Data privacy compliance with XM Cloud


This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

This guide is aimed at developers and IT professionals. You can use it as a starting point to help you determine the way your organization stores and processes data, and the role Sitecore can play in helping support data privacy.

This guide is intended to support those efforts and covers:

  • How your organization can store individuals' personal data, including what data is stored by default, and where it is stored.

  • The Sitecore APIs and configuration options available to your organization to help support individuals' data privacy.

We recommend your organization starts with the privacy checklist.

We define personal data as any information that identifies an individual including:

  • Name

  • Email address

  • Records of products purchased

  • Internet browsing history

  • Fingerprints (or other biometric data)

  • Social Security number

  • Cookies

  • IP addresses (or geolocation data)

  • Any inferences drawn from personal information to create a profile about a consumer reflecting the consumer's preference, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Do you have some feedback for us?

If you have suggestions for improving this article,