Froala Privacy Policy

Last Modified Date: May 24, 2018

This Privacy Policy applies to the Froala Labs SRL ("Froala", "we", "us" or "our") owned and operated websites and its subdomains, email notifications, and our other products and services that link to this Policy (collectively, the "Services").

The purpose of this Privacy Policy is to help you make informed decisions about the personal data you share with us. It describes what, how and when we collect, use and share your personal data across our Services.

Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Froala Editor License Agreement or Froala Open Web Design License. The use of information collected through our Services is limited to the purposes under this Privacy Policy.

By using any of our Services you agree to this Privacy Policy.

1. Information Gathering and Usage

  1. Account Information

    If you choose to purchase a license for our Services, we process (i) name, (ii) company name, (iii) billing address, (iv) VAT number, (v) email address, (vi) debit or credit card number, (vii) the expiration date, (viii) CVV code and (ix) IP address.

    We do not store any card information. The card information is processed by our payments processor as described in paragraph 3. a) Service Providers. We store name, company name, billing address, VAT number, email address and IP address.

    Purposes for processing account information:

    • in order to process the purchase;
    • in order to generate invoices;
    • in order to identify and authenticate you when you purchase a license for our Services;
    • in order to comply with the applicable legal provisions;
    • in order to send you transactional/administrative emails related to updates to our Services that might otherwise prohibit the use of the Services, such as software updates;
    • in order to send transactional/administrative emails related to your legal notices, such as license renewal, privacy policy updates and others.

    If you no longer wish to receive transactional/administrative emails you may opt out of them by cancelling your account according to the procedure described in paragraph 5. a) Access, correction, deletion.

  2. Checkout Information

    The checkout process contains two steps. In the first checkout step we process name, company name, email address, billing address and VAT number. We collect this information if you don’t finish the checkout process by placing the order.

    Purposes for processing checkout information:

    • to help you not to re-enter your personal data if you start the checkout process again;
    • to have backup in case something goes wrong after placing the order and your personal data gets lost;
    • to send email notifications in case something went wrong with the checkout process;
    • to get feedback for the Services that we offer.

  3. Contact Information

    You may message us using any available way through our Services for any reason. In this case we process your name and email address.

    Purposes for processing contact information:

    • to respond to your request and to do a follow-up later.

  4. Marketing Information

    In order to be up to date with our new or improved Services we process your e-mail address. You will be able to give you consent for the marketing purpose through subscribe forms available on our services.

    Purposes for processing marketing information:

    • to send you commercial e-mails.

  5. Additional Information

    You may choose to provide us with additional information by submitting your email address in any subscribe form through our Services.

    Purposes for processing additional information:

    • to receive software updates related to our Services;
    • to collect feedback about our Services;
    • to receive news about new releases for our Services;
    • to receive notifications when we publish a new article on our blog;
    • to get help in using our Services.

  6. Log Data (Using our services)

    We receive and process information when you view content on or otherwise interact with our Services, even if you have not created an account. This information is automatically reported by your browser or mobile application each time you use our Services. The Log Data include the following information: your operating system, browser type, the referring web page, pages visited, exit page, landing page, domain names, location, device information, and other such information.

    We also receive Log Data when you click on, view or interact with links, buttons and inputs on our Services, such as search inputs and Download buttons. This Log Data include your search terms and IP address.

    Purposes for processing Log Data:

    • to provide you with our Services;
    • to find and improve the most requested features of and articles related to our Services;
    • to create articles that you search for and do not exist;
    • to understand the usage of our Services;
    • to improve our Services;
    • to place the Download buttons and links on popular pages;
    • to link your downloads with your account;
    • to protect ourselves from abuse by banning downloads from certain IP addresses.

  7. Test Data

    While testing our Services we temporarily store your uploaded files. When uploading a file in the Froala Editor, it is temporarily saved in order to allow you to test the image upload, file upload and video upload features before integrating our Services with your backend.

    Purposes for processing Test Data:

    • to provide you the possibility to test certain features that require a backend before integrating our Services within your application.

  8. Legal Log Data

    We process Legal Log Data when our Services are not used correctly or in respect with the appropriate licenses that accompanies our Services. This information contain IP address, and Domain Name where our Services are used in violation with any of our License Agreements, Terms and Conditions or any other legal contracts or policies.

    Purposes for processing Legal Log Data:

    • to help you if you have problems activating your license for any of our Services;
    • to prevent abuse, fraud, unlicensed usage of our Services, and any other legal concerns to protect ourselves from unlawful uses or activity.

2. Cookies

A cookie is a small amount of data that is sent to your computer or mobile device. Although most web browsers automatically accept cookies, you can modify your browser’ settings to refuse all cookies or to indicate when a cookie is being sent. If you reject cookies, you may still use our Services, but your ability to use some features may be limited, and user experience will also be affected.

We use cookies to collect additional website usage information. Cookies store (i) user preferences so that you don’t have to re-enter it during a visit or on subsequent visits, (ii) other information, that we use to monitor usage and web traffic on our Services, and to provide, customize and improve our Services.

We process data collected through the usage of Cookies:

3. Third parties with whom we share personal information

  1. Service Providers

    We work with third-party service providers to provide and improve our Services. We share:

    1. log Data that is not linked to any personal identifiable information with Google Analytics, Google Tag Manager and Zendesk to help us understand and improve the use of our Services;
    2. billing and payment information with Braintree Payments to securely process payments, prevent, detect and investigate fraud or other prohibited activities; facilitate dispute resolutions such as chargebacks or refunds; and for other purposes associated with the acceptance of credit and debit cards;
    3. email address with Mailchimp to help us better manage mailing lists and ease the opt-in / opt-out process;
    4. invoices containing Account Information with our contracted accounting company;
    5. contact Information with Zendesk in order to offer customer support.

  2. Testimonials

    With your consent, provided in written notice by email, we share or disclose your name, company or company URL as part of testimonials we make public.

  3. Change of Ownership

    In the event that we are involved in a bankruptcy or insolvency, acquisition, merger, sale of assets or similar transactions, your information will be sold or transferred as part of that transaction. You will be notified via email of any change in ownership or uses of your personal data.

  4. Law and Harm

    Notwithstanding anything to the contrary in this Privacy Policy, we preserve or disclose your information if required to do so by the law or in the good-faith belief that such action is necessary to:

    1. comply with applicable laws;
    2. take precautions against liability;
    3. protect ourselves or others from fraudulent, abusive or unlawful activities;
    4. investigate and defend ourselves against any third-party claims;
    5. protect our property or other legal rights, enforce our contracts and terms.

    Nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s request to disclose your information.

  5. Non-Personally Identifiable Information

    We make automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third-parties for:

    1. complying with various reporting obligations;
    2. for business marketing purposes.

    This information does not include your name, email address or other personally identifiable information.

Except as described in this Policy, we will not disclose your personal data.

4. How we secure personal information

We store collected data:

  1. in an encrypted database provided by Heroku Cloud Application,
  2. on Amazon S3 bucket storage solution.

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We use SSL technology to encrypt data during transmission. Once we receive your information we make efforts to ensure security on our systems against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing your personal data in our possession.

In case of any security system breach, Froala will notify you electronically so that you can take appropriate protective steps.

If you believe your personal data has been compromised, please contact us using the following contact form:

5. Control your personal information

We respect your privacy rights and provide you with reasonable access to your personal data that you have provided or we have collected through your use of our Services. If you wish to access or amend any other personal data we hold about you, or to request that we delete or transfer any information about you, you may contact us through the following contact form:

  1. Access, correction, deletion

    If you have an account for our Services, we provide you with account settings to access, correct, delete or modify the personal information you provided to us and is associated with your account. Please note that while any change you make will be reflected instantly or within a reasonable period of time in the active users database, we retain information for backups, archiving, prevention of fraud and abuse, complying with legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, but not exceeding the periods described in 7. Data Retention.

    If you wish to permanently delete your account, you may contact us through the following contact form:

  2. Navigation Information

    You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics Opt-out feature.

  3. Opting out from email communications

    If you wish to revoke your consent for receiving marketing communications via e-mail, you can opt-out by

    1. following the unsubscribe instructions in the email;
    2. replying to the email;
    3. contacting us through the following contact form:

    Please note that if you opt-out of receiving certain emails from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out you may continue to receive administrative messages from us regarding the Service, such as Privacy Policy changes, license legal notices, and other important notices related to the future use or past usage of our Services.

6. Data Subject’s Rights

In accordance with the applicable legal provisions with regard to the processing of personal data and the free movement of such data, you have the right of access to your data, the right of rectification of your personal data, the right to erase your personal data, the right to data portability, the right of restriction of processing your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent. Furthermore, you are entitled to lodge a complaint with the supervisory authority.

For exercising these rights please contact us through our contact form on

7. Data Retention

We only retain personal identifiable data received or collected from you for as long as an account is active or for a limited period of time as long as we need it to fulfil the purposes for which we initially collected it, unless otherwise required by law. We will retain and use your information as necessary to comply with our legal obligations, enforce our agreements, and resolve disputes as follows:

  1. Account information and transactions are retained for a period of ten (10) years in accordance to the Romanian accounting and taxation laws.
  2. Checkout information prior to placing an order is retained for a period of forty-five (45) days.
  3. Contact information is retained for as long as your account is active.
  4. Marketing information is retained until you withdraw your consent.
  5. Test Data is retained for a maximum of thirty (30) days.
  6. Database backups are retained for one (1) year.
  7. Google Analytics data is retained for thirty-eight (38) months.

Froala Services contain links to other websites or services, and also include third-party integrations such as, WebSpellChecker, Aviary, Wiris Math, Core Mirror, At.js and others that have a different Privacy Policy. Please remember that when you use a link to go from our Services to any third-party websites or services, or you interact with or otherwise use a third-party integration, our Privacy Policy does not apply.

If you submit personal information to any of those websites, services or third-party integrations, your information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any website you visit.

9. Changes to the Privacy Policy

Froala may periodically update this policy. All changes to this Privacy Policy are effective when they are posted on this page. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Froala account or by placing a prominent notice on our site. We will also keep prior versions of this Privacy Policy in a private archive.

10. Children Privacy

Protecting the privacy of young children is especially important. Our Services are not directed to persons under 16. Froala does not collect or solicit personal information from anyone under the age of 16 or allow such persons to purchase the Software. If we become aware that we have collected personal information from a child under age 16 without verification of parental consent, we take steps to remove that information. If you believe that we might have any information from or about a child under 16, please contact us through the contact form

11. Contacting Froala

If you have a privacy concern regarding Froala, or this policy, and you should contact us at or by mail at:

Froala Labs SRL
BIROUL NR. R.4, Et. 6
Bucharest, 013682