preferences across different websites

You can control cookies through your browser settings and opt out of interest-based advertising through industry opt-out tools such as:

Please note that disabling certain cookies may affect the functionality of our Service and the relevance of advertisements you see.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal purposes.

International Data Transfers

Our services are hosted in the United States. If you are accessing our Service from outside the United States, your information may be transferred to, stored, and processed in the United States. We implement appropriate safeguards to protect your information during international transfers, including standard contractual clauses and adequacy decisions where applicable.

Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at compliance@mortarcms.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

General Inquiries

Email: privacy@mortarcms.com

Compliance & Data Requests

Email: compliance@mortarcms.com

For DSAR, Right to be Forgotten, and other compliance requests

← Back to Home