About Content Storage, GDPR Compliance, and Service Limits

Content Storage

This section answers questions related to content storage, for example: Where is our Scrivito CMS content stored? How it is secured? How fast and reliably it is served? How does Scrivito protect our data?

All the content stored in a Scrivito CMS is handled by Amazon Web Services (AWS), meaning that it is transferred to, stored on, and retrieved from Amazon servers. Two distinct kinds of content exist, which are treated and stored differently, textual, and non-textual (binary) content.

Textual and binary CMS content

Textual content comprises everything represented as characters, first and foremost CMS object and widget instances (e.g. pages and their attributes), but, of course, also HTML markup, CSS, numbers, metadata and so on. Such content is stored using Amazon S3 (Simple Storage Service). Some structural data is stored in a highly scalable AWS database.

Content, which isn’t textual, is binary: images, videos, PDF files, apps and packages, but also office files like spreadsheets. Binary content is also stored using Amazon S3 but is additionally distributed worldwide through Amazon CloudFront (see below for details).

Note that the metadata of binary content (e.g. the EXIF and IPTC data of images) counts as textual content, too, and is hence stored separately from the distributed binaries themselves.

Data security and availability

To ensure that your content never gets lost due to a system failure, and that it's served reliably and fast, we store your data in Amazon’s EU (Ireland) region with its three Availability Zones. Amazon manages backups, software patching, automatic failure detection, and recovery for us – and thus for you. We use load balancers to mitigate traffic peaks, keeping your site up even during rush hours. All production servers are secured by a firewall, and all our services are isolated by VPCs (virtual private clouds).

As mentioned above, your binary content is stored separately from the textual content. Since binaries can become quite large, transferring them puts much more load on the network than with, for example, HTML files. Also, transferring binaries over long distances may significantly slow down their delivery. For these reasons, we use Amazon CloudFront, a CDN (content delivery network) that makes your binary content regionally available to visitors all around the world.

Note that all your pending, not-yet-published binaries (in your working copies) are for your eyes only and not publicly accessible.

Further reading

What about the application code?

Your Scrivito-based application needs to be hosted somewhere for people to be able to visit your website. You can have your app code hosted wherever you wish. We partner with Netlify for their easy-to-use full-service hosting, automatic deployment, fast delivery through their CDN and many more reasons for giving them a try. Nevertheless, you are free to deploy your app to wherever you prefer.

Where does form data go?

When implementing a form in your Scrivito-based app (be it as a widget or directly in the page layout), you are free to decide how the submitted form data should be processed and where it should be persisted. You could use an Amazon Lambda function or any suitable remote service for this.

Netlify offers form handling, too, but forms currently need to be coded as plain HTML, meaning that you cannot have them rendered using Scrivito’s React-based components unless you additionally provide the HTML version. Note that form data handled by Netlify is stored in the US.

What about logs?

As our services are used, logs are generated and stored. Some of these logs include personal data provided by the users, for example in the process of signing up or logging in. The log entries enable us to better reconstruct the course of events, should technical issues arise. Log entries are automatically deleted after four weeks at the latest.

As a default, a website based on the Scrivito Example App is GDPR compliant as it neither uses cookies nor executes scripts without the visitor’s prior consent. However, if you add libraries or services requiring cookies (e.g. for authenticating visitors), or develop your own Scrivito-based app, you need to ensure that visitors are informed in a GDPR-compliant manner and are given access to your privacy policy. The Scrivito Example App includes an exemplary cookie consent overlay that can be activated by specifying the privacy policy page in the site settings.

In addition to the above-mentioned, signing in to a Scrivito-based app as an editor involves your Scrivito dashboard which uses cookies to persist the editor’s authentication state. Next to these third-party cookies, local cookies are used to keep track of the editing context in Scrivito’s user interface (including, for example, the active working copy). See the details.

Data protection

Scrivito is developed by Infopark AG. As a company based in Germany, Infopark AG is governed by German data protection laws (currently § 9 sentence 1 of the German Federal Data Protection Act).

On May 25, 2018, the General Data Protection Regulation (GDPR) was enforced, according to which all personal data of EU citizens must be hosted in the EU. See https://gdpr-info.eu/ for details, or visit the homepage of EU GDPR.

The measures Infopark takes to ensure conformity with the applicable laws are detailed in the documents available on our Terms of Service page.

Order data processing

Infopark AG potentially stores and processes personal data on behalf of their customers, using third-party service providers such as Amazon Web Services (AWS). Order data processing contracts between Infopark AG and these third parties bind them to the current data protection regulations.

We encourage every customer using our services in connection with storing or processing personal data to sign an order data processing contract with us. Please contact our customer support for further information.

Data protection officer

Infopark AG has commissioned all legal data protection matters to a professional agency, coseco GmbH (info@coseco.de). Feel free to get in touch if questions arise.

Service limits

With Scrivito, several varying parameters such as bandwidth and the number of published CMS objects are billed on a per-use basis. However, there are a few services that are based on fixed amounts. They are listed here for you as a reference.

Publishing history

Description Limit
A Scrivito CMS’s archive of most recently published working copies. The maximum number of visible archive entries in the editing interface depends on the plan.
The number of saved archived working copies is currently unlimited. If you need access to an archived working copy no longer visible in the history, please contact our customer support.
Individual plans: 2
Businesses plans: 30

Working copies

Description Limit
A Scrivito CMS’s workspaces for making changes to the published content.
Up to 20 for all plans. Plans with paid active editors include an extra working copy for each such editor.

Deployments via the Dashboard

Description Limit
You can have your Scrivito-based JS web application deployed by uploading the zipped project directory to your dashboard.The size of the uploaded file must not exceed 6 MB

API calls

Description Limit
Requests made to the Scrivito CMS service, e.g. for fetching or storing content, publishing working copies, changing user permissions, etc.Quotas apply depending on the plan. API call and response rates may be limited if the quota is significantly exceeded.

For further details, see our Service Level Agreement part of our Terms of Service.