Older Privacy Policy Revisions

Note: This is NOT the Privacy Policy — this is a summary of older changes to that policy that were implemented prior to January 1, 2020, listed in reverse order by date. For a summary of more recent changes, please see the Recent Revisions section at the bottom of the Privacy Policy page.

(Portions of the aaronseverson.com Privacy Policy were adapted from the Automattic Inc. Privacy Policy (which you can also find at their Legalmattic repository) under a Creative Commons Attribution-ShareAlike 4.0 International license, so the entire Privacy Policy is offered under the same license. Automattic and Legalmattic are trademarks or registered trademarks of Automattic or Automattic’s licensors. Other trademarks are the property of their respective owners.)

  • December 31, 2019: In Disclosure of Personally Identifying Information, amended the description of Piriform (CCleaner) to include a link to their Data factsheet and clarify that their products include security and maintenance tools (rather than just security tools). Renamed the CCPA Information Collection and Disclosure Notice section “CCPA Information Collection and Sharing Notice” and adjusted other references to that section accordingly. Reordered and clarified some of the categories of personal information listed in that section (taking some cues from the latest update of Automattic’s Privacy Policy). In Definitions, changed “personal identifiers” to just “identifiers,” clarified that that term can also include device identifiers, and amended the item about IP addresses to note that the IP address typically also reveals the Internet service provider or mobile carrier you are using.
  • December 30, 2019: In the Disclosure of Personally Identifying Information bullet point regarding independent contractors, employees, agents, and business partners, struck the parenthetical phrase “(e.g., on my writing/editing work and/or other creative endeavors)” after “collaborate with us.”
  • December 29, 2019: Extensive revamp, adding a table of contents, definitions, several new sections (including one on the possibility of personal data being captured by software/device telemetry), and additional information and disclosures related to the California Consumer Privacy Act (CCPA); reorganizing and/or renaming some sections (including integrating most of the data retention info into the applicable sections); reorganizing/updating the third-party service provider examples (including restoring some items that had been inadvertently deleted and adding others); making many minor corrections; and revising substantial portions of the text to better explain how and why I collect personal information. Moved older entries in this Recent Revisions list to a separate page. Assorted stylistic adjustments.
  • December 28, 2019: In Disclosure of Personally Identifying Information, amended the description of Bitdefender to include both the Bitdefender Mobile Security and Bitdefender Central apps and note that they use Google’s Firebase Crashlytics crash reporting service. Updated Information I Receive from Other Sources to provide an example of how the NetGuard firewall app provides information about the IP addresses or domains to which my mobile apps connect or try to connect. Added this to the description of NetGuard under Disclosure of Personally Identifying Information.
  • December 27, 2019: In California Privacy and Data Protection Rights, corrected several uses of “we” to “I” for grammatical consistency. Fixed an error in an earlier item in this revisions list
  • December 26, 2019: In California Privacy and Data Protection Rights, updated the description of the proposed verification requirements to include the verification standards that may be required for data deletion requests.
  • December 25, 2019: In Data Retention, amended the text regarding retention of images to change “It is my normal practice to retain indefinitely any images or photographs …” to “I typically retain indefinitely the photographs and/or other images …” and note that I may delete specific images if they are duplicates, if I deem them unusable, if I have some legal reason to delete them, or if I elect to not use them (or to discontinue using them) for some other reason. Struck the parenthetical phrase “(except where I have some specific obligation to destroy the originals)” to avoid confusion with the revised language. Inserted the phrase “where possible” before “my associated work files and editing stages, if any.” Added Yahoo!® to the list of examples of third-party service providers under Disclosure of Personally Identifying Information. In that section, fixed some spotty grammar in the description of Google and added their well-known search engine to the listed examples of their services. Fixed a typo in an earlier revision on this list.
  • December 24, 2019: In Disclosure of Personally Identifying Information, updated the description of Startpage.com to note that I also use Startpage’s associated proxy service. Updated the reference to libraries and archives to add links to the privacy policies of two local public libraries I use. Following the bullet-pointed list, changed the sentence “In general, I do not sell or rent personal information about individual visitors to the aaronseverson.com website” to “In general, I do not sell or rent the non-public information I collect from individual visitors to the aaronseverson.com website.” Struck a reference in that section to Google Analytics, which I no longer use on this website. In GDPR and State Law, struck the parenthetical phrase “(starting in 2020, California residents may request this up to twice per year)” after “Request portability of your personal data” (to avoid contradicting the Your California Privacy Rights section). Further updated the text of the California Privacy and Data Protection Rights section.
  • December 22, 2019: Further adjusted the description of rights under California Privacy and Data Protection Rights and Do Not Sell My Personal Information.
  • December 21, 2019: In Disclosure of Personally Identifying Information, updated the description of Cloudflare to note that websites and online services we visit/use may use Cloudflare’s CDN and/or DDoS protection services. Also fixed a typographical error in that language and corrected the links to the Cloudflare privacy policies that apply to each service. Made some clarifications and updates to the list of rights under California Privacy and Data Protection Rights.
  • December 19, 2019: In Disclosure of Personally Identifying Information, updated the description of Flickr to clarify the wording and indicate that the service is now on an Amazon Web Services platform (making Amazon Web Services a principal Flickr subprocessor).
  • December 11, 2019: Separated Not for Children Under 18; Age Verification into two sections: Not for Children Under 18, located immediately after Legal Bases for Collecting and Using Information, and Age Verification, in the previous location. In Not for Children Under 18, changed “If you have questions about any of these points, if you are a parent and believe that this website may have collected personally identifying information about your minor child …” to “If you have questions, if you are a parent or legal guardian and believe that this website may have collected personal information about your minor child …” Changed the first sentence of the final paragraph of the Age Verification section to “If you have questions about any of these points, please contact me …” and removed the language about parents or legal guardians, which is now in the separate Not for Children Under 18 section.
  • December 3, 2019: Added EFF to the list of examples of third-party service providers under Disclosure. In the GDPR and State Law section, changed the sentence “EU individuals also have the right to make a complaint to a government supervisory authority, as will California residents beginning in January 2020” to “EU individuals also have the right to make a complaint to the applicable government data protection authority. (California residents will have a similar right beginning in January 2020.)” Added a link to the European Commission’s directories of national data protection authorities to that section.
  • November 27, 2019: Under Disclosure of Personally Identifying Information, changed “Examples of such third-party vendors/service providers …” to “Representative examples of my third-party vendors/service providers …” Updated Embedded Content to note that only some versions of the Yoast plugin use Algolia search functions (which have reportedly been removed in newer updates), changing “The Yoast SEO plugin incorporates some search tools …” to “Some versions of Yoast SEO plugin have incorporated search tools …”
  • November 25, 2019: Further adjusted the language of the Information-Sharing Disclosures (Shine the Light Law) section for greater clarity.
  • November 24, 2019: In Security Scans, changed the phrase “flag the phone numbers of certain incoming voice calls …” to “flag certain incoming voice calls and/or text messages …”
  • November 23, 2019: Completely overhauled the Information-Sharing Disclosures (Shine the Light Law) section to more accurately describe the law’s requirements, better explain how to make a request, and clarify how we respond to such requests. Updated Information I Receive from Other Sources to note that the security components of the Microsoft Windows operating system may also supply blacklists and/or other security-related data, and added the words “via the” before the reference to Safer-Networking in the same paragraph for grammatical flow.
  • November 20, 2019: Further updated the California Privacy and Data Protection Rights language regarding verification requirements (noting the restrictions the proposed regulations impose on my use and retention of any additional data I may request to verify your identity; clarifying that the term “reasonable degree of certainty” is as the applicable regulations may define that term; changing “may permit certain exemptions” to “may provide certain exemptions”; changing “the law and it associated regulations” to “the law and/or its associated regulations”; and changing “or, if you act through an agent or representative” to “and/or, if you act through an agent or representative”).
  • November 19, 2019: Added a link to the Embedded Content bullet point on YouTube videos to Google’s “Businesses and Data” pages, which contain further information on what data Google may provide to YouTube content creators/publishers. Updated the language about Google Services in Disclosure of Personally Identifying Information to change “other services or tools” to “other services and/or tools.” Updated the California Privacy and Data Protection Rights section to clarify the language about identity verification, note that I may be unable to respond to a request if I am unable to adequately verify your identity, and emphasize that (in addition to any other exemptions the law and associated regulations may permit) I may be unable to delete certain types of information for technical reasons. Updated Data Retention to note, “For compliance purposes, I must also retain information pertaining to privacy-related requests, to the extent required by applicable law and/or regulation.”
  • November 18, 2019: Updated Embedded Content to note that when you access embedded content, your browser may also contact a certificate authority to check the validity of the embedded content provider’s encryption certificate. Updated the reference under Disclosure to my certificate authority to add “and/or other certificate authorities I may use or access.”
  • November 17, 2019: Further clarified the language about service/software/app/device telemetry in Disclosure of Personally Identifying Information (changing the phrase “that could gather personal information through telemetry” to “that could gather site-related personal information through telemetry”). Updated the bullet point about situations where I may be legally required to disclose information (changing “in connection with an audit or other official investigation or proceeding” to “in connection with an audit, civil or criminal trial, or other official investigation or proceeding”). Updated the bullet point about disclosures to protect rights, safety, and/or property (changing “to protect my property, rights, and/or safety, or the property, rights, and/or safety of third parties or the public at large” to “to protect my property, rights, and/or safety, and/or the property, rights, and/or safety of third parties and/or the public at large.”). Added boldface to additional items on that list to aid readability. Clarified the language in the preamble about California privacy rights (changing “or jump to” to “For more information about California privacy rights, jump to …” and making the latter a separate sentence). In the Disclosure section, clarified the example about car shows (changing “obtain, publish, and/or otherwise disclose” to “take, obtain, publish, and/or otherwise share”).
  • November 16, 2019: Fixed the capitalization of Online Certificate Status Protocol. Under Disclosure of Personally Identifying Information, changed the phrase “the makers of software/apps and/or electronic devices I use that incorporate information-gathering telemetry or other surveillance features, some of which cannot be completely disabled without simply ceasing to use that software, app, or device” to “services, software, apps, and/or electronic devices I may use that could gather personal information through telemetry and/or other integrated information-gathering and/or surveillance features, some of which cannot be disabled without simply ceasing to use that service, software, app, or device.” Further refined the language of the Certificate Authority Service section. Updated the reference to my Internet service provider in the Disclosure of Personally Identifying Information section from “Spectrum/Time Warner Cable®” to “Spectrum Internet® (formerly Time Warner Cable®).” Updated the description of my mobile carrier in that same bullet point and rearranged its order. Also updated the description of Bitdefender Mobile Security in the same bullet point to note that this includes the app’s associated services and correct the accidental use of “we”/”our” rather than “I”/”my.”
  • November 15, 2019: Further updated the Certificate Authority Service section to define OCSP requests. Added Bitdefender to the list of examples of third-party service providers under Disclosure. Under Embedded Content, clarified the language about Google Hosted Libraries to better match the description of Google Fonts in the same bullet point.
  • November 14, 2019: Added a new “Certificate Authority Service” section to Information Collected Automatically Through This Website and added Let’s Encrypt to the list of examples of third-party service providers under Disclosure. Updated the reference to Signal in Disclosure to note that Signal uses subprocessors/service providers that may include (without limitation) services provided by Google and/or Amazon Web Services, and added links to the relevant privacy information pages. Further refined the Certificate Authority Service language (also updating the reference to Let’s Encrypt in the Disclosure of Personally Identifying Information section) and added another example to Other Information You Provide to Me, refining some language in that section (adding “(but without limitation)” after “for example”; noting that the examples are just a few hypothetical possibilities; and changing the phrase “My use of such site-related information …” to “My use of personal information you provide me in such ways …”). Updated Information I Receive from Other Sources to note that my firewalls and/or other security apps/services may provide may provide me with information about any online servers or resources to which my devices connect or try to connect.
  • November 13, 2019: Updated Other Information You Provide to Me section to better reflect the framing of the current preamble, changing “site visitors may provide me with personal information” to “you may provide me with personal information through or in connection with this website” and changing “inquiry about this website” to “inquiry about this Privacy Policy.” Added the manufacturers of my wireless routers to the list of examples of third-party service providers under Disclosure. Added an internal anchor link in the preamble to the California section of this policy.
  • November 11, 2019: Updated Data Retention to clarify that my retention of email generally also includes files/file attachments (other than spam or suspected malware) and add language to that section about site-related text messages. Added OsmAnd as an example of mapping/navigation services in the list of examples of third-party service providers under Disclosure. Updated Information I Receive from Other Sources to note that I may receive personal information about the developers of software/apps/services/themes/add-ons I install for use in my work and/or the management of this website. Added bookstores and/or other retailers or vendors through which I may search for and/or purchase site-related materials to the list of examples of third-party service providers under Disclosure. In the same section, changed “libraries and/or archives” to “libraries, archives, and/or databases.” Added Perishable Press and the Mozilla Firefox browser to the examples of sources of third-party security-related data under Information I Receive From Other Sources.
  • November 10, 2019: Updated the reference in Disclosure to TCL Communications to note that they make not only the BlackBerry device, but also its suite of associated BlackBerry apps and services. Added OpenKeychain (and/or other encryption software/services) and Open Camera to the list of examples of third-party service providers under Disclosure.
  • November 9, 2019: Added libraries and archives (including librarians/archivists/their staff) and providers of public computers and/or wireless networks I may periodically use to the list of examples of third-party service providers under Disclosure. Fixed some typos in that section and changed “Examples of my third-party vendors/service providers may include” to “Examples of such third-party vendors/service providers may include …” In the California Privacy and Data Protection Rights section, changed “starting in January 2020” to “starting January 1, 2020” and “will give” to “give.” Also in the Your California Privacy Rights section, changed the heading “California Information-Sharing Disclosure” to “California Information-Sharing Disclosures (Shine the Light Law).” Under Disclosure, revised the language about information I may be required by law to disclose in order to streamline the language and better reflect the range of possible scenarios. Updated Data Retention to note that I normally retain indefinitely research notes and information related to my freelance writing and editing work, and changed the phrase “Any other type of data I may gather on visitors to this website …” to “Any other type of data I may gather through or in connection this website …”
  • November 8, 2019: Updated Disclosure to note that third-party service providers may include the makers of software/apps and/or electronic devices I use that incorporate information-gathering telemetry or surveillance features, rearranging the text of that bullet point to make it easier to decipher and emphasize that the examples listed are not an exclusive list.
  • November 7, 2019: Updated Data Retention to remove a confusing reference to a now-deleted section of the preamble. Made some adjustments to the list under Embedded Content to fix some grammatical issues, clarify the text, and arrange the items in a slightly different order. Changed some stray instances of “we” and “our” to “I” and “my” for consistency. Added the Google Play Store and its related services to the list of examples of third-party service providers under Disclosure, rearranging the list of Google-provided services in that section for better grammatical flow.
  • November 5, 2019: Further updated Disclosure of Personally Identifying Information section to clarify that I may not always be aware of having gathered information about a site visitor in some other context. Fixed a spelling error in this revision list. Revised Security Scans to update description of the EU-US Privacy Shield framework in that section to match the reference under Disclosure of Personally Identifying Information and slightly clarified the description of the Sucuri Security plugin’s functions. Updated Comments and Personal Information to change “you can choose to save …” to “you may have the option to save …” (regarding saving the information you enter for future comments, an option that may not always be offered), change “URL” to “website,” and change “each time a reply or follow-up comment is posted” to “each time a reply and/or follow-up comment is posted.”
  • November 4, 2019: Attempted to fix a technical issue with the bookmark/anchor links throughout. In Disclosure of Personally Identifying Information, changed “de-identified or aggregated” to “de-identified, anonymized, redacted, and/or aggregated.” Under California Privacy and Data Protection Rights, changed “To exercise your California privacy rights, visit …” to “To exercise your California privacy rights, please visit …” Changed several instances of “… and as otherwise described” to “… and/or as otherwise described.” Updated Information I Receive from Other Sources to note that I also get blacklist information via Spybot. UUpdated and simplified the preamble and revised text of the Disclosure of Personally Identifying Information section to add language about information I may gather or release that is NOT obtained through/in connection with this website.
  • November 3, 2019: Added TinyWall to the list of examples of third-party service providers under Disclosure and updated the Information I Receive from Other Sources section to add the MVPS HOSTS file to the examples of third-party blacklists I may use and note that I may also use that information to block access to my system and/or devices as well as the website. Updated the Your California Privacy Rights section to enumerate the list of CCPA rights rather than referring to the GDPR section, changing the “Other California Privacy Rights” heading to “California Privacy and Data Protection Rights,” and making some minor clarifications to the language of that section (including noting that California Civil Code § 1798.83–84 is known as the “Shine the Light” law). Updated the GDPR section wording to refer to the Controllers, Questions, and How to Reach Me section rather than just “below” and updated the internal anchor links to that section. Updated the Not for Children Under 18; Age Verification section to clarify that the references to children refer to minor children and that parents have the right to request the removal or deletion of information about their minor children. Fixed a couple of very minor grammatical issues.
  • November 2, 2019: Added HP to the list of examples of third-party service providers under Disclosure, noting that they comply with the EU-US Privacy Shield framework. Reordered several items in that section, also adding the word “other” to “printers/print services” and placing it immediately after HP. Fixed a stray incidence of “our” rather than “my” for consistency. Updated Security Scans to note that security/anti-spam scans of messages I send or receive may be performed on text messages as well as email, and that security scans may include submitting the messages, file attachments, and/or other relevant data to third-party services such as cloud-based malware-detection services.
  • November 1, 2019: Fixed the date formatting and a capitalization problem in the previous entry on this list. Added Piriform (CCleaner), a subsidiary of Avast, to the list of examples of third-party service providers under Disclosure.
  • October 31, 2019: Added Artifex (maker of the SmartOffice app), Mozilla (maker of the Firefox web browser(s)), and Safer-Networking Ltd. (maker of Spybot) to the list of examples of third-party service providers under Disclosure. Added Google Safe Browsing to the list of examples of Google services I may use/offer.
  • October 30, 2019: Added the Guardian Project’s Orbot and Tor Browser to the list of examples of third-party service providers under Disclosure. Clarified the description of Cloudflare 1.1.1.1 in that section, adding links to the applicable privacy policies in addition to the privacy statement links.
  • October 27, 2019: Added trademark notice language for the Google services specified herein, adjusting some adjacent language for readability. Clarified the wording of the reference to Gmail in the list of examples of third-party service providers under Disclosure, and added Google Hosted Libraries there in addition to the existing description under Embedded Content.
  • October 25, 2019: Added Cloudflare’s WARP service (associated with the Cloudflare 1.1.1.1 service already listed), NetGuard firewall/traffic monitor, and CompanionLink to the list of examples of third-party service providers under Disclosure. Fixed some incorrect punctuation in that section.
  • October 19, 2019: Added TCL Communication Limited (current owner of BlackBerry) to the list of examples of third-party service providers under Disclosure.
  • October 17, 2019: Moved Effective Date to the top of the document to make it easier to see. Reworded the preamble, Revisions section, and License for This Policy sections accordingly, also fixing a capitalization inconsistency. Updated the description of this list for clarity.
  • October 16, 2019: Updated the description of Yoast under Embedded Content to indicate the presence of the Yoast SEO plugin’s Algolia search functions.
  • October 14, 2019: Updated the description of Epic Privacy Browser in the list of examples of third-party service providers under Disclosure to reflect that the browser also has an associated Epic Search Engine (which submits anonymized queries to Yandex) and to change “in connection with their …” to “through my use of their …” for greater clarity.
  • October 9, 2019: Updated the Cookie Policy section to include a link to the Cookie Notice, which is now a separate page as well as being incorporated into the privacy preferences tool. Slightly adjusted the description of that list to note that these are cookies the site may use.
  • October 3, 2019: Fixed the effective date (which had incorrectly described October 2, 2019, as a Tuesday rather than a Wednesday). Added data and/or document destruction/shredding services to the examples of third-party service providers under Disclosure.
  • October 2, 2019: Amended the Your Rights (GDPR and California Privacy Rights) section to note that I may ask you to verify your identity and/or residency before processing data-related requests and that you need not be present in California to exercise your CCPA rights provided that you have a current California residence. Made few minor wording adjustments in that section to accommodate the new language and changed the phrase “… and its associated regulations” to “… and/or its associated regulations.” Revised the “Do Not Sell My Personal Information” and preamble text wording to match the wording on the Privacy Tools page.
  • September 29, 2019: In the list of examples of third-party service providers, changed several instances of the phrase “I may use or offer” to “I may use and/or offer” (since in some instances I may do both). In the language about Adobe in that section, changed the phrase “may collect data about such use” to “may collect related and/or associated data” to avoid confusion. Update the Your California Privacy Rights and added links to the Do Not Sell My Personal Information page. Added Hidden Reflex’s Epic Privacy Browser to the list of examples of third-party service providers under Disclosure.
  • September 15, 2019: Added website speed testing services/tools to the list of examples of third-party service providers under Disclosure.
  • September 14, 2019: Added Adobe to the list of examples of third-party service providers under Disclosure.
  • September 7, 2019: Added printers/print services, photo development, photo processing, video conversion, and other audiovisual material processing services to the list of examples of third-party service providers under Disclosure. In the description of the WAVE accessibility tool in that subsection, changed “am using” to “may use.” Struck the phrase “Since I don’t have employees” from the Information-Sharing Disclosures section. Throughout this policy, changed several instances of “we” and “our” to “I” and “my” for consistency.
  • August 11, 2019: Under Disclosure, clarified that third-party service providers may use their own subcontractors, data subprocessors, or other third-party vendors or partners, who may be located in other countries or regions. Under Embedded Content, struck the phrase “in the United States” in the bullet point regarding BootstrapCDN/Stackpath.
  • July 8, 2019: Under Disclosure, added transcription and translation to the examples of independent contractors/employees and added translation, transcription, mapping, and navigation services to the examples of third-party service providers.
  • June 20, 2019: Clarified that the section of Data Retention dealing with log data refers specifically to logs for this website.
  • June 7, 2019: Added Malwarebytes to the list of third-party service providers under Disclosure and updated the description of Avast in that list. Further updated the description of “browser fingerprinting” under Embedded Content.
  • June 3, 2019: Made some updates to the wording of Embedded Content to better explain what other information third party content providers may be able to detect (the process of so-called “browser fingerprinting”) and add a link to the EFF’s Panopticlick website.
  • April 29, 2019: Under Disclosure, changed “my independent contractors” to “my independent contractors and/or employees (if any).” (I still don’t have any employees, but I want to make sure it’s included in this language in the event that changes at some future date.)
  • April 2, 2019: Updated Legal Bases for Collecting and Using Information to add the item about protection of vital interests (taken directly from the latest version of Automattic’s Privacy Policy).
  • March 25, 2019: Updated Security Scans to make clearer that some Sucuri data and logs may be processed and/or stored by Sucuri as well as by me. Added an applicable ® symbol in that section.
  • March 23, 2019: Rearranged some text under Comments for more logical flow.
  • March 14, 2019: Added some ® symbols. Amended “Dreamhost, LLC” to just “DreamHost” (removing duplicate text were applicable) and the second instance of “T-Mobile USA, Inc.” to just “T-Mobile.” Throughout, slightly clarified the descriptions of what user agent information may include.
  • March 10, 2019: Under Information I Receive from Other Sources, added The Spamhaus Project as another example of where I may obtain block lists for spam and malware prevention, and added links to that and HackRepair.com.
  • March 4, 2019: Fixed some tag closing issues. Under Privacy Policy Changes, changed “the terms have changed” to “the policy has changed” for clarity.
  • March 3, 2019: Updated Embedded Content to note that you may be able to selectively disable some forms of embedded content. Fixed some inconsistent usage of “administrator dashboard” vs. “administrative dashboard.” Under Legal Bases for Collecting and Using Information, changed “financial transactions or image usage rights” to “financial transactions and image usage rights.”
  • February 27, 2019: Moved the first references to DreamHost and the link to the DreamHost privacy policy from the Server and Error Logs section to the Who I Am section, adding a note that DreamHost also hosts my email servers. In Server and Error Logs, changed “this site” to “the aaronseverson.com site” for clarity.
  • February 26, 2019: Updated Server and Error Logs, splitting the first paragraph into two for readability; rearranging and clarifying the language; adding the phrase “(as applicable, but without limitation)” before the listed examples; adding “that uses certain site features” to the list; and adding the following text after the list: “(These examples are a representative sampling, but not an exhaustive list; we may also use or add other logs not specified here, and not all logs are necessarily in use at any given time.).” Moved the language about logging privacy consents and acceptance of terms to a new subsection under Information You Provide to Me called “Consents and Agreements.”
  • February 22, 2019: Under Comments, changed “I may email you at that address to respond to your comment (or the associated comment thread, if any), particularly if it includes a question or if I need to clarify some aspect of your comment (for example, if you have posted two very similar comments, I may email you to ask which one you want me to publish)” to “I may respond via email in addition to or instead of publishing the comment on this website, particularly if your comment includes a question or offer of assistance or if I have questions about any pertinent details — for example, if you have submitted two very similar comments, I might email you to ask which one you want me to publish.” to match the language in the Terms of Use.
  • February 19, 2019: Under Disclosure of Personally Identifying Information, changed “If I have received your express authorization to do so” to “If you have asked or authorized me to do so.”
  • February 18, 2019: Added Cloudflare DNS resolver services to the list of third-party service providers under Disclosure. Fixed some link relationship errors in that section and noted that Cloudflare also complies with the EU-US Privacy Shield framework.
  • February 17, 2019: Amended the preamble and Other Information You Provide to Me to emphasize that this policy does NOT apply to my personal correspondence or communications.
  • February 14, 2019: Made a further amendment to Information I Receive from Other Sources to add another example of looking up third-party information on site visitors (making some minor amendments to the surrounding text for clarity) and reiterate that the examples presented in this section are not an exhaustive list. Also changed “How I use information gathered from other sources …” to “How I use information gathered from these or other sources …” Changed the wording of the WHOIS lookup services item under Disclosure to make it more generic. Amended Data Retention language to clarify and reiterate that legal and financial transaction records often necessarily include some personal data; split part of that paragraph into a separate paragraph for clarity (amending its text slightly to avoid confusion).
  • February 13, 2019: Added spell-checking to the listed ways I may use personal information I collect from or about you and updated Data Retention to note that I typically retain indefinitely names I add to my spelling dictionaries, and that to understand your comments or inquiries/messages, I may use information you submit to seek additional information from third-party sources. Added ICANN and other WHOIS lookup services to the third-party service providers under Disclosure and inserted a note about WHOIS lookups under Information I Receive from Other Sources. Fixed some minor editorial errors I made in the above changes.
  • February 7, 2019: Updated the Sucuri description in Security Scans to add the phrase “(without limitation)” after “such as,” since the listed examples are not an exhaustive list.
  • February 7, 2019: Updated the Sucuri description in Security Scans to add the phrase “(without limitation)” after “such as,” since the listed examples are not an exhaustive list.
  • February 6, 2019: Added Google Hosted Libraries to Embedded Content (in the same bullet as Google Fonts, since they operate similarly), revising/restructuring that bullet point’s language accordingly and adding a link to the Google Developers Google Fonts page.
  • February 3, 2019: Under Disclosure of Personally Identifying Information, revised the item on information that was already public, changing the first word of that bullet from “If” to “Where”; changing “was or is” to “is or was”; changing “e.g., …” to “such as — but without limitation — …”; and adding to and clarifying the listed examples. Also adjusted the text style of that item and moved it higher on the list. Revised the preamble of that section.
  • February 2, 2019: Updated Cookie Policy section to note that some accessibility features may use cookies to save your settings/preferences. At the beginning of that section, also replaced the words “each time” with “when.”
  • February 1, 2019: Fixed some typos, updated text styles, and edited link titles and anchor text on this page for better accessibility. Added WebAIM to the list of third-party service providers under Disclosure.
  • January 31, 2019: Amended Not for Children Under 18; Age Verification to indicate that the website may place a cookie on your device if you fail the age verification test and that you may have to reenter your birth date if the verification cookies have expired.
  • January 29, 2019: Clarified the language under Not for Children Under 18; Age Verification and moved that subsection to under Information You Provide to Me. Added an internal link to it from the Cookie Policy section and amended that text to reflect the subsection’s new relative position.
  • January 27, 2019: Under Disclosure of Personally Identifying Information, changed “(such as information that you have published on your official website or that is included in published interviews or news articles about you)” to “(e.g., information that’s available on your website; that you included in public comments or public posts on this or other websites; or that appears in published interviews, books, or news articles about you).” Updated Embedded Content to note that the Google Fonts servers may be operated by Google’s subprocessors as well as Google and that they may not necessarily be in the U.S., adding a link to their list of subprocessors. Made a slight change to the preamble to put the sentence about third-party websites on a separate line and reworded that sentence as: “Your use of any third-party websites or services, including those linked from the aaronseverson.com website or on which I may have accounts, is subject to the individual privacy policies and terms of use/terms of service, if any, of those sites or services.” Slightly adjusted the text in Who I Am for clarity and consistency. Added “messaging services, apps, and/or clients” to the list of third-party providers under Disclosure.
  • January 25, 2019: In the California Do Not Track Disclosure section, under Your California Privacy Rights, added spaces to “Do Not Track.”
  • January 22, 2019: Updated Disclosure of Personally Identifying Information language about legal requirements to clarify that I may disclose information where I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure isn’t expressly required (e.g., to look up an applicable tax rate for your address). Added common carriers/shipping agencies to the list of third-party service providers. Clarified Other California Privacy Rights by putting “subject to any exemptions provided by the law” in parentheses and moving that phrase to earlier in the applicable sentence.
  • January 3, 2019: Updated Disclosure of Personally Identifying Information to clarify that the circumstances under which I may be legally required to disclose information may include (without limitation) providing certain information to relevant government agencies (e.g., tax or customs agencies) for compliance purposes or in connection with audits or official investigations, as well as in connection with a subpoena or court order.
  • December 30, 2018: Added Startpage.com and DuckDuckGo to the list of third-party service providers under Disclosure of Personally Identifying Information.
  • December 29, 2018: Updated third-party service providers list under Disclosure to include my bank(s)/financial institution(s), and/or applicable payment processor(s). Added an additional bullet point regarding contractual obligations for disclosure of information to third-party service providers. Minor editorial correction to remove some unnecessary spaces.
  • December 19, 2018: Updated Embedded Content to note that WordPress may gather information in the course of installing, removing, or updating plugins, themes, and add-ons from WordPress.org. Updated Disclosure’s list of third-party vendors and service providers to include Microsoft and WordPress.org. Slightly amended the description of my mobile provider to change “emails and texts sent to and from … to “emails, texts, and other messages sent to and from …” ETA: Amended the Microsoft description from “software, apps, and tools” to “software, apps, tools, and services” and the Spectrum/Time Warner Cable description from “and thus has access to …” to “and thus has information about …”
  • December 10, 2018: Rearranged the text of the preamble for clarity, moving the licensing information into a new heading called License for This Policy (and striking the potentially confusing word “originally” from that text).
  • December 9, 2018: Made a minor clarification to Data Retention regarding consent logs: changed “… after which I may retain some logs for audit and compliance purposes” to “… after which I may retain some related records for audit and compliance purposes” and put that phrase in parentheses.
  • December 2, 2018: Updated Information I Receive From Other Sources to clarify what kind of information I may receive in connection with security and anti-spam measures and how I use it (adding email filtering as an additional example).
  • November 27, 2018: Updated Embedded Content to add Vimeo to the list of content providers and updated Disclosure to add my Internet service provider with a link to their customer privacy policy.
  • November 25, 2018: Clarified Data Retention regarding the retention of email and image files.
  • November 19, 2018: Updated Disclosure to note that I may periodically use Gmail, which is owned by Google.
  • November 17, 2018: Minor wording adjustments in Disclosure: changed “or is included in published interviews or news articles about you” to “or that is included in published interviews or news articles about you” and changed “their own, comparably strict confidentiality policies” to “their own, comparably strict (or stricter) confidentiality policies.”
  • November 15, 2018: Clarified the preamble, Other Information You Provide to Me, and Data Retention sections regarding my work and professional relationships separate from this website. Updated Data Retention to further clarify my retention of log data.
  • November 13, 2018: Changed references to Google LLC to just “Google” to avoid confusion with their shifting corporate usage. Updated Data Retention to clarify retention of privacy/consent logs and comments. Updated Server and Error Logs, Security Scans, and Comments to make clear that I may also use the data to troubleshoot technical problems and improve the functionality of the site. Added Flickr to the list of third-party service providers under Disclosure and added “website development/improvement” to the list of possible functions of independent contractors. Made a capitalization change to the Google Fonts description under Embedded Content and a minor clarification of the description of Flickr’s corporate ownership.
  • November 11, 2018: Updated Data Retention to clarify that logs of some administrative functions (which contain no user data) may be retained for longer periods.
  • November 8, 2018: Moved the reference to displaying specific notifications or content based on IP address or user agent from the WordPress section of Embedded Content to Server and Error Logs, since that function appears to mostly be performed locally (i.e., by this website rather than an external one). Added notes to Server and Error Logs, Security Scans, Embedded Content, and Comments sections indicating that your IP address may reveal your geographical location and in some cases also your Internet service provider.
  • November 7, 2018: Updated Embedded Content to better describe information gathered by WordPress. Added an item to that section about FeedBurner blog feeds on the administrative dashboard.
  • November 5, 2018: Fixed a typographical issue with this list (the inadvertent substitution of em dashes for ellipses).
  • November 4, 2018: Updated Comments, changing “… record and use the information in and associated with your comment … ” to “… record and use personal information in and associated with your comment … “; “… it can be found using the website’s search function” to “… it appears and/or can be found using the website’s search function and other internal indexing tools”; and “publish and/or respond to your comment” to “publish and respond to your comment.”
  • October 22, 2018: Updated this page’s hyperlinks with “rel=noopener” or “noopener noreferrer” attributes for security purposes.
  • October 19, 2018: Updated Data Retention section with information about photos or other images (revising some related existing language for clarity). Also, clarified some cumbersome wording about retention of anonymous or de-identified log data. Added “but without limitation” to the example under Information I Obtain from Other Sources. Updated and rearranged the list of grounds in Legal Bases for Collecting and Using Information, changed “… to safeguard the integrity of this website” to “… to safeguard the integrity of this website and its data,” and changed “to better understand how many people access my content” to “to better understand how people access my content.”
  • October 16, 2018: Updated the Who I Am section at the top to emphasize that I’m based in the U.S. Changed the name of the contact info HTML anchor from “ReachUs” to “ReachMe.” Added links to it from Who I Am and Not for Children Under 18; Age Verification sections.
  • October 14, 2018: Updated Embedded Content to change “… that loads the embedded content” to “… that loads and/or interacts with the embedded content”; “and/or include other mechanisms that allow the third-party hosting site to gather certain information about you” to “and/or use other mechanisms that enable the third-party site to gather information about you”; and “geographical location” to “your geographical location” for clarity. Updated the YouTube description in that section to note that YouTube players may check whether you are logged into a Google account and added an extra link to their privacy policy.
  • October 12, 2018: Updated Embedded Content and Disclosure to indicate that I may also use or offer other Google tools or services.
  • October 10, 2018: Clarified Disclosure section to note that my web host also hosts the mail servers for my associated email addresses.
  • October 7, 2018: Further clarified Disclosure provisions about contractors and third-party vendors/service providers. Minor editorial correction to this revision list. Updated Data Retention to note that I may retain some anonymous or de-identified log data for longer periods. Clarified Disclosure provisions regarding business transfers. Updated Comments to note that special characters, HTML/PHP code, and emojis in comments may be removed.
  • October 4, 2018: In Disclosure of Personally Identifying Information, changed “release” to “release or disclose.” Added a note about T-Mobile’s scam warnings to Security Scans and noted in Disclosure that my mobile carrier also, obviously, processes my phone calls.
  • October 3, 2018: Amended the third-party vendors/contractors/employers language in Disclosure of Personally Identifying Information for greater clarity, including separating independent contractors and vendors/service providers into two bullet points rather than one, explaining that the purposes for which I may share information may include addressing technical and/or legal issues (as well as the other purposes already specified) and repeating some of the links to third-party privacy policies. Made minor editorial changes throughout to fix instances where I had mistakenly switched from first person singular to first person plural. Inserted “(see “Other California Privacy Rights” below)” to the text of GDPR and State Law. Made some minor clarifications to the language in the Cookie Policy section. Made some minor clarifications to the language in the Cookie Policy section, including reordering two paragraphs.
  • October 2, 2018: Added a separate sub-section, “Other Information You Provide to Me.” Added the word “NOTE” to the note in the preamble.
  • October 1, 2018: Clarified language about ban lists/blacklists, noting that some may include email addresses and which I may use to protect my system and devices as well as preventing spam and protecting the site and its data.
  • September 30, 2018: Renamed Cookies section “Cookie Policy” and added a hypertext anchor to it. Added a Your California Privacy Rights header to the California rights section and added a hypertext anchor to it for easier navigation. Updated Comments and Information I Receive from Other Sources to note that I may obtain or receive ban lists of IP addresses and/or user agents commonly associated with spam and/or malware.
  • September 29, 2018: Updated the Comments section to note that published comments may appear in search results made using the website’s search function and that I may index them for that purpose. Clarified Disclosure and California Information-Sharing Disclosure sections to note that embedded content providers may use the information they gather for advertising/marketing purposes.
  • September 28, 2018: Updated and clarified the Comments section (and the Comments item in Disclosure) to reflect recent updates to the Terms of Use, including hopefully clearer language about email notifications and modifying/deleting comments.
  • September 26, 2018: Updated the Comments section to mention the Recent Comments widget.
  • September 25, 2018: Updated Server and Error Logs and Data Retention to clarify the types of data the logs include and how long I retain it. Added Other California Privacy Rights section.
  • September 21, 2018: Updated GDPR and State Law bullet point on data portability to add “(starting in 2020, California residents may request this up to twice per year).”
  • September 18, 2018: Added note about California’s information-sharing disclosures to Your Rights section (altering the heading of that section accordingly), rearranging some text and adding subheadings to that section. Updated Disclosure to clarify that I don’t share information for direct marketing purposes.
  • September 17, 2018: Updated Your Rights section to note that some of these rights apply to residents of some U.S. states, including California. Updated Disclosure section regarding security measures.
  • September 16, 2018: Amended Embedded Content to change “The third-party host may also detect …” to “In some cases, the third-party website may also be able to detect …” and “This information is collected and processed …” to “Such information is collected and process …” Fixed error in link tags.
  • September 15, 2018: Added links to Gravatar and their TOS under Embedded Content and noted that Gravatar may now be integrated with WordPress.com
  • September 14, 2018: Updated Embedded Content to include Gravatar and note that Google Fonts may cache data on your device browser as well as gathering certain information about your device.
  • September 13, 2018: Updated Embedded Content to note that there may be PayPal-served content on the administrative dashboard. Struck the item in that section about Google Drive and Amazon Web Service embedded graphics, which have now been removed. Clarified WordPress data-collection language, including noting that back-end content may be loaded from several domains owned by WordPress.org (e.g., s.w.org, ps.w.org, and ts.w.org).
  • September 12, 2018: Updated Embedded Content to include remotely served Google Drive and Amazon Web Services graphics. Clarified that some back-end administrator components also embed YouTube videos.
  • September 10, 2018: Added link to AboutCookies.org under Cookies. Fixed a minor formatting error. Added YouTube to Embedded Content and updated links to the Google Privacy Policy.
  • September 9, 2018: Further clarified Cookies section to better explain cookie duration.
  • September 8, 2018: Renamed the button to access privacy/cookie settings from “Change Your Privacy Preferences” to “Access Your Privacy and Cookie Preferences” for clarity and added that button here rather than simply a link to it.
  • September 7, 2018: Further amended Cookies to clarify cookie durations. Updated Comments section to include note about saving your information with cookies for future comments and update info on deleting comments.
  • September 6, 2018: Updated Embedded Content with a link to Yoast’s GDPR page. Updated Cookies to better explain how you can find out about the specific cookies the site uses. Added WordPress to Embedded Content list.
  • September 5, 2018: Updated links to external privacy policies/statements (including adding links to the Google Privacy Policy); updated the ownership descriptions for BootstrapCDN/MaxCDN (which are now part of StackPath), DreamHost, and T-Mobile; added a smattering of ® symbols throughout; hyphenated “back-end” for editorial consistency; and fixed some inconsistent capitalization. Clarified the duration of some cookies in Cookies section.
  • September 4, 2018: Updated Embedded Content to indicate that some backend (administrative dashboard) features may be served by Yoast.
  • September 1, 2018: Updated Disclosure to include a note about transfers of this website due to sale or death.
  • August 18, 2018: Added additional information to Cookies and Data Retention regarding cookie duration.
  • August 15, 2018: Added additional notes to Security Scans and Comments to indicate that I may also perform security scans on emails, including comment notifications, for spam and malware. Added a note to Disclosure about Avast, the current provider of some of my security, antivirus, privacy, and administrative tools, including a link to their privacy policy. Minor tweak to Security Scans to note that Sucuri “can detect security vulnerabilities and some forms of malware by scanning the files and public areas …”
  • August 14, 2018: Updated Data Retention to clarify retention of log and scan result data, email alerts, and notifications. Updated Disclosure to note that I may share information that’s already publicly available.
  • August 13, 2018: Updated Server and Error Logs to note that the website also keeps logs to record your consent to the Privacy Policy, other legal terms, and/or to my gathering certain types of personal information. Also inserted “I, or where applicable my web host, may use …” (since some of the logs described are maintained solely by me and other by my web host). Also added a note about retention of consent logs to Data Retention. Updated Security Scans to note that I also use various measures to protect my local systems, devices, and offline data against malware and other security threats.
  • August 12, 2018: Updated Comments to add “without limitation” to the examples following “… the information in and associated with your comment” and note that comment notification emails may include the website/URL you listed in your comment. Removed the reference to WP DoNotTrack (I still use it, but its inclusion here was more confusing than helpful). Added a mention of the email notifications for comments to the applicable point under Disclosure.
  • August 11, 2018: Updated Security Scans to note that the site’s security measures may automatically block certain suspicious actions or queries. Updated Cookies section to clarify that embedded third-party content may use cookies. Minor edit in Disclosure section to the language about third-party vendors, service providers, and independent contractors to make the wording more consistent. Updated Comments section to reiterate that I take no responsibility for what third parties do with any personal information contained in posted comments.
  • August 10, 2018: Updated Comments section to explain that the website may perform automated tests on comments to filter spam (and my web host and mobile provider may do the same with comment notification emails) and that I may use data associated with comments to record your acceptance of the Privacy Policy and other legal terms. Rearranged and made some minor amendments to the text of that section for clarity, including adding language about providing a URL, restoring earlier language about comment notifications, and changing “By posting a comment …” to “By submitting a comment …” Minor correction to an earlier item on the revision list. Clarified the language in Security Scans about my web host/mobile carrier scanning emails for spam and malware. Clarified and expanded Data Retention section. Added links to DreamHost and T-Mobile privacy statements to Disclosure section for ease of reference. Updated Information I Receive from Other Sources.
  • August 8, 2018: Minor revision to Data Retention: “… relevant log or alert data may be retained for longer periods” → “… relevant data may be retained for longer periods.”
  • July 27, 2018: Clarified that archival copies of deleted comments may remain in my records or backups. Minor editorial correction.
  • July 26, 2018: Minor editorial revision: changed “Google” or “Google Inc.” to “Google LLC” where applicable. Removed accidentally duplicated line in Disclosure of Personally Identifying Information.
  • July 16, 2018: Updated description of user agent information and that it typically includes browser settings such as language preferences. Updated Not for Children Under 18; Age Verification language.
  • July 15, 2018: Streamlined Embedded Content section to make it clearer and less repetitive. Minor editorial corrections.
  • July 14, 2018: Further adjustments to preamble wording.
  • July 13, 2018: Various minor revisions to emphasize that this policy applies strictly to information gathered through this website, not to any separate business arrangements (if any) with me.
  • July 12, 2018: Clarified language of Not for Children Under 18; Age Verification section. Further clarified log retention periods based on an updated from Sucuri. Fixed some minor formatting problems. Reworded How to Reach Me and made other minor adjustments to Data Retention.
  • July 11, 2018: Clarified how long I retain logs and that some security audit logs may be retained by me, Sucuri, or my web host for longer than 30 days. Added notes about my web host and mobile carrier doing security and anti-spam scans of email, and that (obviously) my mobile carrier may manage site-related texts as well as emails sent to my phone or phones. Amended Disclosure of Personally Identifying Information to include a provision about publishing excerpts of support requests (such as reports of technical problems) you send me privately. Minor formatting changes. Clarified language of Not for Children Under 18; Age Verification section.
  • July 10, 2018: Clarified that, obviously, my and my web host’s security scans look for the presence of potentially malicious code. Noted that the admin login page sets cookies and made minor clarifications to the Security Scans section.
  • July 4, 2018: Clarified that I may also use information from comments for the other purposes outlined in Disclosure of Personally Identifying Information. Noted that I may add or alter filenames and/or metadata to indicate the provenance and attribution of images or other content (as well as retaining any personal information that might already be contained in that content). Minor editorial corrections.
  • June 24, 2018: Clarified that comments record your browser’s user agent information (browser and operating system type/version) as well as your IP address. Changed description of user agent info from “browser type/version and operating system” to “browser and operating system type/version” throughout for clarity.
  • June 21, 2018: Noted in Comments that I may use information associated with your message to verify your identity as well as confirming that you’re not a bot.
  • June 21, 2018: Updated Comments section to indicate that I may use information associated with your comment to verify your identity as well as whether you’re a real human being rather than a bot.
  • June 19, 2018: Added comments to Disclosure of Personally Identifying Information, for completeness.
  • June 18, 2018: Updated Comments section to clarify that notifications emailed to the administrator include your IP address, a point inadvertently dropped in an earlier revision. Changed “user name” to “name” for clarity. Updated Comments section to clarify that I may use your information to protect my accounts, systems, and devices (as well as the website itself) against spam, fraud, abuse, or electronic attacks.
  • June 16, 2018: Updated Disclosure of Personally Identifying Information to note that I may disclose personal information to appropriately credit people for the use of their content or intellectual property. Updated Data Retention to note that I retain dispute-related information indefinitely. Added note at the top clarifying that this policy does not apply to any third-party websites linked here.
  • June 8, 2018: Corrected “Information We Receive from Other Sources” to “Information I Receive from Other Sources” and updated that section to explain disclosure. Renamed “Information We Collect” to “Information I Collect.” Minor editorial corrections throughout.
  • May 30, 2018: Minor editorial clarification in Security Scans: “That alert would typically include the unauthorized visitor’s IP address, browser type/version, and possibly their operating system …” –> “That alert would typically include the unauthorized visitor’s IP address and possibly their user agent information (browser type/version and possibly operating system) …”
  • May 26, 2018: Updated Security Scan and Disclosure sections to reflect current Sucuri terms. Clarified Embedded Content wording. Added link at the top to this revisions list.
  • May 24, 2018: Various minor clarifications, including revised Cookies, Security Scan, Data Retention, and Revisions language and the removal of Other Information You Provide to Us.
  • May 23, 2018: Updated http links to https as applicable. Updated cookie language. Updated disclosure language. Clarified Security Plugins section and renamed it Security Scans. Minor amendments to Server and Error Logs to correspond with these changes.
  • May 21, 2018: Clarified embedded content language, adding Cloudflare, and added note about Sucuri scanning. Streamlined and amended cookie language.
  • May 20, 2018: Added language about Google Fonts, mobile carrier, clarified location, added date retention information.
  • May 19, 2018: Clarifications for GDPR compliance (based in part on latest Automattic terms effective May 25, 2018).
  • May 1, 2018: Clarified that the Disclosure of Personally Identifying Information section applies to information gathered through this website.
  • January 13, 2016: Added note to preamble clarifying that variations in text style have no legal significance.
  • January 8, 2016: In Disclosure of Personally Identifying Information, changed “contractors, business partners, and affiliated organizations …” –> “contractors, service providers, business partners, and affiliated organizations …” and “Some of those contractors and affiliated organizations may be located … –> “Some of those contractors, service providers, business partners, and affiliated organizations may be located …”
  • January 7, 2016: Removed references to third-party font API service, which I have discontinued using. ETA: Editorial changes and corrections. ETA: Added BootstrapCDN info to Embedded Content section. Updated Server and Error Logs: “(such as, but not limited to, the IP address and in some cases the browser type and referring site, if any)” –> “(such as, but necessarily not limited to, the IP address; the user agent information supplied by the browser, which typically includes the browser type/version and operating system; and in some cases the referring site, if any)” and added “to improve the functionality of the site” to the list of uses.
  • January 6, 2016: Clarified previous revision information. Editorial correction (removed outdated contact form reference). Editorial corrections. In Disclosure of Personally Identifying Information, changed “other court order” –> “other court or government order.” ETA: Amended Server and Error Logs: “such as the IP address” –> “such as, but not limited to,”. ETA: In Embedded Content section, changed “I do not receive or have access to any user data related to these fonts” –> “I do not collect or receive any user data related to these fonts.” Editorial corrections.
  • January 2, 2016: Clarified Comments section to note that I will assume you are authorizing me to publish any information you include in a comment you post (ETA: including the name/screen name you supply). (I would hope this would be obvious, but I note it here for the avoidance of doubt.)
  • December 31, 2015: Editorial corrections.
  • December 29, 2015: Editorial corrections. Clarified that this entire policy is available under CC BY-SA 4.0 and clarified licensing language. Amended Disclosure of Personally Identifying Information: “I will not publish or release personally identifying information such as your email address …” –> “I will not publish or release personally identifying information associated with your request, such as your email address, …”
  • December 28, 2015: Added note about Automattic revision history; editorial corrections. Clarified licensing language.
  • December 25, 2015: Editorial correction.
  • December 24, 2015: Added link to Automattic Inc. main site. Reworded Server and Error Log language: “As part of their normal operations, my web host (which is located in the United States) and the security systems of this website automatically generate access and error logs” –> “Like most websites, this site and my web host (which is located in the United States) maintain various logs that collect certain information”.
  • December 23, 2015: Minor change in Server and Error Log: “to block spam and unauthorized “hotlinking” to … –> “to block spam and hotlinking or other unauthorized use of …” Editorial corrections.
  • December 22, 2015: Editorial and formatting changes; added more detailed recent revision list. Clarified licensing language.
  • December 21, 2015: Minor editorial changes. Clarified licensing language.
  • December 19, 2015: Updated language regarding use of information related to comments and form submissions. Updated language clarifying that log information may be used to prevent hotlinking and/or electronic attacks.
  • December 16, 2015: Clarified language regarding use of personally identifiable information in comments.
  • December 10, 2015: Clarified that third-party font API service servers are located in the U.S. Added credits to note about WP DoNotTrack.
  • December 9, 2015: Clarified Server and Error log information. Editorial changes, including rearranging some sections. Editorial and formatting changes.
  • October 23, 2015: Editorial corrections. Added “and/or” to Disclosure of Personally Identifying Information stipulations.
  • October 10, 2015: Editorial and formatting changes. Clarified Online Tracking section.
  • August 24, 2015: Split from Privacy & Legal to separate document. Added Server and Error Logs information; editorial changes. Updated license from BY-SA 2.5 to 4.0.

Please contact me if you need information on earlier revisions.

Privacy Preference Center

Privacy and Cookie Preferences

These cookies manage your cookie and privacy preferences. There will typically be several such cookies, each beginning with "gdpr" (e.g., gdpr[allowed_cookies], gdpr&5Bprivacy_bar&5D, and gdpr[consent_types]). They normally expire after about one year. If you delete or disable these cookies, your existing preferences will be lost and you may not be able to save your privacy settings for this website. (These cookies may not be set at all for administrative users unless they access the publicly visible portions of the website.)

gdpr, gdpr[allowed_cookies], gdpr&5Bprivacy_bar&5D, gdpr[consent_types]

Accessibility Settings

If you change certain aspects of the site's appearance using the accessibility sidebar, it may set these cookies to manage and remember your settings. The wahFontColor and wahBgColor cookies, which are set if you alter the site's color scheme, normally expire after about 14 days, but you can remove them immediately by clicking the "Restore Defaults" button on the sidebar.

I may sometimes present an alternative version of the sidebar offering different options, which may set the a11y-desaturated, a11y-high-contrast, and/or a11y-larger-fontsize cookies if you change those settings. These a11y cookies normally expire after about seven days, but are removed immediately if you restore the applicable settings to their default values.

wahFontColor, wahBgColor, a11y-desaturated, a11y-high-contrast, a11y-larger-fontsize

Age Verification

Viewing certain site content may require you to first verify your age by entering your date of birth. If your birth date indicates that you are 18 or older, the website places the age_gate cookie (whose value is "1," meaning "yes, passed") to allow you to access age-restricted content. The cookie remains active for up to 14 days if you click the "Remember me" check box when you enter your birth date; otherwise, the cookie normally expires when you close your browser. If the birth date you entered indicates that you are NOT 18 or older, the website may place the age_gate_failed cookie (whose value is also "1") to prevent you from trying again to access age-restricted content. (The website does not retain your birth date or your age. See the "Age Verification" section of the Privacy Policy for more information about how the age verification system works.)

age_gate, age_gate_failed

Password-Protected Posts

Accessing certain posts or pages on this website may require you to enter a specific password. If you correctly enter the password, the site saves this cookie on your device to allow you access to the password-protected post or page. (For this cookie, "xx" will be a cryptographic hash.) The cookie normally expires in about 10 days and is not set at all if you do not access any password-protected content.

wp_postpass_xx

Commenting

When you submit a comment, you may have the option save your information for future comments, storing the info in these cookies. (For each of these cookies, "xx" will be a cryptographic hash.) The cookies are not set at all unless you select that option when submitting a comment. They normally expire in just under one year, but you can delete the cookies in your browser at any time. (These cookies are not usually set for administrative users, since comments they submit while logged in are associated with their user ID number and user profile rather than a manually entered name and email address.)

comment_author_xx, comment_author_email_xx, comment_author_url_xx

YouTube Videos

These third-party cookies may be set by YouTube (which is now owned by Google, superseding the now-defunct Google Video hosting service) in connection with embedded videos, for purposes such as (without limitation) managing video settings (such as tailoring the playback to your connection speed), storing video preferences, providing certain functionality such as allowing you to stop and restart a video without losing your place, showing you advertisements, associating your video viewing and other activity with your Google account (if any), ensuring proper functioning of the service, and/or compiling user analytics data. The cookies may be set by various domains, including (but not necessarily limited to) youtube.com, youtube-nocookie.com, googlevideo.com, ytimg.com, google.com, accounts.google.com, and/or doubleclick.net (which is part of the DoubleClick advertising service). Some are session cookies that expire when you close your browser; others may remain on your device as long as your browser settings permit. Some cookies Google sets in connection with your Google account and/or advertising served through YouTube (which may include others not listed here) are persistent cookies that may remain in your browser for as long as your individual browser settings permit. See Google's "Types of Cookies Used by Google" page for more information about the functions of their various cookies. To learn more about how Google uses the information they collect, see the Google Privacy Policy. (YouTube, Google Videos, and DoubleClick are trademarks of Google LLC. Google is a registered trademark of Google LLC.)

yt.innertube::nextId, yt.innertube::requests, yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name, recently_watched_video_id_list, use_hotbox, demographics, GPS, LOGIN_INFO, PREF, VISITOR_INFO1_LIVE, YSC, AID, ANID, APISID, CONSENT, DSID, FLC, GAPS, IDE, NID, HSID, OTZ, SID, SNID, SIDCC, TAID, exchange_uid, 1P_JAR

Vimeo Videos

These third-party cookies may be set by Vimeo in connection with embedded videos, for purposes such as (without limitation) managing video settings, storing video preferences, providing certain functionality (such as allowing you to pause a video at a particular point), associating your video viewing and other activity with your Vimeo account (if you have one), showing you advertising, and/or compiling user analytics data. The cookies whose names begin with "_ga" and "_ut" are associated with Google Analytics (which is subject to the Google Privacy Policy); the ones whose names begin with "_ceg" are associated with the Crazy Egg web analytics service (which is subject to the Crazy Egg Privacy Policy); the ones that begin with "optimizely" are associated with the Optimizely digital experience optimization service (which is subject to the Optimizely Privacy Policy); and the ones beginning with "adsense" or listed in all caps are associated with Google AdSense and/or other Google advertising services (which are also subject to the Google Privacy Policy). The Vimeo Cookie Policy does not currently disclose the normal durations of their cookies, but some are persistent cookies that may remain in your browser for as long as your individual browser settings permit; some Google Analytics cookies can persist for up to two years. For more information about how Vimeo uses the information they collect, see the Vimeo Privacy Policy. (Vimeo is a trademark of Vimeo, Inc. AdSense and Google Analytics are trademarks of Google LLC; Google is a registered trademark of Google LLC. Crazy Egg is a trademark of Crazy Egg, Inc. Optimizely is a trademark of Optimizely, Inc., registered in the United States, EU, and elsewhere.)

_abexps, aka_debug, clips, continuous_play_v3, embed_preferences, has_logged_in, is_logged_in, jsessionID, player, search_click_position, Searchtoken, stats_end_date, stats_start_date, sst_aid, uid, v6f, vimeo, vuid, _ga, _gads, _utma, _utmb, _utmc, _utmv, _utmz,_ceg.s, _ceg.u, optimizelyBuckets, optimizelyEndUserId, optimizelySegments, adsense, adsenseReferralSourceId, adsenseReferralSubId, adsenseReferralUrl, adsenseReferralUrlQuery, S_adsense, APISID, GAPS, HSID, NID, N_T, PREF, SAPISID, SID, SNID, SSID

PayPal® Buttons

The payment or donation buttons that may appear on portions of the administrative dashboard (which is not normally accessible except to logged-in administrative users) contain embedded content served by PayPal®. Those buttons may set the third-party cookies PYPF (via paypalobjects.com), which appears to check whether or not you are a logged-in PayPal user and is probably used to facilitate the PayPal user login process, and/or 01A1 (via abmr.net), which stores certain technical information about your device and browser, probably to facilitate the login and shopping cart functions. The PYPF cookie normally expires in approximately four weeks, the 01A1 cookie in approximately one year.

If you use the buttons to make a payment or donation, PayPal sets additional cookies (not listed here) to manage your PayPal login and transaction data (and potentially also for various other purposes, such as user analytics and/or advertising). For more information on what data PayPal collects and what they do with it, visit their Legal Agreements for PayPal Services page to review the PayPal Privacy Statement and Statement on Cookies and Tracking Technologies that apply in your location. (PayPal is a registered trademark of PayPal, Inc. All button icons, custom graphics, logos, page headers, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal or PayPal's licensors.)

PYPF, 01A1

Administrative and Login Cookies

These functionality cookies are used to manage user logins and other WordPress administrative functions, such as post editing. If you are not an administrative user, they shouldn't normally be placed on your device at all unless you somehow access the login area, which is off-limits to non-administrators.

Accessing the login page places the wordpress_test_cookie (a session cookie that tests whether your browser will allow the cookies needed to log in and expires when you close your browser) and the itsec-hb-login-xx cookie (which expires after about one hour and helps protect the site against "brute force" attempts to hack user passwords).

Logging in sets the wordpress_logged_in_xx, wordpress_sec_xx, and/or wordpress_xx cookies, which store your user login credentials to allow access to the administrative dashboard and other administrative functions; these cookies expire in about 15 days if you click "Remember Me" when logging in, but if you don't, they normally expire when you close your browser (or, failing that, within about two days). The wp-settings-UID cookies store a logged-in user's configuration settings, while the wp-settings-time-UID cookies store the time those configuration settings were set; these cookies normally expire after about one year. One or more wp-saving-post cookies may be placed while creating and/or editing posts or pages, to help manage version control and the autosave feature; these cookies normally expire after about 24 hours. The wp-donottrack_feed cookie, which controls a blog feed, may be set by accessing the dashboard menu for the WP DoNotTrack plugin (if I currently have that plugin enabled); this cookie normally expires in about one year.

For all of these administrative and login cookies, the "xx" will be a cryptographic hash while "UID" will be the administrative user's user ID number in this website's WordPress database. (WordPress is a registered trademark of the WordPress Foundation.)

wordpress_test_cookie, itsec-hb-login-xx, wordpress_sec_xx, wordpress_logged_in_xx, wordpress_xx, wp-settings-UID, wp-settings-time-UID, wp-saving-post, wp-donottrack_feed

Change Font Size
High Contrast Mode (Note: This option sets cookies to save your settings)