Privacy Policy

This Privacy Policy explains what personal information I may collect through and/or in connection with this website and how I use that information. Please read this policy before using the site. By using the aaronseverson.com website, you indicate your acceptance of the policy described below.

Please note that your use of any third-party websites or services, including those linked from the aaronseverson.com website or on which I may have accounts, is subject to the individual privacy policies and terms of use/terms of service, if any, of those sites or services. My automotive website, Ate Up With Motor, has its own privacy policy, as does my professional writing/editing/writing consultation website, 6200 Productions (whose privacy policy also applies to my writing/editing/writing consultation services outside of Ate Up With Motor). Those policies are separate from this one.

EFFECTIVE DATE: This version of the Privacy Policy is effective Saturday, March 28, 2020. If this policy has changed since you last reviewed it, or if you received a notice indicating that the Privacy Policy has changed, you may want to jump directly to the “Recent Revisions” section at the bottom of this page, which summarizes recent modifications by date.

Variations in text style (such as different font weights, sizes, or colors) are used throughout this Privacy Policy to improve readability, but have no legal significance or effect.

Table of Contents

Who I Am

For purposes of this Privacy Policy, the terms “I,” “me,” and “my” shall be deemed to signify Aaron Severson, the owner of this website, an individual U.S. citizen residing in Los Angeles, California, U.S.A. I, along with my web host, DreamHost® (which also hosts the mail servers for my aaronseverson.com email addresses — here’s DreamHost’s Privacy Policy), and many of the vendors and third-party service providers I use in connection with this website, are located in the United States and are subject to U.S. law, which may differ from the laws of your area. Click here to jump to my contact information toward the bottom of this page.

License for This Policy

Portions of this Privacy Policy were adapted from the Automattic Inc. Privacy Policy (which you can also find at their Legalmattic repository) under a Creative Commons Attribution-ShareAlike 4.0 International license. This policy (including both my adaptation of the Automattic terms and my additions) is offered under the same license. If you elect to use or further adapt my version, please credit Automattic Inc. as well as me (Aaron Severson). I also strongly recommend that you note the effective date shown above and include that date in your attribution if it is reasonably practical to do so. (See the change log at the bottom of the Automattic policy linked above for their revision history; both the original and this document have been modified many times!)

Information I Collect

I may collect information on you in three ways: automatically through this website; if and when you supply information to me; and from other sources. Each of these three types of data collection, and my use of that information, will be further explained below.

Legal Bases for Collecting and Using Information

If you are in an area that is subject to European data protection laws, my legal grounds for collecting and using your information are that:

  1. The use is necessary to provide the functions of the website (such as comments); or
  2. The use is necessary for compliance with a legal obligation (such as my need to maintain reasonable records of financial transactions and image usage rights); or
  3. The use is necessary to fulfill a contractual obligation (such as complying with the terms of a Creative Commons or other license for the use of your content); or
  4. The use is necessary in order to protect your vital interests or those of another person; or
  5. I have a legitimate interest in using your information — for example, to safeguard the integrity of this website and its data, to troubleshoot technical problems, and/or to appropriately respond to your inquiries regarding my work; or
  6. You have given me your consent.

Notice to Parents Regarding Children Under 18; Not for Children

This website is in no way intended for or directed at children. Except as otherwise required by law, in the event I receive any personally identifying information through this website that I know to be from a child under the age of 18 (e.g., a message to the administrator email or a comment), it is my policy to promptly delete such information or, if complete deletion is not possible, to take whatever steps I reasonably can to de-identify or anonymize that information.

If you have questions, if you are a parent or legal guardian and believe that this website may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via one of the methods listed under “Controllers, Questions, and How to Reach Me” below.

Definitions

To help simplify and clarify the rest of this policy, the following definitions will be used throughout this document:

  • User(s) and visitor(s): For the purposes of this policy, I use the terms “visitor” and “user” synonymously to mean any individual who accesses this website. This policy assumes that you, the reader, are such a visitor/user.
  • Personal information/personally identifying information: Different jurisdictions have different definitions of “personal information” and “personally identifying information” (terms this policy uses synonymously), but in general, it means any information that could be used to individually identify you and/or your “household” (another term that may have different legal meanings depending on the jurisdiction). Information doesn’t have to identify you by name to be considered personal information or personally identifying; information that describes or could be associated with you can also constitute personal information. In this policy, I also use the term “potentially personally identifying information” to describe information that might identify you and/or your household in certain contexts (or in combination with certain other information).
  • Gather and collect: This Privacy Policy treats the terms “gather” and “collect” synonymously.
  • Identifiers: “Identifiers” are pieces of personal information that expressly identify an individual, household, or specific device, such as (though not limited to) real names, postal mailing addresses, email addresses, driver’s license numbers, Social Security Numbers, or unique device ID numbers. Some jurisdictions also consider IP addresses to be personal identifiers.
  • Protected classifications: Some pieces of personal information are characteristics of one or more classifications that are protected by civil rights law and/or other nondiscrimination laws, such as race, religion, gender, or medical conditions.
  • IP address: An Internet Protocol (IP) address is the numerical address of any device capable of accessing the Internet. If you use several different Internet-capable devices, their individual IP addresses are typically all different (although if you have several devices connected to the same router or tethered together, they might share the same IP address so long as they remain connected or tethered). An IP address typically reveals the Internet service provider or mobile carrier the device is using. A given device’s IP addresses may change periodically (especially if the device is configured to use “dynamic” IP addresses assigned by the Internet service provider or mobile carrier). It is possible to hide a device’s IP address and Internet service provider/mobile carrier by using a virtual private network (VPN) or proxy service; with these services, you first connect to a computer server provided by the VPN/proxy service and that proxy server then connects to other Internet sites and resources, which “see” only the IP address of the proxy server. For the purposes of this policy, when I refer to IP addresses, I mean the IP address that actually connects to my website or that I otherwise receive, whether that is your device’s actual IP address or a proxy. (In many cases, I have no way to tell the difference.)
  • User agent information: A “user agent” is any software program, service, or system that allows a user to access web content. This can mean a web browser, an email client, or a web “crawler” of the kind used by search engines. User agents automatically reveal certain information about themselves — and therefore about the user — to any online resource they access, enabling that resource to deliver its content in a way the user agent can correctly handle. At a minimum, a browser’s user agent information typically reveals the browser type and version, the operating system in which the browser is running, and certain settings such as preferred language and time zone; if you’re using a mobile browser, the user agent information may also reveal the specific type of mobile device you’re using. User agent information is typically not personally identifying by itself, but it is sometimes possible to identify an individual user based on their specific combination of browser characteristics, a technique called “browser fingerprinting.” The Electronic Frontier Foundation (EFF) has created a website called Panopticlick that offers more information about this complicated subject, including a tool that lets you test what “fingerprints” your browser may have. (I am not affiliated in any way with the EFF and offer this link purely for your information.)
  • Domain name: A domain name is the name of an online resource such as an email server or a website; for example, “aaronseverson.com” is a domain name. The ownership of domain names is registered through the Internet Corporation for Assigned Names and Numbers (ICANN), which maintains a directory of registered owners and their contact information. Most websites have a domain name, as do nearly all email addresses. When you access an online resource by its domain name, your device first accesses a domain name system (DNS) server, which is a directory that looks up that resource’s IP address so your device can connect to it. Mechanisms that collect website visitors’ IP addresses sometimes also record a domain name in connection with that IP address; this is typically the domain name of the Internet service provider or mobile carrier with which that IP address is associated.
  • Embedded content: Most web pages consist of many different elements, including not only the HTML code, but also various images, other media files, fonts, and scripts. For this website, most of those elements reside on and are served (i.e., loaded and run in your browser) by web servers owned by my web host, DreamHost®; this policy describes such elements as “local,” “locally served,” or “locally hosted” content (these terms are used synonymously). Certain elements of the website, such as (without limitation) images, scripts, fonts, or video players, may reside on and be served by systems not owned by DreamHost, such as third-party hosted libraries or content delivery network (CDN) servers; this policy describes such elements as “embedded content.” Whenever you access a page that includes embedded content, the page instructs your browser to contact the servers of the embedded content provider to retrieve and load those elements.
  • Visitor activity: For purposes of this policy, “visitor activity” refers to any information I may collect about my visitors’ online activity and/or actions, whether on this website or elsewhere online, such as (without limitation) web pages they’ve visited, links they’ve clicked, or search terms they have looked for.
  • Malicious activity: I define “malicious activity” as any activity or action intended to harm, abuse, compromise, or disrupt the functions of this website, its data, my web host, my embedded content providers, my visitors/users, my system and device(s), and/or me, or defraud or attempt to defraud me, my service providers and/or vendors, and/or my visitors/users.
  • Errors and suspicious activity: For purposes of this policy, “errors” means any error messages your visits to this website may generate, such as when some of the images or elements that should appear on a particular page fail to load. (“Error” doesn’t necessarily mean that you’ve done anything wrong!) “Suspicious activity” means any access to or actions involving this website that could be a sign of malicious activity. Of course, not all suspicious activity is actually malicious; often, it results from an error beyond the visitor’s control or from a harmless mistake.
  • Names: Unless otherwise specified, where I refer to “names” in this policy, it includes both real, legal names and pseudonyms/aliases. In general, I only require your legal name in certain circumstances (such as financial transactions or legal agreements). Otherwise, you are free to communicate with me using only a pseudonym or alias, although if you do so, I may have no way of associating those communications with information I may have about you under your real name and/or other pseudonyms or aliases. (Also, if your pseudonym or alias looks like a real name, I may have no way to know it isn’t one!)
  • Email address(es): Email is the main means by which I respond to visitor/user questions and inquiries, as well as how this website associates posted comments with the people who made them. For purposes of this policy, I assume that email addresses naturally include domain names even where I don’t expressly specify “domain names” in the list of information collected. (I may sometimes collect domain names that are not associated with a single email address.)
  • Email header information: All email messages include email headers (sometimes called “Internet headers”) that contain not only the sender and recipient email addresses, but also the names and IP addresses of the mail servers that sent and received the message, routing information, encryption and security protocols, and other technical details. (The precise details vary depending on your email client and provider.) Although email headers always include your email address, there are situations where I may have your email address, but not your email header information, usually because I have never actually exchanged any email messages with you.
  • Other contact information: This means any contact information other than email, such as a telephone number or postal mailing address.
  • Images and/or other media: “Images” is hopefully self-explanatory; for purposes of this policy, “other media” (or “other media files”) is a blanket term intended to encompass any audio, visual, or multimedia content that is not an individual image, including, but not limited to, videos, audio recordings, broadcasts or streams, comic books, presentations, and/or slide shows.
  • Other documents/materials: This includes any type of physical or electronic document or material, such as books, magazines, letters sent via postal mail, newsletters, or clippings.
  • Metadata: Any electronic file, document, or communication contains metadata, which is data about that file, document, or communication, such as its file size, type, creation date, and technical details such as bit rate or pixel dimensions. The information in telephone records (such as the phone numbers of the callers, the date and time of each call, the call durations, etc.) can also be considered metadata. Metadata is not necessarily personally identifying in and of itself, but may sometimes contain personal information (e.g., the author’s name or contact information) and/or potentially personally identifying information.
  • Geolocation data: Geolocation data means information about an individual or household’s physical location and/or movements, such as the fact that an individual is or was present in a particular geographical location or traveled between two or more geographical locations. I may receive geolocation data from you directly, such as when you tell me your location in a comment or other communication (or, obviously, if I meet you in person), but I (and/or my service providers, where applicable) may also determine or estimate your geographical location or movements based on other data such as your IP address, the area code of your telephone number, or GPS coordinates in the metadata of your submitted images. Although some jurisdictions regard geolocation data as personal information, it doesn’t necessarily reveal where you live or work, and in some cases may not reflect your actual location at all, particularly if you use a VPN or proxy service.
  • Websites/URLs: “URL” (an acronym for Uniform Resource Locator) is the technical term for a web address. A website URL isn’t necessarily personally identifying, at least by itself, but the URL such as your social media profile or online resume/CV would probably be considered personal information. Where this policy refers to “websites/URLs” as a category of personal information, I mean URLs that may contain (or that link to) personally identifying information about individuals or households.
  • Referring site: When your browser or other user agent connects to some online resource — such as when you click a link or access embedded content on a web page or in an email message — that online resource can generally see the website or other online location, if any, from which the request originated, which is known as the “referring site” or “referer” [sic — some sources use the correct spelling, referrer, although the actual name of the HTTP header that conveys this information is (mis)spelled “referer”]. If the referer is the results of a search query (for example, when you click on a link from search engine results), the online resource you access can typically see not only the referring site, but also the specific search terms you were looking for. (Some privacy-focused search engines take steps to remove this referer information so the destination site can’t see it, but most popular search engines do not.)
  • Other personal information: This includes any other information about an individual or household that could be considered personal information or personally identifying information. As noted above, some jurisdictions now regard nearly any piece of data about an individual or household as “personal information,” from the career history of a public figure to the fact that a website visitor once owned a car of a particular model.
  • Special: This policy uses this term to denote certain unusual categories of information not easily categorized, which may or may not be personally identifying.
  • Administrative dashboard/backend: Like most modern websites, this site has both a public-facing (“front-end”) portion and a “backend” administrative area that includes various controls for managing the site and its content. The content management system WordPress, which this website uses, describes the administrator backend as the “dashboard,” so this policy uses “administrative backend” and “dashboard” synonymously. The administrative dashboard is not normally accessible to visitors other than authorized administrators (meaning me!), and I take various measures to guard against unauthorized access to it.
  • Cookies: A cookie is a small text file — a string of information — that a website or online service places (or “sets” — these terms are used synonymously) on your browser or device and that your browser or device then provides to that site or service when you access it. (It is sometimes also possible for a website or service to detect cookies set by other sites/services.) Cookies may be used in many different ways, but the most common uses are to save your settings or preferences and to manage logins. Most cookies are specific to each browser and device; if you access a website from multiple browsers and/or multiple devices, the website may place cookies on each browser on each device. A cookie set by the website or service you are currently visiting is called a “first-party” cookie while cookies set by other services or domains (e.g., the cookies set when you access an embedded video player) are known as “third-party” cookies. You can learn more about how cookies work and how you can manage or delete them on different browsers by visiting AboutCookies.org. (I am not affiliated in any way with that website, which is run by the law firm Pinset Masons LLP, and offer this link purely for your information.) Some third-party services also use “web beacons”, which are small code blocks or tiny image files (called “tracking pixels” or “pixel tags”) that transmit certain information about you and your user agent (as defined above) to the service from which the web beacon is loaded. Web beacons (which are a form of embedded content) are sometimes used instead of or in conjunction with cookies to identify users and track their behavior online.

Categories of Information and Purposes for Collection

In each of the sections below, I indicate the categories of personal information I may collect and the categorical purpose or purposes for which I may collect that information.

Those possible purposes include:

  • Functionality: I use the information so that this website, or certain specific functions thereof, can work properly. For example (but without limitation), none of the pages or content on this website will load if the web server doesn’t have a valid IP address to which to transmit the necessary data.
  • Providing services: I use the information to perform some action you have asked me to perform, provide some service(s), and/or conduct the normal activities involved in running this website and its associated business operations. For example (but without limitation), I probably couldn’t send you a physical document without your mailing or delivery address.
  • Completing a transaction: I use the information to conduct or complete financial transactions with you.
  • Fulfilling a contractual obligation: I use the information to meet the requirements of some contract or legal agreement, whether with you or a third party.
  • Legal compliance or audit: I use the information to ensure my compliance with applicable laws or regulations, and/or so that I can demonstrate my compliance to an auditor or investigator if needed.
  • Research and publishing: I use the information as part of the research involved in creating and publishing my content, my other other other writing/editing/writing consulting work, and/or other creative endeavors, and/or to help me decide what content and/or other work to create and/or publish in the future.
  • Security, troubleshooting, quality control, and technical improvement: I use the information to help me protect this website, its users, my data, my systems/devices, my business, and/or me from malicious activity; troubleshoot and resolve technical problems; and/or maintain and/or improve the quality and functionality of the site and/or my services.
  • Recruitment/hiring or business partnerships: I use the information in recruiting/hiring employees, independent contractors, and/or interns, and/or in entering or considering entering business partnerships or other formal professional relationships with someone.
  • Advertising and other commercial purposes: I use the information to promote or advertise my content or services, sell advertising on this website, monetize the site and/or my content in other ways, and/or achieve some other commercial purpose(s).

In many cases, information I collect may have several purposes or possible purposes. Obviously, not every individual piece of information in a particular category will necessarily be used or even useful for each listed purpose.

(Where the sections below list multiple purposes or possible purposes, separated by semicolons, the order does not signify any comparative priority or significance.)

In some cases, I may collect certain types of information in certain circumstances and not in others. In those cases, the information category shown below will be followed by a single asterisk (*). (For example, but without limitation, I generally don’t need your postal mailing address except in connection with certain financial transactions or if you ask me to send you some physical letter or parcel, so I only collect mailing addresses from certain visitors, not from everyone.)

Keep in mind that the categories of information listed in each section below are just the types of information I may collect in the specific context described in that section. Depending on how you use my website, several or all of these sections may apply to you.

Cookies

The aaronseverson.com website uses cookies for a variety of purposes. Some cookies are placed on your device/browser automatically while others are only set when you perform certain actions.

In general, this website sets cookies in circumstances where I need to identify a specific device and/or store visitor choices/preferences, including certain accessibility settings and privacy choices like your acceptance of this Privacy Policy. The use of cookies also allows me to determine which content to show you, such as whether to display or hide banners intended for first-time visitors, and to ensure that administrative areas of the site are not accessible to unauthorized visitors.

If you visit some portion of the website that contains third-party embedded content (see “Embedded Content” below), that content may also place cookies on your device.

Some of the cookies set by this website or its embedded content providers are “session cookies” that expire (cease to function) when you close your browser. Others are “persistent cookies” that remain on your device and expire after a certain amount of time, such as 30 days or one year. Certain cookies will persist for as long as your browser permits unless you manually delete them.

For more specific information about the cookies the site may use, what purposes they serve, and how long they normally last, see the Cookie Notice page or click the “Access Your Privacy and Cookie Preferences” button below and review the summaries under “Cookie Settings”:

(You can also access this button via the Privacy Tools page.)

(While the list shown in the above pages describes the specific cookies that are typically used on this website, embedded content providers may sometimes change the cookies they use or add new ones not currently listed, which is outside of my control. Also, certain portions of the website’s administrative dashboard (which is not normally accessible except to logged-in administrative users) might sometimes set additional cookies not included in these lists, especially if I have just added or am testing some new plugin or other site component.)

Please keep in mind that your subsequent actions or choices on this website may set additional cookies or change the duration of the existing ones. For instance, saving your comment information where you hadn’t previously done so will place additional cookies, and changing or updating your privacy preferences (such as accepting changes to this policy) may effectively “reset the clock” on the cookies that store that information. Your individual browser configuration may also affect how long a particular cookie remains on your computer or device; for instance, most browsers can be set to automatically delete cookies each time you close your current browser session, regardless of the cookies’ normal duration.

You are free to block or remove any cookies set by the aaronseverson.com website. However, please note that some site features may not function without cookies. For example, you may not be able to hide the notification banners or change certain accessibility settings, and previously saved preferences may be lost. (Again, if you use multiple devices or browsers, deleting or blocking cookies on one browser does not usually affect cookies on the others.)

Information I Collect Automatically

Certificate Authority Checks

  • Categories of information gathered: IP addresses; user agent information; visitor activity (referring site); geolocation data (estimated from IP addresses and/or inferred from other data)*; special: mobile phone types/models (determined from user agent information)*
  • Purpose(s): Functionality; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Typically less than seven days.

To allow visitors (and me!) to connect to the site securely (via HTTPS rather than HTTP), this website uses domain validation (DV) certificates issued by Let’s Encrypt®, a certificate authority (CA) service of the nonprofit Internet Security Research Group™. These encryption certificates enable your browser to confirm that it has an SSL/TLS (Secure Sockets Layer/Transport Layer Security) connection to the correct website, an important security measure. (For a further explanation, see the Let’s Encrypt How It Works page.)

When you access this website, your web browser may check whether the aaronseverson.com certificate is valid by briefly connecting to the servers of the Let’s Encrypt certificate repository to perform an Online Certificate Status Protocol (OCSP) check (sometimes called an OCSP request or an OCSP query &mdash: these terms are synonymous). This OCSP check provides those servers with your IP address and user agent information; for obvious reasons, it also informs those servers that you have accessed the aaronseverson.com website. Let’s Encrypt may log and use such data for operational, troubleshooting, and security purposes and/or in compiling de-indentified, aggregated statistics, as described in the Let’s Encrypt Privacy Policy. Any further questions about their use and/or retention of public repository log data should be directed to Let’s Encrypt, as it is outside of my control.

Browser Tests

  • Categories of information gathered: User agent information; special: browser technical capabilities and/or settings
  • Purpose(s): Functionality; security, troubleshooting, quality control, and technical improvement
  • Data retention: Your current visit.

Each time you visit this website, the site may perform certain automated tests to determine your web browser’s specific technical capabilities, allowing the website to adjust the presentation and functionality of the site to be more compatible with your browser. (Different browsers, and even different versions of the same browser, may handle certain content in different ways, which can create problems if content is not correctly tailored for that browser.) The site may also show you specific messages or other content based on this information, such as displaying a warning notification that your current browser is incompatible with some site features.

Online Tracking

As of January 29, 2012, I have discontinued the use of web analytics tools on this site.

Website Server, Error, and Security Logs

  • Categories of information gathered: IP addresses; user agent information; visitor activity; errors and suspicious activity; geolocation data (estimated from IP addresses and/or inferred from other data); URLs/websites*; special: mobile phone types/models (determined from user agent information)*; special: other technical details*
  • Purpose(s): Functionality; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies, but typically no more than about 90 days, except for recent data captured in backups or specific data for which I have some ongoing need.

Like most websites, I and my web host maintain various logs that may collect certain information about each computer or device that (as applicable, but without limitation) accesses the site and its content; uses certain site features, such as submitting comments; is redirected from an outdated link to a current one; generates an error (such as attempting to access a nonexistent page or file); or attempts to interact with the site in any unusual or suspicious way (such as trying to access the site’s administrative area or run an unauthorized script). (These examples are a representative sampling, but not an exhaustive list; I may also use or add other logs not specified here, and not all logs are necessarily in use at any given time.) Most such logs also include the date and time each logged event took place. These logs are part of the routine operation of the website and its host and are not in any way connected to or associated with any web analytics service.

Most of the routine website log data I and my web host collect is retained on a rolling basis — that is, we customarily retain only the most recently collected data. Typically, website log data is retained for no more than 30 days (and often only a fraction of that time) before being automatically overwritten by newer data or otherwise deleted. Security audit log data stored by the Sucuri Security plugin (further described in the “Security Scans” section below) is normally retained for about 90 days. Certain website logs that contain only anonymous and/or administrative data (e.g., hit counters) may be retained for longer periods. For example (but without limitation), logs showing the last access dates of certain resources may remain unchanged until that resource is accessed again or I manually delete the logs.

Naturally, I may retain certain specific information from the website’s logs if I still need it for ongoing security, troubleshooting, and/or technical improvement purposes. For example, but without limitation, if the logs indicate that a specific IP address has been used in repeated attempts to attack this website, I may take steps to block that IP address or otherwise impede future malicious activity from it.

Also, some recent log data may be captured in backups created by me or my web host, which in some cases may be retained for a year or more.

Certain events may trigger automated email alerts that are sent to me as the site administrator, notifying me of potential threats, errors, or the status of some automated operation. If the event is a potential threat, it may include the IP address of the device involved (which is also recorded in the website logs). I may retain these email alerts for as long as I need the information they contain.

Please keep in mind that, since my web host owns the servers on which this website runs, they have full access to the site’s server and server error logs. (My access to those logs is read-only, so I cannot redact or remove any of that log data without the aid of my web host’s technical support staff, and my service agreement prohibits me from tampering with the logs or other normal functions of the DreamHost servers.) In general, DreamHost has access to any data or files on any server they own — except in cases where I have specially encrypted such file(s) or data — subject to the DreamHost Privacy Policy. I may also share additional data with them if I deem it appropriate for security and/or troubleshooting purposes.

Otherwise, I only disclose website log data as described in “Disclosure of Personally Identifying Information” below.

Security Scans

  • Categories of information gathered: IP addresses*; domain names*; user agent information*; visitor activity*; errors and suspicious activity; geolocation data (estimated from IP addresses and/or inferred from other data)*; URLs/websites*; special: visitor mobile phone types/models (determined from user agent information)*; metadata*; special: other technical details relevant for security purposes*
  • Purpose(s): Fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies; potentially indefinite.

I and my web host use a variety of security measures to protect this website and its data, including, but not limited to, scanning the site, site-related files, and/or the site database for malware and/or signs of other malicious activity. Some of these scans are purely automated, but in some cases, I may initiate additional manual scans or request that my web host’s technical support staff conduct a more thorough active scan to help me root out a possible security threat or troubleshoot a technical problem.

Among the security measures I use on this website is the Sucuri Security plugin, provided by Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company (Sucuri), which includes activity monitoring, notifications, security auditing tools, and a remote scanning feature that can detect security vulnerabilities and some forms of malware by scanning the files and public areas of the website. (A complete list of the features of the plugin can be found in the “WordPress plugin & API Key” section of the Sucuri Security Terms of Service.) Data gathered through this plugin and/or the scanning service — which may sometimes include personal information such as (without limitation) IP addresses that perform certain suspicious actions and/or information in comments or other published content — may be processed and/or stored by Sucuri as well as me and/or my web host and is subject to the Sucuri Security Privacy Policy and the Data Processing Addendum to their Terms of Service. As explained in the Sucuri Privacy Policy, Sucuri complies with the EU-US Privacy Shield framework, as does Cloudflare®, which serves certain plugin components.

I also use a variety of other anti-malware tools and security measures to protect my device(s), software, and data. A representative sampling of the providers of these tools and security measures is included among the examples of third-party service providers listed under “Disclosure of Personally Identifying Information” below. (Since the specific tools, devices, and security measures I use may change over time, this is not an exhaustive list.)

In addition, my web host also hosts the email servers for many of my email addresses and may scan incoming, outgoing, and/or stored messages for suspected spam and/or malware. My Internet service provider(s), mobile carrier(s), and/or the various Google services I use (e.g., the Google Voice communications service, a Voice over Internet Protocol service provided by Google Voice, Inc., a subsidiary of Google LLC; Google Voice is a trademark of Google LLC) may also use their own security tools to scan for different types of suspicious activity involving my account(s) and/or connections. (For example, but without limitation, my mobile carrier sometimes flags certain incoming voice calls and/or text messages with warnings such as “scam likely.”)

By their nature, some anti-malware scanners and other security tools routinely access almost any file or data on the systems or devices they protect. Since modern security tools sometimes incorporate web- or cloud-based scanning features, and/or may transmit samples of suspicious files or code to such services for analysis, this means a certain amount of personal information (e.g., names, contact information, and/or other personal details contained in scanned email messages or electronic documents) could be disclosed to the scanning service and/or other third parties in the course of a scan or security analysis. The likelihood and possible extent of such disclosure is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising the security of my system, devices, and data. Furthermore, tampering with the normal operation of such services or tools is typically a violation of their terms of use/terms of service (or, in the case of tools operated by my web host, the terms of my service agreement).

(Naturally, malware scanning services and other security tools may also provide me with additional security-related information, such as “signatures” of known malware types. Much of this information is of a technical nature and is not personally identifying, but it may sometimes include certain personal information; see the “Information I Receive from Third for Security Purposes” section below.)

My retention of data related to security scans and/or other security measures varies depending the tools involved, whether they are operated by me or a third party, and the context. As noted in the “Website Server, Error, and Security Logs” section above, log data stored by Sucuri is normally retained for about 90 days while most other website security log data is typically retained for 30 days or less. Security data for my devices (e.g., malware scan results, system error logs, logs of traffic blocked by a firewall) may in some cases be retained for at least as long as I own that device and/or use the applicable security tool(s). I also typically retain indefinitely any correspondence regarding specific security threats or problems. The retention and use of security-related data by my web host, Internet service provider(s), mobile carrier(s), and/or other third-party service providers varies, and is generally outside of my control.

I may share information from security scans and/or other security measures with third parties, and/or post such information publicly, if I need additional technical assistance, consider such disclosure appropriate for my security and/or the security of others (e.g., to notify DreamHost technical support if I identify malware that might threaten the integrity of their web or email servers), and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Embedded Content

  • Categories of information gathered: IP addresses; user agent information; visitor activity; geolocation data (estimated from IP addresses and/or inferred from other data); special: login status for certain other websites/services (determined based on cookies)*, the presence of other cookies*, mobile phone types/models (determined from user agent information)*, and/or other browser settings/configuration details/add-ons*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation [see below]; research and publishing; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies depending on the specific content provider; I do not have access to most such data and so its retention is normally beyond my control.

As explained in the “Definitions” section above, embedded content is content hosted on and served by some server or service other than my web host. If you access a portion of this website that contains embedded content, the embedded content provider can collect information about you.

At a minimum, the information gathered typically includes your IP address, your user agent information, and the fact that you accessed the embedded content from this website. Some embedded content may also place cookies on your device. In some cases, embedded content providers can also detect other information, such as (without limitation) the presence of other cookies (such as the ones placed on your device when you log into a specific third-party website or service); your browser’s settings; and/or whether your browser is using certain add-ons such as ad blockers. Such information is collected and processed by the applicable embedded content provider, not by me, and is subject to the provider’s terms of service/terms of use and privacy policy, which are outside of my control.

Since embedded content on this website is served through secure (HTTPS) connections, your browser may also contact the embedded content provider’s certificate authority to check the validity of their encryption certificate. (The “Certificate Authority Checks” section above describes how these certificate checks work, although embedded content providers may use different certificate authorities than the one used by this website.)

In some cases, you may be able to hide or disable certain types of embedded content on this website (for example, by using options I may provide through the Privacy Tools, or through your web browser or browser add-ons). Disabling embedded content may prevent that content from functioning, but will generally also prevent it from gathering information about you, at least as long as the content remains disabled. Please note that this does not remove any data the embedded content previously gathered about you or any cookies it may have placed on your device. If you re-enable the embedded content, or if you visit the website from a different device or browser on which that content is not disabled, the embedded content provider may again be able to gather information about you.

Special Note: The reason I include “fulfilling a contractual obligation” among the possible purposes listed above is that the terms of service or terms of use for most embedded content providers typically prohibit me from modifying their embedded content or interfering with the normal function of their servers, which prevents me from (for example, but without limitation) removing tracking features or attempting to block or “spoof” information their servers would otherwise collect.

Third-party embedded content on the aaronseverson.com website may include, but is not necessarily limited to:

  • Fonts from the Google Fonts API and/or scripts from the Google Hosted Libraries API(s), which are sets of resources hosted on and served by content distribution networks (i.e., remote servers and data centers) operated by Google and/or its subprocessors, which may be located in the United States or elsewhere. The Google Fonts service does not place cookies on your computer, but may record certain information about your computer or device, including your IP address and user agent information, when you visit a page that uses one or more of those fonts. The service may also store (cache) certain font data and stylesheet requests in your browser for faster loading. For more information, visit the privacy section of the Google Fonts FAQ. The Google Hosted Libraries service may set cookies in addition to logging certain information about your computer or device, including your IP address and user agent information. That service may also store (cache) one or more scripts and/or associated data in your browser for faster loading. For more information, see the “What does using the Google Hosted Libraries mean for the privacy of my users?” section of the Google Hosted Libraries Terms of Service. For both of these services (and other Google services I may periodically offer, such as embedded maps served by the Google Maps mapping service; Google Maps is a trademark of Google LLC), you can also review the “How Google Uses Information from Sites or Apps That Use My Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. Click here for a complete list of Google’s third-party data subprocessors and their respective locations. (Google is a registered trademark of Google LLC.)
  • Fonts, styles, scripts, or icons served by BootstrapCDN, a service of StackPath (formerly MaxCDN) in the United States. Each time you access a portion of the site that includes such elements, BootstrapCDN records certain information about your computer or device, including the IP address and user agent information. BootstrapCDN may use this data for security, troubleshooting, and/or service improvement purposes. For more information, see the BootstrapCDN Privacy Policy and StackPath’s GDPR page.
  • Certain scripts or functions may be served by the content distribution network Cloudflare®. Cloudflare may collect visitors’ IP address, user agent information, and security-related data. See their GDPR page and Privacy Policy for more information.
  • Certain icons (whether on the administrative dashboard, the public-facing portions of the site, or both) may be served by the Font Awesome content delivery networks, which record your IP address and user information as well as which specific icons your browser accesses or downloads. Font Awesome may use that data for service optimization, troubleshooting, and security purposes; to compile usage statistics; and in some cases to calculate fees for users of their paid accounts (which I am not), as described in their Privacy Policy.
  • The payment or donation buttons that some plugins place on the administrative dashboard — not normally accessible to site visitors — which contain content served by PayPal® that may be used to collect and track data about users who access any portion of the site containing that button. It may also place cookies on your device. For more information on what data PayPal collects and what they do with it, visit their Legal Agreements page to review the PayPal Privacy Policy and Statements on Cookies and Tracking Technologies that apply in your location. (Please note that the terms may different depending on where you are.) See the “Financial Transactions Policy” section below to learn more about what information I collect in connection with PayPal transactions with me.
  • Videos (either posted by me or displayed by certain plugins may display on portions of the administrative dashboard, which is not normally visible or accessible to site visitors) hosted by YouTube, which is now owned by Google (YouTube is a trademark of Google LLC). The embedded video player may place cookies on your device as well as recording your IP address and user agent information (which YouTube may use to, among other things, determine if you are allowed to view a specific video in your location) and in some cases checking whether you are currently logged into a Google account so that videos you watch through the player may be associated with that account and any relevant account settings (such as advertising preferences) may be applied. Visit the “How Google Uses Information from Sites or Apps That Use My Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. Google’s “Businesses and Data” pages also include additional information about what data they may share with YouTube content creators/publishers.
  • Videos (either posted by me or displayed by certain plugins may display on portions of the administrative dashboard, which is not normally visible or accessible to site visitors) served by Vimeo. The embedded video player may place cookies on your device as well as recording your IP address and user agent information (which Vimeo may use to, among other things, determine if you are allowed to view a specific video in your location) and in some cases checking whether you are currently logged into a Vimeo account so that videos you watch through the player may be associated with that account and any relevant account settings may be applied. Visit the Vimeo Privacy Policy to learn more about what information Vimeo collects and how they use it.
  • Certain back-end (i.e., administrative dashboard) features — which are not normally visible or accessible to site visitors other than me as the administrator — served by the SEO firm Yoast BV, which provides one or more plugins I use on the site. See the Yoast Privacy Policy and their “Yoast and your privacy (GDPR)” page for more information. Some versions of Yoast SEO plugin have incorporated search tools provided by Algolia to allow administrative users to search the Yoast knowledge base; the Yoast development team says this search functionality does not gather or transmit users’ personal data.
  • Blog feeds placed by certain plugins on portions of the administrative dashboard (which is not normally visible or accessible to site visitors) that are served by FeedBurner, an RSS (Really Simple Syndication) service now owned by Google. Please review the “How Google Uses Information from Sites or Apps That Use My Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. Please note that accessing areas of the dashboard containing these blog feeds may also place cookies on your device. These cookies are used for bookmarking purposes, allowing you to return to the same point in the feed where you previous left off. Again, these cookies and this type of data collection normally affect only administrative users, not site visitors.
  • Administrative dashboard menus that may load icons or other images from Gravatar via secure.gravatar.com. Although I have disabled support for user avatars, some administrative dashboard menus may use them, and the loading of those images may allow Gravatar to record a user’s IP address, user agent information, and in some cases their hashed email address, which the Gravatar service uses to check for a current Gravatar or WordPress.com account. (I believe I have limited this information-gathering to backend administrative pages not normally accessible to site visitors and I am endeavoring to remove it there as well.) Gravatar — like WordPress.com, with which it’s now apparently being integrated — is a service of Automattic Inc. and is subject to their Privacy Policy and the same Terms of Service as WordPress.com.
  • Portions of the administrative dashboard (which is not normally accessible to site visitors) that periodically communicate with WordPress.org and/or other domains owned by WordPress, such as s.w.org, ps.w.org, and ts.w.org, to check for updates, announcements, warnings, or other WordPress-related messages; to install, remove, or update plugins, themes, or other add-ons available through WordPress.org; and/or to serve certain images, scripts, and other elements on the administrative back-end. While this communication primarily involves WordPress-specific information (such as the current version numbers of the WordPress installation and any installed plugins and themes), WordPress may also collect the IP addresses and user agent information of users who access the site’s administrative dashboard. For more information on how WordPress.org uses the information they gather, please consult the WordPress Privacy Policy. (Again, this data collection normally only affects me as the administrator, not my visitors.)

Not all of the above embedded content is necessarily used on the site at any given time, and from time to time, I may post embedded content hosted and served by other third-party websites or services not listed above — for example (but without limitation), an embedded player showing an externally hosted video or audio file, or an embedded map provided by some external mapping service. To learn more about what user information such third-party websites collect and how they use it, click the links on the applicable player or display window to go to that hosting site and review their privacy policy and associated terms and conditions.

I do not have access to the data embedded content providers gather about my visitors/users, nor do I usually have any control over those providers’ use and/or retention of that data. Some embedded content providers may use the information they collect about you through your access to or interaction with that content for a variety of commercial purposes, such as showing you advertising or providing information about your online habits to the provider’s clients and customers. The only way I could completely avoid the possibility of such commercial use would be to cease using or offering embedded content and the functionality it provides.

Advertising

Advertisements (including sponsored links), if any that appear on the publicly visible/publicly accessible portions of this website are served by me — that is, the advertisement content is hosted on my website server along with the other site content rather than being served by some external provider. I do not permit my advertisers to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of the site. However, if you click on advertising links or otherwise patronize my advertisers’ businesses, they may gather information about you as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control.

The developers of some of the plugins, themes, and/or other components I use on this website may sometimes display advertisements, donation boxes, or other commercial messages on portions of the site’s administrative dashboard, which is not normally visible or accessible to visitors other than logged-in administrative users. For example, the settings menu for a particular plugin might display an advertisement for a premium version of that plugin or for the developer’s other products or services. Such dashboard advertisements may set cookies and/or incorporate embedded content and/or other information-gathering mechanisms, which may gather information about administrative users who access that content (such as their IP address, user agent information, and/or browser settings/configurations/addons) in the manner described in the “Embedded Content” section above. The collection, use, and retention of such data is controlled by the applicable developers and/or their respective service providers and is typically outside of my control. Because these advertisements are usually not publicly visible or accessible, this information-gathering normally affects only site administrators — meaning me — NOT other site visitors.

Information You Provide to Us

Through your use of this website, you may provide me with personal information in a number of different ways, described in the sections below.

For obvious reasons, I cannot provide certain services or functionality if you don’t provide me with at least a certain amount of accurate information — for example, I can’t respond to your inquiries if I don’t have a valid email address or other contact information for you. I typically also need your legal name and certain other personal information for financial transactions (see the “Financial Transactions Policy” section below) and for communications pertaining to financial or legal matters (e.g., copyright inquiries).

Otherwise, you’re under no obligation to share personal information with me beyond what the site collects automatically.

Consents and Agreements

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity; names*; email addresses*; geolocation data (estimated from IP addresses and/or inferred from other data)*; special: mobile phone types/models (determined from user agent information)*
  • Purpose(s): Fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
  • Data retention: Typically indefinite.

When you click “Accept” on the privacy banner(s) and/or use certain site functions, the website may automatically log your acceptance of this Privacy Policy and/or, where applicable, other applicable legal terms, such as the
Terms of Use and/or your consent to my gathering certain other types of personal information. Some consent-related information may also be saved in cookies placed on your computer or device (see the “Cookies” section above). Certain site functions or content may not be available unless you indicate your consent to the Privacy Policy and/or other terms.

Some consents are stored only in cookies and are not associated with your name or other personal information. Other consents may be logged in the database in conjunction with other information I have gathered or that you submit to me (such as a comment). Where I compile logs of user consents and/or privacy choices, those logs are usually maintained indefinitely unless a user requests removal of their data (after which I may retain some related records for audit and compliance purposes). However, I may periodically delete stored consents and privacy choices if they appear to have come from bots rather than human users, or, in some cases, if the consents were logged in conjunction with some plugin, service, or tool I no longer use (in which case the consent log may no longer be usable).

I may disclose saved consent data in connection with a related dispute or legal action, and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Age Verification

  • Categories of information gathered: Other personal information (birth dates/ages)
  • Purpose(s): Functionality; providing a service; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: None, although age verification cookies (which do not contain your birth date or age, just whether or not you’ve passed the verification test) may remain on your device for up to 14 days.

Before you access certain content on this website, you may be asked to enter your birth date to verify that you are at least 18 years old. The birth date you enter is used only to calculate your age, perform a single logical test (are you at least 18, yes or no), and then place a cookie (see the “Cookies” section above) on your computer or device that indicates whether or not you have passed this age verification test. If you fail the verification test, the website may place a cookie on your computer or device to prevent you from trying again to access any age-restricted content.

Each time you access age-restricted content on this site, the website will check for these cookies. If you delete the age verification cookies or if they expire, you may be prompted to enter your birth date again.

The website does not retain either the birth date you enter or the age the verification system calculates, and I do not use that information for any other purpose. (If you access or somehow indicate to me that you’ve accessed age-restricted content on this site — for example, if you leave a comment on an age-restricted post — I will reasonably assume that you are over 18, but the age verification system itself does not store or tell me your actual age or date of birth.)

If you have questions about the age verification system, please contact me via one of the methods listed under “Controllers, Questions, and How to Reach Me” below.

Comments

  • Categories of information gathered: IP addresses; user agent information; visitor activity; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile phone types/models (determined from user agent information)*
  • Purpose(s): Functionality; providing a service; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Typically indefinite, although I promptly delete spam/abuse, comments the submitter asks me to delete, and/or comments on or in reply to a comment or other content that has been deleted. IP address and user agent information of published comments may be redacted after publication.

Note: Although the comment function includes a box for your name, you are perfectly free to comment me using only a pseudonym. However, without a valid email address, I won’t be able to contact you with any questions about your comment and I may not be able to associate that comment with any other personal information about you (so, for example, it won’t be included if you use the data retrieval tools on the Privacy Tools page).

Comments you submit are usually moderated, meaning they are not published until I approve them. Any comment you submit may also be subjected to certain automated tests for security purposes. For example (but without limitation), if your IP address was previously used to spam this website; if your IP address and/or user agent appear on ban lists/blacklists I have obtained; if your comment contains hyperlinks, common spam keywords (such as the trade names of certain well-known prescription pharmaceuticals), or suspicious code; or if you posted the comment using an automated script rather than the normal comment form, your comment may be flagged as spam or automatically deleted. Also, if your comment contains HTML/PHP code (including hyperlinks), emojis, and/or special characters, they may be removed (“stripped”) prior to publication.

Each time a comment is submitted, the website automatically forwards that comment to me as an email notification so that I can review the comment and decide whether or not to approve and publish it. (As noted in “Security Scans” above, this means that any information in your comment may be scanned by various malware-detection and/or other security programs.)

By submitting a comment, I will assume that you are expressly authorizing me to publish and use the contents of that comment (including any images, other media files, and/or links the comment may contain) Comment Policy section of the Terms of Use. If your comment is approved and published, any information you entered in the “Name” and “Comment” fields (and/or the “Website” field, if I have enabled it) will become publicly visible. The email address you entered in the “Email” field will not be published, nor will your IP address, although any contact information you may have included in the “Comment” field will be, as will any images and/or other media files you include and the metadata of those files. (See the “Data in Submitted Images” section below.) If the site’s “Recent Comments” widgets are enabled, your name/pseudonym and a link to your comment may also be visible on the home page and other areas of the website as well as the specific article you commented on; the contents of published comments may also appear in search results of the website’s search function. If I have enabled the option that allows visitors to request email notifications of replies or follow-up comments, copies of your published comment may also be emailed to visitors who have requested such notifications. Once your comment is published, I cannot control and take no responsibility for what third parties may do with any publicly visible personal information that comment contains!

As noted in “Cookie Policy” above, when you submit a comment, you may have the option to save your name, email, and URL for use in future comments. Doing so places a set of cookies on your device to store that information; these cookies are browser-specific (that is, they work only in the web browser in which you set them) and normally remain on your device for a little less than one year unless otherwise deleted. These cookies are not placed at all unless you click the appropriate box when submitting a comment and you are free to delete them at any time through your web browser.

When you submit a comment, you may also have the option to request email notifications each time a reply and/or follow-up comment is posted. If you have previously requested such notifications and wish to stop receiving them, please contact me via email (to admin (at) aaronseverson (dot) com) or by leaving a comment elsewhere on the site asking me to disable the notifications or remove that comment.

If you submit a valid email address with your comment, I may email you at that address prior to or instead of publishing the comment, particularly if I have questions or need to clarify some aspect of your comment. For example (but without limitation), if you have submitted two very similar comments, I might email you to ask which one you prefer me to publish, and if your comment contains what appears to be particularly sensitive information, I typically try to double-check that you wish to publish that information before approving it.

From time to time, I may gather additional personal information about you in connection with your submitted comment(s). For example (but without limitation), I might look up your name in a search engine to better understand who you are and the context of your comment.

Although the website automatically collects the IP address and user agent information of anyone who submits a comment (information I need for security and troubleshooting purposes and to distinguish human users from automated “bots”), I typically redact that information after a comment is published. I retain the email address along with the comment in case I need to contact the person who submitted it with any questions or issues related to the comment; email addresses are also my primary means of associating comments with the people who submitted them in the event I receive a request to retrieve, delete, or amend personal information.

If you would like to edit or remove any of your published comments, please let me know by leaving another comment or emailing me at admin (at) aaronseverson (dot) com, specifying the comment(s) in question and explaining what you want me to do. (I may ask you to clarify or confirm your request before making the change or deletion, especially if I’m not sure exactly what you want me to do or if I need to take additional steps to verify your identity.)

The deletion of a comment (whether at your request or at my discretion) typically also deletes its associated information, although I may retain that information if I still need it for some specific purpose (e.g., for security or troubleshooting, for legal reasons, or because it contains information pertaining to my content or research), and copies of the comment and its associated information may remain for a time in backups or archives created by me and/or my web host. Keep in mind that even if a previously published comment is deleted, any publicly visible information in that comment (and/or any image(s) or other media it may have included) may have been accessed or used by third parties prior to its removal, which is beyond my control.

Obviously, if you’ve left multiple comments and/or communicated with me in other ways, I may still retain your email address and/or other information in connection with your other comments/messages even if certain of your individual comments are deleted.

I may disclose non-public information related to user comments as described in “Disclosure of Personally Identifying Information” below.

Contact Forms

  • Categories of information gathered: IP addresses; user agent information; visitor activity; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: details of legal agreements (where applicable)* and/or mobile phone types/models (determined from user agent information)*
  • Purpose(s): Functionality; providing a service; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Typically indefinite, although I promptly delete obvious spam/abuse, duplicates, blank or unreadable submissions, and/or any submission containing suspicious code and/or suspicious links. Form submission data I retain is normally removed from the website server(s) to local and/or offline storage after receipt (although in some cases it may be captured in routine database backup files created by me and/or my web host, which may remain on the server(s) for longer periods) and I may sometimes redact certain portions that I no longer need. Information from California Privacy Request Form submissions must be retained for at least 24 months for compliance purposes. See also the “Additional Information About Data Retention” section below.

This section applies to California Privacy Request Forms submitted through the Do Not Sell My Personal Information page, and/or any other contact or feedback forms I may add or offer on the aaronseverson.com website.

This website may perform certain automated tests on form submissions in order to filter out submissions made by automated bots and discourage spam and other malicious activity. For example (but without limitation), if your IP address was previously used to spam this website; if your IP address and/or user agent appear on ban lists/blacklists supplied by my security and/or anti-spam plugins; if your submission contains hyperlinks, common spam keywords (such as the trade names of certain well-known prescription pharmaceuticals), or suspicious code; if you submit the form using an automated script; if you incorrectly answer a captcha or math challenge; and/or if you fill in certain “honeypot” fields not intended to be completed by human users, your submission may be flagged as spam or automatically deleted. If your form submission contains HTML/PHP code, emojis, and/or special characters, they may be removed. This automatic filtering is in addition to human moderation of form submissions; I routinely delete submissions that appear to be spam or contain suspicious code.

Because the website forwards new form submissions to me as email notifications, your submitted information may also be scanned by the security programs and/or services that monitor my email for malware and malicious activity, as described in the “Security Scans” section above.

When I receive your submission, I may gather additional personal information about you to verify your identity and/or help me better understand the context of your inquiry. For example (but without limitation), if you send me a message containing a business offer or advertising inquiry, I might look up your company name and/or visit your website to learn more about the nature of your business.

If I reply to your submission, I will normally do so via the email address you submitted unless you indicate that you wish me to respond in some other way.

If you use the California Privacy Request Form on the Do Not Sell My Personal Information page to submit a request to exercise your privacy rights under the California Consumer Privacy Act (CCPA) (see “California Privacy and Data Protection Rights” below for more information about this law), or if you submit a CCPA request on behalf of someone else for whom you are acting as an authorized agent, I will contact you to discuss the next steps involved in processing your request, which may require me to verify your identity.

For contact or feedback form submissions OTHER than California Privacy Request Forms, I may publish your message or portions of it under the following circumstances:

  • If you ask a general question or report some functional or technical issue with the site, I may (unless you ask me not to) publish excerpts of your question or report on the aaronseverson.com website to respond to your inquiry and/or support other users with similar concerns. I will redact any information that appears to be personally identifying other than your name or pseudonym. If I have published your inquiry in this manner and you wish me to amend or further redact it (for example, to remove your name and substitute a pseudonym), I will make all reasonable efforts to accommodate your request provided that it does not infringe on the rights of others or attempt to impersonate some other individual or organization.
  • In the event your message identifies a technical problem that I am unable to fix, I may publish or otherwise communicate the substance of your reported issue (but NOT your name or other personal information) on this website in other public forums (e.g., the WordPress support forums), and/or to other third parties to help me determine how to address or repair the problem you identified.
  • If you ask me to publish some portion of your message, I may do so as I deem appropriate.

I may share information related to CCPA requests to the extent required and/or otherwise permitted by applicable law/regulations for administrative and/or compliance purposes; to respond to subpoenas or other court orders; and/or to publish de-identified and/or aggregated information about requests I receive, as described in “Reports and Aggregated Statistics” below. Otherwise, I may disclose information I receive through and/or in connection with form submissions as described in “Disclosure of Personally Identifying Information” below.

Other Inquiries, Messages, and Support Requests

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: information on or information on or provided by third-party services (as applicable)* and/or mobile phone types/models (determined from user agent information)*
  • Purpose(s): Functionality; providing a service; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Varies, but potentially indefinite; see “Additional Information About Data Retention” below.

This section refers to messages or communications I receive about or in connection with this website OTHER than through comments or Contact Forms (such as, without limitation, support requests sent via email, site-related inquiries sent via postal mail, and/or site-related calls to my Google Voice number).

Special Note: In general, you’re perfectly free to contact me using a pseudonym unless your message is a privacy request or pertains to a specific legal or financial matter. Obviously, some modes of communication are better suited than others for anonymity.

The types of personal information I collect in connection with such messages can vary significantly depending on the specific mode of communication. For example (but without limitation), a text message is unlikely to include your IP address or user agent information, but will almost certainly reveal your phone number, and a voice mail message will obviously record your voice (which with Google Voice messages may be automatically transcribed). Email messages typically include a variety of potentially identifying metadata in the email headers and any file attachments, such as images (see “Data in Submitted Images” below). If you contact me via a third-party website or service such as social media, the message will likely include your account name, profile picture, and potentially information in your public profile or that you otherwise make visible to me; the messages themselves might also be publicly visible.

As noted in the “Comments” section above, when you contact me, I may sometimes gather additional information about you to help me better understand who you are and the context of your message. For example (but without limitation), if I receive a telephone call from an unfamiliar number, I might look up the number in a search engine or reverse telephone directory, and if you email me a business proposition, I might visit your website to learn more about your business before replying.

If I reply to your message, I will normally do so via the same means you used to contact me unless you indicate that you wish me to respond in some other way. In some cases (such as if I receive messages related to one of my other websites through the admin address for this one, or if you send me site-related email through one of my personal accounts or addresses), I may, if possible, forward the message to an appropriate administrative account or address and respond from there instead.

Keep in mind that messages exchanged via a third-party site or service are subject to the terms of service/terms of use and privacy policy of the applicable service, which are outside of my control. This includes (without limitation) calls and/or texts made or received using the Google Voice communications service and/or any messages sent or received via my personal accounts on the Gmail mail service and/or Yahoo! Mail. Although I now strive to limit my use of third-party webmail accounts for site-related business, some messages related to this website (such as, without limitation, notifications, call and/or voice mail transcripts, texts, and/or other messages made or received via my Google Voice number, and/or notifications or other messages pertaining to other Google and/or Yahoo! services I may use) may occasionally be sent/received via and/or remain archived in those accounts, which are subject to those services’ respective privacy policies. (Gmail is a trademark of Google LLC; Google Voice is a service provided by Google Voice, Inc., a subsidiary of Google LLC; both are subject to the Google Privacy Policy, and the use of Google Voice is also subject to the Google Voice Privacy Disclosure. Yahoo! and Yahoo! Mail are trademarks of Yahoo! Inc., which is now part of Verizon Media®; their services are subject to the Verizon Media Privacy Policy. I initiated the closure of my Yahoo! account on November 11, 2019, although I retain my personal Gmail accounts.)

As explained in the “Security Scans” section above, messages I send or receive via email or text may be scanned by various malware scanning services. This may include messages I receive through a third-party website or service if I have message notifications forwarded to me via email or text message. (With some services, notifications include only the fact that a new message was received from a particular sender; other services place the entire message text in the notification.)

Unlike comments, I do not generally publish other types of site-related inquiries. However, there are certain exceptions:

  • If you ask a general question or report some functional or technical issue with the site, I may (unless you ask me not to) publish excerpts of your question or report on the aaronseverson.com website to respond to your inquiry and/or support other users with similar concerns. I will redact any information that appears to be personally identifying other than your name or pseudonym. If I have published your inquiry in this manner and you wish me to amend or further redact it (for example, to remove your name and substitute a pseudonym), I will make all reasonable efforts to accommodate your request provided that it does not infringe on the rights of others or attempt to impersonate some other individual or organization.
  • In the event your message identifies a technical problem that I am unable to fix, I may publish or otherwise communicate the substance of your reported issue (but NOT your name or other personal information) on this website, on my associated social media accounts, in other public forums (e.g., the WordPress support forums), and/or to other third parties to help me determine how to address or repair the problem you identified.
  • If you ask me to publish some portion of your message, I may do so as I deem appropriate.

I may also disclose information received from such messages or or communications as otherwise described in “Disclosure of Personally Identifying Information” below.

See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The data retention and data use policies of any third-party websites or services you use to contact me are generally outside of my control.

Other Information You Provide to Me

In certain cases, you may provide me with personal information through and/or pertaining to this website in ways not specifically mentioned above. For example (but without limitation), if you send me an inquiry about this Privacy Policy via postal mail, it will likely include your mailing address as well as any information in your inquiry itself; if for some reason you visit my home and connect your mobile device to my personal wireless network (which is not available to the general public), my wireless router may log certain information about your device and/or its Internet connections. (These are just a few hypothetical possibilities.)

My use and retention of personal information you provide to me in such ways will depend on the nature of the information and the context in which I received it, although in general, I only disclose such information as described in “Disclosure of Personally Identifying Information” below. See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.

Data in Submitted Images

  • Categories of information gathered: Names*; email addresses*; other contact information*; images and/or other media (including metadata); other documents/materials (including metadata)*; geolocation data (provided by the creator/rights holder/repository, determined from metadata, and/or inferred from other data)*; URLs/websites*; other personal information*; special: camera and/or mobile phone types/models (determined from metadata or inferred from other data) and/or potentially personally identifying information such as (without limitation) license plate and/or vehicle identification numbers*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: See below.

Photographs and other images or media I collect for use on this website (or for some related purpose) — whether submitted by you in connection with a comment or other communication; created by me; or obtained from some other source — may contain an assortment of personal information.

First, the recognizable likeness of any individual person in an image or video (and/or their voice in a video or audio recording or broadcast) is usually considered to be personal information about that individual. The image might also contain and/or allow me to infer other types of personal information.

Second, digital files contain metadata (such as EXIF information) added by the camera or device that originally generated the file and/or by any software used to edit it, some of which may be personally identifying. At a minimum, metadata normally includes the filename, type, size, creation date/time, and the date/time of the most recent modification of that file. For digital photos, metadata typically also includes the make and model of the camera/device, camera and image settings (e.g., shutter speed, F-stop, color profile, whether the flash fired), and sometimes the type and version of any editing software used. Depending on the type of camera/device, the software used, and the individual settings, the metadata could also include other personal information, such as the photographer’s name and/or the location where the photo was taken, based on GPS coordinates (a common option on modern GPS-equipped cameras and mobile devices). The number of potential variations is too great to detail here, so you should consult the documentation and settings for your individual device.

Naturally, if you submit an image or other media file to me, you are providing me with any information contained in the image or media file and its metadata. When the image or media file is published on this website, this information may be included, making it publicly available. I cannot control and take no responsibility for what third parties may do with any personal information a published image/other media file or its metadata may contain.

If I use your images and/or other media on this website, I may also ADD metadata to the file(s) and/or alter the filename(s) to indicate your copyright and license information (e.g., “© 2018 John Doe; used with permission”). This helps me to keep track of the provenance of the media files I use.

I typically also gather additional information about the images I use and any subjects and/or settings they depict or illustrate so that I can correctly identify and describe them.

If you submit an image or other media file to me, you are free to remove or redact any personally identifying metadata it may contain — and/or to obscure personal information in the image or media itself — prior to submitting it to me. (Certain types of metadata (e.g., file extensions) are necessary for an electronic file to function properly, but other metadata can be edited or redacted, either through your computer’s file system or by using appropriate editing tools.)

In some cases, I may be able, upon your request, to remove or obscure personal information from the images or media files you submit to me or from specifically previously submitted ones. I may also elect to remove certain data on my own initiative and/or do so incidentally in the process of preparing the images/media files for use (e.g., by creating a resized copy of an image that omits some or all of the original image file’s metadata). However, please note that this is not always feasible. Also, if the image is owned by someone else, I might need the rights holder’s advance permission to alter it.

If I remove or obscure information from an image or media file that has already been published on this website, copies of the original version (with personally identifying information intact) may remain for a time in cached pages and/or backup files created by me or my web host. Again, please keep in mind that any personal information contained in the earlier version of the image or media file may already have been accessed or used by third parties during the time it was publicly available, which is beyond my control.

I typically retain indefinitely offline copies and archival backups of the photos, images, and other media files I publish on this website, including, where possible, the associated work files and editing stages, if any, for images or files I have modified. However, I may delete, destroy, or discard certain specific images and/or other media files if they are duplicates; if I deem them unusable (e.g., photos that are out of focus, badly cropped, or too dark to see clearly); if the files are damaged or corrupt; if I have agreed and/or have some contractual or legal reason to delete them (e.g., if I have agreed to delete all copies of a particular image); or if I elect to not use them (or to discontinue using them) for some other reason. If I have contact information and/or other relevant data pertaining to the creator(s) and/or subject(s) of a particular photograph, image, or other media file, I customarily retain that data for at least as long as I retain the file itself.

If you have questions about image-related data, please contact me through one of the methods described in “Controllers, Questions, and How to Reach Me” below.

Data Related to Recruitment/Hiring or Business Partnerships

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses); images and/or other media (including metadata)*; other documents/materials (including metadata); geolocation data*; URLs/websites*; other personal information; special: information provided by third-party services (as applicable)* and/or mobile phone types/models (determined from user agent information)*
  • Purpose(s): Providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
  • Data retention: Potentially indefinite, although I may delete or discard unsolicited offers or inquiries, spam, inquiries or applications that I believe to be fraudulent or submitted by bots, and/or information I have some legal or contractual obligation to delete or discard; see below for more details.

From time to time, I may seek to recruit and/or hire temporary or permanent employees, interns, and/or independent contractors to help me provide my services and/or perform specific tasks or functions for me. In some cases, I may enter or contemplate entering some other type of professional relationship with some other individual or entity: for example, a formal business partnership or joint venture (JV).

Please note that the inclusion of this section DOES NOT necessarily mean that I am hiring, soliciting partnership or JV proposals, or likely to do so in the immediately foreseeable future. The purpose of this section is to describe my policy for handling information in such situations.

In such situations, I may collect (to the extent permitted by applicable law/regulations) a broad range of personal information about any prospective employees, contractors, or business partners, such as (without limitation) contact information; resumes/CVs; education information; professional certification and/or licensure information; employment history; professional references or information about previous clients and/or business ventures; professional portfolios and/or other samples; skill or aptitude test results; government-issued identification; information about their authorization to work in my locale; salary or compensation information and/or history; tax-related information; and/or the various types of information revealed in a typical background check or investigation. (This is not an exhaustive list; the types of information I collect may vary depending on the context, and applicable law/regulations may dictate what types of information I must and/or must not collect or consider.) Obviously, I may also make various inferences based on the information I collect, such as my judgment of a candidate or applicant’s suitability for a specific role or whether a proposed venture is in my interests.

The information I collect may come from the candidates/applicants/contractors/prospective partners themselves and/or from a variety of third-party sources such as (again without limitation) employment agencies, background check services, professional references or previous clients, subject matter experts, public records, news stories, and/or other publicly available information or records.

My retention of such data varies depending on the context in which I received it. I may promptly delete unsolicited offers or solicitations as spam, although I typically retain inquiries to which I respond, even if I decline them. If I advertise a job opening, I may indefinitely retain applications I receive, whether or not the opening is filled, although I may discard applications that appear to be fraudulent or that were obviously generated by bots rather than people. My retention of applications or related information I receive through third parties such as employment agencies, and/or information I receive in connection with an offer of partnership or other business proposal, may be subject to certain contractual requirements (e.g., an obligation to return or destroy certain information after a specific period of time). Applicable law/regulations may also govern whether and for how long I retain employment, hiring, application, and/or related information.

I may share information pertaining to prospective employees, contractors, business partners, and/or other proposals or business ventures as weIdeem reasonable and appropriate (and to the extent permitted by applicable law/regulations and/or any relevant contractual obligations) for me to make informed hiring, employment, and/or other business decisions. For example (but without limitation), I might share a job applicant’s information with a service that performs background checks for me, discuss a prospective independent contractor’s work and professional reputation with their previous clients, or seek financial and/or legal advice regarding a possible partnership or other business venture. I may also share or disclose the information as otherwise described in “Disclosure of Personally Identifying Information” below.

Financial Transactions Policy

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; geolocation data*; URLs/websites*; other personal information*; special: amounts and other transaction-specific details and/or other financial information such as transaction IDs, checks, and/or tax forms* (Please note that the applicable payment processor(s) and/or bank(s)/financial institution(s) may also collect other types of information not listed here.)
  • Purpose(s): Providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; advertising and other commercial purposes
  • Data retention: Typically indefinite; see below.

The following policy applies to financial transactions with me and/or pertaining to aaronseverson.com, such as (without limitation) the purchase of advertisements on this website.

Please note that this policy applies only to transactions with me, NOT to your transactions with third-party vendors, retailers, or services. For example, if you purchase a copy of some work I have written through an online bookseller rather than directly from me, the bookseller’s policies will apply, NOT this Financial Transactions Policy. Also, transactions connected with my professional writing/editing/writing consulting business, 6200 Productions, will be subject to its separate Financial Transactions Policy, while transactions related to my automotive website, Ate Up With Motor, will be subject to the Ate Up With Motor Financial Transactions Policy, not this one. (You should refer to those separate policies where applicable; while the policies are generally similar, they are not identical.)

Transaction-Related Information Gathering

If you enter into a financial transaction with me and/or pertaining to the aaronseverson.com website — whether to make a payment to me or for me to pay you for goods, services, or some other purpose — I may collect certain personal information from you, such as (for example, but without limitation) your name, company name (if applicable), email address, billing address and/or other contact information, transaction details, payment information, invoice numbers and/or other transaction identifiers, and (where applicable) relevant tax documents such as (again without limitation) Form 1099-MISC and/or Form W-9. I use this information for billing/invoicing; so that I can process and and complete your transaction(s); and for my administrative, accounting/bookkeeping, tax reporting, and/or legal compliance purposes.

If your transaction is via a third-party payment processing service such as PayPal®, much of this information, including payment details such as bank account or credit card numbers, will be collected and processed by the payment processor rather than by me. For other types of transactions, that information may be collected and processed directly by me and/or the relevant financial institutions. (For example, if you make a payment to me by check, the check will necessarily include the routing and account numbers so that the applicable banks or other financial institutions can process the deposit and the transfer of funds.)

Transactions made via PayPal® are subject to PayPal’s User Agreement, Privacy Policy, and any other applicable PayPal policies or requirements. (Please note that these may differ depending on where you are.) PayPal may use cookies and/or “web beacons” (such as so-called “tracking pixels” and “pixel tags”) in the payment button and/or in the shopping cart to collect and track data about users. I do not have access to user data gathered by PayPal except for the information I receive in connection with a completed PayPal transaction, which is described in the following paragraph.

If you make a payment to me via PayPal, I receive a standard transaction report (which is sent to me via email as well as being stored in my PayPal account) that contains various personal information, including (though not necessarily limited to) a unique transaction ID number, your name, email address, mailing address, the date and amount of your payment, whether or not you are a Verified PayPal user, and any notes or additional instructions you provided. If your payment was for a PayPal invoice, a copy of that invoice will be appended to the report. This transaction report does NOT include your bank account or credit card numbers — PayPal does not provide and I do not have access to the credit card or bank information you use with your PayPal transactions or have associated with your PayPal account.

In some cases, I may seek additional information about you in connection with your transaction, either from you directly and/or from third-party sources. Some examples might include (without limitation) looking up your address in a mapping or navigation service to clarify delivery instructions for a courier or other delivery provider; checking with the applicable postal service to verify your ZIP Code or other postal code; inquiring whether payments made from a business account or business email address are for the business or for the individual; and/or investigating suspected fraud and/or other security issues. (These are just a few representative examples, not an exhaustive list.)

Currency

Payments to me should be in U.S. funds, with any exceptions to be discussed in advance and subject to my prior approval.

Some payment processors, including PayPal, will automatically convert payments or funds transfers to the recipient’s preferred currency, or at least give you the option to do so. If your transaction is via PayPal, you may assume any non-U.S. funds will be appropriately converted unless PayPal warns or notifies you otherwise.

For other types of transactions drawn on non-U.S. funds, such as international wire transfers, please contact me in advance so that we can discuss appropriate arrangements for currency conversion.

Checks and Money Orders

Unless I indicate otherwise, payments by check, money order, or bank draft/cashier’s check/teller’s check should be made payable to Aaron Severson.

Taxes

For certain types of transactions, I may be required to collect tax (such as sales or use tax) from you and pay it directly to the applicable tax agency or agencies. Please note that you may owe tax (e.g., sales/use tax, VAT, or other tax) on transactions with me even if I do not collect such tax from you. Any applicable taxes you may owe that I do not collect from you are your sole responsibility.

Returned Check Fees

Payments you make to me by check or bank draft that are rejected or returned by my financial institution(s) for insufficient funds or for any other reason shall be subject to a $35 returned check fee. (This fee is to cover the fees my financial institutions charge me in such circumstances.) I reserve the right to waive this returned check fee at my sole discretion.

Refunds and Returns

The following refund and return policy shall apply to payments you make to me:

  • Advertising Purchases: You may cancel your ad for a full refund within five days of your payment. If you choose to cancel your ad after five days but prior to the expiration date, I will credit the prorated remainder of the commitment period toward a future ad, but cannot provide a cash refund except where I are required to do so by the applicable payment processor(s) and/or financial institution(s) or as otherwise required by law. Notwithstanding the foregoing, I reserve the right to refuse and/or refund any individual advertising purchase or purchases at my sole discretion.
  • Other Purchases: Purchases of goods or services other than advertising are fully refundable prior to the delivery by me of the applicable good(s) or the performance by me of the applicable service(s). In the event you purchase tangible good(s) (e.g., a printed book) from me, you may return the purchased good(s) for a full refund, less any applicable shipping costs, within 21 days of the date of your payment or the period allowed by the applicable payment processor(s), whichever is greater. Purchases of digital goods or services other than advertising (e.g., the purchase of an ebook) are nonrefundable once the applicable good(s) or service(s) have been delivered or performed (as applicable) by me, except as otherwise required by the applicable payment processor(s) and/or financial institution(s) or otherwise required by law. Notwithstanding the foregoing, I reserve the right to refuse and/or refund any individual purchase or purchases, and/or any applicable shipping costs, at my sole discretion.
  • Other Types of Transactions: For transactions that do not fit any of the above categories, eligibility for refunds or returns shall be determined on a case-by-case basis and shall be at my sole discretion, except as otherwise required by the applicable payment processor(s) and/or financial institution(s) or otherwise required by law. I reserve the right to refuse and/or refund any individual transaction at my sole discretion.

Information Sharing

By making a payment (whether by check or money order, via PayPal, or by any other means), you grant me express permission to disclose information associated with your transaction(s), including, where appropriate, copies of any applicable invoices, checks and/or receipts, PayPal transaction reports (if applicable), shipping records (if any), and/or related tax documents:

  1. To the applicable email and/or telephony provider(s), so that I may communicate with you regarding your transaction; and/or:
  2. To the applicable postal service(s), common carrier, or shipping agency, in the event I must mail, ship, or deliver anything to you in connection with your transaction; and/or:
  3. To my legal counsel, accountant/bookkeeper, tax preparer, and/or tax attorney, as I deem reasonably necessary to my routine business operations and/or for my legal protection; and/or:
  4. To my applicable payment processor(s) and/or bank(s)/financial institution(s); their legal counsel, auditors, and/or fraud protection services (for example, if I must provide information for a dispute or fraud investigation); and/or as otherwise required by my legal agreements with said payment processor(s) and/or bank(s)/financial institution(s); and/or:
  5. To any applicable federal, state, local, or other tax agency (whether within or outside the United States), where I deem it reasonably necessary to ensure my compliance with applicable tax laws and/or regulations (e.g., to calculate or estimate applicable tax rates and/or in connection with tax returns, filings, withholding, and/or estimated tax payments), or in connection with audits or other official investigations; and/or:
  6. As otherwise required by law (e.g., to comply with applicable government reporting or disclosure requirements, such as customs inspections; in connection with a civil or criminal trial or other official investigation or proceeding; or if I have received a subpoena or court order requiring me to disclose certain information); and/or:
  7. As otherwise described in “Disclosure of Personally Identifying Information” below.

Where applicable, I may also disclose in any or all of the above-listed ways information pertaining to payments I make to you subject to this Financial Transactions Policy.

By making a payment, you also grant me express permission to contact you via email and/or postal mail to acknowledge, complete, and/or address questions or issues related to your transaction(s) with me, and, if you call or text me regarding your transaction, to respond to your calls and/or texts via the same means.

Data Retention

I must retain information about financial transactions — including ones I refuse and/or refund — for administrative, accounting/bookkeeping, tax reporting, legal compliance, service improvement, fraud prevention, and/or other security purposes, and so that I can respond appropriately in the event of a payment dispute, audit, or other investigation. (The reason I include “fulfilling a contractual obligation” among the purposes listed above is that my service agreements with my payment processors and/or financial institutions typically require me to cooperate with their investigations and to respond promptly to their requests for relevant information.) See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.

Customer Service Information

If you have questions about this Financial Transactions Policy or need help with a transaction with 6200 Productions, you can reach me via email at admin (at) aaronseverson (dot) com; by using the Contact Form (if available); or by calling or texting my Google Voice number, (310) 909-7846‬. (IMPORTANT NOTE: Calls or messages to this number may be transcribed and/or recorded, and transcriptions, recordings, call notifications (including notifications of missed calls), texts, and/or other messages may be forwarded to me via email. This telephone number is provided by the Google Voice communications service, a Voice over Internet Protocol service provided by Google Voice, Inc., a subsidiary of Google LLC. All communications made or received through this number are subject to the Google Privacy Policy and the Google Voice Privacy Disclosure as well as to this Privacy Policy. Google Voice is a trademark of Google LLC.)

You can also contact me via postal mail:

Aaron Severson
Attn: Customer Service
11100 National Bl. #3
Los Angeles, CA 90064

Information I Receive from Other Sources

Transaction-Related Information I Receive from Third Parties

As noted in the “Financial Transactions Policy” section above, I may receive information about you from third parties in connection with your transactions with us (e.g., transaction reports). See that section for more details.

Information I Receive from Third Parties for Security Purposes

  • Categories of information gathered: IP addresses*; domain names*; user agent information*; email addresses*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; geolocation data (estimated based on IP address/domain name and/or inferred from other data)*; URLs/websites*; other personal information*; metadata*; special: other security-related technical details*
  • Purpose(s): Fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
  • Data retention: Varies, but potentially indefinite.

Some of the security measures I use to secure this website, its data, and/or my system and devices periodically supply me with ban lists/blacklists/block lists of IP addresses, domain names, email addresses, and/or user agents that may be associated with malicious activity such as spam. I may also obtain similar information or lists from other external sources such as (without limitation) HackRepair.com; the MVPS HOSTS file; Perishable Press; The Spamhaus Project; through the security components of the Microsoft® Windows® operating system; via Avast Software s.r.o and/or their subsidiary Piriform (CCleaner®); through Bitdefender®; via Malwarebytes; via Mozilla Firefox and/or other web browsers; via the NetGuard mobile firewall; through Safer-Networking Ltd.‘s Spybot® software; from the StevenBlack hosts file; via the TinyWall firewall; via the Google Safe Browsing API (which is used by Mozilla Firefox, various other web browsers, and some other online services), the Play Protect feature of Google Play, and/or the Google Voice communications service (which are subject to the Google Privacy Policy and, for Google Voice, the Google Voice Privacy Disclosure; Google Play, Google Safe Browsing, and Google Voice are trademarks of Google LLC); through browser extensions such as (without limitation) eyeo’s Adblock Plus, EFF‘s Privacy Badger, InformAction‘s NoScript, and/or uBlock Origin; and/or through other filter list providers such as (without limitation) EasyList and/or Hosh Sadiq (who maintains the adblock-nocoin-list). From time to time, I may also receive additional security-related information from my web host, Internet service provider, mobile carrier, bank, and/or other sources not specified above.

Naturally, my security software and/or services also maintain regularly updated lists of virus signatures and other detection data to identify and prevent malicious activity.

Such security-related information is not necessarily personally identifying (for example, the IP addresses included on spam block lists are typically for email servers rather than individual users), but certain information may be personally identifying or potentially personally identifying (e.g., email addresses associated with spam or telephone numbers used by telemarketers or as part of scams or other malicious activity).

In some cases, I may perform WHOIS or similar lookups on visitors’ IP addresses and/or domain names, especially if they have been used for suspicious or malicious activity directed at the website or at me. Such lookups may enable me to determine information such as (though not limited to) the owner of a particular domain registration or the geographic location associated with a particular IP address. My firewalls and/or other security applications/services may provide me with similar information about any online servers or resources to which my devices connect or try to connect. (For example, but without limitation, the NetGuard firewall app retrieves such info via IPinfo to help me understand and control the Internet connections my mobile apps make or attempt to make.)

As noted in the “Data Related to Recruitment/Hiring or Professional Partnerships” section above, I may also commission background checks on candidates I am considering hiring and/or individuals or entities with whom I am considering entering a business partnership or other formal professional relationship, to help me make informed decisions about whether that hire or relationship would present an undue risk to my security.

My retention of such data varies. Much of the information I collect of this kind is managed automatically by my security tools, which regularly update the associated data, adding new information and sometimes changing or removing older data. Also, I periodically make manual changes to that information, such as (without limitation) when I whitelist an email address that was wrongly flagged for spam or blacklist an email address or domain that has sent me suspicious emails.

Special Note: The reason I include “fulfilling a contractual obligation” among the possible purposes listed above is that certain sources from which I obtain security information may impose contractual limits on how I collect and handle that information (e.g., terms of service prohibiting me from altering security update data or interfering with the normal update process) and/or may not permit me to pick and choose which data I do or do not add.

In many cases, such data is already publicly available (for instance, the HackRepair.com list is readily available at their website). I may also share or otherwise disclose such information if I need additional technical assistance and/or otherwise consider such disclosure appropriate for my security and/or the security of others. For example (but without limitation), I might submit to the maintainers of these lists or databases certain email addresses or domain names that have been used in malicious activity directed at me.

I may also disclose such information in connection with legal action involving malicious activity, and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Other Information I Receive from Third-Party Sources

  • Categories of information gathered: Names; email addresses*; other contact information*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data (provided by sources and/or inferred from other data)*; URLs/websites*; other personal information*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Varies depending on context; see below.

  • From time to time, I may receive personal information about site visitors or otherwise related to this website from other third-party sources. The following are some representative examples of this information-gathering:

    I routinely gather information about the content I write and/or edit (and/or on which I consult), including information about people involved with and/or otherwise relevant to that content. My research and writing process often involves discussing and sharing such information with third parties such as subject matter experts, other writers, historians, journalists, enthusiasts/collectors, librarians, and archivists (and/or, in the case of work I perform for others, the applicable client(s) or employer(s)), as well as looking up names and other relevant personal details in sources such as (without limitation) books; magazines; newspapers; films or other videos; audio recordings; and/or online or offline electronic resources such as search engines, library catalogs, websites, and/or databases. If you are or were involved with the subjects of my content, and/or are a public figure, some of the information I gather may be about you, your work, and/or your career. In many cases, this information is drawn from sources that were already publicly available at the time of writing, but it may also include certain non-public information obtained from a variety of sources. It may also include images, such as (without limitation) publicity photos or official portraits, and/or other media, such as (again without limitation) videos, audio interviews, and/or podcasts. (Naturally, certain information I gather in connection with content I write, edit, and/or otherwise research may also come from you if I communicate with you in connection with my research or if you have disclosed the information in some other context known to me.)

    If I use an image or other content you have offered under a Creative Commons or similar license, I typically gather certain publicly available information about you for the purposes of properly attributing that content and otherwise complying with the applicable license terms. (Where I deem it appropriate, I sometimes do the same with content that is in the public domain in my jurisdiction, such as works created by U.S. federal employees in the context of their official duties.) This may include any creator information listed on the hosting service, archive, or repository from which I obtained the content as well as other relevant information I may find in various print or online sources.

    As noted in the “Data in Submitted Images” section above, when I gather photographs and other images or media intended for use on this website or for some related purpose (whether those images were created by me or obtained from others), I typically look for additional information about the subjects of those images. This information, which may come from a variety of public and/or private sources, may sometimes include personal information and/or potentially personally identifying information, such as (for example, but without limitation) biographical details about the famous owners of a particular object shown in a photograph.

    From time to time, visitors or other personal or professional acquaintances may provide me with personal information about someone. For example (but without limitation), another site visitor might provide me with your contact information for some specific purpose, send me a clipping of a newspaper interview with you, or submit photographs or other media in which you are visible.

    As noted in the “Comments” and “Other Inquiries, Messages, and Support Requests” sections above, I may sometimes gather additional information about individuals who contact me in order to better understand who they are and the context of their inquiries.

    As noted in the “Data Related to Recruitment/Hiring or Professional Partnerships” section above, if I contemplate hiring or entering into a business partnership or other professional relationship with someone, I may collect a range of personal information about them so that I can make informed hiring, employment, and/or business decisions.

    Whenever I install software/apps, services, themes, and/or add-ons to use in my management of this website, site-related data, and/or my other work — particularly software/apps/services/themes/add-ons I use under open source licenses — the installation files (and/or the website or other source from which I obtained them) may provide me with personal information about the developer/development team (e.g., names, contact information, digital signatures), which I may use for security purposes, to ensure my license compliance, and/or if I have support questions and/or comments. If you’re a developer, I may collect or have collected information about you in such contexts.

    (Again, the above scenarios are just some representative examples, not an exhaustive list. The disclosures in the “CCPA Information Collection and Sharing Notice” section below will give you a sense of what kinds of personal information I may collect.)

    My retention of such information varies depending on the nature of the information and the context in which I received it. I normally retain indefinitely my research notes and other information relevant to my past, current, or possible future articles or content, including image-related information. (Obviously, I can’t and don’t retain or remember every fact I see, read, or hear, but I do typically retain my notes in some form or other, although I may delete or discard certain research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.) Since software licenses typically prohibit redacting or altering any attribution information, I usually retain that information for at least as long as I continue using the applicable software.

    Obviously, information I gather for my articles or other content may be published or disclosed in that context; other non-public information generally will not be except as otherwise described in “Disclosure of Personally Identifying Information” below.

    Additional Information About Data Retention

    In addition to the data retention practices described in the various sections above, I typically retain indefinitely:

    • Information pertaining to my professional writing/editing/writing consulting work and/or other creative endeavors, including — except as otherwise stipulated by a specific client or employee agreement and/or other applicable legal requirement(s) — research notes, drafts, and/or other relevant data, which may sometimes include information about or in some way connected with visitors to this website. (I may delete or discard certain drafts and/or research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.)
    • Information pertaining to any financial transactions and/or legal agreements involving this website, including (but not limited to) records of purchases or payments I make or receive in connection with the website or related matters. (Obviously, my financial and legal records often necessarily include some personal data.) I must also retain my tax records for bookkeeping and compliance purposes.
    • The contact information of individuals with whom I repeatedly or regularly correspond regarding this website and/or related matters.
    • Names and/or company/domain names I’ve entered into my spell-checking dictionaries (which I retain for what I hope are obvious reasons!).
    • Information pertaining to my licenses/authorizations for the use of intellectual property owned by others, including any relevant contact information. (I may discard this information if I discontinue using that intellectual property, e.g., if I uninstall a particular app or other software.)
    • Information pertaining to site-related technical or legal questions.
    • Any information pertaining to a site-related dispute or legal issue. Similarly, for compliance purposes, I must retain information pertaining to privacy-related requests to the extent required by applicable law and/or regulation. (For example, if you send me a request to exercise your rights under the California Consumer Privacy Act (CCPA), I am legally required to retain records of that request for at least 24 months.)

    Even where it is my customary practice to indefinitely retain certain information, my retention of individual communications/messages may vary based on the medium and/or format of those communications/messages:

    • Email: I typically retain indefinitely most site-related emails, excepting obvious spam, mass mailings, messages and/or attachments that contain suspicious code, and/or certain automated notification/alert emails (which I may delete if they are no longer needed and/or relevant).
    • Communications/messages via third-party services (including, without limitation, calls and/or texts made or received through the Google Voice communications service, social media accounts, and/or social media services): Most site-related communications/messages that I send and/or receive via third-party services are retained indefinitely in some form, although in such cases, I may, to the extent possible, retain local and/or off-line copies in addition to (or instead of) leaving the original communication/message(s) on the applicable third-party service. For example (but without limitation), if I receive Google Voice messages, I may remove the original messages from my Google Voice account, but retain the notification emails and/or other local copies of those messages. Recordings of calls (if any) made via Google Voice or other third-party services, and/or voice mail messages received through such services, may be retained for as long as I reasonably need those recordings, except as otherwise required by law and/or the applicable service’s terms of use/terms of service. Please note that in some cases, third-party services may retain records of messages sent via those services even if the users who sent and/or received those messages delete their copies and/or their accounts, which is outside of my control. (As noted elsewhere in this policy, Google Voice is a trademark of Google LLC.)
    • Text messages: Site-related SMS/MMS text messages and/or other, similar non-voice direct messages that I send and/or receive via my phone(s) (not including text messages sent via Google Voice or other third-party services) are typically retained for up to two months, although I may delete them sooner than that if they are no longer needed/relevant, appear to be spam, or contain suspicious code. However, I may retain certain specific messages (and/or their attachments, if any) for longer periods if I have some ongoing need for them, and any data I receive via text may be transferred to other records before the original text is deleted. (For example, if you send me a text message asking me to contact you via postal mail, I will separately record your mailing address in order to comply with and retain records of your request.) Recent messages may be captured in my periodic phone backups, which I may retain for a year or more. Please note that my mobile carrier(s) may also retain records of text messages sent or received via my phone(s), which is outside of my control.
    • Phone calls: Records of calls I make or receive via my phone(s) (i.e., NOT via Google Voice or some other third-party service) are typically included in my phone bills and/or other phone usage records, which I customarily retain indefinitely. (My phone company/mobile carrier may also retain such records, which is outside of my control.) My retention of any call logs or records on my phone(s) is typically determined on a case-by-case basis. Recordings of phone calls (if any) and/or voice mail messages may be retained for as long as I reasonably need them, except as otherwise required by law (and/or, in the case of voice mail messages, the policies of the applicable phone company or mobile carrier).
    • Postal mail and/or physical documents: I promptly discard most mass mailings and unsolicited business inquiries (“junk mail”) I receive via postal mail or other physical means. Where I receive legitimate correspondence or business documents pertaining to this website and/or related matters (e.g., copies of contracts or receipts) by mail or some other physical means, I typically retain them, although, where possible, I may scan, photograph, or photocopy them (and/or retain the electronic versions, if I have received both electronic and physical copies) in addition to (and in some cases instead of) retaining the original physical copies. Naturally, if I have agreed and/or have some contractual or legal obligation to return or destroy specific business documents, I will do so as appropriate.

    Personal information I may collect in connection with this website that is not specified above or mentioned elsewhere in this Privacy Policy is normally retained only as long as I reasonably need that information, which is determined on a case-by-case basis depending on the nature of the information and how and why I received it. In some cases, my retention of certain information may be dictated by applicable law/regulations and/or other legal obligations (e.g., a contractual obligation to return or destroy certain information after a specific period of time).

    In all cases (even circumstances where I typically retain information indefinitely), I may delete, discard, or destroy specific messages, communications, documents, files, records, and/or data (of any type, format, and/or medium) if:

    • They are duplicates, and/or:
    • I reasonably believe that they are substantially redundant of other data I still retain (e.g., an “order shipped” notification for an order for which I also have a delivery receipt), and/or:
    • They are unreadable, inaccessible, and/or otherwise unusable, and/or:
    • They are corrupted, contaminated, or otherwise damaged, particularly if I reasonably believe that the corruption, contamination, or damage poses a danger to health, safety, security, and/or the integrity of other data and/or property, and/or:
    • I have agreed and/or have some contractual or legal obligation to delete, discard, or destroy them, and/or:
    • I have some other compelling reason to do so.

    Even where it is my normal practice to retain personal information about site visitors, I periodically remove certain personal data from the website’s online database(s) and/or mail servers, transferring the data to local and/or offline storage for greater security and/or redacting portions of the data that I no longer need.

    Special Note on Subpoenas, Court Orders, and Preservation Requests: In certain cases, I may be legally compelled to retain and preserve certain data, even data I would not otherwise retain, pursuant to a subpoena, a valid court order, or a preservation request from a government or law enforcement agency. In such event, I will preserve the specified information (and may disclose it to the requesting party) to the extent required by applicable law, which in some cases may also require me to keep the order or request confidential.

    Reports and Aggregated Statistics

    From time to time, I may compile and publish aggregated statistical information about users of the website. For example, I may create reports on trends in the usage of the website, such as total page views, the average number of unique visitors per month, the most popular pages on the site, and/or the average time visitors spend on the site.

    I may also, to the extent required and/or otherwise permitted by applicable law and/or regulations, publish de-identified information and/or statistics about requests I receive under the California Consumer Privacy Act (CCPA) (as described in “California Privacy and Data Protection Rights” below) and/or other privacy laws (e.g., how many requests of a particular type I received in a given period).

    Aggregated reports and statistics — which I may display publicly and/or otherwise share with third parties (including, where applicable, potential advertisers and/or other commercial partners) — will not include personally identifying information about any individual or specific household.

    Information Captured by Service/Software/App/Device Telemetry

    Many modern electronic services, software programs, apps, and devices, from operating systems to office software and even printers/print drivers, now incorporate surveillance mechanisms (often called “telemetry”) that gather information about the use of that service/software/app/device and then transmit that data to the manufacturer/developer and/or other third parties. The information collected by these mechanisms can sometimes include personal information or potentially personally identifying information about me and/or other individuals and/or households.

    Here are some examples of how this might occur:

    • If a service/app/software/device crashes while I am accessing a file or website containing personal information, details about that file or website and its contents might be captured and transmitted as part of a crash report.
    • If a website or online service I access uses Google’s familiar reCAPTCHA security service, the reCAPTCHA service may collect detailed information about my activity on that site or service, including (but not limited to) taking snapshots of my browser window and any personal information that may be visible there. Google provides no way to opt out of this data collection, which with current versions of reCAPTCHA is not limited to interactions with the reCAPTCHA interface itself. (Google is a registered trademark of Google LLC.)
    • Security features incorporated into my web browsers and/or devices might capture personal information contained in the filenames, metadata, and/or contents of documents or other files I download from or upload to the Internet.
    • My antivirus software and/or other security services/software/apps might capture personal information in scanned email messages and/or other electronic files.
    • My office software might record the filenames and/or other metadata of files I access, and/or capture any text on which I use the software’s spelling and/or translation features.
    • Mapping or navigation services/software/apps I use, particularly ones with access to my mobile phone’s location data, might record the geographical locations and/or addresses of people I meet or visit.
    • Services/apps/software/devices with access to device microphone(s) might overhear and/or record my calls or other conversations.
    • Certain services/apps/software/devices might record what I type while using that service/app/software/device.

    Again, these examples are just a small sampling of the possible scenarios. The specifics of device and software telemetry vary widely, and manufacturers/developers are not always forthcoming about the details of their information-gathering.

    Such surveillance can be difficult or impossible to escape. Certain services/software/apps/devices, like malware detection services, cannot adequately perform their intended functions without full access to device/system data. Some information-gathering features (like the telemetry incorporated into recent versions of the Microsoft® Windows® operating system) can’t be completely disabled without modifications that would violate the license agreement or terms of service. Even where it is theoretically possible to disable the telemetry features of a specific service/software/app/device, doing so may require advanced technical knowledge and/or special tools. Also, my work and research sometimes involves my using devices, software, and/or apps controlled by third parties — e.g., the computers offered to patrons of public libraries — that may incorporate telemetry or other surveillance mechanisms that I cannot disable or with which I am not familiar.

    While I have made an effort to block and/or minimize such surveillance — for my privacy and security as well as yours — the bottom line is that some of the services/software/apps/devices I use retain at least the potential to collect and transmit personal information about me, the subjects of my writing/editing/writing consulting work, and/or the people with whom I interact in the course of operating this website.

    The examples of third-party vendors and service providers listed in the “Disclosure of Personally Identifying Information” section below include a representative sampling of services, software, apps, and/or electronic devices I may use that could gather personal information related to this website and/or its visitors through telemetry and/or other integrated information-gathering/surveillance features. Please note that this is NOT an exhaustive list. I may sometimes use services, software, apps, and/or devices not listed (obviously, it’s not practical for me to list every service, device and/or piece of software I might conceivably use!); certain services/software/apps/devices that did not previously incorporate information-gathering/surveillance features might add them in subsequent updates; and certain services/software/apps/devices may incorporate surveillance features that are not readily apparent to me.

    As noted in the “Security Scans” section above, the likelihood and possible extent of any disclosure of personal information in such ways is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising my security, the functionality of the tools and devices I use, and my ability to perform my work and provide my services.

    Disclosure of Personally Identifying Information

    I may share, release, or otherwise disclose personal information I collect through and/or in connection with this website:

    • To publish your submitted comments (including, as applicable, any images, other media files, and/or links they may contain), as described in the “Comments” section above. As explained in that section, this may include emailing copies of your comment to other users who have requested email notifications of replies/follow-up comments.
    • As part of a public response to an inquiry or support request, as described in the “Contact Forms” and “Other Inquiries, Messages, and Support Requests” sections above.
    • To appropriately credit someone for the use of their photos, fonts, themes/plugins, or other content or intellectual property — particularly where such credit is required by the applicable license terms. As noted in “Data in Submitted Images” above, this may include adding copyright and license information to the applicable filename and/or metadata to ensure that the attribution is clear. If you want to modify or remove your credit information, please contact me!
    • To publicly acknowledge and/or thank someone for their assistance, whether with the management of this website, my content, and/or some related matter(s), except where they have specifically asked me not to or where their communications with me reasonably suggest that they prefer not to be acknowledged or identified. Such acknowledgments will typically be limited to their name/pseudonym and the nature of their assistance, although in some cases, certain other personal information may be obvious or implicit in the type of assistance provided.
    • As part of journalistic, historical, or other nonfiction accounts I publish, perform, and/or otherwise disseminate, and/or in the course of researching, writing, and/or editing same (including, as applicable but without limitation, any associated illustrations, bibliographies, and/or metadata), if the person(s) to whom the information pertains are and/or were involved with the subject(s) of such content. In many cases, this information is drawn from sources that were already publicly available at the time of writing, but it may also include information, corrections, clarifications, and/or additional details provided by the person(s) to whom the information pertains and/or obtained from third parties (and may include images and/or other media such as, again without limitation, publicity photos or official portraits, videos, and/or recorded audio interviews). As noted in “Information I Receive from Other Sources” above, my research and writing process routinely involves sharing and discussing this type of biographical information with third parties such as (without limitation) subject matter experts, other writers or historians, journalists, enthusiasts/collectors, librarians, and archivists, as well as looking up names and other relevant personal details in online or offline resources such as search engines, library catalogs, and vendors of published works like books or DVDs.
    • If that information is or was already publicly available (such as — without limitation — information that’s available on the website of the person(s) to whom the information pertains; that they’ve included in their published memoirs, books, articles, or other published works, or in public posts or public comments they’ve made on this or other websites; that appears in published interviews or in books, articles, or other works about the person(s) to whom the information pertains; and/or that is otherwise part of the public record, such as court records or transcripts of public hearings).
    • To my independent contractors, employees, agents, and/or business partners (if any) that need to know the information in order to collaborate with me and/or to perform services for me or on my behalf (such as, without limitation, accounting, tax preparation, legal services, translation, transcription, technical troubleshooting, website development/improvement, malware recovery/removal, and/or other types of repair/maintenance/service) and that have agreed to follow this Privacy Policy (or that have their own, comparably strict or stricter confidentiality policies) regarding any personal information that I share with them. Some or all of these contractors, employees, agents, and/or partners may be located outside your home country and/or the European Economic Area; by using this website, you consent to my transfer of such information to them.
    • To my third-party vendors and/or service providers that need to know that information in order to provide services available on this website, support my business operations, or otherwise perform services for me or on my behalf. (As noted in the “Information Captured by Service/Software/App/Device Telemetry” section above, this may include, but is not limited to, services, software, apps, and/or electronic devices I may use that could gather personal information related to this website through telemetry and/or other integrated information-gathering and/or surveillance features, some of which cannot be disabled without simply ceasing to use that service, software, app, or device.) Representative examples of my third-party vendors/service providers may include (as applicable, but without limitation):
      • Providers whose services I may use in operating this website, such as (without limitation) my web host, DreamHost® (which also hosts the mail servers for email addresses using this domain name); the Let’s Encrypt® SSL/TLS Certificate Authority service described in the Certificate Authority Checks section above (and/or other certificate authorities I may use or access); Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company (Sucuri), which provides the Sucuri Security plugin described in the “Security Scans” section above, which is subject to the Sucuri Security Privacy Policy and the Data Processing Addendum to the Sucuri Security Terms of Service); the embedded content providers described in the “Embedded Content” section above; Font Awesome (which, in addition to any embedded content it may serve on this site, may also be used by some of my other vendors and/or service providers in connection with other services I use, such as (without limitation) my web host’s online control panel and web mail interfaces); WordPress.org (which, as explained in “Embedded Content” above, provides the content management system in which this website runs and may gather certain information about users who access the site’s administrative dashboard in the course of managing the site and its various plugins, themes, and add-ons, as well as about my use of the WordPress website and/or forums to help me manage and troubleshoot this site); the developers of the various plugins, themes, and/or add-ons used on this website (through my communications with those developers regarding the management, troubleshooting, and/or security of their respective plugins, themes, and/or add-ons; such communications are typically but not always via the aforementioned WordPress forums); PayPal® (which serves the payment buttons that appear on the site and processes some payments for me); my bank(s)/financial institution(s) and/or other applicable payment processor(s) (which process — and may sometimes audit or otherwise investigate — my financial transactions); WebAIM (Web Accessibility in Mind) (whose WAVE Accessibility Tool I may use to improve the accessibility of this website and its contents); website speed testing services/tools (which examine the publicly accessible/visible portions of the website to analyze how quickly they load and identify technical issues that may affect loading speed and/or other functionality); and/or WHOIS lookup providers (if I need to look up an IP address or a domain registration using tools such as ICANN‘s WHOIS Lookup).
      • Google (which provides the Google Fonts, Google Hosted Libraries, Google Maps, Google Safe Browsing API, Gmail, FeedBurner, and Firebase services described elsewhere in this Privacy Policy; the Android platform and the related Google Mobile Services applications and APIs; Google Play and its related services; their well-known Google search engine; the reCAPTCHA security service (which I don’t currently use on this website, but which is found on various websites and/or online services I use and which can gather information about my online activity in those contexts, as noted in the “Information Captured by Service/Software/App/Device Telemetry” section above); the Google Voice communications service (a VoIP (Voice over Internet Protocol) service provided by Google Voice, Inc., a subsidiary of Google LLC, which is subject to the the Google Voice Privacy Disclosure as well as the Google Privacy Policy linked above); and other apps, services, and/or tools I may use and/or offer (which are too numerous to list here); and which also owns YouTube, as noted in the “Embedded Content” section above. Android, Firebase, Gmail, Google Maps, Google Play, Google Safe Browsing, Google Voice, and YouTube are trademarks of Google LLC (as are many of the names of other Google services). Google is a registered trademark of Google LLC.)
      • Microsoft® (which provides some of the software, apps, tools, and services I use — including, but not limited to, the operating systems for some of my devices — and gathers certain information about such use as described in the Microsoft Privacy Statement).
      • Other providers whose services enable me to operate and secure my devices, such as (without limitation) TCL Communication Limited (a.k.a. TCT), the manufacturer of my BlackBerry® KEY² LE smartphone and its associated suite of BlackBerry apps and services, which may gather information about the use of that device and/or its apps and services as described in the BlackBerry Mobile Privacy Policy; Dell® (which manufactured certain of my devices and may gather information about their use and/or the use of their associated drivers and/or factory-installed applications as described in their U.S. Privacy Statement); HP®, which may gather certain information about my use of HP printer, scanner, and/or copier devices and their associated software and/or services as described in the HP Privacy Statement; Intel®, which manufactured certain of my equipment and may gather information about the use of that hardware and its and associated drivers and/or applications as described in the Intel Privacy Statement; LG Electronics (which manufactured certain of my peripheral devices and may gather information about their use and/or the use of their associated drivers and/or applications as described in, as applicable, their website Privacy Policy and any applicable product privacy policies; Logitech® (which manufactured certain of my peripheral devices and may gather information about their use and/or the use of their associated drivers and/or applications as described in, as applicable, their Product Privacy Policy and Website Privacy Statement); Nuance Communications, Inc., present owner of the VoiceSignal VSuite voice dialing system installed on the older of my BlackBerry devices, which may gather information through and/or about my use of that software (to the extent that software still works, which is unclear) as described in the Nuance Privacy Policy; Avast Software s.r.o and/or their subsidiary Piriform (CCleaner®) (whose security and maintenance tools I may use on some or all of my systems and devices; their Data Factsheet explains what data their products may gather); Bitdefender® (whose Bitdefender Mobile Security and Bitdefender Central apps and associated services I may use on some of my devices; these apps incorporate the Crashlytics crash reporter service of Google’s Firebase platform, which is subject to the Google Privacy Policy (Firebase is a trademark of Google LLC), and may also use various other subprocessors such as, without limitation, Akamai Technologies, Inc. and Amazon Web Services); Malwarebytes (whose security tools I may use on some or all of my systems and devices); Qualcomm (which makes some of the components and services of my BlackBerry KEY² LE smartphone and may collect data on the use of that device and/or its services as described in their Privacy Policy); Safer-Networking Ltd. (whose Spybot® security and privacy software/tools I may use on some or all of my systems and devices); developers of Internet firewall applications/services, such as (without limitation) Károly Pados’ TinyWall and Marcel Bokhorst’s NetGuard mobile firewall and Internet traffic monitor (you can read the NetGuard privacy statement here; NetGuard may also connect to IDB LLC’s IPinfo service to obtain information about IP addresses and/or domains to which mobile apps attempt to connect); and/or encryption software and/or services such as (without limitation) the OpenKeychain open-source mobile encryption app, IDRIX’s open-source GnuPG for Windows (Gpg4win), KDE Software‘s Kleopatra certificate management application; and/or the VeraCrypt disk encryption tool.
      • Other providers I may use in accessing the Internet, such as (without limitation) my home Internet service provider, Spectrum Internet® (formerly Time Warner Cable®) (which processes and thus has information about much of my online activity); my mobile carrier, T-Mobile® (which provides my mobile voice, text, and data plan and processes certain emails sent to and from my phone(s), and thus has information about voice calls, texts, and online activity made, received, or otherwise conducted on my mobile device(s)); ASUS (ASUSTeK Computer Inc.) and/or Netgear Inc. (the manufacturers of my wireless routers and their associated software/services); the open-source Simple DNSCrypt utility developed by Christian Hermann and other contributors (which doesn’t have a privacy policy, although its source code is freely available for review; it implements Frank Denis’s open-source dnscrypt-proxy to allow encrypted domain name system (DNS) traffic); Cloudflare® (through my use of their recursive domain name system (DNS) resolver services Cloudflare 1.1.1.1 (which is a partnership between Cloudflare and APNIC subject to the Cloudflare Privacy Policy), the 1.1.1.1 App and/or its associated WARP mobile security/encryption service (which are subject to the Cloudflare Application Privacy Policy), and/or the Cloudflare Resolver for Firefox® (which has its own privacy policy); Cloudflare also provides the content delivery network (CDN) and distributed denial-of-service (DDoS) protection services used by some websites or online services I use/visit, also subject to the Cloudflare Privacy Policy); the Guardian Project, through my use of their Orbot app and Tor Browser apps (which connect to the Tor® network developed by The Tor Project, Inc.), which is subject to the project’s Data Usage and Protection Policies; Hidden Reflex Inc. (through and/or in connection with my use of their Epic Privacy Browser, integrated proxy/VPN service, and associated EpicSearch.in (which submits anonymized queries to the Yandex search engine as an alternative to Epic Privacy Browser’s default search function, which now submits anonymized search queries to the Yahoo! search engine (Yahoo! is a trademark of Yahoo! Inc., which is part of Verizon Media Services® and subject to the Verizon Media Services Privacy Policy)), which I may use on some or all of my systems and devices); Mozilla Corporation (which may gather certain information about my use of their Firefox®, Firefox Focus, and/or Fennec F-Droid web browsers as described in the Mozilla Privacy Policy; the Phishing and Malware Protection features of these browsers may also use the Google Safe Browsing API, which is subject to the Google Privacy Policy — Google Safe Browsing is a trademark of Google LLC); Opera Norway (through and/or in connection with my use of the Opera web browser and/or its integral VPN/proxy service; Abine Inc.’s Blur (formerly known as DoNotTrackMe); the CAD Team (maker of the Cookie AutoDelete browser extension, which does not appear to collect usage data; its source code is freely available for review); Cliqz International GmbH’s Ghostery® browser extension; EasyList (which maintains various adblocking and other filter lists I may use); eyeo (which maintains the Adblock Plus browser extension); the Electronic Frontier Foundation (EFF), which may collect information about my use of their browser add-ons and/or other privacy tools as described in the EFF Privacy Policy: Software and Technology Projects; InformAction, which currently asserts that it does not collect personal information through the use of its NoScript browser extension; Nodetics, which currently asserts that it does not collect data about the use of its Cookiebro – Cookie Manager browser extension; Thomas Rientjes, developer of the open-source Decentraleyes browser extension (whose Privacy Policy says the extension does not collect user data); Hosh Sadiq (who maintains the adblock-nocoin-list); and/or the developers of the uBlock Origin browser extension and its related lists.
      • Other providers of apps, tools, and/or services I may use in connection with this website and/or its content, such as (without limitation) Adobe® (which provides some of the apps, software, and other services or tools I may use and/or offer and may collect related and/or associated data in accordance with their Privacy Policy); Artifex Software, Inc. (which may gather certain information about my use of their SmartOffice® mobile app as described in their App Privacy Policy); the Audacity® open-source audio editing suite (which doesn’t appear to have a privacy policy, although its source code is freely available for review); Peter Batard’s open-source Rufus utility (whose source code is freely available for review); Cannaverbe Limited (in connection with the use of their CDBurnerXP software); the open-source CDex audio utility developed by Georgy Berdyshev, Ariane Paola Gomes, and Albert L. Faber; CompanionLink Software, Inc. and their associated subprocessors (whose CompanionLink®, DejaOffice®, and/or DejaDesktop products/services I may use to synchronize data on my mobile device(s); the CompanionLink Data Processing Agreement applies to data the service processes that may be subject to European Union data protection laws); cYo Soft’s ComicRack comics reader; DataViz®, Inc. (which might gather information about the use of the Documents To Go app on the older of my BlackBerry® devices); the Document Foundation (which may gather information related to my use of their LibreOffice suite as described in their Privacy Policy); the open-source F-Droid repository and client app (which may gather a limited amount of information about and/or in connection with my use of the repository and/or app, as described in the “Terms, etc.” section of their About page); the open-source GNU Image Manipulation Program (which doesn’t appear to have a privacy policy, although the source code is freely available from their downloads page) and plugins for it, such as (without limitation) Alessandro Francesconi’s open source Batch Image Manipulation Plugin (whose source code is also freely available); Kovid Goyal’s calibre ebook management suite (which lacks a privacy policy, although its code is open-source and publicly available; Christopher Gurnee’s open-source HashCheck Shell Extension; Mark Harman’s open-source Open Camera mobile app; Phil Harvey’s ExifTool utility and Bogdan Hrastnik’s related ExifToolGUI user interface for it; Florian Heidenreich’s Mp3tag utility; Don Ho’s open-source editing tool Notepad++ (which doesn’t appear to have a privacy policy, although again its source code is freely available for review); Ivan Ivanenko’s open-source Librera Reader app (the F-Droid version, which according to the developer gathers no personal information and which I have granted no Internet access privileges; the technically inclined can always browse the source code to be sure); JoeJoe‘s Rename Master utility; Tim Kosse’s open-source FileZilla® FTP client (which doesn’t have a privacy policy, but whose source code is freely available from the downloads page); Petr Lastovicka’s open-source Precise Calculator utility (which doesn’t have a privacy policy, although its source code is freely available for review); Lightning UK’s ImgBurn freeware disc-burning utility; the open-source Media Player Classic – Black Edition (MPC-BE) (which doesn’t have a privacy policy, although its source code is freely available for review); Jasna Paka’s open-source MozBackup utility, (whose source code is freely available for review); Igor Pavlov’s 7-Zip utility (which doesn’t have a privacy policy, but whose source code is freely available for review); Dương Diệu Pháp’s open-source ImageGlass (which doesn’t have a privacy policy, but whose source code is freely available for review); the open-source PuTTY SSH/Telnet client utility (whose source code is freely available for review); SalSoft’s open-source SQLite Studio (whose source code is freely available for review); Ted Smith’s open-source QuickHash utility (which doesn’t have a privacy policy, although its source code is freely available for review); Tracker Software Products (Canada) Ltd.‘s PDF creation and editing software; and/or VideoLAN‘s open-source VLC media player (which doesn’t appear to have a privacy policy, although its source code is freely available for review).
      • Flickr (a photo-sharing service — owned until April 2018 by Yahoo! (now part of Verizon Media®), but now owned by SmugMug, Inc., which has moved the service to an Amazon Web Services platform (making Amazon Web Services a principal Flickr subprocessor) — on which I have shared some site-related images and which I use to communicate with some of the people who have allowed me to use their images).
      • Providers of other search engines and/or other research tools I may use, such as (without limitation) DuckDuckGo and/or StartPage.com (the search engines I most commonly use; I also use StartPage’s associated “Anonymous View” proxy service); Yahoo!, whose search engine, email service, and/or other services and/or tools I may use (Yahoo! is a trademark of Yahoo! Inc., which is part of Verizon Media Services® and subject to the Verizon Media Services Privacy Policy); the International DOI Foundation, whose servers resolve the DOI® numbers (Digital Object Identifiers) used to identify certain academic papers and other online documents and redirect DOI requests to the appropriate online address(es); the Wikimedia Foundation (through and/or in connection with my use of Wikimedia Commons, Wikipedia®, and/or other Wikimedia projects and services); museums, libraries, archives, and/or databases, public or otherwise, including but not limited to the Los Angeles Public Library and L.A. County Library (through my use of their computers, catalogs, databases, and/or other systems, and/or my communication with their librarians, archivists, and/or other staff); and/or bookstores and/or other retailers or vendors through which I may search for and/or purchase materials related to my research, my content, and/or this website.
      • Services and/or service providers that help me promote and/or sell (or otherwise offer for commercial advantage) my content, writing/editing/writing consulting services, and/or other creative endeavors, such as (without limitation) literary or talent agents or agencies, publicists, promoters, public relations firms, advertising agencies, brokers, distributors, wholesalers/resellers, booksellers or other retailers, and/or publishers.
      • Other types of service providers, such as (without limitation) other applicable telephony services and/or email providers (through my phone, text, and/or email communications with you and/or others, and/or as appropriate for security and/or troubleshooting purposes); Voice over Internet Protocol (VoIP), voice chat, teleconferencing, and/or video chat services; messaging services, apps, and/or clients such as (without limitation) Signal, a service of Signal Messenger LLC and its associated service providers and/or subprocessors (which may include, but are not necessarily limited to, services provided by Google and/or Amazon Web Services); insurers (and/or, where applicable, their respective affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries); employment agencies; background check services; notaries; third-party printers/print services; providers of public computers and/or wireless networks I may periodically use; photo development, photo processing, video conversion, and/or other processing services for audiovisual materials; storage facilities and/or document/information management services; data and/or document destruction/shredding services; repair, maintenance, and/or technical service providers; transcription and/or translation services, automated or otherwise; mapping and/or navigation services such as (though not limited to) OsmAnd B.V.’s OsmAnd mobile app; taxi and/or ride-share services (which I may use if I travel to meet with you via such means and/or arrange such transportation for you in some manner related to this website); travel agencies, travel bureaus, ticket brokers, and similar services (in connection with business trips I take or arrange); airlines, bus services, and/or rail services (in connection with my business travel); hotels, motels, and/or other lodging providers (in connection with my business travel); movers (professional or otherwise), moving companies, and/or relocation services (in the event I relocate and/or need to transfer some or all of my business assets to some other site); and/or postal services, common carriers, and/or shipping agencies (for the purposes of sending and/or receiving correspondence and/or packages).

      Some or all of my third-party vendors/service providers (and/or any third-party subcontractors, data subprocessors, vendors, and/or partners those entities may employ or utilize in providing their respective services) may be located outside your home country and/or the European Economic Area; by using this website, you consent to my transfer of such information to them. Cloudflare, Google, HP, and Sucuri comply with the EU-US Privacy Shield framework, which governs the privacy and security of data U.S. companies process from residents of the European Economic Area subject to the European General Data Protection Regulation (GDPR).

    • As I deem reasonable and appropriate (and as permitted by applicable law/regulations) to enable me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, and/or business partners, as described in the “Data Related to Recruitment/Hiring or Business Partnerships” section above.
    • If I am required by law to do so, such as (without limitation) pursuant to a subpoena, search warrant, or other court order or administrative order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; or in connection with an audit, civil or criminal trial, or other official investigation or proceeding. In some cases, I may disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure is not expressly required. For example (again, without limitation), if I enter into a financial transaction with you that is subject to sales/use tax, I might provide your address to the applicable tax agency in order to determine the correct tax rate.
    • If I am contractually required to do so in connection with a dispute, investigation, or audit involving a third-party service such as (without limitation) my bank(s)/financial institution(s), payment processor(s), or social media services, or as otherwise described under “Financial Transactions Policy” above. For example, if my payment processor investigates a payment I received that they suspect of being fraudulent, their terms of service may require me to provide relevant information to their investigators. Similarly, third-party services such as social media websites may compel me to provide information related to suspected violations of their terms of service.
    • If I believe in good faith that such disclosure is reasonably necessary to protect my property, rights, security, and/or safety, and/or the property, rights, security, and/or safety of third parties and/or the public at large.
    • If the person(s) to whom the information pertains have asked or authorized me to do so.
    • If the information is de-identified, anonymized, redacted, and/or aggregated such that it could not reasonably be used to identify specific person(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information).
    • In the event that I sell or transfer control of this website, or if I enter bankruptcy or cease operating the website due to my death or incapacity, personal information I have gathered through this site would likely be among any assets transferred to third-party purchaser(s) or acquirer(s) (including, where applicable, my heirs, successors, and/or assigns), who could continue to use that information only as set forth in this policy.

    In general, I do not sell or rent the non-public information I collect from individual visitors to the aaronseverson.com website. However, I am a professional writer/editor and writing consultant, so it is conceivable that from time to time, personal information about a site visitor may be included in content that I publish, write, edit, and/or otherwise disclose (and/or on which I consult) in other professional contexts. For example (but without limitation), if you are a public figure, it is possible that a client may hire me (or has previously hired me) to research and write a profile about you for a magazine; similarly, if you attend car shows, it is possible you may be visible in the background of photos I take, obtain, publish, and/or otherwise share in connection with my automotive website, Ate Up With Motor. (There are many such possibilities — these are only a few representative examples.) Also, as explained in “Other Information I Receive from Third-Party Sources” above, my research and writing process often involves discussing and sharing relevant information with third parties.

    Where I become aware of such a case, I will take all reasonable efforts to keep separate any non-public information I have gathered through or in connection with this website and only disclose that site-related non-public information as described in this section. However, please note that in many cases, I have no way of associating data gathered through this website with information I may have obtained about you in other contexts. For example (again without limitation), your IP address being recorded in my server logs doesn’t necessarily mean that I know your name or can recognize your face in the background of a photo! (If you have questions about this, please contact me through one of the methods described in “Controllers, Questions, and How to Reach Me” below.)

    As noted in “Advertising” above, I don’t permit the site’s advertisers or sponsors to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible portions of the aaronseverson.com website, but if you click on ad links to visit the websites of my advertisers or otherwise patronize their businesses, they may gather information about you as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control. (Advertisements, banners, or donation boxes on the site’s administrative dashboard may sometimes collect personal information, but since the dashboard is only accessible to logged-in administrative users, such information-gathering and disclosure normally only involves my information, not that of other site visitors.)

    Additionally, some of my service providers and/or vendors (including, though not necessarily limited to, providers of embedded content used on this website, as described in “Embedded Content” above) may use and/or disclose — potentially for advertising, marketing, and/or other commercial purposes — personal information they gather through my use of their content and/or services in ways that are beyond my control. (For example, but without limitation, I have no control over how YouTube uses information they collect about visitors who watch embedded videos I share, or how companies such as search engines or social media services use data they gather through the use of their services.)

    While no online website, Internet-accessible device, or data storage system can be 100 percent secure, I take reasonable measures to protect against unauthorized access, use, alteration, or destruction of personal information I collect through and/or in connection with this website, including, but not limited to, the use of encryption and encrypted (https) connections, online and offline malware scans, and appropriate password protection.

    Your Rights (GDPR and State Laws)

    If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), or in some U.S. states, such as California (see “Your California Privacy Rights” below), applicable data protection laws may give you certain rights with respect to your personal data, subject to any exemptions provided by the law and/or associated regulations. For example, the rights provided by the GDPR include the rights to:

    • Request access to your personal data
    • Request rectification (correction) of your personal data
    • Request deletion of your personal data
    • Object to my use and processing of your personal data
    • Request that I limit my use and processing of your personal data; and
    • Request portability of your personal data.

    Individuals within the European Economic Area subject to the GDPR also have the right to make a complaint to the applicable government data protection authority.

    If you have questions or would like to exercise these rights, you can contact me through one of the methods described in “Controllers, Questions, and How to Reach Me” below. I’ve also added a Privacy Tools page that will let you automatically request your data based on your email address. (Please note that the data you obtain through this tool does not include personal data not associated with your email address, such as server and error log data; data not stored on this website itself (like emails you send me directly); or any non-electronic data (like physical copies of letters or photographs).)

    To safeguard your privacy and the privacy of others, I may (to the extent permitted — and/or required — by applicable law/regulation) ask you to provide additional information to verify your identity and/or residency before processing any data-related requests.

    Also, please note that I may be obligated to retain certain data (such as financial transaction records) for legal or administrative purposes or to secure this website and its data.

    Your California Privacy Rights

    California Do Not Track Disclosure

    This website does not currently respond to Do Not Track browser settings.

    Information-Sharing Disclosures (Shine the Light Law)

    California Civil Code § 1798.83 et seq. (the “Shine the Light” law) gives California residents who have established business relationships with certain businesses the right to request information about those businesses’ disclosure of the customer’s personal information to third parties for direct marketing purposes.

    The law defines “direct marketing purposes” as “the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes.” An “established business relationship” is defined as “a relationship formed by a voluntary, two-way communication between a business and a customer” that is either ongoing or was established with a purchase or other transaction within the past 18 months.

    Under the Shine the Light law, if you are a California resident and have an established business relationship with a business subject to the law’s requirements, you may request, once per calendar year, an Information-Sharing Disclosure that details:

    1. What categories of personal information about you, if any, that business shared with third parties for direct marketing purposes in the preceding calendar year, and
    2. The names/identities and addresses of such third parties.

    (The law does not require the business to reveal which specific pieces of information may have been shared, only the categories of information, as defined by the applicable statutes.)

    Although I believe I am exempt from the requirements of this law, since I have fewer than 20 employees, I will nonetheless make every reasonable effort to provide you with such a disclosure within 30 days of my receipt of your request. To submit a request, please contact me through one of the methods described in “Controllers, Questions, and How to Reach Me” below.

    Please note that this disclosure only covers information shared for direct marketing purposes. See the other sections of this Privacy Policy to learn more about other types of information I collect and how I use it.

    California Privacy and Data Protection Rights

    Starting January 1, 2020, California’s data protection laws, including the California Consumer Privacy Act of 2018 (CCPA), give California residents additional rights with respect to their personal data, including rights similar to those provided by European General Data Protection Regulation (GDPR) rules. The rights the CCPA provides California residents include:

    1. The Right to Know and the Right to Access: You have the right to request access — free of charge, up to two times in a given 12-month period, and (where possible) in “a readily usable format” — to:

      1. The categories and/or specific pieces of personal information I have collected about you in the preceding 12 months, and
      2. The categories of business and/or commercial purposes for which I collected and used the information, and
      3. The categories of sources from which I collected that information, and
      4. The categories of personal information about you that I have shared with third parties for business or commercial purposes in the past 12 months, and
      5. The categories of third parties with whom personal information was shared.
    2. The Right to Delete: You have the right to request the deletion of your personal information.
    3. The Right to Opt-Out of the sale of your personal information.
    4. The right to not be discriminated against or penalized for exercising these rights.
    5. The right to make a complaint to a state government supervisory authority.
    6. The right to take private legal action in the event of a data breach that exposes your personal information to theft or unauthorized access.

    These rights are subject to certain exemptions, exceptions, and restrictions provided by the law and/or its associated regulations. You need not be physically present in California to exercise these rights provided that you have a current California residence. You may designate an authorized agent to act on your behalf in exercising these rights.

    While I believe I do not technically meet any of the applicability thresholds specified by this California law, I am committed to providing visitors with as many privacy choices as I reasonably can.

    You (or your authorized agent) can exercise your California privacy rights via any of the methods specified on the Do Not Sell My Personal Information page.

    Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to your request. There is no charge for for making a request.

    In order to better safeguard your privacy and the privacy of others, I may be required to verify your identity before processing certain requests pertaining to your personal information. I may be unable to fulfill your request if I cannot verify your identity to the degree of certainty applicable law and/or regulations require. Also, please note that in addition to any exceptions and exemptions applicable law and/or regulations may provide to the rights provided by the CCPA (particularly with regard to the deletion of your personal information), I may be unable to delete certain information (e.g., my web host’s server and error logs) for technical reasons.

    Except as otherwise required by law, privacy-related requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.

    Do Not Sell My Personal Information

    If you are a California resident and would like to exercise your right to opt-out of the sale of your personal information, or any of your other rights under the California Consumer Privacy Act (CCPA), such as the right to access or delete your personal information, you (or your authorized agent) should visit the Do Not Sell My Personal Information page.

    CCPA Information Collection and Sharing Notice

    The California Consumer Privacy Act of 2018 (CCPA) also requires certain businesses to disclose the categories of information that the business has collected about individuals or households during the preceding 12 months; that the business disclosed for business purposes during the preceding 12 months; and that the business disclosed for commercial purposes during the preceding 12 months. These disclosures must be updated at least once a year.

    As noted above, I believe I do not meet any of the CCPA’s applicability thresholds, but for the avoidance of doubt, I make the disclosures listed below.

    Categories of Personal Information Collected

    The following list summarizes the categories of personal information I have collected about individuals and/or households, both through and/or in connection with this website and in the context of my business as a professional writer/editor and writing consultant.

    Please note that I do not necessarily collect all of these categories of personal information about every individual, or even most individuals. While I collect certain information from all site visitors (e.g., IP addresses, user agent information), the categories listed below also encompass the range of information I gather in connection with the articles and other content I create and/or edit (and/or on which I consult), which is far more extensive than I customarily gather about site visitors. These categories also include information (a) that certain people volunteer to me, whether about themselves or someone else; (b) that I only collect from/about certain people for some specific reason(s); and/or (c) that I infer or surmise from other data (e.g., inferring an approximate geographical location based on an area code or email domain).

    The statutory definitions of some of these categories overlap, with certain types of information (e.g., real names) technically falling into multiple categories; I have tried to limit repetition in the interests of space and comprehensibility. This list also includes some types of information that the law would probably regard as personal information, but that are not specifically described in the applicable statutes.

    The examples listed for each category are intended to be a representative sampling, NOT an exhaustive list of all the specific pieces of information I may have gathered within a particular category. Also, this list describes the categories of information I have collected on individuals and/or households from ANY locale, NOT only from California residents. (In many cases, I have no reasonable way to know whether the individuals and/or households to whom certain personal information pertains are California residents or not.)

    During the past 12 months, I have collected the following categories of personal information in the course of my business:

    • Identifiers, such as:
      • Names, pseudonyms/aliases, nicknames, user names, and/or account names
      • IP addresses
      • Email addresses
      • Postal mailing addresses and/or street addresses
      • Social Security Numbers, taxpayer ID numbers, driver’s license numbers, and/or other government-issued identification information
      • Unique personal identifiers, online identifiers, or other similar identifiers
    • Additional categories of personal information as defined in the California Customer Records statute, California Civil Code § 1798.80(e), such as:
      • Signatures, physical and/or digital
      • Other physical characteristics or descriptions of individuals (e.g., height, weight, hair color)
      • Telephone numbers
      • Other contact information
      • Account numbers
      • Records of financial transactions with me, including, as applicable, transaction ID numbers, tax-related information, and check/bank account information (I do NOT collect any bank account or credit card information in connection with PayPal® transactions)
      • Other financial information (e.g., credit ratings; whether someone has (or had) loans, past foreclosures, and/or declared bankruptcy; or the net worth of public figures)
      • Medical information (e.g., health conditions and/or tests, treatments, and/or therapies received)
      • Health insurance information (e.g., whether or not individuals are insured and with which insurance carrier(s) — I do NOT collect policy numbers or similar data, and much of what insurance-related data I do collect is in aggregated form)
    • Characteristics of classifications protected by law, such as:
      • Age and/or date of birth
      • Race, color, ancestry, national origin, and/or citizenship status
      • Religion or creed
      • Marital/relationship status and/or information about spouses/partners
      • Medical condition and/or physical or mental disability
      • Sex, gender, and/or gender identity/gender expression
      • Pregnancy, childbirth, and/or related medical conditions
      • Sexual orientation
      • Veteran or military status
      • Information about children and/or other family members
    • Commercial information, such as:
      • Information about cars and/or other vehicles an individual has owned, rented, otherwise obtained, or considered; that they have indicated they want to buy, rent, or obtain; and/or that they are considering
      • Information about art, books, other publications, films, videos, and/or other media an individual or household has considered, read, watched, or otherwise consumed; desires/intends to consume; and/or is considering consuming
      • Information about personal property, products, goods, and/or services an individual or household owns or uses; has owned, used, obtained, or considered; desires/intends to purchase, obtain, and/or use; and/or is considering purchasing, obtaining, and/or using
      • Property records (e.g., information about who owns or has owned a particular building or other real property)
      • Information about stocks and/or securities ownership and/or purchases/transfers (e.g., whether an individual owns or has recently purchased or sold shares in a particular corporation or other business entity)
      • Information about other types of purchases or transactions
      • Opinions, critical judgments, tastes, preferences, and/or other information about an individual or household’s purchasing or consuming history and/or tendencies
    • Biometric information, such as if you provide me with information about your sleep and/or exercise habits, or if documents or other physical objects I receive contain visible fingerprints (I have no means of analyzing, identifying, or using fingerprint data, but the law and its associated regulations make no such distinction)
    • Internet or similar network activity information, such as:
      • Web browsing activity and/or history
      • Search history
      • Other information about an individual’s interactions with a website, application, or advertisement (including, but not limited to, errors and/or suspicious activity)
      • Domain names and/or URLs of personal blogs, social media pages/feeds, or other online profiles
      • User agent information
      • Cookies
    • Geolocation information, such as a geographical location estimated based on an IP address, or a location and/or movements that you describe to me
    • Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, illustrations and/or other images, videos, audio recordings, and/or other media in which recognizable individuals or likenesses are visible and/or their voice(s) audible
    • Professional or employment-related information, such as:
      • Resumes/CVs
      • Current and/or past employer(s)
      • Job title(s) or position(s)
      • Professional certification or licensure
      • Business ownership/registration information (e.g., whether an individual has some ownership interest in and/or is an officer of a corporation or other business entity)
      • Compensation
      • Military service information
      • Other group or organization membership and/or affiliation information
      • Skills, aptitudes, abilities, and/or intelligence
      • Publishing histories/bibliographies/discographies/filmographies/performance histories/broadcast histories/portfolios/development credits/patent records and/or similar and/or other comparable information about writers, artists, designers, performers, developers, engineers, scientists, and/or other professionals
      • Authorship, other credits, and/or rights holder information for artwork, books, films, software, photographs, other media, other published works or designs, and/or other intellectual property such as trademarks and/or patents
      • Professional references
      • Performance evaluations and/or information about individuals’ professional reputations
    • Education information, such as schools attended, grades and/or scores on standardized or aptitude/skill tests, degrees and/or credentials earned
    • Inferences I make based on other data, such as my estimation of an individual’s personality, aptitudes, predispositions, psychological trends, and/or behavior.
    • Other types of personal information not specifically described in the applicable statutes, such as:
      • Information about specific vehicles, such as license plate numbers, vehicle identification numbers, related information (e.g., vehicle registration dates), and/or other identifying characteristics or details (e.g., year, make, model, body style, color, equipment, features, distinguishing markings)
      • Legal information (e.g., information regarding an individual having been accused of, charged with, and/or convicted of a crime, and/or involved in a civil lawsuit)
      • Information about political affiliations, opinions, and/or activity
      • Information about membership in and/or affiliation with other types of groups and/or clubs
      • Information about awards, honors, other recognition, prizes, and/or winnings in games of chance or skill
      • Information about individuals’ public and/or personal reputations
      • Information about other household members (e.g., roommates, pets)
      • Encryption public keys and similar security data
      • Other potentially identifying information in electronic files and/or associated metadata
      • Other data that could potentially be deemed personal information, but that does not easily fit into any of the above-listed categories.

    Although I do not knowingly collect personal information from children under 18 through this website, I may sometimes collect such information as part of my professional writing/editing/writing consulting work. (For example, I might write or edit a news article about a minor child’s notable achievements or involvement in some matter of public interest, which could include personal information obtained through an interview with that child and/or from other sources.) If you have questions, if you are a parent or legal guardian and believe that I may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via one of the methods listed under “Controllers, Questions, and How to Reach Me” below. (Parents or legal guardians can also submit CCPA requests on behalf of their minor children via any of the methods specified on the Do Not Sell My Personal Information page.)

    The fact that I collected and/or inferred certain information does not necessarily mean that I still retain it, or that I have any practical way to associate the different categories of information I may have collected about a given individual or household (e.g., to connect a visitor’s name with an IP address in the server logs and/or a face visible in the background of a photograph).

    Keep in mind that if you have interacted with me via some third-party service, that service may have collected and/or shared — potentially for commercial purposes — personal information about you that is not reflected in the above list. The collection/sharing of personal information by third-party services is subject to the applicable service’s privacy policy and terms of use/terms of service, and is outside of my control. (The disclosures above DO include categories of personal information that third-party services have provided to me.)

    Collection Sources

    Personal information I collect about you and/or your household comes from one or more of the following categories of sources:

    • You, whether directly through your communications with me, through other public disclosures you’ve made (e.g., social media posts), or through your use of this website
    • My employees, independent contractors, agents, and/or business partners (as applicable)
    • My vendors and/or service providers
    • Other visitors/users, whether directly or indirectly
    • Published and/or publicly available sources (e.g., books, articles, films, videos television programs, radio programs, podcasts, other audio recordings, social media, online databases, public records)
    • Photographers, videographers, illustrators, podcasters, and/or other media creators
    • Subject matter experts (e.g., historians, biographers), archivists, librarians, observers, eyewitnesses, and/or other knowledgeable parties
    • Clients or employers for whom I provide (or have provided) writing/editing/writing consulting services.

    Each of the above-listed categories of sources may provide me with information that falls into several or all of the categories of personal information listed in “Categories of Personal Information Collected” above.

    Collection Purposes

    Personal information I collect in the course of operating this website and/or my business is collected for one or more of the following purposes:

    • Functionality
    • Providing services
    • Completing a transaction
    • Fulfilling a contractual obligation
    • Legal compliance or audit
    • Research and publishing
    • Security, troubleshooting, quality control, and technical improvement
    • Recruitment/hiring or business partnerships
    • Advertising and other commercial purposes

    These purposes are defined in the “Categories of Information and Purposes for Collection” section above and have the same meanings here as in other sections of this Privacy Policy.

    Information Shared for Business or Commercial Purposes

    The CCPA defines sharing information “for business purposes” as disclosing personal information about individuals or households to third parties such as service providers or independent contractors for any of the following purposes:

    1. Auditing interactions with consumers
    2. Security
    3. Debugging/repair
    4. Certain short-term uses
    5. Performing services
    6. Internal research for tech development
    7. Quality and safety maintenance and verification.

    A disclosure of personal information is considered to be “for commercial purposes” if it serves to “advance a person’s commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction,” with the exception of “engaging in speech that state or federal courts have recognized as noncommercial speech, including political speech and journalism.”

    The CCPA’s definitions are so expansive that almost any disclosure or transmission of virtually any piece of information about any individual or household — even information that was already publicly available — could potentially be considered sharing of personal information for business or commercial purposes if it takes place in any business-related context. Furthermore, by the CCPA’s definitions, a disclosure for commercial purposes may be deemed “selling” personal information even if it does not constitute a sale as most people understand that term.

    I may disclose personal information I collect through and/or in connection with this website as described in the “Disclosure of Personally Identifying Information” section above. Also, as noted in that section and elsewhere in this Privacy Policy, I am a professional writer/editor and writing consultant, an occupation that routinely involves collecting and sharing personal information through and/or in connection with my writing/editing/writing consulting work and/or my other creative endeavors. Such information routinely encompasses most or all of the categories of personal information listed in “Categories of Personal Information Collected” above, although I don’t necessarily disclose every type of information that may fall within a particular category, nor do I necessarily disclose every piece of information I collect of a given type.

    Therefore, by the law’s definitions, I may share any or all of the categories of personal information I collect in the course of my business with any or all of the following:

    • My employees, independent contractors, agents, and/or business partners, if any.
    • Service providers and/or vendors I use in connection with this website, my other professional activities, and/or the management or operation of my business.
    • Any government agency, investigator, auditor, court, arbiter, or other official entity that requires or compels me to disclose personal information related to my business.
    • Any individual or entity with whom I communicate, consult, and/or collaborate in the process of researching and developing my content, writing/editing/writing consulting work, and/or other creative endeavors, and/or who communicates and/or consults with me regarding their content and/or other creative endeavors.
    • Editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services and/or to whom I may license, sell, or otherwise offer my content and/or other creative work.
    • Individuals or entities who help me promote and/or sell (or otherwise offer for commercial advantage) my content, writing/editing/writing consulting services, and/or other creative endeavors.
    • The public, through the publication, performance, broadcast, other dissemination, and/or public discussion of my content and/or other creative work; my sharing, discussing, and/or otherwise disseminating information that is already publicly available (e.g., in news articles, published works, and/or public records); and/or, as applicable, my publication of your comments, any images and/or other media you submit to me for publication and/or for use in or with my published work(s), and/or your other communications with me.

    As indicated in the “Disclosure of Personally Identifying Information” section above, I may also share personal information:

    • If that information otherwise is or was already publicly available (which is also noted in the list above, but bears repeating for emphasis — I strenuously reject and regard as unconstitutional any attempt to use the CCPA, its associated regulations, and/or similar privacy laws to restrict or limit my right to share, disclose, and/or discuss publicly available information, whether or not that information is offered through official government sources); and/or:
    • As I deem reasonable and appropriate (and to the extent permitted by applicable law/regulations) to enable me to make informed hiring, employment, and/or other business decisions regarding prospective employees, independent contractors, and/or business partners, and/or:
    • If I am legally obligated to do so (which would typically be to comply with a subpoena, search warrant, or other court order or administrative order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; or in connection with an audit, civil or criminal trial, or other official investigation or proceeding, but could also be in other circumstances that I cannot reasonably anticipate; I may also disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure is not expressly required, such as (without limitation) if I need to contact a tax agency to determine the correct sales/use tax rate for a particular address), and/or:
    • If I believe in good faith that such disclosure is reasonably necessary to protect property, rights, security, and/or safety, and/or:
    • If the person(s) to whom the information pertains have asked or authorized me to do so, and/or:
    • If the information is de-identified, anonymized, redacted, and/or aggregated such that it could not reasonably be used to identify specific person(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information), and/or:
    • As part of a business transfer (e.g., if I sell or transfer control of this website, enter bankruptcy, or pass my assets to my heirs and successors through my death or permanent incapacity).

    For what I hope are obvious reasons, it is not feasible for me to enumerate every possible entity or even category of entities to whom I might disclose information in such contexts, but any such disclosures could also involve any or all of the categories of personal information I collect in the course of my business.

    Much if not all of the personal information I collect or access may be processed by one or more third parties. For example (but without limitation):

    • For obvious reasons, it is impossible for me to call, text, email, or mail any individual or household without disclosing a certain amount of the recipient’s personal information to third parties. For example, making a phone call or sending a text message requires communicating the recipient’s telephone number to the applicable telephone companies or mobile carriers.
    • My web host, DreamHost®, owns the web servers on which this website runs as well as the mail servers for my associated email addresses. Therefore, DreamHost has full administrative access to most files, messages, and data processed by or stored on those servers. (This is in addition to any information I deliberately share with DreamHost for purposes such as troubleshooting or security.)
    • If in the course of my business I access any website or online resource that is not encrypted (i.e., via an HTTP rather than HTTPS connection), any data I access on that site or resource is visible to my Internet service provider and potentially also other third parties. Even if a website or online resource IS encrypted, my Internet service provider and other third parties (such as my DNS (domain name system) server and the website or resource’s certificate authority and embedded content providers) can generally see that I have connected to that site or resource, as can that site/resource’s certificate authority and embedded content providers, if any. If I use a proxy server or VPN, the VPN or proxy server can also see my connections and any unencrypted data I access.
    • Most files and data on my systems and devices are routinely scanned by one or more malware detection and/or other security tools, some of which may incorporate cloud-based scanning or analysis features, as explained in the “Security Scans” section of this Privacy Policy. (As noted in that section, some website security log data is also stored by Sucuri.)
    • Most payments I receive are processed by my bank(s) and the applicable payment processor, if any. Those payments and related tax documents must also be disclosed to several different tax agencies, and may be discussed with my tax preparer and/or other financial or legal professionals for administrative and compliance purposes.
    • Some information about my activities and/or data accessed on my systems and devices may be captured by the telemetry and/or other surveillance features of the software, apps, services, and devices I use, as explained in the “Information Captured by Service/Software/App/Device Telemetry” section of this Privacy Policy.

    Any or all of the above would likely be considered sharing information for business purposes by the CCPA’s definitions.

    Actions like the following could also be deemed sharing information “for business purposes” if I do so in some business-related context:

    • Looking up someone’s name in a search engine, library catalog, or other database.
    • Entering someone’s address into a mapping or navigation service to look up driving directions, or meeting with someone face to face while my phone’s geolocation services are turned on.
    • Using an automated translation service to translate text containing any names and/or other types of personal information.
    • Printing a document containing names and/or other types of personal information using a commercial print service or a printer controlled by a third party (e.g., printing a copy of a news article I read at the public library).
    • Performing a WHOIS lookup on an IP address from the website’s security or error logs, or allowing my firewall or other security software to perform such lookups.
    • Storing or transmitting any electronic file containing personal information using any cloud storage service or other online storage system.
    • Sharing links to a news article or online post that contains names and/or other types of personal information.
    • Describing an unusual or distinctive vehicle I saw on the street or in some other public setting.
    • Discussing the life and career of a well-known public figure with other writers, historians, or subject matter experts, whether or not the information discussed is already publicly available.
    • Publishing or submitting for publication any content that contains any personal information such as names, photographs, videos, or biographical information. (Even publishing a bibliography with authors’ names might count.)

    (These are just a few examples, not an exhaustive list.)

    Because I am a professional writer/editor and writing consultant, a variety of activities I routinely undertake in connection with my work could potentially be deemed “commercial” as defined by the CCPA, even if my actual content is deemed “noncommercial speech.” (For writers, photographers, and other creative professionals, the distinction between “commercial” activity and engaging in “noncommercial speech” as an integral part of one’s business is a complicated, muddy legal question mark.) Examples could include:

    • Licensing, selling, or otherwise offering my content or writing/editing/writing consulting services for money or other valuable consideration (including offering the content on this website, which is supported by advertising and user contributions) if that content incorporates or involves any names and/or other types of personal information about individuals or households.
    • Advertising, promoting, and/or marketing my content, or published works incorporating my content, if that content contains any names and/or other types of personal information, and/or if such information is referenced in the promotion or marketing.
    • Proposing or pitching any article, book, and/or other content containing names and/or other types of personal information to editors, agents, and/or publishers.
    • Sharing, exchanging, or discussing with clients, coauthors, and/or collaborators any personal information pertaining to articles, books, and/or other content I am creating and/or editing (and/or on which I am consulting) for commercial advantage.
    • Arranging for people featured and/or quoted in my content to receive complimentary copies of my published work or be notified of its publication or commercial availability.

    Even if disclosures like these are NOT deemed to be “for commercial purposes” (or “sales”) by the CCPA’s definitions, they are certainly “for business purposes.”

    From time to time, I may also facilitate other types of commercial transactions, whether directly or indirectly, such as:

    • By putting into contact (with their mutual consent) parties who have expressed interest in some transaction with one another. For example, if a visitor asks about licensing a photo or other content I have used that is owned by someone else, I might ask the applicable rights holder if they’re comfortable with my putting them in touch with the interested party.
    • By recommending that a professional contact or acquaintance be hired for a job, assignment, or commission, or chosen as a vendor or service provider.
    • By endorsing (explicitly or by implication) some author, artist, service provider, or vendor, and/or their products or services.

    By the CCPA’s definitions, disclosing any personal information in such circumstances might be deemed sharing information “for commercial purposes” whether or not any transaction is actually completed, whether or not I am a party to that transaction, and whether or not I receive any compensation or consideration in connection with it.

    As noted in “Advertising” above, I do not allow my advertisers (if any) to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of this website. (Advertisements that appear on portions of the site’s administrative dashboard, which is not normally accessible to visitors other than site administrators, may sometimes include embedded content and/or other information-gathering mechanisms.) However, if you click on advertising links or otherwise patronize my advertisers’ businesses, they may gather information about you as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control. This could conceivably be deemed to constitute sharing information “for commercial purposes” as the CCPA defines it, even if I do not directly provide any information about you to those advertisers.

    Additionally, some of my embedded content providers (described in the “Embedded Content” section above) and/or other service providers might use information collected about my visitors (and/or otherwise obtained from me) for commercial purposes. For example (but without limitation), if you accessed a YouTube video I shared, particularly if you were logged into a Google Account at the time, YouTube may have shown you advertisements and likely added your viewing history to the repository of data Google (which owns YouTube) has compiled about you, much of which is used for commercial purposes. Although I typically have no control over such use (other than completely discontinuing the use of embedded content or third-party services), this too could be deemed sharing information “for commercial purposes” as defined by the CCPA. (YouTube is a trademark of Google LLC; Google is a registered trademark of Google LLC.)

    Put simply, by the law’s extremely broad definitions, any or all of the categories of personal information I collect in the course of my business could be deemed to be shared for business and/or commercial purposes, whether or not I “sell” personal information in the way most people understand that term.

    You can learn more about the circumstances under which I may share or otherwise disclose personal information I collect through and/or in connection with this website in the “Disclosure of Personally Identifying Information” section above.

    If you have general questions about my data-sharing practices (i.e., questions about my typical practices rather than about the personal data of any specific individual or household), feel free to contact me using any of the methods described under “Controllers, Questions, and How to Reach Me” below. If you are a California resident and would like to exercise your rights under the California Consumer Privacy Act (CCPA), such as the right to access or delete your personal information or opt-out of the sale of your personal information, you (or your authorized agent) should visit the Do Not Sell My Personal Information page.

    Controllers, Questions, and How to Reach Me

    The controller for processing personal information is Aaron Severson, 11100 National Bl. #3, Los Angeles, CA 90064. If you have questions about this policy or my use of personal information, you can contact me via postal mail at that address or by sending an email to admin (at) aaronseverson (dot) com.

    If you are a California resident and would like to exercise your rights under the California Consumer Privacy Act (CCPA), such as the right to access or delete your personal information or opt-out of the sale of your personal information, you (or your authorized agent) can file a request using any of the methods specified on the Do Not Sell My Personal Information page.

    Privacy Policy Changes

    This Privacy Policy may be modified from time to time, at my sole discretion. Your continued use of and access to the site signifies your acceptance of any such modifications, the effective date of which is shown near the top of this page. If the policy has changed since your last visit, the website may prompt you to review and accept the changes.

    Recent Revisions

    Here is a list of recent changes to this Privacy Policy, in reverse order by date:

    • March 28, 2020: Added Nuance Communications, Inc. (present owner of the voice dialing software on the older of my BlackBerry devices) and the certificate management application Kleopatra (which is installed along with IDRIX’s Gpg4win suite) to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 27, 2020: In Disclosure of Personally Identifying Information, updated the bullet point regarding public responses to an inquiry or support request to also reference the Contact Forms section as well as the Other Inquiries, Messages, and Support Requests sections, for internal consistency. (I neglected to update this item when I added the Contact Forms section earlier this year.) Fixed some typographical errors in this revisions list. In License for This Policy, fixed the capitalization of Legalmattic.
    • March 23, 2020: Added the F-Droid repository and client app to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 22, 2020: Amended the revision made March 19 by changing the phrase “person or people to whom …” to “person(s) to whom …” (to better convey the intended meaning and specificity of that phrase). For the same reason, in the language about de-identified, anonymized, redacted, and/or aggregated information, changed “such that it could not reasonably be used to identify the specific person(s) to whom it pertains” to just “such that it could not reasonably be used to identify specific person(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information).” Fixed a minor formatting error. In Advertising, Disclosure of Personally Identifying Information, and CCPA Information Collection and Sharing Notice, clarified the language about advertisers (to specify that I don’t let advertisers use technologies like scripts or cookies to gather information about you through the publicly visible portions of this website) and fixed some inconsistent wording. Also in Disclosure of Personally Identifying Information, struck the automotive sites listed among the examples of third-party service providers (as they’re unlikely to be applicable in the context of this website). In CCPA Information Collection and Sharing Notice, changed “to protect property, rights, and/or safety” to “to protect property, rights, security, and/or safety” to align with the recent revision of the corresponding language in Disclosure of Personally Identifying Information.
    • March 21, 2020: Added some additional automotive sites to those listed among the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 20, 2020: In CCPA Information Collection and Sharing Notice, amended the biometric information item to also mention fingerprints. (I have no means of analyzing, identifying, or using fingerprint data, but the law and its associated regulations make no such distinction.) Added Intel to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 19, 2020: In Disclosure of Personally Identifying Information, changed “Where that information otherwise is or was already publicly available” to “If that information otherwise is or was already publicly available” (to avoid potential ambiguity about the intended meaning of the word “where” in this context). In the bullet point regarding de-identified or aggregated information, inserted the word “specific” before “person or people to whom it pertains.” In the CCPA Information Collection and Sharing Notice subsection regarding Information Shared for Business or Commercial Purposes, changed “where” to “if” (and changed “Where I deem it reasonable and appropriate …” to “As I deem reasonable and appropriate …”) in the third bullet-pointed list and made some wording adjustments for consistency with the Disclosure language.
    • March 18, 2020: In Advertising, changed “use scripts or cookies to collect information about you while you are on the publicly visible/publicly accessible portions …” to “use scripts, cookies, web beacons, or other such technologies to collect information about you while you are visiting the publicly visible/publicly accessible portions …”; changed “(and can typically tell that you came from this website)” to “(and may be able to tell that you came from this website)”; and changed “NOT normal site visitors” to “NOT other site visitors.” In Disclosure of Personally Identifying Information, added a paragraph about advertising (basically to reiterate what it says in Advertising above) and fixed a technical problem with one of the links.
    • March 17, 2020: In the CCPA Information Collection and Sharing Notice subsection regarding Information Shared for Business or Commercial Purposes, changed the phrase “the management of my business” to “the management or operation of my business” and added the phrase “for publication and/or for use in or with my published work(s)” after “any images and/or other media you submit to me” in the interests of clarity. Also added a bullet point to the list following that one regarding the sharing of information that is already publicly available. (This is already noted elsewhere in that section, but I want to make it absolutely clear; I am quite alarmed by the unconstitutional effort of the CCPA and its associated regulations to restrict free expression and freedom of the press in the name of “consumer privacy.”)
    • March 16, 2020: In Disclosure of Personally Identifying Information, changed some additional instances of the second person to the third person (e.g, changing “you” to “someone,” “they,” or “the person or people to whom the information pertains”), continuing the update begun on March 15. In Embedded Content, changed the phrase “may include, but is not limited to …” to “may include, but is not necessarily limited to …”; changed “From time to time …” to “Not all of the above embedded content is necessarily used on the site at any given time, and from time to time …”; and added the phrase (“but without limitation”) after “for example” for greater clarity. Corrected some typographical errors in this revisions list.
    • March 15, 2020: In the CCPA Information Collection and Sharing Notice, amended the example under “Additional categories of personal information” regarding medical information to change “(e.g., health conditions, treatments or therapies received)” to “(e.g., health conditions and/or tests, treatments, and/or therapies received).” Also amended “and most of the insurance-related data I do receive is in aggregated form” to “and much of what insurance-related data I do collect is in aggregated form.” In Disclosure of Personally Identifying Information, amended “property, rights, and/or safety” to “property, rights, security, and/or safety” (to clarify the intended meaning of that phrase; obviously, “security” may encompass various threats and/or potential threats to property, rights, or safety). Also in that section, changed several instances of the second person to the third person (e.g, changing “you” to “someone,” “they,” or “the person or people to whom the information pertains”) to avoid potential confusion and amended the bullet point on historical, journalistic, and other nonfiction accounts to restore the word “accounts” (which had been accidentally deleted), change “associated bibliographies and/or metadata” to “associated illustrations, bibliographies, and/or metadata,” and change “which may include images and/or other media such as …” to “and may include images and/or other media such as, again without limitation …” Made a related change (adding “without limitation” and “again without limitation”) to the corresponding paragraph of Other Information I Receive from Third-Party Sources for consistency. In Information Captured by Service/Software/App/Device Telemetry, changed the phrase “about me and/or other individuals” to “about me and/or other individuals and/or households.” Removed some extra spaces.
    • March 14, 2020: In the CCPA Information Collection and Sharing Notice, amended the first example under identifiers to also specify nicknames. (This is essentially a clarification rather than an addition, as I would consider nicknames to be a type of alias/pseudonym.) In Disclosure of Personally Identifying Information, added automotive history and information sites (such as, without limitation, Allpar, AROnline, AutoZine, CarDomain, Curbside Classic, Dean’s Garage, Hemmings, Hooniverse, Indie Auto, Mazda 3 Forums, Mazdas247, The Truth About Cars, and TrueDelta) and the Opera browser (and/or its integral VPN/proxy service) to the examples of third-party service providers. Clarified an earlier item on this revisions list.
    • March 13, 2020: In the CCPA Information Collection and Sharing Notice, updated the geolocation data bullet to change the word “data” to “information” and edited the examples to illustrate that geolocation information can include movements as well as location (as is already noted in the Definitions).
    • March 12, 2020: In Disclosure of Personally Identifying Information, updated the paragraph following the bullet-pointed list to clarify that that language also applies to content I edit and/or write, and/or on which I consult, as part of my professional work (as well as work that I write and/or publish myself in that context). (I hope that this was previously implicit, but I don’t want there to be any confusion on this point.) In the bullet points, changed “journalistic or historical accounts” to “journalistic, historical, or other nonfiction accounts” (to limit hairsplitting about what is and isn’t “journalism”) and changed “in the course of researching and writing same” to “in the course of researching, writing, and/or editing same.” Also made some related clarifications in Other Information I Receive from Third-Party Sources.
    • March 11, 2020: Some wording adjustments: In Other Inquiries, Messages, and Support Requests, changed “the message itself might also be publicly visible” to “the messages themselves might also be publicly visible.” In the CCPA Information Collection and Sharing Notice, clarified the examples under commercial information by changing “property and/or services” to “personal property, products, goods, and/or services” (which is what that bullet point was always intended to encompass; the change is simply to make that clearer), fix a missing serial comma in that section, and change “purchasing or consuming history or tendencies” to “purchasing or consuming history and/or tendencies” (since one tends to suggest the other).
    • March 10, 2020: In Disclosure of Personally Identifying Information section, changed “repair, maintenance, and/or service providers” to “repair, maintenance, and/or technical service providers” for clarity.
    • March 9, 2020: In Disclosure of Personally Identifying Information, added Dell, LG, and Logitech to the examples of third-party service providers. In that same list, updated the description of WordPress.org to note that their privacy policy also applies to my use of their website and/or support forums to help me manage and troubleshoot this site. In the CCPA Information Collection and Sharing Notice, changed instances of the phrase “names or other personal information” to “names and/or other types of personal information” for internal consistency (and so as not to cause confusion with the usage outlined in Definitions). Also added airlines, bus or rail services, hotels, motels, other lodging providers, travel agencies, travel bureaus, travel brokers, and the developers of this website’s theme(s), plugins, and/or add-ons to the examples of third-party service providers under Disclosure of Personally Identifying Information (noting that my communications with such developers are typically but not always via the WordPress forums). Fixed a typo in this list.
    • March 8, 2020: In the CCPA Information Collection and Sharing Notice, struck the word “larger” in the phrase “and in the larger context of my business …” (since it might be confusing in this context).
    • March 7, 2020: In Disclosure of Personally Identifying Information, amended the bullet point on journalistic and/or historical accounts to clarify that, where applicable, information may be shared as part of the bibliographies and/or metadata of such content as well as within the content itself. Adjusted the formatting of that bullet point for greater readability.
    • March 6, 2020: In Disclosure of Personally Identifying Information, added Wikimedia Foundation, Wikipedia, and other Wikimedia projects and services to the examples of third-party service providers and changed “libraries, archives, and/or databases” to “museums, libraries, archives, and/or databases.” Removed some extra spaces.
    • March 4, 2020: In the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes, changed “for whom I provide writing/editing/writing consulting services” to “for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services.” (I believe this was implicit before, but it seemed worth spelling it out.) In Disclosure of Personally Identifying Information, updated the description of messaging services/apps/clients to strike the phrase “if I communicate with you through such means” and move that example to an earlier point in the same bullet point. Also changed the phrase “which I may use if I need to correspond with you via postal mail and/or send or receive packages” to “for the purposes of sending and/or receiving correspondence and/or packages.” Added other VoIP, voice chat, teleconferencing, and/or video chat services to the examples of third-party service providers. Further updated the CCPA Information Collection and Sharing Notice to clarify that the categories of information collected are NOT necessarily only from California residents (since I often have no reasonable way of knowing whether someone is a California resident or not) and made some minor textual adjustments for clarity.
    • March 3, 2020: In Definitions, amended the geolocation definition to more closely align with the statutory definition, broaden the examples presented, and note that geolocation information can also refer to movements as well as location. In CCPA Information Collection and Sharing Notice, further adjusted the wording, order, and examples of the listed categories to better align with the categories defined by the applicable statutes. Also added language explaining that some categories may overlap, that the list includes some categories the law does not specifically describe, and that the examples are intended to be representative but not exhaustive. Throughout this policy, changed several references to “local/offline storage” to “local and/or offline storage.” Fixed a typo in this revisions list.
    • March 2, 2020: In License for This Policy, added a link to Automattic’s Legalmattic repository and fixed an HTML issue with one of the existing links. In Definitions, updated the definition of embedded content to change “such as scripts, fonts, or video players” to “such as (without limitation) images, scripts, fonts, or video players”; updated the cookies definition to include definitions of first-party and third-party cookies and tracking cookies; and added a definition of pixel tags (in the cookies bullet point). In Embedded Content, changed “In certain cases, embedded content providers can also detect …” to “In some cases, embedded content providers can also detect other information, such as (without limitation) …” In Additional Information About Data Retention, added language about preservation requests from government and/or law enforcement agencies. In Disclosure of Personally Identifying Information, added storage facilities, information/document management services, movers, moving companies, and/or relocation services to the examples of third-party service providers. Removed some extra spaces.
    • February 29, 2020: In Disclosure of Personally Identifying Information, changed the phrase “either provided by you or obtained from third parties” to “provided by you and/or obtained from third parties” for greater consistency of wording and updated the descriptions of some of the open-source and freeware tools listed among the examples of third-party service providers to better reflect who created/develops those tools (also reordering some of them to put them in mostly alphabetical order by developer). Added the GIMP Batch Image Manipulation Plugin by Alessandro Francesconi to the listed examples. Fixed a punctuation error in that section. In the last paragraph of the CCPA Information Collection and Sharing Notice section, changed the phrase “using one of the methods shown under …” to “using any of the methods described under …” In the Controllers, Questions, and How to Reach Me section, adjusted the language about CCPA requests for greater consistency with the preceding sections. (There’s no substantive change, just an effort to make the wording more internally consistent.)li>
    • February 28, 2020: Made some adjustments to the wording of the final paragraph in the Disclosure of Personally Identifying Information section regarding security measures, borrowing some additional language from the Automattic Privacy Policy as of December 31, 2019. (See the “License for This Policy” section toward the top of this page for links to that policy and its license.) Updated the Definitions to note that this policy treats “gather” and “collect” synonymously and changed some instances of “gather” to “collect” throughout. (This change is to hopefully avoid any confusion about the wording of certain legally required disclosures.) In Disclosure of Personally Identifying Information, updated the link to the BlackBerry Mobile Privacy Policy; fixed a punctuation error in that section; changed “messaging services, apps, and/or clients such as …” to “messaging services, apps, and/or clients such as (without limitation) …”; and added repair, maintenance, and/or service providers to the listed examples of independent contractors and third-party service providers Amended the data retention bullet point under Contact Forms to clarify that retained form data is typically moved to offline/local storage after receipt and I may sometimes redact portions that I no longer need. In the last paragraph of the Additional Information About Data Retention section, changed “the website’s online database(s) and mail servers, transferring the data to offline storage” to “the website’s online database(s) and/or mail servers, transferring the data to local/offline storage.” Updated Information I Receive from Third Parties for Security Purposes to include the Play Protect feature of Google Play among the listed examples of security data sources.
    • February 27, 2020: Amended the CCPA Information Collection and Sharing Notice section to add other types of identification, account, and/or membership numbers/identifiers to the examples of identifiers collected; add information about membership in and/or affiliation with other types of groups and/or clubs to the examples of other types of personal information collected; amend several of the examples under commercial information to include considering purchasing or using as well as desiring/intending to do so (making various minor wording adjustments to fit that into the existing language); change “Audio, electronic, visual, or similar information” to “Audio, electronic, visual, olfactory, or similar information”; and change “Skills/aptitudes” to “Skills, aptitudes, abilities, and/or intelligence.” (These changes aren’t new additions so much as an effort to better describe the types of information I have collected/may collect.)
    • February 26, 2020: In the CCPA Information Collection and Sharing Notice section, corrected an erroneous reference to the CCPA as the “California Consumer Protection Act” rather than the California Consumer Privacy Act.
    • February 25, 2020: Updated the preamble to add links to the privacy policies of my other websites. In Other Information You Provide to Me, changed “through or in connection with this website (and/or pertaining to my work and/or other creative endeavors)” to “through and/or pertaining to this website.” In Disclosure of Personally Identifying Information, added a bullet point about publicly acknowledging and/or thanking you for your assistance. Corrected an erroneous use of “us” rather than “me” in that section. Made a number of minor wording adjustments to Categories of Information and Purposes for Collection; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; Data Related to Recruitment/Hiring or Business Partnerships; Other Information We Receive from Third Parties; Additional Information About Data Retention; and Disclosure of Personally Identifying Information to replace some general references to my “business” to relate more specifically to this website (which is the intended scope of this policy). In Categories of Information and Purposes for Collection, also changed “Providing a service” to “Providing services” to match the wording used elsewhere in this policy. (I somehow missed that in the earlier revision.) In Disclosure of Personally Identifying Information, added notaries to the examples of third-party service providers. In Additional Information About Data Retention, changed “correspond regarding this website or related matters” to “correspond regarding this website and/or related matters” and changed “Any names and/or company/domain names I’ve entered into my spell-checking dictionaries” to “Names and/or company/domain names I’ve entered into my spell-checking dictionaries.” In that section and Other Information I Receive from Third-Party Sources, changed “… that I deem unusable and/or elect not to use” to “… that I deem unusable, elect not to use, and/or no longer need.”
    • February 24, 2020: In the Contact Forms and Other Information I Receive from Third-Party Sources sections, added links to the Additional Information About Data Retention section. Updated the references to that section in the Other Inquiries, Messages, and Support Requests; Other Information You Provide to Me; and Financial Transactions Policy sections for consistency of wording (also adding a link to the data retention bullet point at the beginning of the latter section). Clarified the data retention language in Data in Submitted Images and Data Related to Recruitment/Hiring or Business Partnerships. Further amended Other Information I Receive from Third-Party Sources to add some provisos to the data retention bullet point at the beginning; change “I can’t retain or remember every fact I see, read, or hear, but I do typically retain my notes” to “I can’t and don’t retain or remember every fact I see, read, or hear, but I do typically retain my notes in some form or other”; and note that I may delete or discard certain research notes, materials, and/or information that I deem unusable and/or elect not to use. Added similar language (also including drafts) to the first bullet point in Additional Information About Data Retention. Rearranged some of the text in the latter section to put it in a more logical order and made some other minor clarifications and additions. In Information I Receive from Third Parties for Security Purposes, clarified the reference to EasyList to note that it provides filter lists I may use with browser extensions (rather than being a browser extension in itself). Also added Hosh Sadiq’s filter list to that section. In the latter section, slightly amended the language regarding Epic Privacy Browser to change “through my use of …” to “through and/or in connection with my use of …” and changed “if you are or were involved with the subject(s) of content I write and/or edit” to “if you are and/or were involved with the subject(s) of such content.”
    • February 23, 2020: Streamlined and clarified the first paragraph of the Other Inquiries, Messages, and Support Requests section. Added a bullet point to Additional Information About Data Retention regarding postal mail and physical documents and amended the bullet point about email to include “mass mailings” as well as “obvious spam” among the types of email messages I promptly delete.
    • February 22, 2020: In Financial Transactions Policy and Disclosure of Personally Identifying Information, amended references to common carriers and/or shipping agencies to specify postal service(s), common carrier(s), and/or shipping agencies (singular or plural). (I had previously assumed that government-operated postal services were considered a type of common carrier, but I recently learned that that isn’t technically accurate in at least some jurisdictions; in any case, that language was intended to encompass both publicly owned postal services and other types of shipping/delivery services!) Updated the wording of the policy’s descriptions of some Google services, including noting that Google is a registered trademark of Google LLC. Also adjusted the descriptions of Yahoo! services. Fixed a formatting error. Added reCAPTCHA to the examples of Google services and added language about that service to Information Captured by Service/Software/App/Device Telemetry.
    • February 20, 2020: In the Contact and Image Authorization Forms section, clarified Data Retention slightly to note that I must retain information from California Privacy Request Form submissions.
    • February 19, 2020: In the Financial Transactions Policy, updated the Google Voice notice to clarify that notifications of missed calls to clarify that number may also be forwarded via email; change “… texts, or other messages” to “… texts, and/or other messages”; and clarify that calls and/or messages are subject to this Privacy Policy as well as the listed Google policies. Simplified and clarified the Data Retention subsection, adding a link to the Additional Information About Data Retention section of this policy. Updated Other Inquiries, Messages, and Support Requests and Additional Information About Data Retention, moving the information about data retention from the former to the latter section and making various amendments and clarifications to that information. In the Data Retention bullet point at the beginning of the Comments section, changed
      “… or comments on …” to “… and/or comments on …” In the Data Retention bullet point at the beginning of the Contact Forms section, changed “…” or any submission …” to “… and/or any submission … and added “… for compliance purposes” after “California Privacy Request Form submissions must be retained for at least 24 months.” Amended Data in Submitted Images to note that I may also elect to remove metadata from images or media files and/or may remove it incidentally while preparing the images/files for use. In Other Information You Provide to me, changed “… through or in connection with this website” to “… through or in connection with this website (and/or pertaining to my work and/or other creative endeavors).”
    • February 18, 2020: Made further amendments to the Financial Transactions Policy, principally to indicate that some provisions apply to payments I make as well as ones I receive and make a number of minor clarifications. Also changed “… such as (again without limitation) Form 1099-MISC” to “… such as (again without limitation) Form 1099-MISC and/or Form W-9.” In Disclosure of Personally Identifying Information, changed the phrase “(which process — and may sometimes audit or otherwise investigate — site-related financial transactions)” to “(which process — and may sometimes audit or otherwise investigate — my financial transactions).” Fixed some errors in the Table of Contents, including a reference to a section that no longer exists and an incorrectly named (and ordered) reference to the Data Retention section, renaming the latter “Additional Information About Data Retention” to avoid confusion. In Other Information You Supply to Me, changed “My use of personal information …” to “My use and retention of personal information …” and added a link to the Additional Information About Data Retention section. Removed some extra spaces. Fixed an error in this revision list (a previously listed change that wasn’t actually implemented due to some mishap). In Additional Information About Data Retention, changed “any financial transactions or legal agreements” to “any financial transactions and/or legal agreements”; changed “… which includes records of purchases or payments I make in connection with the website” to “… which includes (but is not limited to) including (but not limited to) records of purchases or payments I make or receive in connection with the website and/or my business”; and added an extra sentence to that bullet point: “I must also retain my tax records for bookkeeping and compliance purposes.”
    • February 17, 2020: Added a new Financial Transactions Policy subsection, following Data Related to Recruitment/Hiring or Business Partnerships, and a corresponding Transaction-Related Information I Receive from Third Parties section. Amended the Embedded Content bullet point about PayPal to refer to the Financial Transactions Policy for information related to PayPal transactions with me. Amended the Information You Provide to Me section to also refer to the Financial Transactions Policy. Amended the bullet point in Disclosure of Personally Identifying Information about dispute investigations involving third-party service to refer back to the Financial Transactions Policy and add some additional explanatory text. In Disclosure of Personally Identifying Information, changed “… for me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, or business partners” to “… to enable me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, and/or business partners.” Amended the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes to better align text on information-sharing with the provisions in the Disclosure of Personally Identifying Information section. Made various minor clarifications throughout the CCPA Information Collection and Sharing Notice.
    • February 16, 2020: Amended the CCPA Information Collection and Sharing Notice to add “Information about individuals’ professional reputations” to the examples of employment-related information and “Information about individuals’ public and/or personal reputations” to the examples of other types of personal information (to spell out more explicitly what was hopefully already indicated by the other examples presented).
    • February 15, 2020: Amended the text throughout to clarify that I am a professional writer/editor and writing consultant (as well as a writer/editor). (This doesn’t represent any change in my actual business, just an effort to better describe it here.) To that same end, in the CCPA Information Collection and Sharing Notice, amended the Information Shared for Business or Commercial Purposes subsection to change “offering my articles or other content” to “offering my content or writing/editing/writing consulting services”; change “if that content incorporates any names or other personal information” to “if that content incorporates or involves any names or other personal information”; change “other content I am creating and/or editing for commercial advantage” to “other content I am creating and/or editing (and/or on which I am consulting) for commercial advantage.” In Other Information I Receive from Third Parties, changed “articles or other content I write and/or edit” to “articles and/or other content I write and/or edit (and/or on which I consult)” and changed “including people involved with …” to “including information about people involved with …” Added a bullet point to Disclosure of Personally Identifying Information about information incorporated into journalistic and/or historical content I publish or otherwise disseminate. Fixed a number of typographical errors. In Consents and Agreements, changed “site-related dispute or legal action” to “related dispute or legal action.” In Other Inquiries, Messages, and Support Requests, changed “my phone” to “my phone(s)” for internal consistency. In the examples of third-party service providers under Disclosure of Personally Identifying Information, changed “… and/or purchase site-related materials” to “… and/or purchase materials related to my research and/or my business.” Added registered trademark symbol to Flickr; removed it because it’s unclear if that’s correct or not.
    • February 12, 2020: Made some minor adjustments to the wording of Reports and Aggregated Statistics. Updated the text throughout to change the name of the CCPA Request Form to the California Privacy Request Form to reduce the risk of confusion. Updated Controllers, Questions, and How to Reach Me to add another link to the Do Not Sell My Personal Information page. In the Your California Privacy Rights section, added q attributes to longer quotes; subsequently removed them to avoid browser compatibility issues. In CCPA Information Collection and Sharing Notice, amended the wording of the Categories of Personal Information Collected subsection to change “… and/or similar records for writers, artists, designers, performers, developers, engineers, scientists, and/or other professionals” to “… and/or other comparable information about writers, artists, designers, performers, developers, engineers, scientists, and/or other professionals” and change “e.g., if an individual has been accused of or charged with a crime …” to “e.g., regarding an individual having been accused of, charged with, and/or convicted of a crime, and/or involved in a civil lawsuit …” (As with most of the many wording adjustments and minor amendments I’ve made to this policy in recent months, this change doesn’t represent a new type of collection, but rather my ongoing struggle to describe and categorize the scope of my normal business practices, particularly as regards my research!) Made assorted minor clarifications to this revision list. Further amended the CCPA Information Collection and Sharing Notice to note that parents or legal guardians can submit requests on behalf of their minor children through the Do Not Sell My Personal Information page; to fix some discrepancies in the contact instructions; and to change “Applicable law and/or regulations may stipulate the maximum time allowed for acknowledging and/or responding to your request” to “Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to your request.” Clarified some potentially confusing language in Your Rights (GDPR and State Laws).
    • February 11, 2020: In Other Information I Receive from Third-Party Sources, changed “… will give you a sense of what kinds of personal information I collect” to “… will give you a sense of what kinds of personal information I may collect.” In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to change “Information about other property or services …” to “Information about property and/or services …”; change “sports and/or other pastimes” to “sports, games, and/or other pastimes”; change “Publishing histories/bibliographies/discographies/filmographies/portfolios/development credits/patent records…” to “Publishing histories/bibliographies/discographies/filmographies/performance histories/broadcast histories/portfolios/development credits/patent records and/or similar records …”; and change “… scientists, and other professionals” to “… scientists, and/or other professionals.” In Disclosure of Personally Identifying Information, added Abine Inc.’s Blur (formerly known as DoNotTrackMe) and Cliqz International GmbH’s Ghostery® browser extension to the examples of third-party service providers. Updated Contact Forms to note that while CCPA Request Forms will not be published, I may release de-identified and/or aggregated information or statistics about requests received. (Also fixed some punctuation issues and changed some instances of “or” to “and/or.”) Added a new section on Reports and Aggregated Statistics. Made some further updates to Contact Forms, including adding additional language regarding CCPA Request Forms.
    • February 10, 2020: Fixed an error in an older item on this revision list. In Categories of Information and Purposes for Collection, renamed “Providing a service” to “Providing services” (also making this change globally) and added a new category: “Recruitment/hiring or business partnerships.” Added that category to the listed purposes in the Consents and Agreements; Comments; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; Information I Receive from Third Parties for Security Purposes; and Other Information I Receive from Third-Party Sources sections. Added “advertising and other commercial purposes” to the purposes listed for Comments and Personal Information. (These changes don’t represent a change in how I use information so much as an effort to more accurately categorize it.) Added a new subsection, Data Related to Recruitment/Hiring or Professional Partnerships, and added corresponding language to Other Information I Receive from Third-Party Sources, Information I Receive from Third Parties for Security Purposes, and Disclosure of Personally Identifying Information. In Disclosure of Personally Identifying Information, added employment agencies and background check services to the examples of third-party service providers. In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to add sports and/or other pastimes to the existing bullet point about opinions and tastes in the examples of commercial information; add grades and/or scores on standardized or aptitude/skill tests to the examples of education information; add professional certification or licensure, skills/aptitudes, professional references, and resumes to the examples of professional or employment-related information (combining “resumes/CVs” into a new bullet point); add credit ratings and past foreclosures to the examples of other financial information; and change “… of a public figure” to “… of public figures.” In Definitions, amended the definition of “referring site” to change the word “Whenever” to “When” and change the phrase “although the actual name of the HTTP header is …” to “although the actual name of the HTTP header that conveys this information is …” Amended California Privacy and Data Protection Rights to more clearly state that authorized agents can also find information on filing a request on the Do Not Sell My Personal Information page and to add a hyphen to “opt-out” to align with the usage in the applicable regulations. Added a new Contact Forms section. Updated Data Retention to add that I must retain CCPA requests for at least 24 months for compliance purposes and note that how long I reasonably need to retain other types of information may be dictated by applicable law/regulations and/or other legal obligations. Amended Advertising and the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes to note that if you click on advertising links, the advertiser may be able to tell that you came from this website. In CCPA Information Collection and Sharing Notice, made some further clarifications to the Collection Sources and Information Shared for Business or Commercial Purposes subsections.
    • February 8, 2020: In the CCPA Information Collection and Sharing Notice section, clarified the Categories of Personal Information Collected subsection by changing “These categories include information …” to “These categories also include information …” In Categories of Information and Purposes for Collection, amended the description of “Functionality” to strike the word “listed” and amended the description of “Providing a service” to change “… to provide some service or perform some action you ask (or have asked) me to perform” to “… to perform some action you have asked me to perform, provide my services, and/or conduct the normal activities involved in running my business and offering my services.” In that same section, also reworded the description of “Research and publishing” to change “I use the information as part of the research involved in my writing and editing work and/or other creative endeavors, and/or to help me decide what content to create and/or publish on this website in the future” to “I use the information as part of the research involved in creating and publishing my content, my other writing/editing work, and/or other creative endeavors, and/or to help me decide what content and/or other work to create and/or publish in the future”; reworded the description of “Security, troubleshooting, quality control, and technical improvement” to change “… to help me protect this website, its data, its users, and me from malicious activity; troubleshoot and resolve technical problems; and/or improve the quality and functionality of the site” to “… to help me protect this website, its users, my data, my systems/devices, my business, and/or me from malicious activity; troubleshoot and resolve technical problems; and/or maintain and/or improve the quality and functionality of the site and/or my services”; and reworded the description of “Advertising and other commercial purposes” to change “… monetize the site and its content in other ways” to “… monetize the site and/or my content in other ways.” Added “fulfilling a contractual obligation” to the listed purposes for Certificate Authority Checks; Online Tracking (along with some additional explanatory text); Security Scans (along with some additional explanatory text); Consents and Agreements; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; and Other Information I Receive from Third-Party Sources. Added “functionality,” “fulfilling a contractual obligation,” and “legal compliance or audit” to the listed purposes for Website Server, Error, and Security Logs (along with some additional explanatory text). Added “fulfilling a contractual obligation” and “legal compliance or audit” to the listed purposes for Information I Collect from Third Parties for Security Purposes (along with some additional explanatory text). Fixed a typographical error in Embedded Content.
    • February 7, 2020: In Browser Tests, amended the purposes to also include “security, troubleshooting, quality control, and technical improvement.” In Embedded Content, amended the categories of information gathered to change “other browser settings/configuration details*” to “other browser settings/configuration details/add-ons*” and added “the presence of other cookies*” to better align with the actual text of that section. Amended the Advertising section and the CCPA Information Collection and Sharing Notice section’s subsection on Information Shared for Business or Commercial Purposes to clarify that some ads that appear on the site’s administrative dashboard (not normally visible or accessible to visitors other than logged-in site administrators) may include embedded content and/or other information-gathering mechanisms. Amended the CCPA Information Collection and Sharing Notice subsection on Categories of Personal Information Collected to note that while I do not knowingly collect personal information from minor children through this website, I may sometimes do so as part of my other writing/editing work.
    • February 6, 2020: In Disclosure of Personally Identifying information, updated the examples of third-party service providers to include insurers (and/or, where applicable, their respective affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries).
    • February 4, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include other applicable telephony and/or email providers and note that Bitdefender may also use various subprocessors such as (without limitation) Akamai Technologies, Inc., and Amazon Web Services. Restored the Age Verification section, which had been inadvertently deleted, made some minor updates to its language and formatting, and added category information like that of the other sections.
    • February 3, 2020: In Other Inquiries, Messages, and Support requests, further clarified the language regarding the use of third-party webmail services. Added links throughout to the Google Voice Privacy Disclosure and clarified some references to Google Voice. Fixed some punctuation issues. Corrected the spelling of FeedBurner.
    • February 2, 2020: Throughout, replaced most instances of the phrases “images or other media” and “photos and/or other media” with “images and/or other media” for greater internal consistency. In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to include information about awards, honors, other recognition, prizes, and/or winnings in games of chance or skill. Fixed a typo in this list. Tidied up the language recently added to Other Inquiries, Messages, and Support Requests.
    • February 1, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to change “Political affiliations and/or activity” to “Political affiliations, opinions, and/or activity.” In Definitions, clarified the definition of “Images or other media.” Updated Security Scans to note that Google services may also scan messages for spam or malicious code. Updated Other Inquiries, Messages, and Support Requests to describe Google Voice among the examples of communication methods, fix a formatting problem, note that Google Voice notifications and/or transcripts are among the types of messages that may be sent via Gmail, update the trademark notice, and change “personal Gmail account” to “personal Gmail accounts.” Updated Information I Receive from Third Parties for Security Purposes to include Google among the listed information sources. In Disclosure of Personally Identifying Information, added Google Voice to the examples of Google Services and fixed a typographical error in that section.
    • January 31, 2020: In Disclosure of Personally Identifying Information, added Qualcomm to the examples of third-party service providers.
    • January 30, 2020: Added Adblock Plus and EasyList to the examples of information sources under Information I Receive from Third Parties for Security Purposes and the examples of third-party service providers under Disclosure of Personally Identifying Information. Corrected a couple of inadvertent uses of “our” rather than “my.”
    • January 29, 2020: In Disclosure of Personally Identifying Information, amended the description of Epic Privacy Browser to update the name of their associated search engine (now called EpicSearch.in) and note that their default search engine is now Yahoo.
    • January 28, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected to change “such as photographs, videos, audio recordings, and/or other media …” to “such as photographs, illustrations and/or other images, videos, audio recordings, and/or other media …” Also changed “… which are often revealed in IP address and/or user agent information)” to “… which are often revealed in IP addresses, user agent information, email signatures, and/or metadata).” Added an additional example under commercial information regarding stocks and/or securities ownership and/or purchases/transfers. Amended the Collection Sources subsection to also include podcasters and/or other media creators.
    • January 26, 2020: In Definitions, corrected the spelling of “referer” [sic] and clarified that it is (mis)spelled that way on purpose.
    • January 24, 2020: In CCPA Information Collection and Sharing Notice, further amended the Information Shared for Business or Commercial Purposes subsection to change the bullet point that read “Any individual or entity with whom I communicate and/or collaborate in the process of researching and developing my content, writing/editing work, and/or other creative endeavors” to “Any individual or entity with whom I communicate, consult, and/or collaborate in the process of researching and developing my content, writing/editing work, and/or other creative endeavors, and/or who communicates and/or consults with me regarding their content and/or other creative endeavors.” In Disclosure of Personally Identifying Information, added “taxi and/or ride-share services” to the examples of third-party service providers. In that list, separated Microsoft into its own bullet point and fixed a typographical error.
    • January 23, 2020: In Information I Receive from Third Parties for Security Purposes, changed “via the Mozilla Firefox browser” to “via Mozilla Firefox and/or other web browsers” and also added Google Safe Browsing (which is used by Mozilla Firefox, various other web browsers, and some other online services) to the examples of information sources. Fixed a typo in that list. Added InformAction’s NoScript extension to that section and to the examples of third-party service providers listed under Disclosure of Personally Identifying Information. Also added the CAD Team (maker of the Cookie AutoDelete browser extension), Nodetics (maker of the Cookiebro – Cookie Manager extension), and Thomas Rientjes’ Decentraleyes to the latter list.
    • January 22, 2020: In CCPA Information Collection and Sharing Notice, further amended the Information Shared for Business or Commercial Purposes subsection to change “… sharing and/or discussion of information that is already publicly available” to “… sharing, discussing, and/or otherwise disseminating information that is already publicly available.” Added Font Awesome to the examples of Embedded Content providers and third-party service providers in Disclosure of Personally Identifying Information.
    • January 21, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection’s examples of commercial information collected to include information about art, books, other publications, films, videos, and/or other media an individual or household has read, watched, or otherwise consumed (or desires/intends to consume) and opinions, critical judgments, tastes, and/or preferences, expressed or implied, regarding cars and/or other vehicles; art, books, other publications, films, videos, and/or other media; and/or other products, goods, or services. Also amended the item beginning “Information about other property or services …” to append “and/or desires/intends to purchase or use,” slightly rearranging the wording to better accommodate the additional clause. Amended the item under professional or employment-related information regarding authorship and rights holder information to change “for books, films, software, photographs, other published works or designs, and/or for other intellectual property …” to “for artwork, books, films, software, photographs, other media, other published works or designs, and/or other intellectual property …” Amended the Information Shared for Business or Commercial Purposes subsection to reiterate that I may also share and/or discuss information that is already publicly available (e.g., in news articles, published works, and/or public records). Also changed “the general public” to just “the public.”
    • January 20, 2020: In CCPA Information Collection and Sharing Notice, amended the Collection Sources list to also include employees, independent contractors, agents, business partners, photographers, videographers, illustrators, observers, eyewitnesses, and clients or employers for whom I provide (or have provided) writing/editing services. Made some minor adjustments to the wording and punctuation of other items on that list. Amended the Information Shared for Business or Commercial Purposes subsection to change “Editors, publishers, clients, and/or other third parties …” to “Editors, publishers, clients, employers, and/or other third parties …”
    • January 18, 2020: Updated the examples of third-party service providers in Disclosure of Personally Identifying Information and revised the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice to include service providers and other entities who help me promote and/or sell (or otherwise offer for commercial advantage) my content, other creative endeavors, and/or services (e.g., literary or talent agents or agencies, publicists, promoters, public relations firms, ad agencies, brokers, and the like).
    • January 17, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include DataViz®, Inc. (in connection with the Documents to Go BlackBerry® app), Tracker Software Products (in connection with their PDF creation and editing software), and a variety of open-source and freeware programs/apps. Fixed some inconsistent punctuation in that section and changed “and bookstores …” to “and/or bookstores …” Fixed a typo in this list.
    • January 16, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include Librera Reader and Notepad++. Rearranged several items in that bullet point to put them in alphabetical order and made some minor text edits for consistency of presentation.
    • January 15, 2020: Amended California Privacy and Data Protection Rights to note that, except as otherwise required by law, privacy-related requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative and change “You may authorize an agent …” to “You may designate an authorized agent …”
    • January 14, 2020: Updated Information I Receive from Third Parties for Security Purposes to include some additional information sources.
    • January 13, 2020: In California Privacy and Data Protection Rights: Categories of Personal Information Collected, changed “photographs, videos, audio recordings, and other media …” to “photographs, videos, audio recordings, and/or other media …” In Comments, clarified some of the language about data retention and the deletion of comments and fixed some clunky grammar in the language about the information that becomes publicly visible when a comment is published. Rearranged some text in that section for better flow.
    • January 12, 2020: In California Privacy and Data Protection Rights, changed “The purposes for which I shared or disclosed the information” to “The categories of business and/or commercial purposes for which I collected and used the information”; changed “The categories of such third parties” to “The categories of third parties with whom personal information was shared”; rearranged the order of those bullet points; and struck the word “unredacted” from the phrase “… that exposes your unredacted personal information …”
    • January 10, 2020: In Disclosure of Personally Identifying Information, amended the language about embedded content providers’ possible use or disclosure of information to also include other service providers and/or vendors. Amended Website Server, Error, and Security Logs to clarify that the logs typically include dates and times in addition to the other types of information described.
    • January 8, 2020: Further clarified some language in CCPA Information Collection and Sharing Notice. Fixed some inconsistent punctuation and an improperly configured anchor link. In Disclosure of Personally Identifying Information, amended the link to the privacy policy for the Artifex SmartOffice app.
    • January 7, 2020: Made some minor adjustments to Categories of Information and Purposes for Collection, fixing a grammatical error and removing a parenthetical aside about “associated services” that doesn’t apply to this website. Added “advertising and other commercial purposes” to the list of potential purposes under Other Inquiries, Messages, and Support Requests; Data in Submitted Images; and Other Information I Receive from Third-Party Sources.
    • January 6, 2020: Amended Cookies to note that while the cookie descriptions include the cookies typically used on this website, embedded content providers may sometimes change or add cookies, and the descriptions may not include cookies set by certain administrative dashboard components.
    • January 5, 2020: Further amended CCPA Information Collection and Sharing Notice to include a more emphatic statement about how by the law’s broad definitions, any or all of the categories of personal information I collect in the course of my business could be deemed to be shared for business and/or commercial purposes, even if I do not “sell” personal information in the way most people understand that term. Also, in the lists of categories of personal information, moved “signatures” from “Identifiers” to “Other types of personal information” (also changing “written and/or digital” to “physical and/or digital”) and moved “domain names and/or websites/URLs” to “Internet or other online activity information.” Renamed “Information about an individual or household’s financial status” to “Other financial information” and made it a separate category. Reordered several of the items under “Other types of personal information.” Added “Other information about an individual’s online interactions” to “Internet or other online activity information” and changed “Errors and/or suspicious activity” to “Errors and/or suspicious activity on this website.” Fixed an inadvertent use of “us” rather than “me” in “Commercial information.”
    • January 4, 2020: In CCPA Information Collection and Sharing Notice, amended the examples of commercial information collected, changing “personal property or services” to “property or services” and adding a separate item about property records.
    • January 3, 2020: In Information I Receive from Third Parties for Security Purposes, added the StevenBlack hosts file to the list of examples of sources. In Definitions, in the item on “personal information,” changed “(which for the purposes of this policy I treat synonymously)” to “(terms this policy uses synonymously).” Amended Legal Bases for Collecting and Using Information to reword the first sentence (fixing the grammar and making clear that it applies to people in areas subject to European data protection laws); reorder several items; and change “to troubleshoot technical problems, and/or to appropriately respond” to “to troubleshoot technical problems, and to appropriately respond” in the last bullet point. Added the calibre ebook management suite to the examples of third-party service providers under Disclosure of Personally Identifying Information. Amended Website Server, Error, and Security Logs to add “special: other technical details*” to the types of information gathered. In Data Retention, amended the item about information related to the use of intellectual property owned by others to note that I may delete such information if I discontinue using that intellectual property for some reason (e.g., if I uninstall and delete some app or software) and change “it is my customary practice to retain …” to “I typically retain …”
    • January 2, 2020: In the Information Shared for Business or Commercial Purposes section, amended that section’s second list (the one prefaced with the sentence “I may disclose personal information I collect …”) to refer back to the Disclosure of Personally Identifying Information section, split the list into two separate lists, reordered some items, struck the phrase “for commercial advantage,” added some additional language about comments and public discussion, and adjusted the punctuation. Later in that section, in the sentence “Much if not all of the personal information I collect or access in the course of my business …” struck the words “in the course of my business” (this statement remains true whether the information is business-related or not). Also, changed the phrase “Because the proprietor of this website is a professional writer/editor and much (though not all) of the information I collect in connection with my business is intended for publication — whether on this website or elsewhere — a …” to just “Because I am a professional writer/editor …” and added some additional language about advertising disclosures. Amended Disclosure of Personally Identifying Information to reiterate (as already explained in Other Information I Receive from Third-Party Sources) that my research and writing process process often involves discussing or sharing relevant information with third parties. In the Data Retention, Disclosure of Personally Identifying Information, and CCPA Information Collection and Sharing Notice sections, changed the word “freelance” to “professional” (because not all of my professional writing/editing work is necessarily in a freelance capacity). Clarified some of the language in the Ads section and renamed that section “Advertising,” updating other references to the section accordingly. Fixed a link formatting error in Embedded Content. In Data in Submitted Images, amended the list at the beginning to note that geolocation data may be “provided by provided by the creator/rights holder/repository, determined from metadata, and/or inferred from other data.” In Definitions, in the definition of “IP address,” changed “Each device that can access the Internet has its own IP address; if you use several different Internet-capable devices, their individual IP addresses are usually all different” to “If you use several different Internet-capable devices, their individual IP addresses are typically all different (although if you have several devices connected to the same router or tethered together, they might share the same IP address so long as they remain connected or tethered).”
    • January 1, 2020: Added the International DOI Foundation to the examples of third-party service providers under Disclosure of Personally Identifying Information. In the first sentence of that section, changed “may release or disclose …” to “may share, release, or otherwise disclose …” Under California Privacy and Data Protection Rights, simplified the language about verifying your identity before processing certain privacy requests. Under Categories of Personal Information Collected, added compensation to the examples of professional or employment-related information collected and changed “Current or past employer(s)” to “Current and/or past employer(s).” Under Definitions, changed the boldface heading “Personal information” to “Personal information/personally identifying information,” since this policy treats those terms synonymously. Under Your Rights (GDPR and State Laws), clarified the wording of the first paragraph and the list of rights provided by the GDPR.
    • December 31, 2019: In Disclosure of Personally Identifying Information, amended the description of Piriform (CCleaner) to include a link to their Data factsheet and clarify that their products include security and maintenance tools (rather than just security tools). Renamed the CCPA Information Collection and Disclosure Notice section “CCPA Information Collection and Sharing Notice” and adjusted other references to that section accordingly. Reordered and clarified some of the categories of personal information listed in that section (taking some cues from the latest update of Automattic’s Privacy Policy). In Definitions, changed “personal identifiers” to just “identifiers,” clarified that that term can also include device identifiers, and amended the item about IP addresses to note that the IP address typically also reveals the Internet service provider or mobile carrier you are using.
    • December 30, 2019: In the Disclosure of Personally Identifying Information bullet point regarding independent contractors, employees, agents, and business partners, struck the parenthetical phrase “(e.g., on my writing/editing work and/or other creative endeavors)” after “collaborate with us.”
    • December 29, 2019: Extensive revamp, adding a table of contents, definitions, several new sections (including one on the possibility of personal data being captured by software/device telemetry), and additional information and disclosures related to the California Consumer Privacy Act (CCPA); reorganizing and/or renaming some sections (including integrating most of the data retention info into the applicable sections); reorganizing/updating the third-party service provider examples (including restoring some items that had been inadvertently deleted and adding others); making many minor corrections; and revising substantial portions of the text to better explain how and why I collect personal information. Moved older entries in this Recent Revisions list to a separate page. Assorted stylistic adjustments.
    • December 28, 2019: In Disclosure of Personally Identifying Information, amended the description of Bitdefender to include both the Bitdefender Mobile Security and Bitdefender Central apps and note that they use Google’s Firebase Crashlytics crash reporting service. Updated Information I Receive from Other Sources to provide an example of how the NetGuard firewall app provides information about the IP addresses or domains to which my mobile apps connect or try to connect. Added this to the description of Netguard under Disclosure of Personally Identifying Information.
    • December 27, 2019: In California Privacy and Data Protection Rights, corrected several uses of “we” to “I” for grammatical consistency. Fixed an error in an earlier item in this revisions list
    • December 26, 2019: In California Privacy and Data Protection Rights, updated the description of the proposed verification requirements to include the verification standards that may be required for data deletion requests.
    • December 25, 2019: In Data Retention, amended the text regarding retention of images to change “It is my normal practice to retain indefinitely any images or photographs …” to “I typically retain indefinitely the photographs and/or other images …” and note that I may delete specific images if they are duplicates, if I deem them unusable, if I have some legal reason to delete them, or if I elect to not use them (or to discontinue using them) for some other reason. Struck the parenthetical phrase “(except where I have some specific obligation to destroy the originals)” to avoid confusion with the revised language. Inserted the phrase “where possible” before “my associated work files and editing stages, if any.” Added Yahoo!® to the list of examples of third-party service providers under Disclosure of Personally Identifying Information. In that section, fixed some spotty grammar in the description of Google and added their well-known search engine to the listed examples of their services. Fixed a typo in an earlier revision on this list.
    • December 24, 2019: In Disclosure of Personally Identifying Information, updated the description of Startpage.com to note that I also use Startpage’s associated proxy service. Updated the reference to libraries and archives to add links to the privacy policies of two local public libraries I use. Following the bullet-pointed list, changed the sentence “In general, I do not sell or rent personal information about individual visitors to the aaronseverson.com website” to “In general, I do not sell or rent the non-public information I collect from individual visitors to the aaronseverson.com website.” Struck a reference in that section to Google Analytics, which I no longer use on this website. In GDPR and State Law, struck the parenthetical phrase “(starting in 2020, California residents may request this up to twice per year)” after “Request portability of your personal data” (to avoid contradicting the Your California Privacy Rights section). Further updated the text of the California Privacy and Data Protection Rights section.
    • December 22, 2019: Further adjusted the description of rights under California Privacy and Data Protection Rights and Do Not Sell My Personal Information.
    • December 21, 2019: In Disclosure of Personally Identifying Information, updated the description of Cloudflare to note that websites and online services we visit/use may use Cloudflare’s CDN and/or DDoS protection services. Also fixed a typographical error in that language and corrected the links to the Cloudflare privacy policies that apply to each service. Made some clarifications and updates to the list of rights under California Privacy and Data Protection Rights.
    • December 19, 2019: In Disclosure of Personally Identifying Information, updated the description of Flickr to clarify the wording and indicate that the service is now on an Amazon Web Services platform (making Amazon Web Services a principal Flickr subprocessor).
    • December 11, 2019: Separated Not for Children Under 18; Age Verification into two sections: Not for Children Under 18, located immediately after Legal Bases for Collecting and Using Information, and Age Verification, in the previous location. In Not for Children Under 18, changed “If you have questions about any of these points, if you are a parent and believe that this website may have collected personally identifying information about your minor child …” to “If you have questions, if you are a parent or legal guardian and believe that this website may have collected personal information about your minor child …” Changed the first sentence of the final paragraph of the Age Verification section to “If you have questions about any of these points, please contact me …” and removed the language about parents or legal guardians, which is now in the separate Not for Children Under 18 section.
    • December 3, 2019: Added EFF to the list of examples of third-party service providers under Disclosure. In the GDPR and State Law section, changed the sentence “EU individuals also have the right to make a complaint to a government supervisory authority, as will California residents beginning in January 2020” to “EU individuals also have the right to make a complaint to the applicable government data protection authority. (California residents will have a similar right beginning in January 2020.)” Added a link to the European Commission’s directories of national data protection authorities to that section.
    • November 27, 2019: Under Disclosure of Personally Identifying Information, changed “Examples of such third-party vendors/service providers …” to “Representative examples of my third-party vendors/service providers …” Updated Embedded Content to note that only some versions of the Yoast plugin use Algolia search functions (which have reportedly been removed in newer updates), changing “The Yoast SEO plugin incorporates some search tools …” to “Some versions of Yoast SEO plugin have incorporated search tools …”
    • November 25, 2019: Further adjusted the language of the Information-Sharing Disclosures (Shine the Light Law) section for greater clarity.
    • November 24, 2019: In Security Scans, changed the phrase “flag the phone numbers of certain incoming voice calls …” to “flag certain incoming voice calls and/or text messages …”
    • November 23, 2019: Completely overhauled the Information-Sharing Disclosures (Shine the Light Law) section to more accurately describe the law’s requirements, better explain how to make a request, and clarify how we respond to such requests. Updated Information I Receive from Other Sources to note that the security components of the Microsoft Windows operating system may also supply blacklists and/or other security-related data, and added the words “via the” before the reference to Safer-Networking in the same paragraph for grammatical flow.
    • November 20, 2019: Further updated the California Privacy and Data Protection Rights language regarding verification requirements (noting the restrictions the proposed regulations impose on my use and retention of any additional data I may request to verify your identity; clarifying that the term “reasonable degree of certainty” is as the applicable regulations may define that term; changing “may permit certain exemptions” to “may provide certain exemptions”; changing “the law and it associated regulations” to “the law and/or its associated regulations”; and changing “or, if you act through an agent or representative” to “and/or, if you act through an agent or representative”).
    • November 19, 2019: Added a link to the Embedded Content bullet point on YouTube videos to Google’s “Businesses and Data” pages, which contain further information on what data Google may provide to YouTube content creators/publishers. Updated the language about Google Services in Disclosure of Personally Identifying Information to change “other services or tools” to “other services and/or tools.” Updated the California Privacy and Data Protection Rights section to clarify the language about identity verification, note that I may be unable to respond to a request if I am unable to adequately verify your identity, and emphasize that (in addition to any other exemptions the law and associated regulations may permit) I may be unable to delete certain types of information for technical reasons. Updated Data Retention to note, “For compliance purposes, I must also retain information pertaining to privacy-related requests, to the extent required by applicable law and/or regulation.”
    • November 18, 2019: Updated Embedded Content to note that when you access embedded content, your browser may also contact a certificate authority to check the validity of the embedded content provider’s encryption certificate. Updated the reference under Disclosure to my certificate authority to add “and/or other certificate authorities I may use or access.”
    • November 17, 2019: Further clarified the language about service/software/app/device telemetry in Disclosure of Personally Identifying Information (changing the phrase “that could gather personal information through telemetry” to “that could gather site-related personal information through telemetry”). Updated the bullet point about situations where I may be legally required to disclose information (changing “in connection with an audit or other official investigation or proceeding” to “in connection with an audit, civil or criminal trial, or other official investigation or proceeding”). Updated the bullet point about disclosures to protect rights, safety, and/or property (changing “to protect my property, rights, and/or safety, or the property, rights, and/or safety of third parties or the public at large” to “to protect my property, rights, and/or safety, and/or the property, rights, and/or safety of third parties and/or the public at large.”). Added boldface to additional items on that list to aid readability. Clarified the language in the preamble about California privacy rights (changing “or jump to” to “For more information about California privacy rights, jump to …” and making the latter a separate sentence). In the Disclosure section, clarified the example about car shows (changing “obtain, publish, and/or otherwise disclose” to “take, obtain, publish, and/or otherwise share”).
    • November 16, 2019: Fixed the capitalization of Online Certificate Status Protocol. Under Disclosure of Personally Identifying Information, changed the phrase “the makers of software/apps and/or electronic devices I use that incorporate information-gathering telemetry or other surveillance features, some of which cannot be completely disabled without simply ceasing to use that software, app, or device” to “services, software, apps, and/or electronic devices I may use that could gather personal information through telemetry and/or other integrated information-gathering and/or surveillance features, some of which cannot be disabled without simply ceasing to use that service, software, app, or device.” Further refined the language of the Certificate Authority Service section. Updated the reference to my Internet service provider in the Disclosure of Personally Identifying Information section from “Spectrum/Time Warner Cable®” to “Spectrum Internet® (formerly Time Warner Cable®).” Updated the description of my mobile carrier in that same bullet point and rearranged its order. Also updated the description of Bitdefender Mobile Security in the same bullet point to note that this includes the app’s associated services and correct the accidental use of “we”/”our” rather than “I”/”my.”
    • November 15, 2019: Further updated the Certificate Authority Service section to define OCSP requests. Added Bitdefender to the list of examples of third-party service providers under Disclosure. Under Embedded Content, clarified the language about Google Hosted Libraries to better match the description of Google Fonts in the same bullet point.
    • November 14, 2019: Added a new “Certificate Authority Service” section to Information Collected Automatically Through This Website and added Let’s Encrypt to the list of examples of third-party service providers under Disclosure. Updated the reference to Signal in Disclosure to note that Signal uses subprocessors/service providers that may include (without limitation) services provided by Google and/or Amazon Web Services, and added links to the relevant privacy information pages. Further refined the Certificate Authority Service language (also updating the reference to Let’s Encrypt in the Disclosure of Personally Identifying Information section) and added another example to Other Information You Provide to Me, refining some language in that section (adding “(but without limitation)” after “for example”; noting that the examples are just a few hypothetical possibilities; and changing the phrase “My use of such site-related information …” to “My use of personal information you provide me in such ways …”). Updated Information I Receive from Other Sources to note that my firewalls and/or other security apps/services may provide may provide me with information about any online servers or resources to which my devices connect or try to connect.
    • November 13, 2019: Updated Other Information You Provide to Me section to better reflect the framing of the current preamble, changing “site visitors may provide me with personal information” to “you may provide me with personal information through or in connection with this website” and changing “inquiry about this website” to “inquiry about this Privacy Policy.” Added ASUS and Netgear (the manufacturers of my wireless routers) to the list of examples of third-party service providers under Disclosure. Added an internal anchor link in the preamble to the California section of this policy.
    • November 11, 2019: Updated Data Retention to clarify that my retention of email generally also includes files/file attachments (other than spam or suspected malware) and add language to that section about site-related text messages. Added OsmAnd as an example of mapping/navigation services in the list of examples of third-party service providers under Disclosure. Updated Information I Receive from Other Sources to note that I may receive personal information about the developers of software/apps/services/themes/add-ons I install for use in my work and/or the management of this website. Added bookstores and/or other retailers or vendors through which I may search for and/or purchase site-related materials to the list of examples of third-party service providers under Disclosure. In the same section, changed “libraries and/or archives” to “libraries, archives, and/or databases.” Added Perishable Press and the Mozilla Firefox browser to the examples of sources of third-party security-related data under Information I Receive From Other Sources.
    • November 10, 2019: Updated the reference in Disclosure to TCL Communications to note that they make not only the BlackBerry device, but also its suite of associated BlackBerry apps and services. Added OpenKeychain (and/or other encryption software/services) and Open Camera to the list of examples of third-party service providers under Disclosure.
    • November 9, 2019: Added libraries and archives (including librarians/archivists/their staff) and providers of public computers and/or wireless networks I may periodically use to the list of examples of third-party service providers under Disclosure. Fixed some typos in that section and changed “Examples of my third-party vendors/service providers may include” to “Examples of such third-party vendors/service providers may include …” In the California Privacy and Data Protection Rights section, changed “starting in January 2020” to “starting January 1, 2020” and “will give” to “give.” Also in the Your California Privacy Rights section, changed the heading “California Information-Sharing Disclosure” to “California Information-Sharing Disclosures (Shine the Light Law).” Under Disclosure, revised the language about information I may be required by law to disclose in order to streamline the language and better reflect the range of possible scenarios. Updated Data Retention to note that I normally retain indefinitely research notes and information related to my freelance writing and editing work, and changed the phrase “Any other type of data I may gather on visitors to this website …” to “Any other type of data I may gather through or in connection this website …”
    • November 8, 2019: Updated Disclosure to note that third-party service providers may include the makers of software/apps and/or electronic devices I use that incorporate information-gathering telemetry or surveillance features, rearranging the text of that bullet point to make it easier to decipher and emphasize that the examples listed are not an exclusive list.
    • November 7, 2019: Updated Data Retention to remove a confusing reference to a now-deleted section of the preamble. Made some adjustments to the list under Embedded Content to fix some grammatical issues, clarify the text, and arrange the items in a slightly different order. Changed some stray instances of “we” and “our” to “I” and “my” for consistency. Added the Google Play Store and its related services to the list of examples of third-party service providers under Disclosure, rearranging the list of Google-provided services in that section for better grammatical flow.
    • November 5, 2019: Further updated Disclosure of Personally Identifying Information section to clarify that I may not always be aware of having gathered information about a site visitor in some other context. Fixed a spelling error in this revision list. Revised Security Scans to update description of the EU-US Privacy Shield framework in that section to match the reference under Disclosure of Personally Identifying Information and slightly clarified the description of the Sucuri Security plugin’s functions. Updated Comments and Personal Information to change “you can choose to save …” to “you may have the option to save …” (regarding saving the information you enter for future comments, an option that may not always be offered), change “URL” to “website,” and change “each time a reply or follow-up comment is posted” to “each time a reply and/or follow-up comment is posted.”
    • November 4, 2019: Attempted to fix a technical issue with the bookmark/anchor links throughout. In Disclosure of Personally Identifying Information, changed “de-identified or aggregated” to “de-identified, anonymized, redacted, and/or aggregated.” Under California Privacy and Data Protection Rights, changed “To exercise your California privacy rights, visit …” to “To exercise your California privacy rights, please visit …” Changed several instances of “… and as otherwise described” to “… and/or as otherwise described.” Updated Information I Receive from Other Sources to note that I also get blacklist information via Spybot. UUpdated and simplified the preamble and revised text of the Disclosure of Personally Identifying Information section to add language about information I may gather or release that is NOT obtained through/in connection with this website.
    • November 3, 2019: Added TinyWall to the list of examples of third-party service providers under Disclosure and updated the Information I Receive from Other Sources section to add the MVPS HOSTS file to the examples of third-party blacklists I may use and note that I may also use that information to block access to my system and/or devices as well as the website. Updated the Your California Privacy Rights section to enumerate the list of CCPA rights rather than referring to the GDPR section, changing the “Other California Privacy Rights” heading to “California Privacy and Data Protection Rights,” and making some minor clarifications to the language of that section (including noting that California Civil Code § 1798.83–84 is known as the “Shine the Light” law). Updated the GDPR section wording to refer to the Controllers, Questions, and How to Reach Me section rather than just “below” and updated the internal anchor links to that section. Updated the Not for Children Under 18; Age Verification section to clarify that the references to children refer to minor children and that parents have the right to request the removal or deletion of information about their minor children. Fixed a couple of very minor grammatical issues.
    • November 2, 2019: Added HP to the list of examples of third-party service providers under Disclosure, noting that they comply with the EU-US Privacy Shield framework. Reordered several items in that section, also adding the word “other” to “printers/print services” and placing it immediately after HP. Fixed a stray incidence of “our” rather than “my” for consistency. Updated Security Scans to note that security/anti-spam scans of messages I send or receive may be performed on text messages as well as email, and that security scans may include submitting the messages, file attachments, and/or other relevant data to third-party services such as cloud-based malware-detection services.
    • November 1, 2019: Fixed the date formatting and a capitalization problem in the previous entry on this list. Added Piriform (CCleaner), a subsidiary of Avast, to the list of examples of third-party service providers under Disclosure.
    • October 31, 2019: Added Artifex (maker of the SmartOffice app), Mozilla (maker of the Firefox web browser(s)), and Safer-Networking Ltd. (maker of Spybot) to the list of examples of third-party service providers under Disclosure. Added Google Safe Browsing to the list of examples of Google services I may use/offer.
    • October 30, 2019: Added the Guardian Project’s Orbot and Tor Browser to the list of examples of third-party service providers under Disclosure. Clarified the description of Cloudflare 1.1.1.1 in that section, adding links to the applicable privacy policies in addition to the privacy statement links.
    • October 27, 2019: Added trademark notice language for the Google services specified herein, adjusting some adjacent language for readability. Clarified the wording of the reference to Gmail in the list of examples of third-party service providers under Disclosure, and added Google Hosted Libraries there in addition to the existing description under Embedded Content.
    • October 25, 2019: Added Cloudflare’s WARP service (associated with the Cloudflare 1.1.1.1 service already listed), NetGuard firewall/traffic monitor, and CompanionLink to the list of examples of third-party service providers under Disclosure. Fixed some incorrect punctuation in that section.
    • October 19, 2019: Added TCL Communication Limited (current owner of BlackBerry) to the list of examples of third-party service providers under Disclosure.
    • October 17, 2019: Moved Effective Date to the top of the document to make it easier to see. Reworded the preamble, Revisions section, and License for This Policy sections accordingly, also fixing a capitalization inconsistency. Updated the description of this list for clarity.
    • October 16, 2019: Updated the description of Yoast under Embedded Content to indicate the presence of the Yoast SEO plugin’s Algolia search functions.
    • October 14, 2019: Updated the description of Epic Privacy Browser in the list of examples of third-party service providers under Disclosure to reflect that the browser also has an associated Epic Search Engine (which submits anonymized queries to Yandex) and to change “in connection with their …” to “through my use of their …” for greater clarity.
    • October 9, 2019: Updated the Cookie Policy section to include a link to the Cookie Notice, which is now a separate page as well as being incorporated into the privacy preferences tool. Slightly adjusted the description of that list to note that these are cookies the site may use.
    • October 3, 2019: Fixed the effective date (which had incorrectly described October 2, 2019, as a Tuesday rather than a Wednesday). Added data and/or document destruction/shredding services to the examples of third-party service providers under Disclosure.
    • October 2, 2019: Amended the Your Rights (GDPR and California Privacy Rights) section to note that I may ask you to verify your identity and/or residency before processing data-related requests and that you need not be present in California to exercise your CCPA rights provided that you have a current California residence. Made few minor wording adjustments in that section to accommodate the new language and changed the phrase “… and its associated regulations” to “… and/or its associated regulations.” Revised the “Do Not Sell My Personal Information” and preamble text wording to match the wording on the Privacy Tools page.
    • September 29, 2019: In the list of examples of third-party service providers, changed several instances of the phrase “I may use or offer” to “I may use and/or offer” (since in some instances I may do both). In the language about Adobe in that section, changed the phrase “may collect data about such use” to “may collect related and/or associated data” to avoid confusion. Update the Your California Privacy Rights and added links to the Do Not Sell My Personal Information page. Added Hidden Reflex’s Epic Privacy Browser to the list of examples of third-party service providers under Disclosure.
    • September 15, 2019: Added website speed testing services/tools to the list of examples of third-party service providers under Disclosure.
    • September 14, 2019: Added Adobe to the list of examples of third-party service providers under Disclosure.
    • September 7, 2019: Added printers/print services, photo development, photo processing, video conversion, and other audiovisual material processing services to the list of examples of third-party service providers under Disclosure. In the description of the WAVE accessibility tool in that subsection, changed “am using” to “may use.” Struck the phrase “Since I don’t have employees” from the Information-Sharing Disclosures section. Throughout this policy, changed several instances of “we” and “our” to “I” and “my” for consistency.
    • August 11, 2019: Under Disclosure, clarified that third-party service providers may use their own subcontractors, data subprocessors, or other third-party vendors or partners, who may be located in other countries or regions. Under Embedded Content, struck the phrase “in the United States” in the bullet point regarding BootstrapCDN/Stackpath.
    • July 8, 2019: Under Disclosure, added transcription and translation to the examples of independent contractors/employees and added translation, transcription, mapping, and navigation services to the examples of third-party service providers.
    • June 20, 2019: Clarified that the section of Data Retention dealing with log data refers specifically to logs for this website.
    • June 7, 2019: Added Malwarebytes to the list of third-party service providers under Disclosure and updated the description of Avast in that list. Further updated the description of “browser fingerprinting” under Embedded Content.
    • June 3, 2019: Made some updates to the wording of Embedded Content to better explain what other information third party content providers may be able to detect (the process of so-called “browser fingerprinting”) and add a link to the EFF’s Panopticlick website.
    • April 29, 2019: Under Disclosure, changed “my independent contractors” to “my independent contractors and/or employees (if any).” (I still don’t have any employees, but I want to make sure it’s included in this language in the event that changes at some future date.)
    • April 2, 2019: Updated Legal Bases for Collecting and Using Information to add the item about protection of vital interests (taken directly from the latest version of Automattic’s Privacy Policy).
    • March 25, 2019: Updated Security Scans to make clearer that some Sucuri data and logs may be processed and/or stored by Sucuri as well as by me. Added an applicable ® symbol in that section.
    • March 23, 2019: Rearranged some text under Comments for more logical flow.
    • March 14, 2019: Added some ® symbols. Amended “Dreamhost, LLC” to just “DreamHost” (removing duplicate text were applicable) and the second instance of “T-Mobile USA, Inc.” to just “T-Mobile.” Throughout, slightly clarified the descriptions of what user agent information may include.
    • March 10, 2019: Under Information I Receive from Other Sources, added The Spamhaus Project as another example of where I may obtain block lists for spam and malware prevention, and added links to that and HackRepair.com.
    • March 4, 2019: Fixed some tag closing issues. Under Privacy Policy Changes, changed “the terms have changed” to “the policy has changed” for clarity.
    • March 3, 2019: Updated Embedded Content to note that you may be able to selectively disable some forms of embedded content. Fixed some inconsistent usage of “administrator dashboard” vs. “administrative dashboard.” Under Legal Bases for Collecting and Using Information, changed “financial transactions or image usage rights” to “financial transactions and image usage rights.”
    • February 27, 2019: Moved the first references to DreamHost and the link to the DreamHost privacy policy from the Server and Error Logs section to the Who I Am section, adding a note that DreamHost also hosts my email servers. In Server and Error Logs, changed “this site” to “the aaronseverson.com site” for clarity.
    • February 26, 2019: Updated Server and Error Logs, splitting the first paragraph into two for readability; rearranging and clarifying the language; adding the phrase “(as applicable, but without limitation)” before the listed examples; adding “that uses certain site features” to the list; and adding the following text after the list: “(These examples are a representative sampling, but not an exhaustive list; we may also use or add other logs not specified here, and not all logs are necessarily in use at any given time.).” Moved the language about logging privacy consents and acceptance of terms to a new subsection under Information You Provide to Me called “Consents and Agreements.”
    • February 22, 2019: Under Comments, changed “I may email you at that address to respond to your comment (or the associated comment thread, if any), particularly if it includes a question or if I need to clarify some aspect of your comment (for example, if you have posted two very similar comments, I may email you to ask which one you want me to publish)” to “I may respond via email in addition to or instead of publishing the comment on this website, particularly if your comment includes a question or offer of assistance or if I have questions about any pertinent details — for example, if you have submitted two very similar comments, I might email you to ask which one you want me to publish.” to match the language in the Terms of Use.
    • February 19, 2019: Under Disclosure of Personally Identifying Information, changed “If I have received your express authorization to do so” to “If you have asked or authorized me to do so.”
    • February 18, 2019: Added Cloudflare DNS resolver services to the list of third-party service providers under Disclosure. Fixed some link relationship errors in that section and noted that Cloudflare also complies with the EU-US Privacy Shield framework.
    • February 17, 2019: Amended the preamble and Other Information You Provide to Me to emphasize that this policy does NOT apply to my personal correspondence or communications.
    • February 14, 2019: Made a further amendment to Information I Receive from Other Sources to add another example of looking up third-party information on site visitors (making some minor amendments to the surrounding text for clarity) and reiterate that the examples presented in this section are not an exhaustive list. Also changed “How I use information gathered from other sources …” to “How I use information gathered from these or other sources …” Changed the wording of the WHOIS lookup services item under Disclosure to make it more generic. Amended Data Retention language to clarify and reiterate that legal and financial transaction records often necessarily include some personal data; split part of that paragraph into a separate paragraph for clarity (amending its text slightly to avoid confusion).
    • February 13, 2019: Added spell-checking to the listed ways I may use personal information I collect from or about you and updated Data Retention to note that I typically retain indefinitely names I add to my spelling dictionaries, and that to understand your comments or inquiries/messages, I may use information you submit to seek additional information from third-party sources. Added ICANN and other WHOIS lookup services to the third-party service providers under Disclosure and inserted a note about WHOIS lookups under Information I Receive from Other Sources. Fixed some minor editorial errors I made in the above changes.
    • February 7, 2019: Updated the Sucuri description in Security Scans to add the phrase “(without limitation)” after “such as,” since the listed examples are not an exhaustive list.
    • February 7, 2019: Updated the Sucuri description in Security Scans to add the phrase “(without limitation)” after “such as,” since the listed examples are not an exhaustive list.
    • February 6, 2019: Added Google Hosted Libraries to Embedded Content (in the same bullet as Google Fonts, since they operate similarly), revising/restructuring that bullet point’s language accordingly and adding a link to the Google Developers Google Fonts page.
    • February 3, 2019: Under Disclosure of Personally Identifying Information, revised the item on information that was already public, changing the first word of that bullet from “If” to “Where”; changing “was or is” to “is or was”; changing “e.g., …” to “such as — but without limitation — …”; and adding to and clarifying the listed examples. Also adjusted the text style of that item and moved it higher on the list. Revised the preamble of that section.
    • February 2, 2019: Updated Cookie Policy section to note that some accessibility features may use cookies to save your settings/preferences. At the beginning of that section, also replaced the words “each time” with “when.”
    • February 1, 2019: Fixed some typos, updated text styles, and edited link titles and anchor text on this page for better accessibility. Added WebAIM to the list of third-party service providers under Disclosure.
    • January 31, 2019: Amended Not for Children Under 18; Age Verification to indicate that the website may place a cookie on your device if you fail the age verification test and that you may have to reenter your birth date if the verification cookies have expired.
    • January 29, 2019: Clarified the language under Not for Children Under 18; Age Verification and moved that subsection to under Information You Provide to Me. Added an internal link to it from the Cookie Policy section and amended that text to reflect the subsection’s new relative position.
    • January 27, 2019: Under Disclosure of Personally Identifying Information, changed “(such as information that you have published on your official website or that is included in published interviews or news articles about you)” to “(e.g., information that’s available on your website; that you included in public comments or public posts on this or other websites; or that appears in published interviews, books, or news articles about you).” Updated Embedded Content to note that the Google Fonts servers may be operated by Google’s subprocessors as well as Google and that they may not necessarily be in the U.S., adding a link to their list of subprocessors. Made a slight change to the preamble to put the sentence about third-party websites on a separate line and reworded that sentence as: “Your use of any third-party websites or services, including those linked from the aaronseverson.com website or on which I may have accounts, is subject to the individual privacy policies and terms of use/terms of service, if any, of those sites or services.” Slightly adjusted the text in Who I Am for clarity and consistency. Added “messaging services, apps, and/or clients” to the list of third-party providers under Disclosure.
    • January 25, 2019: In the California Do Not Track Disclosure section, under Your California Privacy Rights, added spaces to “Do Not Track.”
    • January 22, 2019: Updated Disclosure of Personally Identifying Information language about legal requirements to clarify that I may disclose information where I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure isn’t expressly required (e.g., to look up an applicable tax rate for your address). Added common carriers/shipping agencies to the list of third-party service providers. Clarified Other California Privacy Rights by putting “subject to any exemptions provided by the law” in parentheses and moving that phrase to earlier in the applicable sentence.
    • January 3, 2019: Updated Disclosure of Personally Identifying Information to clarify that the circumstances under which I may be legally required to disclose information may include (without limitation) providing certain information to relevant government agencies (e.g., tax or customs agencies) for compliance purposes or in connection with audits or official investigations, as well as in connection with a subpoena or court order.

    For space reasons, I have moved the older entries in this revision list to a separate Older Privacy Policy Revisions page.

    Change Font Size
    High Contrast Mode (Note: This option sets cookies to save your settings)