It would be a big kick in the teeth for us to be promoting our data protection services if we decided to crap all over your privacy and security, amirite?
As such, we go out of our way to not collect data unless you actually give it to us. We have specifically disabled all cookies, host our fonts internally, don’t do embeds, and use modules that shouldn’t be adding trackers. If you find a cookie, it’s because something got added on the backend by WordPress or our hosting provider, OVH and we haven’t noticed yet. Please contact Carey and let her know.
If we work together …
Should you decide to engage in business with us (yay!), we may be privy to personal information you choose to share with us. Primarily, things like your email address, phone number and any other contact information or personal details you share in that email. We use ProtonMail for this, which means that our data is encrypted, and securely stored in Switzerland.
If you sign up for Privacat Insights …
We will need your email address. We use the Newsletter Plugin for this. To the best of our knowledge, it only stores email address. If you want to have your address removed, you can unsubscribe (from the exceedingly rare messages) or send us an email.
We host our blog content, including the Newsletter DB with OVH (based in Canada). OVH will collect your IP address, and may also collect browser or operating system information and the date and time you view pages on the site, primarily to make sure your machine isn’t trying to DDoS the system or do something equally shitty.
Your rights as a data subject
Under the GDPR and the CCPA, you have numerous rights, including:
- the right to access your data;
- to be informed of the data we have about you;
- to understand how we use that data;
- the right to rectify or correct incorrect data we may have about you;
- the right to limit the data we collect;
- the right to ask for us to delete it;
- the right to receive your data in a machine-readable format.
To exercise any of these rights, just shoot us an email at firstname.lastname@example.org and we’ll get right on it.
How long your data sticks around
In general, we aim to keep the least amount of information necessary, and only for the purposes of providing you with services, answering inquires, or building on a fruitful relationship with you. It also won’t be sticking around. Barring a court order or other contractual or legal obligation (like you’re an ongoing client of ours or seem to like our newsletter), we won’t keep your data for longer than 18 months.
Your data and third parties
Generally, we do not give your information to third parties, but there are some exceptions. For example, we use Microsoft OneDrive and O365 to do work, and OVH for this website. OVH is hosted in France, but Microsoft is a US company, and that means that any data we keep in OneDrive may be shared in the US. That said, we’re flexible, and can communicate through other more secure channels (e.g., Signal/ ProtonMail) and limit record retention if it’s an issue.
We also take security seriously and we use known, reputable providers who also take security seriously. We use end-to-end encrypted chat (Signal), encrypted email (ProtonMail), and ensure that our laptops and devices are security-hardened and implement BitLocker encryption. Our website uses TLS 1.2, and OVH, our service provider, ensures that WordPress is kept up-to-date. We run regular security checks on our website to scan for numerous vulnerabilities, and promptly address critical flaws.
If you have specific questions on your rights, our security practices, or anything in this policy, please give us a call at +12027094529 (Signal) or email email@example.com.