The short version
CaveCMS is a piece of software you install on your own server. The product itself collects nothing. Your visitors, your pages, your photos, your database live on your hosting and never touch us.
This privacy policy covers the marketing website at cavecms.com (the one you are reading right now) and the Commercial licence purchase flow when it opens.
What we collect on this website
- What you type into a form. If you send a message via the contact page, we store your name, email, and message so we can reply.
- Basic visit data. Standard server logs (IP address, browser, page visited) for thirty days, used for security and to keep the site working.
- No third-party analytics. No Google Analytics, no Facebook Pixel, no session-replay scripts.
Cookies
We do not set any tracking cookies on cavecms.com. A small first-party cookie may be set to remember your preference for reduced motion or theme, when that feature ships.
Connecting Google Drive or OneDrive (optional)
CaveCMS can back itself up to your own Google Drive or Microsoft OneDrive, if you choose to connect one. This is an optional feature you turn on inside your own install. Here is exactly what it does, and does not, do.
- It is your account and your data. The connection is between the CaveCMS software on your own server and your own Google or Microsoft account. The people behind CaveCMS never receive, see, or store your backups or your access tokens. The token is encrypted and kept on your own server; each backup travels directly from your server to your own cloud drive and never passes through us.
- It asks for the narrowest possible access. On Google Drive it uses the
drive.filescope, which can only see and manage the backup files CaveCMS itself creates, never the rest of your Drive. On OneDrive it uses a dedicated app folder (Files.ReadWrite.AppFolder) and can only touch its own /Apps/CaveCMS folder. It also reads your account’s email address once, only to show you which account is connected. - It is used for one thing. Solely to upload, list, download, and tidy up your own backups. We do not use any of this for advertising, profiling, or training AI, we do not sell or share it, and no human at CaveCMS can access it. CaveCMS’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- You can disconnect any time. Turn it off under Settings → Backups in your install, which deletes the stored token. You can also revoke access directly from your Google Account or Microsoft Account security settings.
Your rights
You can ask us at any time to send you the data we hold about you, to correct it, or to delete it. Email [email protected] and we will respond within a week.
Changes
When this policy changes, the “Effective” date above changes too. Material changes will be announced at the top of the homepage for at least thirty days before they take effect.
See also our terms and how releases are signed on the trust page.