Privacy Policy

This Privacy Policy explains what personal information I may collect through and/or in connection with this website and how I use that information. Please read this policy before using the site. By using the aaronseverson.com website, you indicate your acceptance of the policy described below and of the Cookie Notice (which forms part of this Privacy Policy and is incorporated by reference herein; the Cookie Notice also constitutes the “cookie policy” for this website, for jurisdictions that explicitly require such a policy).

Please note that your use of any third-party websites or services, including those linked from the aaronseverson.com website or on which I may have accounts, is subject to the individual privacy policies and terms of use/terms of service, if any, of those sites or services. My automotive website, Ate Up With Motor, has its own privacy policy, as does my professional writing/editing/writing consulting website, 6200 Productions (whose privacy policy also applies to my writing/editing/writing consulting services outside of Ate Up With Motor). Those policies are separate from this one.

EFFECTIVE DATE: This version of the Privacy Policy is effective Thursday, November 26, 2020. If this policy has changed since you last reviewed it, or if you received a notice indicating that the Privacy Policy has changed, you may want to jump directly to the “Recent Revisions” section at the bottom of this page, which summarizes recent modifications in reverse order by date.

Variations in text style (such as different font weights, sizes, or colors) are used throughout this Privacy Policy to improve readability, but have no legal significance or effect.

Table of Contents

Who I Am

For purposes of this Privacy Policy, the terms “I,” “me,” and “my” shall be deemed to signify Aaron Severson, the owner of this website, an individual U.S. citizen residing in Los Angeles, California, U.S.A. I, along with my web host, DreamHost® (which also hosts the mail servers for my aaronseverson.com email addresses — here’s DreamHost’s Privacy Policy; DreamHost is a registered trademark of DreamHost, LLC), and many of the other third-party vendors and service providers I use in connection with this website, are located in the United States and are subject to U.S. law, which may differ from the laws of your area. For my contact information, see the “Controller/Responsible Party, Questions, and How to Reach Me” section toward the bottom of this page.

Credits and License for This Policy

Portions of this Privacy Policy were adapted from the Automattic Inc. Privacy Policy (which you can also find at their Legalmattic repository) under a Creative Commons Attribution-ShareAlike 4.0 International license. This policy (including both my adaptation of the Automattic terms and my additions) is offered under the same license. If you elect to use or further adapt my version, please credit Automattic Inc. as well as me (Aaron Severson). I also strongly recommend that you note the effective date shown above and include that date in your attribution if it is reasonably practical to do so. See the change log at the bottom of the Automattic policy linked above (or check the repository) for their revision history; both their policy and this document and this document have been modified many times! (Automattic and Legalmattic are trademarks or registered trademarks of Automattic or Automattic’s licensors.)

Information I Collect

I may collect information on you in three ways: automatically through this website; if and when you supply information to me; and from other sources. Each of these three types of data collection, and my use of that information, will be further explained below.

Legal Bases for Collecting and Using Information

If you are in an area that is subject to data protection laws such as the European General Data Protection Regulation (aka the “GDPR” or “EU GDPR”), the UK GDPR, or Brazil’s Lei Geral de Proteção de Dados (LGPD), my legal grounds for collecting and using your information are that:

  1. The use is necessary to provide the functions of the website (such as comments and user feedback forms); or
  2. The use is necessary for compliance with a legal obligation (such as my need to maintain reasonable records of financial transactions and image usage rights); or
  3. The use is necessary to fulfill a contractual obligation (such as complying with the terms of a license for the use of your content); or
  4. The use is necessary in order to protect your vital interests or those of another person; or
  5. I have a legitimate interest in using your information — for example, to safeguard the integrity of this website and its data, to troubleshoot technical problems, and/or to appropriately respond to your inquiries regarding my work; or
  6. You have given me your consent.

Notice to Parents Regarding Children Under 18; Not for Children

This website is in no way intended for or directed at children. Except as otherwise required by law, in the event I receive any personally identifying information through this website that I know to be from a child under the age of 18 (e.g., a message to the administrator email or a comment), it is my policy to promptly delete such information or, if complete deletion is not possible, to take whatever steps I reasonably can to de-identify or anonymize that information.

If you have questions, if you are a parent or legal guardian and believe that this website may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.

Definitions

To help simplify and clarify the rest of this policy, the following definitions will be used throughout this document:

  • User(s) and visitor(s): For the purposes of this policy, I use the terms “visitor” and “user” synonymously to mean any individual who accesses this website. This policy assumes that you, the reader, are such a visitor/user.
  • Personal information/personally identifying information: Different jurisdictions have different definitions of “personal information” and “personally identifying information” (terms this policy uses synonymously), but in general, it means any information that could be used to individually identify you and/or your “household” (another term that may have different legal meanings depending on the jurisdiction). Information doesn’t have to identify you by name to be considered personal information or personally identifying; information that describes or could be associated with you can also constitute personal information. In this policy, I also use the term “potentially personally identifying information” to describe information that might identify you and/or your household in certain contexts (and/or in combination with certain other information).
  • Gather and collect: This Privacy Policy treats the terms “gather” and “collect” synonymously.
  • Identifiers: “Identifiers” are pieces of personal information that specifically identify an individual, a household, or a device, such as (though not limited to) real names, postal mailing addresses, email addresses, driver’s license numbers, Social Security Numbers, or unique device ID numbers. Some jurisdictions also consider IP addresses to be identifiers.
  • Protected classifications: Some pieces of personal information are characteristics of one or more classifications that are protected by civil rights law and/or other nondiscrimination laws, such as (without limitation) race, religion, gender, or medical conditions.
  • IP address: An Internet Protocol (IP) address is the numerical address of any device capable of accessing the Internet. If you use several different Internet-capable devices, their individual IP addresses are typically all different (although if you have several devices connected to the same router or tethered together, they might share the same IP address so long as they remain connected or tethered). An IP address typically reveals the Internet service provider or mobile carrier the device is using. A given device’s IP addresses may change periodically (especially if the device is configured to use “dynamic” IP addresses assigned by the Internet service provider or mobile carrier). It is possible to hide a device’s IP address and Internet service provider/mobile carrier by using a virtual private network (VPN) or proxy service; with these services, you first connect to a computer server provided by the VPN/proxy service and that proxy server then connects to other Internet sites and resources, which “see” only the IP address of the proxy server. For the purposes of this policy, when I refer to IP addresses, I mean the IP address that actually connects to my website or that I otherwise receive, whether that is your device’s actual IP address or a proxy. (In many cases, I have no way to tell the difference.)
  • User agent information: A “user agent” is any software program, service, or system that allows a user to access web content. This can mean a web browser, an email client, or a web “crawler” of the kind used by search engines. User agents automatically reveal certain information about themselves — and therefore about the user — to any online resource they access, enabling that resource to deliver its content in a way the user agent can correctly handle. At a minimum, a browser’s user agent information typically reveals the browser type and version, the operating system in which the browser is running, and certain settings such as (though not limited to) preferred language and time zone; if you’re using a mobile browser, the user agent information may also reveal the specific type of mobile device you’re using. User agent information is typically not personally identifying by itself, but it is sometimes possible to identify an individual user based on their specific combination of browser characteristics, a technique called “browser fingerprinting.” The Electronic Frontier Foundation® (EFF®) has created a website called Panopticlick that offers more information about this complicated subject, including a tool that lets you test what “fingerprints” your browser may have. (I am not affiliated in any way with the EFF and offer this link purely for your information; Electronic Frontier Foundation, EFF, and Panopticlick are trademarks of the Electronic Frontier Foundation.)
  • Domain name: A domain name is the name of an online resource such as an email server or a website; for example, “aaronseverson.com” is a domain name. Most websites have a domain name, as do nearly all email addresses. In general, when you access an online resource by its domain name, your device first accesses a domain name system (DNS) server, which is a directory that contains the IP addresses associated with domain names, to look up the resource’s IP address so that your device can connect to it. Mechanisms that collect website visitors’ IP addresses sometimes also record a domain name in connection with that IP address; this is typically the domain name of the Internet service provider or mobile carrier with which that IP address is associated. Domain name ownership must be registered, and the current contact information of the registered owner(s) must be publicly available, although some registrars and registry services offer anonymizing or proxy services that limit the public visibility of that information while still enabling the public to contact a domain’s registered owner.
  • Embedded content: Most web pages consist of many different elements, including not only the HTML code, but also various images, other media files, fonts, and scripts. For this website, most of those elements reside on and are served (i.e., loaded and run in your browser) by web servers owned by my web host; this policy describes such elements as “local,” “locally served,” or “locally hosted” content (these terms are used synonymously). Certain elements of the website, such as (without limitation) images, scripts, fonts, or video players, may reside on and be served by systems not owned or operated by my web host or their affiliates, such as (again without limitation) third-party hosted libraries or content delivery network (CDN) servers; this policy describes such elements as “embedded content.” Whenever you access a page that includes embedded content, the page instructs your browser to contact the servers of the embedded content provider to retrieve and load those elements. Some types of embedded content (e.g., fonts) may be cached (stored) in your browser for faster loading; additionally, your browser may store certain associated data such as (without limitation) the date and time the embedded content was loaded and/or last updated. With most modern web browsers, this process is completely automatic, although it can sometimes be managed through the browser’s advanced settings and/or the use of browser add-ons.
  • Visitor activity: For purposes of this policy, “visitor activity” refers to any information I may collect about my visitors’ online activity and/or actions, whether on this website or elsewhere online, such as (without limitation) web pages they’ve visited, links they’ve clicked, or search terms they have looked for.
  • Malicious activity: I define “malicious activity” as any activity or action intended to harm, abuse, compromise, or disrupt the functions of this website, its data, my web host, my embedded content providers, my visitors/users, my system and device(s), and/or me, or defraud or attempt to defraud me, my service providers and/or vendors, and/or my visitors/users.
  • Errors and suspicious activity: For purposes of this policy, “errors” means any error messages your visits to this website may generate, such as (without limitation) when some of the images or elements that should appear on a particular page fail to load. (“Error” doesn’t necessarily mean that you’ve done anything wrong!) “Suspicious activity” means any access to or actions involving this website that could be a sign of malicious activity. Of course, not all suspicious activity is actually malicious; often, it results from an error beyond the visitor’s control or from a harmless mistake.
  • Names: Unless otherwise specified, where I refer to “names” in this policy, it includes both real, legal names and pseudonyms/aliases. In general, I only require your legal name in certain circumstances (e.g., financial transactions or legal agreements). Otherwise, you are free to communicate with me using only a pseudonym or alias, although if you do so, I may have no way of associating those communications with information I may have about you under your real name and/or other pseudonyms or aliases. (Also, if your pseudonym or alias looks like a real name, I may have no way to know it isn’t one!)
  • Email address(es): Email is the main means by which I respond to visitor/user questions and inquiries, as well as how this website associates posted comments with the people who made them. For purposes of this policy, I assume that email addresses naturally include domain names even where I don’t expressly specify “domain names” in the list of information collected. (I may sometimes collect domain names that are not associated with a single email address.)
  • Email header information: All email messages include email headers (sometimes called “Internet headers”) that contain not only the sender and recipient email addresses, but also the names and IP addresses of the mail servers that sent and received the message, routing information, encryption and security protocols, and other technical details. (The precise details vary depending on your email client and provider.) Although email headers always include your email address, there are situations where I may have your email address, but not your email header information, usually because I have never actually exchanged any email messages with you.
  • Other contact information: This means any contact information other than email, such as a telephone number or postal mailing address.
  • Images and/or other media: “Images” is hopefully self-explanatory; for purposes of this policy, “other media” (or “other media files”) is a blanket term intended to encompass any audio, visual, or multimedia content that is not an individual image, including, but not limited to, videos, audio recordings, broadcasts or streams, comic books, presentations, and/or slide shows.
  • Other documents/materials: This includes any type of physical or electronic document or material, such as (without limitation) books, magazines, letters sent via postal mail, newsletters, or clippings.
  • Metadata: Any electronic file, document, or communication contains metadata, which is data about that file, document, or communication, such as (without limitation) its file size, type, creation date, and technical details such as bit rate or pixel dimensions. The information in telephone records (such as the phone numbers of the callers, the date and time of each call, the call durations, etc.) can also be considered metadata. Metadata is not necessarily personally identifying in and of itself, but may sometimes contain personal information (e.g., the author’s name or contact information) and/or potentially personally identifying information.
  • Geolocation data: Geolocation data means information about an individual or household’s physical location and/or movements, such as the fact that an individual is or was present in a particular geographical location or traveled between two or more geographical locations. I may receive geolocation data from you directly, such as when you tell me your location in a comment or other communication (or, obviously, if I meet or otherwise encounter you in person); if someone else directly or indirectly describes your location or movements to me; and/or if I (and/or my service providers, where applicable) determine, estimate, and/or infer your geographical location or movements based on other data such as (though not necessarily limited to) your IP address, the area code of your telephone number, or GPS coordinates in the metadata of your submitted images. Although some jurisdictions regard geolocation data as personal information, it doesn’t necessarily reveal where you live or work, and in some cases may not reflect your actual location at all, particularly if you use a VPN or proxy service.
  • Websites/URLs: “URL” (an acronym for Uniform Resource Locator) is the technical term for a web address. A website URL isn’t necessarily personally identifying, at least by itself, but the URL such as your social media profile or online resume/CV would probably be considered personal information. Where this policy refers to “websites/URLs” as a category of personal information, I mean URLs that may contain (or that link to) personally identifying information about individuals or households.
  • Referring site: When your browser or other user agent connects to some online resource — such as when you click a link or access embedded content on a web page or in an email message — that online resource can generally see the website or other online location, if any, from which the request originated, which is known as the “referring site” or “referer” [sic — some sources use the correct spelling, referrer, although the actual name of the HTTP header that conveys this information is (mis)spelled “referer”]. If the referer is the results of a search query (for example, when you click on a link from search engine results), the online resource you access can typically see not only the referring site, but also the specific search terms you were looking for. (Some privacy-focused search engines take steps to remove this referer information so the destination site can’t see it, but most popular search engines do not.)
  • Other personal information: This includes any other information about an individual or household that could be considered personal information or personally identifying information. As noted above, some jurisdictions now regard nearly any piece of data about an individual or household as “personal information,” from the career history of a public figure to the fact that a website visitor once owned a car of a particular model.
  • Special: This policy uses this term to denote certain unusual categories of information not easily categorized, which may or may not be personally identifying.
  • Administrative dashboard/backend: Like most modern websites, this site has both a public-facing (“front-end”) portion and a “backend” administrative area that includes various controls for managing the site and its content. The content management system WordPress, which this website uses, describes the administrator backend as the “dashboard,” so this policy uses “administrative backend” and “dashboard” synonymously. The administrative dashboard is not normally accessible to visitors other than authorized administrators (meaning me!), and I take various measures to guard against unauthorized access to it. (WordPress is a registered trademark of the WordPress Foundation.)
  • Cookies and similar technologies: A cookie is a small text file — a string of information — that a website or online service places (or “sets” — these terms are used synonymously) on your browser or device and that your browser or device then provides to that site or service when you access it. (It is sometimes also possible for a website or service to detect cookies set by other sites/services.) Cookies may be used in many different ways, but the most common uses are to save your settings or preferences, to manage logins, and to help identify specific users or devices for analytics and/or advertising purposes. Most cookies are specific to each browser and device; if you access a website from multiple browsers and/or multiple devices, the website may place cookies on each browser on each device. A cookie set by the website or service you are currently visiting is called a “first-party” cookie while cookies set by other services or domains (e.g., the cookies set when you access an embedded video player) are known as “third-party” cookies. You can learn more about how cookies work and how you can manage or delete them on different browsers by visiting AboutCookies.org. (I am not affiliated in any way with that website, which is run by the law firm Pinset Masons LLP, and offer this link purely for your information.) Some websites and/or online services may also use similar technologies, such as storing certain information in your browser’s local storage and/or plugins; local storage information and so-called “local storage objects” aren’t cookies in the usual sense, but they may perform similar functions and may be used instead of or in addition to cookies. Such technologies are often used to manage functional details such as settings and preferences, but are sometimes also used to help the service to identify you. Online services may also use “web beacons,” which are small code blocks or tiny image files (sometimes called “tracking pixels” or “pixel tags”) that transmit certain information about you and your user agent (as defined above) to the service from which the web beacon is loaded. Web beacons (which are a form of embedded content) are sometimes also used instead of or in conjunction with cookies to identify users and track their behavior online.

Categories of Information and Purposes for Collection

In each of the sections below, I indicate the categories of personal information I may collect and the categorical purpose or purposes for which I may collect that information.

Those possible purposes include:

  • Functionality: I use the information so that this website, or certain specific functions thereof, can work properly. For example (but without limitation), none of the pages or content on this website will load if the web server doesn’t have a valid IP address to which to transmit the necessary data.
  • Providing services: I use the information to perform some action you have asked me to perform, provide some service(s), and/or conduct the normal activities involved in running this website and its associated business operations. For example (but without limitation), I probably couldn’t send you a physical document without your mailing or delivery address.
  • Completing a transaction: I use the information to conduct or complete financial transactions with you.
  • Fulfilling a contractual obligation: I use the information to meet the requirements of some contract or legal agreement, whether with you or a third party.
  • Legal compliance or audit: I use the information to ensure my compliance with applicable laws or regulations, and/or so that I can demonstrate my compliance to an auditor or investigator if needed.
  • Research and publishing: I use the information as part of the research involved in creating and publishing my content, my other other other writing/editing/writing consulting work, and/or my other creative endeavors, and/or to help me decide what content and/or other work to create and/or publish in the future.
  • Security, troubleshooting, quality control, and technical improvement: I use the information to help me protect this website, its users, my data, my systems/devices, my business, and/or me from malicious activity; troubleshoot and resolve technical problems; and/or maintain and/or improve the quality and functionality of the site and/or my services.
  • Recruitment/hiring or business partnerships: I use the information in recruiting/hiring employees, independent contractors, and/or interns, and/or in entering or considering entering business partnerships or other formal professional relationships with someone.
  • Advertising and other commercial purposes: I use the information to promote or advertise my content or services, sell advertising on this website, monetize the site and/or my content in other ways, and/or achieve some other commercial purpose(s).

(I haven’t listed “communicating with you” as a separate category in the above list because achieving any or all of the above-listed purposes may involve communicating with you and/or third parties; listing that separately seemed redundant as well as potentially confusing.)

In many cases, information I collect may have several purposes or possible purposes. Obviously, not every individual piece of information in a particular category will necessarily be used or even useful for each listed purpose.

(Where the sections below list multiple purposes or possible purposes, separated by semicolons, the order does not signify any comparative priority or significance.)

In some cases, I may collect certain types of information in certain circumstances and not in others. In those cases, the information category shown below will be followed by a single asterisk (*). (For example, but without limitation, I generally don’t need your postal mailing address except in connection with certain financial transactions or if you ask me to send you some physical letter or parcel, so I only collect mailing addresses from certain visitors, not from everyone.)

Keep in mind that the categories of information listed in each section below are just the types of information I may collect in the specific context described in that section. Depending on how you use my website, several or all of these sections may apply to you.

Cookies and Similar Technologies

The aaronseverson.com website and/or its embedded content providers (see “Embedded Content” below) may use cookies and/or similar technologies (e.g., local storage objects) for a variety of purposes. Some are placed on your device/browser automatically while others are only set when you perform certain actions.

For more specific information about the cookies the site may use, what purposes they serve, how long they normally last, and your options for managing them, see the Cookie Notice page or click the “Access Your Privacy and Cookie Preferences” button below and review the summaries under “Cookie Settings”:

(You can also access this button via the Privacy Tools page.) As noted in the preamble above, the Cookie Notice forms part of this Privacy Policy and constitutes the “cookie policy” for this website, for jurisdictions that explicitly require such a policy.

While the cookie descriptions presented in the Cookie Notice and the ones listed in the Cookie Settings menu accessed through the “Access Your Privacy and Cookie Preferences” button are intended to be identical (save for minor variations in formatting and text style), in the event of any substantive discrepancy between those versions, the Cookie Notice version(s) shall govern.

Third-party websites and/or services (including, without limitation, ones I may use in connection with this website) may also use cookies and/or similar technologies, depending on the nature of the service and who provides it. The use of cookies and/or similar technologies by third-party websites and/or services is subject to the applicable site or service’s privacy policy and/or cookie policy, and in most cases is outside of my control.

Information I Collect Automatically

Certificate Authority Checks

  • Categories of information gathered: IP addresses; user agent information; visitor activity (referring site); geolocation data (estimated from IP addresses and/or inferred from other data)*; special: mobile phone types/models (determined from user agent information)*
  • Purpose(s): Functionality; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Typically less than seven days.

To allow visitors (and me!) to connect to the site securely (via HTTPS rather than HTTP), this website uses domain validation (DV) certificates issued by Let’s Encrypt®, a certificate authority (CA) service of the nonprofit Internet Security Research Group™. These encryption certificates enable your browser to confirm that it has an SSL/TLS (Secure Sockets Layer/Transport Layer Security) connection to the correct website, an important security measure. (For a further explanation, see the Let’s Encrypt How It Works page. Internet Security Research Group and Let’s Encrypt are trademarks of the Internet Security Research Group. All rights reserved.)

When you access this website, your web browser may check whether the aaronseverson.com certificate is valid by briefly connecting to the servers of the Let’s Encrypt certificate repository to perform an Online Certificate Status Protocol (OCSP) check (sometimes called an OCSP request or an OCSP query &mdash: these terms are synonymous). This OCSP check provides those servers with your IP address and user agent information; for obvious reasons, it also informs those servers that you have accessed the aaronseverson.com website. Let’s Encrypt may log and use such data for operational, troubleshooting, and security purposes and/or in compiling de-indentified, aggregated statistics, as described in the Let’s Encrypt Privacy Policy. Any further questions about their use and/or retention of public repository log data should be directed to Let’s Encrypt, as it is outside of my control.

Browser Tests

  • Categories of information gathered: User agent information; special: browser technical capabilities and/or settings; special: information collected via cookies and/or similar technologies
  • Purpose(s): Functionality; security, troubleshooting, quality control, and technical improvement
  • Data retention: Your current visit.

Each time you visit this website, the site may perform certain automated tests to determine your web browser’s specific technical capabilities, allowing the website to adjust the presentation and functionality of the site to be more compatible with your browser. (Different browsers, and even different versions of the same browser, may handle certain content in different ways, which can create problems if content is not correctly tailored for that browser.) The site’s administrative login page (which is off-limits except to authorized administrative users) may perform similar tests, such as (without limitation) testing whether the user’s browser will allow the cookies required to log into the site’s administrative dashboard.

The results of such tests may be stored in your browser’s local storage and/or saved in cookies. The site may also show you specific messages or other content based on this information, such as displaying a warning notification that your current browser is incompatible with some site features.

Online Tracking

As of January 29, 2012, I have discontinued the use of third-party web analytics services on this website.

(Obviously, other websites or online services, including ones to which I may link and/or on which I have accounts, may use various web analytics services and/or tools, which in most cases is outside of my control. See the applicable website or service’s privacy policy for more information. The analytics tools used on my automotive website, Ate Up With Motor, and my professional writing/editing/writing consulting website, 6200 Productions, are described in those websites’ respective privacy policies; you can find links to those policies near the top of this page.)

Website Server, Error, and Security Logs

  • Categories of information gathered: IP addresses*; domain names*; user agent information*; visitor activity; errors and suspicious activity*; geolocation data (estimated from IP addresses and/or inferred from other data)*; URLs/websites*; other personal information*; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: other technical details (some of which might be potentially personally identifying and/or constitute personal information in certain jurisdictions)*
  • Purpose(s): Functionality; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies, but typically no more than about 90 days, except for recent data captured in backups or specific data for which I have some ongoing need.

Like most websites, the aaronseverson.com website and my web host maintain various logs that may collect certain information (some of which may be considered personal information or potentially personally identifying information in at least some jurisdictions) about each computer or other device that (as applicable, but without limitation) accesses the site and/or its content; uses certain site features; is redirected from an outdated link to a current one; generates an error (such as attempting to access a nonexistent page or file); logs into or otherwise accesses the administrative dashboard and/or other administrative resources or controls; attempts to interact with the site in any unusual or suspicious way (such as trying to access the site’s administrative dashboard without authorization or run an unauthorized script); and/or performs certain other actions. (These examples are a representative sampling, but not an exhaustive list; I may also use or add other logs not specified here, and not all logs are necessarily in use at any given time.) Many (though not necessarily all) of those logs record the IP address and/or user agent information of the applicable device (and sometimes the referring site, if any), which sometimes makes it possible to determine, estimate, and/or infer certain other information (e.g., geographical location and/or device type). Most such logs include the date and time each logged event took place; certain types of events may also be assigned unique ID numbers and/or other identifiers for reference purposes. Additionally, if a logged event or action involves or appears to involve any of this website’s administrative users, and/or involves credentials I create to allow specific users to access certain resources (e.g., the login credentials for certain FTP folder(s) associated with this website), certain logs may also record the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s) and/or credentials. All these logs are part of the routine operation of the website and its related systems and are not connected to or associated with any third-party web analytics service.

Most of the routine website log data I and my web host collect is retained on a rolling basis — that is, we customarily retain only the most recently collected data. Typically, website log data is retained for no more than 30 days (and often only a fraction of that time) before being automatically overwritten by newer data or otherwise deleted. Security audit log data stored by the Sucuri Security plugin (further described in the “Security Scans” section below) is normally retained for about 90 days. (Sucuri Security is a trademark of Sucuri Inc. and may be registered in certain jurisdictions.) Certain website logs and/or log reports that contain only aggregated data, anonymous information (e.g., hit counters), and/or data pertaining to administrative resources or controls that are normally off-limits except to authorized administrative users, may be retained for longer periods. For example (but without limitation), logs showing the last access dates of certain resources, or showing which administrative user last edited a particular post, may remain unchanged until that resource is accessed or edited again, or until I manually delete the logs.

Naturally, I and/or my web host may retain certain specific information from the website’s logs if it is still needed for ongoing security, troubleshooting, and/or technical improvement purposes. For example, but without limitation, if the logs indicate that a specific IP address has been used in repeated attempts to attack this website, I may take steps to block that IP address or otherwise impede future malicious activity from it.

Also, some recent log data may be captured in backups created by me and/or my web host, which in some cases may be retained for a year or more.

Certain events may trigger automated email alerts that are sent to me as the site administrator, notifying me of potential threats, errors, or the status of some automated operation. The alerts may include some or all of whatever data the logs recorded. Such email alerts may be scanned for spam and/or malware, as explained in the “Security Scans” section below. I may retain these email alerts for as long as I need the information they contain.

Please keep in mind that, because my web host owns the servers on which this website runs, they have full access to the site’s server access and server error logs. (My access to those logs is read-only, so I cannot redact or remove any of that log data without the aid of my web host’s technical support staff, and my service agreement prohibits me from tampering with the logs or other normal functions of the DreamHost servers.) In general, DreamHost has access to any data and/or files on any server they own — except in cases where I have specially encrypted such file(s) and/or data — subject to the DreamHost Privacy Policy. I may also share additional data with them if I deem it appropriate for security and/or troubleshooting purposes. (DreamHost is a registered trademark of DreamHost, LLC.)

Otherwise, I only disclose website log data as described in “Disclosure of Personally Identifying Information” below.

Security Scans

  • Categories of information gathered: IP addresses*; domain names*; user agent information*; visitor activity*; errors and suspicious activity; geolocation data (estimated from IP addresses and/or inferred from other data)*; URLs/websites*; other personal information*; special: visitor mobile phone types/models (determined from user agent information)*; metadata*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: information collected via cookies and/or similar technologies*; special: other identifiers*; special: other technical details (some of which might be potentially personally identifying and/or constitute personal information in certain jurisdictions)*
  • Purpose(s): Fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies; potentially indefinite.

While no online website, Internet-accessible device, or data storage system can be 100 percent secure, I take reasonable measures to protect against unauthorized access, use, alteration, or destruction of personal information I collect through and/or in connection with this website.

I and my web host use a variety of security measures to protect this website and its data, including, but not limited to, scanning the site, site-related files, and/or the site database for malware and/or signs of other malicious activity. Some of these scans are purely automated, but in some cases, I may initiate additional manual scans or request that my web host’s technical support staff conduct a more thorough active scan to help me root out a possible security threat or troubleshoot a technical problem.

Like the logs described in the “Website Server, Error, and Security Logs” section above, some of these security measures may collect certain information (some of which may be considered personal information or potentially personally identifying information in at least some jurisdictions) about any device(s) and/or individual(s) involved in suspicious or malicious activity. For example (but without limitation), if an unauthorized visitor attempted to execute an unusual or suspicious server request on this website (which might indicate an intrusion or hacking attempt), one or more security measures might record that visitor’s IP address, user agent information, and other device/browser details along with details about the action(s) they attempted to perform. Certain events may be assigned unique ID numbers and/or other identifiers for reference purposes. If the activity in question involved or appeared to involve any of this website’s administrative users, the information collected may also include the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s). The specific information that my security measures may gather in connection with suspicious or malicious activity naturally varies depending on the context and the security measure(s) involved; there are too many possible scenarios to enumerate here.

Among the security measures I may use on this website is the Sucuri Security plugin, provided by Media Temple, Inc. d/b/a Sucuri, a subsidiary of GoDaddy Operating Company, LLC (Sucuri), which includes activity monitoring, notifications, security auditing tools, a remote scanning feature that can detect security vulnerabilities and some forms of malware by scanning the files and public areas of the website, and a WordPress file integrity checker (which tests the files of this website’s WordPress installation by accessing a remote API service associated with WordPress.org). (A complete list of the features of the plugin can be found in the “WordPress plugin & API Key” section of the Sucuri Security Terms of Service.) Data gathered through this plugin and/or the scanning service — which may sometimes include personal information such as (without limitation) IP addresses that perform certain actions (e.g., adding or editing a post, updating or installing a plugin) and/or information in comments or other published content — may be processed and/or stored by Sucuri as well as me and/or my web host and is subject to the Sucuri Security Privacy Policy and the Data Processing Addendum to their Terms of Service. As explained in the Sucuri Security Privacy Policy, Sucuri is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as is Cloudflare®, which serves certain plugin components. See the Privacy Shield Program website for more information about these frameworks. Communications with API servers and/or other repositories or content delivery networks associated with WordPress.org are subject to the WordPress Privacy Policy. (Sucuri and Sucuri Security are trademarks of Sucuri Inc. and may be registered in certain jurisdictions. GoDaddy is a registered trademark of GoDaddy Operating Company, LLC. Cloudflare is a registered trademark of Cloudflare, Inc. WordPress is a registered trademark of the WordPress Foundation.)

Some other security measures I use on this website are provided by the free, open source version of the iThemes Security (formerly Better WP Security) plugin offered by Liquid Web, LLC, d/b/a iThemes. While most of this plugin’s features operate locally (that is, on the same server this website runs on), certain features may transmit information (which may include, but is not necessarily limited to, personal information and/or potentially personally identifying information about visitors involved in suspicious or malicious activity on this website) to iThemes servers, and/or send and/or receive security-related information (which may also include personal information and/or potentially personally identifying information about site visitors and/or other individuals) to and/or from external sources (for example, but without limitation, for the purposes of testing the files of this website’s WordPress installation via a remote API service associated with WordPress.org). Such features are subject to the iThemes Privacy Policy and/or, for the plugin’s security-related communications with other third parties, those entities’ respective privacy policies, such as (again without limitation) the WordPress Privacy Policy. (iThemes is a trademark of iThemes. WordPress is a registered trademark of the WordPress Foundation.)

I also use a variety of other anti-malware tools and security measures to protect my device(s), software, and data. A representative sampling of the providers of these tools and security measures is included among the examples of third-party service providers listed under “Disclosure of Personally Identifying Information” below. (Since the specific tools, devices, and security measures I use may change over time, this is not an exhaustive list.)

In addition, my web host also hosts the email servers for many of my email addresses and may scan incoming, outgoing, and/or stored messages for suspected spam and/or malware. My Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s) (e.g., the various Google services I use, such as (without limitation) the Google Voice communications service, a Voice over Internet Protocol service provided by Google Voice, Inc., a subsidiary of Google LLC — Google Voice is a trademark of Google LLC; Google is a registered trademark of Google LLC) may also use their own security tools to scan for different types of suspicious activity involving my account(s) and/or connections. (For example, but without limitation, my current mobile carrier sometimes flags certain incoming voice calls and/or text messages with warnings such as “scam likely.”)

By their nature, some anti-malware scanners and other security tools routinely access almost any file or data on the systems or devices they protect. Since modern security tools sometimes incorporate web- or cloud-based scanning features, and/or may transmit samples of suspicious files or code to such services for analysis, this means a certain amount of personal information (e.g., names, contact information, and/or other personal details contained in scanned email messages or electronic documents) could be disclosed to the scanning service and/or other third parties in the course of a scan or security analysis. The likelihood and possible extent of such disclosure is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising the security of my systems, devices, and data. Furthermore, tampering with the normal operation of such services or tools is typically a violation of their terms of use/terms of service (or, in the case of tools operated by my web host, the terms of my service agreement).

(Naturally, malware scanning services and other security tools may also provide me with additional security-related information, such as “signatures” of known malware types. Much of this information is of a technical nature and is not personally identifying, but it may sometimes include certain personal information; see the “Information I Receive from Third Parties for Security Purposes” section below.)

Some of the security measures I use to protect my device(s) from loss or theft may collect additional personal information under certain circumstances. For example (but without limitation), anti-theft/loss-protection features I use for my smartphone(s) might automatically photograph anyone attempting unsuccessfully to unlock the device, and/or remotely track the device’s location to help me find or recover the device in the event of loss or theft. Many (though not necessarily all) of the anti-theft/loss-protection features I currently use for my smartphone(s) are provided by Bitdefender (whose apps and services are subject to the Privacy Policy for Bitdefender Home Solutions; Bitdefender is a trademark of Bitdefender); BlackBerry Limited (whose apps and services are subject to the BlackBerry Privacy Policy; BlackBerry is the trademark or registered trademark of BlackBerry Limited); and/or Google (whose products and services are subject to the Google Privacy Policy; Google is a registered trademark of Google LLC). I may also use similar features to protect my desktop computer, including, though not necessarily limited to, security features of products and/or services provided by Microsoft® (which are subject to the Microsoft Privacy Statement; Microsoft is either a registered trademark or a trademark of Microsoft Corporation in the United States and/or other countries). These are representative examples, but not an exhaustive list. As noted above, the tools, devices, and security measures I use may change over time, so I may also use and/or add other security measures from different providers, and/or that have other features not specified here.

My retention of data related to security scans and/or other security measures varies depending the tools involved, whether they are operated by me or a third party, and the context. As noted in the “Website Server, Error, and Security Logs” section above, log data stored by Sucuri is normally retained for about 90 days while most other website security log data is typically retained for 30 days or less. Security data for my devices (e.g., malware scan results, system error logs, logs of traffic blocked by a firewall) may in some cases be retained for at least as long as I own that device and/or use the applicable security tool(s). I also typically retain indefinitely any correspondence regarding specific security threats or problems. The retention and use of security-related data by my web host, Internet service provider(s), mobile carrier(s), and/or other third-party service providers varies, and is generally outside of my control.

I may share information from security scans and/or other security measures with third parties, and/or post such information publicly, if I need additional technical assistance, consider such disclosure appropriate for my security and/or the security of others (e.g., to notify my web host’s technical support if I identify malware that might threaten the integrity of their web or email servers), and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Embedded Content

  • Categories of information gathered: IP addresses; user agent information; visitor activity; geolocation data (estimated from IP addresses and/or inferred from other data); special: login status for certain other websites/services (determined based on cookies)*; special: the presence of other cookies*; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: other browser settings/configuration details/add-ons*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation [see below]; research and publishing; security, troubleshooting, quality control, and technical improvement
  • Data retention: Varies depending on the specific content provider; I do not have access to most such data and so its retention is normally beyond my control.

As explained in the “Definitions” section above, embedded content is content hosted on and served by some server or service other than my web host. If you access a portion of this website that contains embedded content, the embedded content provider can collect information about you.

At a minimum, the information gathered by embedded content providers typically includes your IP address, your user agent information, and the website from which you accessed the embedded content. In some cases, embedded content providers can also detect certain other information, such as (without limitation) the presence of other cookies (e.g., the ones placed on your device when you log into a particular third-party website or online service); your browser’s settings; and/or whether your browser is using certain add-ons such as ad blockers. Such information is collected and processed by the applicable embedded content provider, not by me, and is subject to the provider’s terms of service/terms of use and privacy policy, which are outside of my control.

Some embedded content providers may also use cookies and/or similar technologies to track and/or identify you, and/or store information on your device that could be used for those purposes. For example (but again without limitation), an embedded video player might place cookies on your device; if you watch the video, portions of the content may also be stored (cached) in your browser to reduce playback interruptions, and certain associated information (e.g., your playback settings and/or how much of the video you’ve watch so far) may be saved in your browser’s local storage and/or plugins. Cookies and/or other information stored on your device in such ways are not necessarily personally identifying (and often have straightforward functional purposes), but some may be used to track you and/or to help identify you. For this reason, they could be considered potentially personally identifying information.

Since embedded content on this website is served through secure (HTTPS) connections, your browser may also contact the embedded content provider’s certificate authority to check the validity of their encryption certificate. (The “Certificate Authority Checks” section above describes how these certificate checks work, although embedded content providers may use different certificate authorities than the one used by this website.)

In some cases, you may be able to hide or disable certain types of embedded content on this website (for example, by using options I may provide through the Privacy Tools, or through your web browser or browser add-ons). Disabling embedded content may prevent that content from functioning, but will generally also prevent it from gathering information about you, at least as long as the content remains disabled. Please note that this does not remove any data the embedded content previously gathered about you or any cookies or potentially personally identifying information it may have placed on your device. If you re-enable the embedded content, or if you visit the website from a different device or browser on which that content is not disabled, the embedded content provider may again be able to gather information about you.

Special Note: The reason I include “fulfilling a contractual obligation” among the possible purposes listed above is that the terms of service or terms of use for most embedded content providers typically prohibit me from modifying their embedded content or interfering with the normal function of their servers, which prevents me from (for example, but without limitation) removing tracking features or attempting to block or “spoof” information their servers would otherwise collect.

Third-party embedded content on the aaronseverson.com website may include, but is not necessarily limited to:

  • Fonts from the Google Fonts API and/or scripts from the Google Hosted Libraries API(s), which are sets of resources hosted on and served by content delivery networks (i.e., remote servers and data centers) operated by Google and/or its subprocessors, which may be located in the United States or elsewhere. The Google Fonts service does not place cookies on your device, but may record certain information about your device, including your IP address and user agent information, when you visit a page that uses one or more of those fonts. The service may also store (cache) certain information, such as font data and stylesheet requests, in your browser’s local storage for faster loading. For more information, visit the privacy section of the Google Fonts FAQ. The Google Hosted Libraries service may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device in addition to logging certain information such as (without limitation) your IP address and user agent information. For more information, see the “What does using the Google Hosted Libraries mean for the privacy of my users?” section of the Google Hosted Libraries Terms of Service. For both of these services (and other Google services I may periodically offer, such as embedded maps served by the Google Maps mapping service, which may gather and/or place information in similar ways; Google Maps is a trademark of Google LLC), you can also review the “How Google Uses Information from Sites or Apps That Use My Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. Click here for a complete list of Google’s third-party data subprocessors and their respective locations. (Google is a registered trademark of Google LLC.)
  • Fonts, styles, scripts, and/or icons served by BootstrapCDN, a service of StackPath (formerly MaxCDN) in the United States. Each time you access a portion of the site that includes such elements, BootstrapCDN records certain information about your device, including your IP address and user agent information. BootstrapCDN may use the data they collect for security, troubleshooting, and/or service improvement purposes. In some cases, the service may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. For more information, see the BootstrapCDN Privacy Policy, their Cookie Policy, the StackPath Privacy Statement, the StackPath GDPR page, and the StackPath California Privacy Rights page. (BootstrapCDN and StackPath are trademarks of StackPath.)
  • Scripts served by the jQuery CDN, a content delivery network provided by the jQuery Foundation and powered by StackPath, and/or the jQuery API. These services may collect visitors’ IP addresses, user agent information, and security-related data, and in some cases may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. The jQuery Foundation does not have its own privacy policy, but the StackPath Privacy Statement presumably applies to data collected through the CDN; you may also wish to consult the StackPath GDPR page and California Privacy Rights page. (jQuery® is a registered trademark of the OpenJS Foundation in the United States and/or other countries. OpenJS Foundation and jQuery Foundation are trademarks of the OpenJS Foundation in the United States and/or other countries. StackPath is a trademark of StackPath.)
  • Certain scripts and/or other content served by the content delivery network Cloudflare®, which may collect visitors’ IP addresses, user agent information, and security-related data. In some cases, the service may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. See their GDPR page and the Cloudflare Privacy Policy to learn more about how they use the information they collect. (Cloudflare is a registered trademark of Cloudflare, Inc.)
  • Certain icons (whether on the administrative dashboard, the public-facing portions of the site, or both) served by the Font Awesome content delivery networks, which record your IP address and user agent information as well as which specific icons your browser accesses or downloads. In some cases, the service may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. Font Awesome may use the data they collect for service optimization, troubleshooting, and security purposes; to compile usage statistics; and in some cases to calculate fees for users of their paid accounts (which I am not), as described in their Privacy Policy. (Font Awesome is a trademark of Fonticons, Inc.)
  • The payment or donation buttons that certain themes and/or plugins place on the administrative dashboard (not normally accessible to site visitors) incorporate content served by PayPal® that may be used to collect and track data about users who access any portion of the site containing that button. It may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. For more information on what data PayPal collects and what they do with it, visit their Legal Agreements for PayPal Services page to review the PayPal Privacy Statement and Statement on Cookies and Tracking Technologies that apply in your location. (Please note that the terms may different depending on where you are.) See the “Financial Transactions Policy” section below to learn more about what information I may collect in connection with PayPal transactions with me that pertain directly to this website. (PayPal is a registered trademark of PayPal, Inc. All button icons, custom graphics, logos, page headers, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal or PayPal’s licensors.)
  • Videos (whether posted, shared, and/or otherwise displayed by me and/or displayed by certain themes and/or plugins on portions of the administrative dashboard, which is not normally visible or accessible to site visitors) hosted by YouTube, which is now owned by Google (YouTube is a trademark of Google LLC). The embedded video player may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device as well as recording your IP address, user agent information, and sometimes other information (such as, without limitation, whether you are currently logged into a Google account). The video player may also show you ads, and may use cookies and/or local storage information on your device and/or any information the embedded player gathers about you (e.g., your location) for that purpose. Visit the “How Google Uses Information from Sites or Apps That Use My Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. Google’s “Businesses and Data” pages also include additional information about what data they may share with YouTube content creators/publishers. (Google is a registered trademark of Google LLC.)
  • Videos (whether posted, shared, and/or otherwise displayed by me and/or displayed by certain themes and/or plugins on portions of the administrative dashboard, which is not normally visible or accessible to site visitors) hosted by Vimeo. The embedded video player may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device as well as recording your IP address, user agent information, and sometimes other information (such as, without limitation, whether you are currently logged into a Vimeo account). The video player may also show you ads, and may use cookies and/or local storage information on your device and/or any information the embedded player gathers about you (e.g., your location) for that purpose. Visit the Vimeo Privacy Policy to learn more about what information Vimeo collects and how they use it. (Vimeo is a trademark of Vimeo, Inc.)
  • Embedded Tweets and/or other content I may post, share, and/or otherwise display from Twitter. Embedded Twitter content may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device as well as recording your IP address, user agent information, and in some cases other information (such as, without limitation, whether you are a logged-in Twitter user). See the Twitter Privacy Policy and Twitter’s “Our use of cookies and similar technologies” page to learn more about what information they may collect and how they use it. (Twitter is a trademark of Twitter, Inc. or its affiliates.)
  • Certain back-end (i.e., administrative dashboard) features (which are not normally visible or accessible to site visitors other than logged-in administrative users) served by the SEO firm Yoast BV, which provides one or more plugins I may use on the site. It appears that the Yoast-served content may collect the IP addresses and user agent information of logged-in users who access the site’s administrative dashboard; I are uncertain to what extent (if any) that content may also use cookies and/or similar technologies to track and/or identify administrative users and/or store potentially personally identifying information on their devices. My efforts to obtain more details from the developers proved unsuccessful and I finally disabled the applicable component entirely. See the Yoast Privacy Policy and their “Yoast and your privacy (GDPR)” page to learn more about how Yoast may use any information they collect. Some versions of the Yoast SEO plugin have incorporated search tools provided by Algolia to allow administrative users to search the Yoast knowledge base; the Yoast development team says this search functionality does not gather or transmit users’ personal information. Recent versions of the Yoast SEO plugin also incorporate optional functionality provided by Ryte GmbH, some of which may be served remotely. My efforts to determine what personal information (if any) the Ryte features may collect about administrative users were also fruitless, although any data that service did collect would be subject to the Ryte GmbH Privacy Policy. A subsequent Yoast SEO update also added optional integration with tools provided by the SEO and Internet marketing firm SEMrush® (which I have disabled, although as with the Ryte integration, the SEMrush integration is turned on by default in current versions of the Yoast SEO plugin). I have so far been unable to determine what personal information (if any) the SEMrush integration features may collect, although data those services did collect would presumably be subject to the SEMrush Privacy Policy. (Yoast is a trademark owned by Yoast BV, a Dutch limited liability company, registered both in the U.S. and in Europe. Ryte is a trademark or registered trademark of Ryte GmbH. SEMrush is a trademark or registered trademark of SEMrush Inc. in the U.S. and other countries.)
  • Blog feeds placed by certain themes and/or plugins on portions of the administrative dashboard (which is not normally visible or accessible to site visitors) served by FeedBurner, an RSS (Really Simple Syndication) service now owned by Google (FeedBurner is a trademark of Google LLC). If you access areas of the dashboard containing these blog feeds, they may collect your IP address and user agent information, and may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. (Such cookies and/or other stored information are principally used for bookmarking purposes, allowing you to return to the same point in the feed where you previous left off, but the feed service may be able to use them to track and/or identify you.) Please review the “How Google Uses Information from Sites or Apps That Use Our Services” section of the Google Privacy Policy to learn more about what information Google collects and how they use it. (Google is a registered trademark of Google LLC.) Again, these feeds are normally only visible to (and thus can only collect information about) administrative users, not site visitors who aren’t logged into the administrative dashboard.
  • Administrative dashboard menus that may load icons or other images from Gravatar via secure.gravatar.com. Although I have disabled support for user avatars, some administrative dashboard menus may use them, and the loading of those images may allow Gravatar to record a user’s IP address, user agent information, and in some cases their hashed email address, which the Gravatar service uses to check for a current Gravatar or WordPress.com account. The service may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifying information on your device. (I believe I have limited the Gravatar service to backend administrative pages not normally accessible to site visitors and I am endeavoring to remove it there as well.) Gravatar — like WordPress.com, with which it’s now apparently being integrated — is a service of Automattic Inc. and is subject to their Privacy Policy and the same Terms of Service as WordPress.com. (Automattic, Gravatar, and WordPress.com are trademarks or registered trademarks of Automattic or Automattic’s licensors. WordPress is a registered trademark of the WordPress Foundation.)
  • Some components of the Sucuri Security plugin described in the “Security Scans” section above are served remotely (and/or involve communication with a remote server) and thus qualify as embedded content. In the course of monitoring the site for possible malicious activity, this security plugin may log and transmit to Sucuri certain personal information about visitors and/or logged-in administrative users who perform certain actions (e.g., adding or editing a post, updating or installing a plugin). Such information may include, but is not necessarily limited to, those users’ IP addresses, the specific actions they performed, and the times and dates of those actions. Embedded content incorporated into the plugin’s dashboard controls may also record the IP addresses and user agent information of administrative users who access the plugin controls, and/or may use cookies and/or similar technologies to track and/or identify such users and/or store potentially personally identifying information on their devices. As noted in the above section, the plugin and its associated services are provided by Media Temple, Inc. d/b/a Sucuri, a subsidiary of GoDaddy Operating Company, LLC (Sucuri), and are subject to the Sucuri Security Privacy Policy and the Data Processing Addendum to their Terms of Service. As explained in the Sucuri Privacy Policy, Sucuri is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as is Cloudflare®, which serves certain plugin components. (Sucuri and Sucuri Security are trademarks of Sucuri Inc. and may be registered in certain jurisdictions. GoDaddy is a registered trademark of GoDaddy Operating Company, LLC. Cloudflare is a registered trademark of Cloudflare, Inc.)
  • Certain content served by WordPress.org and/or its associated API servers, content delivery networks (CDNs), and/or repositories, which may include domains such as (though not necessarily limited to) api.w.org, ps.w.org, s.w.org, and/or ts.w.org. This website periodically communicates with WordPress.org and/or associated associated API servers, content delivery networks (CDNs), and/or repositories to check for updates, announcements, warnings, and/or other WordPress-related information; to install, remove, and/or update plugins, themes, and/or other add-ons available through WordPress.org; to serve certain elements of the site’s administrative dashboard; and/or to check the integrity of the website’s WordPress files (which the site’s security features may do from time to time, as noted in the “Security Scans” section above). Any personal information collected through and/or in connection with such communications (which could include, without limitation, users’ IP addresses and user agent information, and may in some cases involve the use of cookies and/or similar technologies to track and/or identify users and/or store potentially personally identifying information on their devices) is typically that of logged-in administrative users — meaning me! — rather than my visitors. However, certain images, scripts, and/or other elements on the publicly accessible portions of this website may be served by and/or otherwise loaded from WordPress.org and/or its associated API servers, content delivery networks (CDNs), and/or repositories, which may allow WordPress.org to also collect the IP addresses and user agent information of visitors who are not logged-in administrators, use cookies and/or similar technologies to track and/or identify visitors, and/or store potentially personally identifying information on visitors’ devices. For more information on how WordPress.org uses the information they gather, please review the WordPress Privacy Policy. (WordPress is a registered trademark of the WordPress Foundation.)

Not all of the above embedded content is necessarily used on the site at any given time, and from time to time, I may post or otherwise use embedded content hosted on and served by other third-party websites or services not listed above — for example (but without limitation), an embedded player showing an externally hosted video or audio file, or an embedded map provided by some external mapping service. To learn more about what user information such third-party websites collect and how they use it, click the links on the applicable player or display window to go to that hosting site and review their privacy policy and associated terms and conditions.

Please note that the types of information embedded content providers may collect (and/or may place on your device) and the technologies they may use to identify and/or track users are constantly evolving in ways that are outside my control (and sometimes outside my technical understanding). This means that my embedded content providers may also use and/or add other information-gathering and/or tracking technologies to their embedded content beyond what I can reasonably hope to specify in this section. Similarly, some or all of my embedded content providers may use various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners to process information related to their services, which is also outside of my control and generally beyond my reasonable ability to enumerate here.

I do not have access to the data embedded content providers gather about my visitors/users, nor do I usually have any control over those providers’ use and/or retention of that data. Some embedded content providers may use the information they collect about you through your access to or interaction with that content for a variety of commercial purposes, such as showing you advertising or providing information about your online habits to the provider’s clients and customers. The only way I could completely avoid the possibility of such commercial use would be to cease using or offering embedded content and the functionality it provides.

(Obviously, other websites or online services, including ones to which I may link and/or on which I have accounts, may also use embedded content, including other types of content and/or content from providers not specified here, which in most cases is outside of my control. See the applicable website or service’s privacy policy for more information. Embedded content used on my automotive website, Ate Up With Motor, and/or my professional writing/editing/writing consulting website, 6200 Productions, is described in those websites’ respective privacy policies; again, you can find links to those policies near the top of this page.)

Advertising

Advertisements (including sponsored links), if any that appear on the publicly visible/publicly accessible portions of this website are served by me — that is, the advertisement content is hosted on my website server along with the other site content rather than being served by some external provider. I do not permit my advertisers to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of the site. (Advertisements, banners, or donation boxes on the site’s administrative dashboard may sometimes collect personal information, but since the dashboard is only accessible to logged-in administrative users, such information-gathering and disclosure normally only involves my information, not that of other site visitors.) However, if you click on advertising links or otherwise patronize my advertisers’ businesses, they may gather and use information about you — potentially for various commercial purposes — as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control.

The developers of some of the plugins, themes, and/or other components I use on this website may sometimes display advertisements, donation boxes, or other commercial messages on portions of the site’s administrative dashboard, which is not normally visible or accessible to visitors other than logged-in administrative users. For example, the settings menu for a particular plugin might display an advertisement for a premium version of that plugin or for the developer’s other products or services. Such dashboard advertisements may set cookies and/or incorporate embedded content and/or other information-gathering mechanisms, which may gather information about administrative users who access that content (such as their IP address, user agent information, and/or browser settings and/or add-ons) in the manner described in the “Embedded Content” section above. The collection, use, and retention of such data is controlled by the applicable developers and/or their respective service providers and is typically outside of my control. Because these advertisements are usually not publicly visible or accessible, this information-gathering normally affects only site administrators — meaning me — NOT other site visitors.

Information You Provide to Us

Through your use of this website, you may provide me with personal information in a number of different ways, described in the sections below.

For obvious reasons, I cannot provide certain services or functionality if you don’t provide me with at least a certain amount of accurate information — for example, I can’t respond to your inquiries if I don’t have a valid email address or other contact information for you. I typically also need your legal name and certain other personal information for financial transactions (see the “Financial Transactions Policy” section below) and for communications pertaining to financial or legal matters (e.g., copyright inquiries).

Otherwise, you’re under no obligation to share personal information with me beyond what the site collects automatically.

Consents and Agreements

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names*; email addresses*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; other documents/materials (including metadata)*; geolocation data (estimated from IP addresses and/or inferred from other data)*; URLs/websites*; other personal information*; special: details of legal agreements (where applicable)*; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*
  • Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; advertising and other commercial purposes; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Typically indefinite.

When you use this website and/or certain site functions, you may be asked to give your consent for my gathering and/or use of your personal information; save your privacy preferences (e.g., your cookie settings); and/or accept certain legal terms (e.g., the
Terms of Use). Some site functions and/or content may not be available unless you agree to the Privacy Policy and/or other applicable terms.

Certain consent and privacy preference settings may be stored on your device/browser using cookies and/or similar technologies (see the “Cookies and Similar Technologies” section above). Other consents, preferences, and/or agreements may be recorded in the website database and/or other records, and may be associated with other information I have gathered and/or that you submit to me (e.g., your comment(s) and/or form submission(s)). If you withdraw your consent(s), change your privacy preferences, and/or update or otherwise modify your consent(s) and/or agreement(s) (e.g., to indicate your acceptance of a revised version of this Privacy Policy), those changes may be stored and/or recorded in similar ways.

Where I compile records of user consents, agreements, and/or privacy preferences, those records are usually maintained indefinitely unless a user requests removal of their data (after which I may still retain certain records for audit and compliance purposes and/or for other legal reasons). However, I may periodically delete stored consents, agreements, and/or privacy preferences if they appear to have come from bots rather than human users, or, in some cases, if that information was recorded in connection with some plugin, service, or tool I no longer use (in which case the recorded information may no longer be usable).

I may disclose saved consent and/or agreement data in connection with a related dispute or legal action, and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Age Verification

  • Categories of information gathered: Other personal information (birth dates/ages); special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*
  • Purpose(s): Functionality; providing a service; legal compliance or audit; security, troubleshooting, quality control, and technical improvement
  • Data retention: None, although age verification cookies (which do not contain your birth date or age, just whether or not you’ve passed the verification test) may remain on your device for up to 14 days.

Before you access certain content on this website, you may be asked to enter your birth date to verify that you are at least 18 years old. The birth date you enter is used only to calculate your age, perform a single logical test (are you at least 18, yes or no), and then place a cookie (see the “Cookies and Similar Technologies” section above) on your device/browser that indicates whether or not you have passed this age verification test. If you fail the verification test, the website may place a cookie on your device/browser to prevent you from trying again to access any age-restricted content.

Each time you access age-restricted content on this site, the website will check for these cookies. If you delete the age verification cookies or if they expire, you may be prompted to enter your birth date again.

The website does not retain either the birth date you enter or the age the verification system calculates, and I do not use that information for any other purpose. (If you access or somehow indicate to me that you’ve accessed age-restricted content on this site — for example, if you leave a comment on an age-restricted post — I will reasonably assume that you are over 18, but the age verification system itself does not store or tell me your actual age or date of birth.)

If you have questions about the age verification system, please contact me via one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.

Comments

  • Categories of information gathered: IP addresses; user agent information; visitor activity; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*
  • Purpose(s): Functionality; providing a service; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Typically indefinite, although I promptly delete spam/abuse, comments the submitter asks me to delete, and/or comments on or in reply to a comment or other content that has been deleted. IP address and user agent information of published comments may be redacted after publication.

Note: Although the comment function includes a box for your name, you are perfectly free to comment me using only a pseudonym. However, without a valid email address, I won’t be able to contact you with any questions about your comment and I may not be able to associate that comment with any other personal information about you (so, for example, it won’t be included if you use the data retrieval tools on the Privacy Tools page).

Comments you submit are usually moderated, meaning they are not published until I approve them. Any comment you submit may also be subjected to certain automated tests for security purposes. For example (but without limitation), if your IP address was previously used to spam this website; if your IP address and/or user agent appear on ban lists/blacklists I have obtained; if your comment contains hyperlinks, common spam keywords (such as the trade names of certain well-known prescription pharmaceuticals), or suspicious code; or if you posted the comment using an automated script rather than the normal comment form, your comment may be flagged as spam or automatically deleted. Also, if your comment contains hyperlinks, certain types of HTML/PHP or other code, emojis, and/or special characters, they may be removed, either by being automatically “stripped” prior to publication or manually deleted by me.

Each time a comment is submitted, the website automatically forwards that comment to me as an email notification so that I can review the comment and decide whether or not to approve and publish it. (As noted in “Security Scans” above, this means that any information in your comment may be scanned for spam and/or malware by me and/or my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s).)

By submitting a comment, I will assume that you are expressly authorizing me to publish and use the contents of that comment (including any images, other media files, and/or links the comment may contain) Comment Policy section of the Terms of Use. If your comment is approved and published, any information you entered in the “Name” and “Comment” fields (and/or the “Website” field, if I have enabled it) will become publicly visible. The email address you entered in the “Email” field will not be published, nor will your IP address, although any contact information you may have included in the “Comment” field will be, as will any images and/or other media files you include and the metadata of those files. (See the “Data in Submitted Images” section below.) If the site’s “Recent Comments” widgets are enabled, your name/pseudonym and a link to your comment may also be visible on the home page and other areas of the website as well as the specific article you commented on; the contents of published comments may also appear in search results of the website’s search function. If I have enabled the option that allows visitors to request email notifications of replies or follow-up comments, copies of your published comment may also be emailed to visitors who have requested such notifications. Once your comment is published, I cannot control and take no responsibility for what third parties may do with any publicly visible personal information that comment contains!

As explained in the “Commenting” subsection of the Cookie Notice, when you submit a comment, you may have the option to save your name, email, and URL for use in future comments. Doing so places a set of cookies on your device to store that information. These cookies are browser-specific (that is, they work only in the web browser in which you set them) and normally expire in just under one year unless otherwise deleted. These cookies are not set at all unless you select the appropriate option when submitting a comment, and you can delete the cookies in your browser at any time.

When you submit a comment, you may also have the option to request email notifications each time a reply and/or follow-up comment is posted. If you have previously requested such notifications and wish to stop receiving them, please contact me via email (to admin (at) aaronseverson (dot) com) or by leaving a comment elsewhere on the site asking me to disable the notifications or remove that comment.

If you submit a valid email address with your comment, I may email you at that address prior to or instead of publishing the comment, particularly if I have questions or need to clarify some aspect of your comment. For example (but without limitation), if you have submitted two very similar comments, I might email you to ask which one you prefer me to publish, and if your comment contains what appears to be particularly sensitive information, I typically try to double-check that you wish to publish that information before approving it.

From time to time, I may gather additional personal information about you in connection with your submitted comment(s). For example (but without limitation), I might look up your name in a search engine to better understand who you are and the context of your comment.

Although the website automatically collects the IP address and user agent information of anyone who submits a comment (information I need for security and troubleshooting purposes and to distinguish human users from automated “bots”), I typically redact that information after a comment is published. I retain the email address along with the comment in case I need to contact the person who submitted it with any questions or issues related to the comment; email addresses are also my primary means of associating comments with the people who submitted them in the event I receive a request to access, delete, and/or correct personal information.

If you would like to edit or remove any of your published comments, please let me know by leaving another comment or emailing me at admin (at) aaronseverson (dot) com, specifying the comment(s) in question and explaining what you want me to do. (I may ask you to clarify or confirm your request before making the change or deletion, especially if I’m not sure exactly what you want me to do or if I need to take additional steps to verify your identity.)

The deletion of a comment (whether at your request or at my discretion) typically also deletes its associated information, although I may retain that information if I still need it for some specific purpose (e.g., for security or troubleshooting, for legal reasons, or because it contains information pertaining to my content or research), and copies of the comment and its associated information may remain for a time in backups or archives created by me and/or my web host. Keep in mind that even if a previously published comment is deleted, any publicly visible information in that comment (and/or any image(s) or other media it may have included) may have been accessed and/or used by third parties prior to its removal, which is beyond my control.

Obviously, if you’ve left multiple comments and/or communicated with me in other ways, I may still retain your email address and/or other information in connection with your other comments/messages even if certain of your individual comments are deleted.

I may disclose non-public information related to user comments as described in “Disclosure of Personally Identifying Information” below.

Contact Forms

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: details of legal agreements (where applicable)*; special: mobile phone types/models (determined from user agent information)*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*
  • Purpose(s): Functionality; providing a service; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Typically indefinite, although I promptly delete obvious spam/abuse, duplicates, blank or unreadable submissions, and/or any submission containing suspicious code and/or suspicious links. Form submission data I retain is normally removed from the website server(s) to local and/or offline storage after receipt (although in some cases it may be captured in routine database backup files created by me and/or my web host, which may remain on the server(s) for longer periods) and I may sometimes redact certain portions that I no longer need. Information from California Privacy Request Form submissions must be retained for at least 24 months for compliance purposes. See also the “Additional Information About Data Retention” section below.

This section applies to California Privacy Request Forms submitted through the Do Not Sell My Personal Information page, and/or any other contact or feedback forms I may add or offer on the aaronseverson.com website.

This website may perform certain automated tests on form submissions in order to filter out submissions made by automated bots and discourage spam and other malicious activity. For example (but without limitation), if your IP address was previously used to spam this website; if your IP address and/or user agent appear on ban lists/blacklists supplied by my security and/or anti-spam plugins; if your submission contains hyperlinks, common spam keywords (such as the trade names of certain well-known prescription pharmaceuticals), or suspicious code; if you submit the form using an automated script; if you incorrectly answer a captcha or math challenge; and/or if you fill in certain “honeypot” fields not intended to be completed by human users, your submission may be flagged as spam or automatically deleted. If your form submission contains HTML/PHP code, emojis, and/or special characters, they may be removed. This automatic filtering is in addition to human moderation of form submissions; I routinely delete submissions that appear to be spam or contain suspicious code.

Because the website forwards new form submissions to me as email notifications, your submitted information may also be scanned for spam and/or malware, as described in the “Security Scans” section above.

When I receive your submission, I may gather additional personal information about you to verify your identity and/or help me better understand the context of your inquiry. For example (but without limitation), if you send me a message containing a business offer or advertising inquiry, I might look up your company name and/or visit your website to learn more about the nature of your business.

If I reply to your submission, I will normally do so via the email address you submitted unless you indicate that you wish me to respond in some other way.

If you use the California Privacy Request Form on the Do Not Sell My Personal Information page to submit a request to exercise your privacy rights under the California Consumer Privacy Act of 2018 (CCPA) (see “California Privacy and Data Protection Rights” below for more information about this law), or if you submit a CCPA request on behalf of someone else for whom you are acting as an authorized agent, I will contact you to discuss the next steps involved in processing your request, which may require me to verify your identity.

For contact or feedback form submissions OTHER than California Privacy Request Forms, I may publish your message or portions of it under the following circumstances:

  • If your inquiry includes corrections, clarifications, and/or suggestions pertaining to my content, I may incorporate the factual substance of your corrections, clarifications, and/or suggestions into the applicable content (e.g., to correct or clarify factual or typographical errors you identified).
  • If your inquiry provides significant assistance with the management of this website, my content, and/or some related matter(s), I may elect to publicly acknowledge and/or thank you by name or applicable pseudonym, unless you ask me not to or I reasonably surmise that you prefer not to be acknowledged or identified.
  • If you ask a general question or report some functional or technical issue with the site, I may (unless you ask me not to) publish excerpts of your question or report on the aaronseverson.com website to respond to your inquiry and/or support other users with similar concerns. I will redact any information that appears to be personally identifying other than your name or pseudonym. If I have published your inquiry in this manner and you wish me to amend or further redact it (for example, to remove your name and substitute a pseudonym), I will make all reasonable efforts to accommodate your request provided that it does not infringe upon the rights of others or attempt to impersonate some other individual or organization.
  • In the event your message identifies a technical problem that I am unable to fix, I may publish or otherwise communicate the substance of your reported issue (but NOT your name or other personal information) on this website in other public forums (e.g., the WordPress support forums), and/or to other third parties to help me determine how to address or repair the problem you identified. (WordPress is a registered trademark of the WordPress Foundation.)
  • If you ask or authorize me to publish your message (or some portion of it), I may do so as I deem appropriate.

I may share information related to CCPA requests to the extent required and/or otherwise permitted by applicable law/regulations for administrative and/or compliance purposes; to respond to subpoenas or other court orders; and/or to publish de-identified and/or aggregated information about requests I receive, as described in “Reports and Aggregated Statistics” below.

Otherwise, I may disclose information I receive through and/or in connection with form submissions as described in “Disclosure of Personally Identifying Information” below.

Other Inquiries, Messages, and Support Requests

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)*
  • Purpose(s): Functionality; providing a service; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Varies, but potentially indefinite; see “Additional Information About Data Retention” below.

This section refers to messages or communications I receive about or in connection with this website OTHER than through comments or Contact Forms (such as, without limitation, support requests sent via email, site-related inquiries sent via postal mail, and/or site-related calls to my Google Voice number).

Special Note: In general, you’re perfectly free to contact me using a pseudonym unless your communication(s) pertain to a legal matter, a specific financial transaction, or certain privacy-related requests, in which case I may need your legal name. Obviously, some modes of communication are better suited than others for anonymity.

The types of personal information I collect in connection with such messages can vary significantly depending on the specific mode of communication. For example (but without limitation), a text message is unlikely to include your IP address or user agent information, but will almost certainly reveal your phone number, and a voice mail message will obviously record your voice (which with Google Voice messages may be automatically transcribed). Email messages typically include a variety of potentially personally identifying metadata in the email headers and any file attachments, such as images (see “Data in Submitted Images” below). If you contact me via a third-party website or service such as social media, the message will likely include your account name, profile picture, and potentially information in your public profile and/or that you otherwise make visible to me; the messages themselves might also be publicly visible. With some third-party services, individual settings may also affect what information is shared and/or accessible in connection with messages and/or other communications.

As noted in the “Comments” section above, when you contact me, I may sometimes gather additional information about you to help me better understand who you are and the context of your message. For example (but without limitation), if I receive a telephone call from an unfamiliar number, I might look up the number in a search engine or reverse telephone directory, and if you email me a business proposition, I might visit your website to learn more about your business before replying.

If I reply to your message, I will normally do so via the same means you used to contact me unless you indicate that you wish me to respond in some other way. In some cases (such as if I receive messages related to one of my other websites through the admin address for this one, or if you send me site-related email through one of my personal accounts or addresses), I may, if possible, forward the message to an appropriate administrative account or address and respond from there instead.

Keep in mind that messages exchanged via a third-party site or service are subject to the terms of service/terms of use and privacy policy of the applicable service, which are outside of my control. This includes (without limitation) calls and/or texts made or received using the Google Voice communications service and/or any messages sent or received via my personal accounts on the Gmail mail service and/or Yahoo! Mail. Although I now strive to limit my use of third-party webmail accounts for site-related business, some messages related to this website (such as, without limitation, notifications, call and/or voice mail transcripts, texts, and/or other messages made or received via my Google Voice number, and/or notifications or other messages pertaining to other Google and/or Yahoo! services I may use) may occasionally be sent/received via and/or remain archived in those accounts, which are subject to those services’ respective privacy policies. (Gmail is a trademark of Google LLC; Google Voice is a service provided by Google Voice, Inc., a subsidiary of Google LLC; both are subject to the Google Privacy Policy, and the use of Google Voice is also subject to the Google Voice Privacy Disclosure. (Google is a registered trademark of Google LLC.) Yahoo! and Yahoo! Mail are trademarks of Yahoo! Inc., which is now part of Verizon Media®, a division of Verizon Communications, Inc.; their services are subject to the Verizon Media Privacy Policy and/or the previous Yahoo! Privacy Policy. (Verizon and Verizon Media are registered trademarks of Verizon.) I initiated the closure of my Yahoo! account on November 11, 2019, although I retain my personal Gmail accounts.)

As explained in the “Security Scans” section above, messages I send or receive via email or text may be scanned for spam and/or malware by me and/or (as applicable) my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s). This may include messages I receive through a third-party website or service if I have message notifications forwarded to me via email or text message. (With some services, notifications include only the fact that a new message was received from a particular sender; other services include some or all of the message in the notification.)

If you communicate with me by some means or medium that is shared by (and thus accessible to) multiple users, and/or that is publicly accessible — for example (but without limitation), via an email discussion group or group chat, on social media, and/or by transmitting electronic files via shared FTP folder(s) — those communications and any personal information they contain may be visible or otherwise accessible to anyone with access to the shared medium. I cannot control and take no responsibility for what third parties may do with any personal information in shared and/or publicly accessible communications, so you should exercise caution when sharing sensitive information in such ways.

I may publish your messages or other communications, or portions thereof, under the same circumstances as described in the “Contact Forms” section above. Obviously, information that pertains to my articles or other content (for example, if I interview or consult with you in connection with an article) may be published or disclosed in that context. Otherwise, I may disclose personal information I receive through and/or in connection with inquiries, messages, and support requests as described in “Disclosure of Personally Identifying Information” below.

See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The data retention and data use policies of any third-party websites or services you may use to contact me are generally outside of my control.

Other Information You Provide to Me

In certain cases, you may provide me with personal information through and/or pertaining to this website in ways not specifically mentioned above. For example (but without limitation), if you send me an inquiry about this Privacy Policy via postal mail, it will likely include your mailing address as well as any information in your inquiry itself; if for some reason you visit my home and connect your mobile device to my personal wireless network (which is not available to the general public), my wireless router may log certain information about your device and/or its Internet connections. Any images and/or other media you provide to me may contain a variety of personal information; see “Data in Submitted Images” below. (These are just a few of the many possibilities, not an exhaustive list.)

My use and retention of personal information you provide to me in such ways will depend on the nature of the information and the context in which I received it, although in general, I only disclose such information as described in “Disclosure of Personally Identifying Information” below. See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.

Data in Submitted Images

  • Categories of information gathered: Names*; email addresses*; other contact information*; images and/or other media (including metadata); other documents/materials (including metadata)*; geolocation data (provided by the creator/rights holder/repository, determined from metadata, and/or inferred from other data)*; URLs/websites*; other personal information*; special: camera and/or mobile phone types/models (determined from metadata or inferred from other data)*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)*; special: other visible and/or audible identifiers and/or potentially personally identifying information (such as (without limitation) a pictured car’s license plate and/or vehicle identification numbers)*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: See below.

Photographs and other images or media I collect for use on this website (or for some related purpose) — whether submitted by you in connection with a comment or other communication; created by me; or obtained from some other source — may contain an assortment of personal information.

First, the recognizable likeness of any individual person in an image or video (and/or their voice in a video or audio recording or broadcast) is usually considered to be personal information about that individual. The image might also contain and/or allow me to infer other types of personal information.

Second, digital media files usually contain metadata (such as Exif information) added by the camera or device that originally generated the file and/or by any software used to edit it, some of which may include and/or constitute personal information and/or potentially personally identifying information. At a minimum, metadata normally includes the filename, type, size, creation date/time, and the date/time of the most recent modification of that file. For digital photos, metadata typically also includes the make and model of the camera/device, camera and image settings (e.g., shutter speed, F-stop, color profile, whether the flash fired), and sometimes the type and version of any editing software used. Depending on the type of camera/device, the software used, and the individual settings, the metadata could also include other personally identifying and/or potentially personally identifying information, such as the photographer’s name and/or the location where the photo was taken, based on GPS coordinates (a common option on modern GPS-equipped cameras and mobile devices). Video and/or audio recording devices and/or editing software may add various metadata to other types of digital media files. The number of potential variations is too great to detail here, so you should consult the documentation and settings for your individual device and software.

Naturally, if you submit an image or other media file to me, you are providing me with any information contained in the image or media file and its metadata. When the image or media file is published on this website, this information may be included, making it publicly available. I cannot control and take no responsibility for what third parties may do with any personal information a published image/other media file or its metadata may contain.

If I use your images and/or other media on this website, I may also ADD metadata to the file(s) and/or alter the filename(s) to indicate your copyright and license information (e.g., “© 2018 John Doe; used with permission”). This helps me to keep track of the provenance of the media files I use.

I typically also gather additional information about the images and/or other media I use and any subjects and/or settings they depict or illustrate so that I can correctly identify and describe them.

If you submit an image or other media file to me, you are free to remove or redact any personally identifying metadata it may contain — and/or to obscure personal information in the image or media itself — prior to submitting it to me. (Certain types of metadata (e.g., file extensions) are necessary for an electronic file to function properly, but other metadata can be edited or redacted, either through your computer’s file system or by using appropriate editing tools.)

In some cases, I may be able, upon your request, to remove or obscure personal information from the images or other media files you submit to me or from specifically previously submitted ones. I may also elect to remove certain data on my own initiative and/or do so incidentally in the process of preparing the images/media files for use (e.g., by creating a resized copy of an image that omits some or all of the original image file’s metadata). However, please note that this is not always feasible. Also, if the image is owned by someone else, I might need the rights holder’s advance permission to alter it.

If I remove or obscure information from an image or other media file that has already been published on this website, copies of the original version (with personally identifying information intact) may remain for a time in cached pages and/or backup files created by me and/or my web host. Again, please keep in mind that any personal information contained in the earlier version of the image or media file may already have been accessed and/or used by third parties during the time it was publicly available, which is beyond my control.

I typically retain indefinitely offline copies and archival backups of the photos, images, and other media files I publish on this website, including, where possible, the associated work files and editing stages, if any, for images or files I have modified. However, I may delete, destroy, or discard certain specific images and/or other media files if they are duplicates; if I deem them unusable (e.g., photos that are out of focus, badly cropped, or too dark to see clearly); if the files are damaged or corrupt; if I have agreed and/or have some contractual or legal reason to delete them (e.g., if I have agreed to delete all copies of a particular image); or if I elect to not use them (or to discontinue using them) for some other reason. If I have contact information and/or other relevant data pertaining to the creator(s) and/or subject(s) of a particular photograph, image, or other media file, I customarily retain that data for at least as long as I retain the file itself.

If you have questions about image-related data, please contact me through one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.

Data Related to Recruitment/Hiring or Business Partnerships

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses); images and/or other media (including metadata)*; other documents/materials (including metadata); geolocation data*; URLs/websites*; other personal information; special: mobile phone types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)*
  • Purpose(s): Providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
  • Data retention: Potentially indefinite, although I may delete or discard unsolicited offers or inquiries, spam, inquiries or applications that I believe to be fraudulent or submitted by bots, and/or information I have some legal or contractual obligation to delete or discard; see below for more details.

From time to time, I may seek to recruit and/or hire temporary or permanent employees, interns, and/or independent contractors to help me provide my services and/or perform specific tasks or functions for me. In some cases, I may enter or contemplate entering some other type of professional relationship with some other individual or entity: for example, a formal business partnership or joint venture (JV).

Please note that the inclusion of this section DOES NOT necessarily mean that I am hiring, soliciting partnership or JV proposals, or likely to do so in the immediately foreseeable future. The purpose of this section is to describe my policy for handling information in such situations.

In such situations, I may collect (to the extent permitted by applicable law/regulations) a broad range of personal information about any prospective employees, contractors, or business partners, such as (without limitation) contact information; resumes/CVs; education information; professional certifications and/or licensure information; employment history; professional references or information about previous clients and/or business ventures; professional portfolios and/or other samples; skill or aptitude test results; government-issued identification; information about their authorization to work in my locale; salary or compensation information and/or history; tax-related information; and/or the various types of information revealed in a typical background check or investigation. (This is not an exhaustive list; the types of information I collect may vary depending on the context, and applicable law/regulations may dictate what types of information I must and/or must not collect or consider.) Obviously, I may also make various inferences based on the information I collect, such as my judgment of a candidate or applicant’s suitability for a specific role or whether a proposed venture is in my interests.

The information I collect may come from the candidates/applicants/contractors/prospective partners themselves and/or from a variety of third-party sources such as (again without limitation) staffing agencies/employment agencies, background check services, professional references or previous clients, subject matter experts, public records, news stories, and/or other publicly available information or records.

My retention of such data varies depending on the context in which I received it. I may promptly delete unsolicited offers or solicitations as spam, although I typically retain inquiries to which I respond, even if I decline them. If I advertise a job opening, I may indefinitely retain applications I receive, whether or not the opening is filled, although I may discard applications that appear to be fraudulent or that were obviously generated by bots rather than people. My retention of applications or related information I receive through third parties such as staffing agencies/employment agencies, and/or information I receive in connection with an offer of partnership or other business proposal, may be subject to certain contractual requirements (e.g., an obligation to return or destroy certain information after a specific period of time). Applicable law/regulations may also govern whether and for how long I retain employment, hiring, application, and/or related information. The retention of related data by third parties (such as, without limitation, staffing agencies/employment agencies and/or other vendors or service providers) may be subject to the individual policies of the applicable third parties, which in many cases is outside of my control.

I may share information pertaining to prospective employees, contractors, business partners, and/or other proposals or business ventures as I deem reasonable and appropriate (and to the extent permitted by applicable law/regulations and/or any relevant contractual obligations) for me to make informed hiring, employment, and/or other business decisions. For example (but without limitation), I might share a job applicant’s information with a service that performs background checks for me, discuss a prospective independent contractor’s work and professional reputation with their previous clients, or seek financial and/or legal advice regarding a possible partnership or other business venture. I may also share or disclose the information as otherwise described in “Disclosure of Personally Identifying Information” below.

Financial Transactions Policy

  • Categories of information gathered: IP addresses*; user agent information*; visitor activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (possibly including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: amounts and other transaction-specific details and/or other financial information such as transaction IDs, checks, and/or tax forms*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)* (Please note that the applicable payment processor(s) and/or bank(s)/financial institution(s) may also collect other types of information not listed here.)
  • Purpose(s): Providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; advertising and other commercial purposes
  • Data retention: Typically indefinite; see below.

The following policy applies to financial transactions with me that pertain to the aaronseverson.com website, such as (without limitation) the purchase of advertisements on this website.

Please note that this policy applies only to transactions pertaining directly to the aaronseverson.com website, and then only to transactions you enter into with me, NOT to your transactions with third-party vendors, retailers, or services, which are outside of my control. For example, if you purchase a copy of some work I have written through an online bookseller, the bookseller’s policies will apply, NOT this Financial Transactions Policy. Transactions related to my professional writing/editing/writing consulting business, 6200 Productions, will be subject to its separate Financial Transactions Policy, while transactions related to my automotive website, Ate Up With Motor, will be subject to the Ate Up With Motor Financial Transactions Policy, not this one. (You should refer to those separate policies where applicable; while the policies are generally similar, they are not identical.)

If your transaction is pursuant to a separate written agreement with me (such as, without limitation, a contract for my professional services, an advertising or endorsement agreement, or a license agreement for the use of my content), the terms of that agreement shall, where applicable, take precedence over the terms of this Financial Transactions Policy.

Transaction-Related Information Gathering

If you enter into a financial transaction with me that pertains directly to the aaronseverson.com website — whether to make a payment to me or for me to pay you for goods, services, or some other purpose — I may collect certain personal information from you, such as (without limitation) your name, company name (if applicable), email address, billing address and/or other contact information, transaction details, payment information, invoice numbers and/or other transaction identifiers, and (where applicable) relevant tax documents such as (again without limitation) Form 1099-MISC and/or Form W-9. I may use this information for billing/invoicing; so that I can process and complete your transaction(s); to respond to your transaction-related questions, inquiries, and/or comments; for my administrative, accounting/bookkeeping, tax reporting, and/or legal compliance purposes; for service improvement purposes; for fraud prevention and/or other security purposes; and/or to fulfill my contractual obligations to the applicable payment processor(s), financial institution(s), and/or other relevant third parties (e.g., my agent(s) and/or manager(s), if any).

If your transaction is via a third-party payment processing service such as PayPal®, much of this information, including payment details such as bank account or credit card numbers, will be collected and processed by the payment processor rather than by me. For other types of transactions, that information may be collected and processed directly by me and/or the relevant financial institutions. (For example, if you make a payment to me by check, the check will necessarily include the routing and account numbers so that the applicable banks or other financial institutions can process the deposit and the transfer of funds.)

Transactions made via PayPal® are subject to the PayPal User Agreement, the PayPal Privacy Statement, and any other applicable PayPal policies and/or requirements. (Please note that these may differ depending on where you are.) PayPal may also use cookies and/or similar technologies in the payment button and/or the shopping cart to collect information about, track, and/or identify users, in addition to whatever information the service may collect to log you into your PayPal account (if any) and/or complete your transaction. I do not have access to user data gathered by PayPal except for the information I receive in connection with a completed PayPal transaction, which is described in the following paragraph.

If you make a payment to me via PayPal, I receive a standard transaction report (which is sent to me via email as well as being stored in my PayPal account) that contains various personal information, including (though not necessarily limited to) a unique transaction ID number, your name, email address, mailing address, the date and amount of your payment, whether or not you are a Verified PayPal user, and any notes or additional instructions you provided. If your payment was for a PayPal invoice, a copy of that invoice will be appended to the report. This transaction report does NOT include your bank account or credit card numbers — PayPal does not provide and I do not have access to the credit card or bank information you use with your PayPal transactions or have associated with your PayPal account. (PayPal is a registered trademark of PayPal, Inc. All button icons, custom graphics, logos, page headers, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal or PayPal’s licensors.)

In some cases, I may seek additional information about you in connection with your transaction, either from you directly and/or from third-party sources. Some examples might include (without limitation) looking up your address in a mapping or navigation service to clarify delivery instructions for a courier or other delivery provider; checking with the applicable postal service to verify your ZIP Code or other postal code; inquiring whether payments made from a business account or business email address are for the business or for the individual; and/or investigating suspected fraud and/or other security issues. (These are just a few representative examples, not an exhaustive list.)

If I enter into and/or complete a transaction with you via a third-party service, the applicable service may provide me with additional information about you and/or other individual(s) or entities involved with that transaction (e.g., your profile picture, if any, on that service), as further described in “Transaction-Related Information I Receive from Third Parties” below.

Currency

Payments to me should be in U.S. funds, with any exceptions to be discussed in advance and subject to my prior approval.

Some payment processors, including PayPal, will automatically convert payments or funds transfers to the recipient’s preferred currency, or at least give you the option to do so. If your transaction is via PayPal, you may assume any non-U.S. funds will be appropriately converted unless PayPal warns or notifies you otherwise. (PayPal is a registered trademark of PayPal, Inc.)

For other types of transactions drawn on non-U.S. funds, such as international wire transfers, please contact me in advance so that we can discuss appropriate arrangements for currency conversion.

Checks and Money Orders

Unless I indicate otherwise, payments by check, money order, or bank draft/cashier’s check/teller’s check should be made payable to Aaron Severson.

Taxes

For certain types of transactions, I may be required to collect tax (such as sales or use tax) from you and pay it directly to the applicable tax agency or agencies. Please note that you may owe tax (e.g., sales/use tax, VAT, or other tax) on transactions with me even if I do not collect such tax from you. Any applicable taxes you may owe that I do not collect from you are your sole responsibility.

Returned Check Fees

Payments you make to me by check or bank draft that are rejected or returned by my financial institution(s) for insufficient funds or for any other reason shall be subject to a $35 returned check fee. (This fee is to cover the fees my financial institutions charge me in such circumstances.) I reserve the right to waive this returned check fee at my sole discretion.

Refunds and Returns

The following refund and return policy shall apply to payments you make to me pertaining directly to aaronseverson.com:

  • Advertising Purchases: You may cancel your ad on aaronseverson.com for a full refund within five days of your payment. If you choose to cancel your ad after five days but prior to the expiration date, I will credit the prorated remainder of the commitment period toward a future ad, but cannot provide a cash refund except where I are required to do so by the applicable payment processor(s) and/or financial institution(s) or as otherwise required by law. Notwithstanding the foregoing, I reserve the right to refuse and/or refund any individual advertising purchase or purchases at my sole discretion.
  • Other Purchases: Purchases of goods or services other than advertising are fully refundable prior to the delivery by me of the applicable good(s) or the performance by me of the applicable service(s). In the event you purchase tangible good(s) (e.g., a printed book) from me, you may return the purchased good(s) for a full refund, less any applicable shipping costs, within 21 days of the date of your payment or the period allowed by the applicable payment processor(s), whichever is greater. Purchases of digital goods and/or services other than advertising (such as, without limitation, the purchase of an ebook and/or payment(s) for my writing/editing/writing consulting services) are nonrefundable once the applicable good(s) or service(s) have been delivered or performed (as applicable) by me, except as otherwise required by the applicable payment processor(s) and/or financial institution(s) or otherwise required by law. Notwithstanding the foregoing, I reserve the right to refuse and/or refund any individual purchase or purchases, and/or any applicable shipping costs, at my sole discretion.
  • Other Types of Transactions: For transactions that do not fit into any of the above categories (including, though not limited to, payment(s) of license fees and/or royalties for the reuse of my content), eligibility for refunds or returns shall be determined on a case-by-case basis and shall be at my sole discretion, except as otherwise required by the applicable payment processor(s) and/or financial institution(s) or otherwise required by law. I reserve the right to refuse and/or refund any individual transaction at my sole discretion.

Information Sharing

By making a payment (whether by check or money order, via PayPal, or by any other means), you grant me express permission to disclose information associated with your transaction(s), including, where appropriate, copies of any applicable invoices, checks and/or receipts, PayPal transaction reports (if applicable), shipping records (if any), and/or related tax documents:

  1. To the applicable email, telephony, and/or other communications service provider(s), for purposes of transaction-related communications; and/or:
  2. To the applicable postal service(s), common carrier, or shipping agency, in the event I must mail, ship, or deliver anything in connection with your transaction; and/or:
  3. To the applicable third party or parties, in the event the transaction is for or on behalf of some other person(s) or entity (e.g., a purchase made as a gift for someone); and/or:
  4. To my legal counsel, accountant/bookkeeper, tax preparer, and/or tax attorney, as I deem reasonably necessary to my routine business operations and/or for my legal protection; and/or:
  5. To my independent contractors, employees, agents, and/or business partners (if any) that need to know the information in order to complete your transaction, support my routine business operations, and/or otherwise perform services for me or on my behalf; and/or:
  6. To my applicable payment processor(s) and/or bank(s)/financial institution(s); their legal counsel, auditors, and/or fraud protection services (for example, if I must provide information for a dispute or fraud investigation); and/or as otherwise required by my contractual agreements with said payment processor(s) and/or bank(s)/financial institution(s); and/or:
  7. To any applicable federal, state, local, or other tax agency (whether within or outside the United States), where I deem it reasonably necessary to ensure my compliance with applicable tax laws and/or regulations (e.g., to calculate or estimate applicable tax rates and/or in connection with tax returns, filings, withholding, and/or estimated tax payments), or in connection with audits or other official investigations; and/or:
  8. As otherwise required by law (e.g., to comply with applicable government reporting or disclosure requirements, such as customs inspections; in connection with a civil or criminal trial or other official investigation or proceeding; or if I have received a subpoena or court order requiring me to disclose certain information); and/or:
  9. As otherwise described in “Disclosure of Personally Identifying Information” below.

Where applicable, I may also disclose in any or all of the above-listed ways personal information related to payments I make to you that pertain directly to the aaronseverson.com website. If the information pertains to my purchase of site-related products or services (or some other, similar transaction(s)), I may also use relevant portions of that information as part of and/or in connection with reviews and/or other commentary regarding the applicable transaction(s). For example (but without limitation), if I post a review of a recent site-related purchase, I might mention my experience with the specific salesperson or customer service representative who assisted me.

By making a payment, you also grant me express permission to contact you via email and/or postal mail to acknowledge, complete, and/or address questions or issues related to your transaction(s) with me, and, if you call or text me regarding your transaction, to respond to your calls and/or texts via the same means.

As explained in the “Security Scans” section of the Privacy Policy, messages and/or notifications that I send or receive via email or text, including transaction-related notifications and/or messages, may be scanned for spam and/or malware by me and/or (as applicable) my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s).

Data Retention

I must retain information about financial transactions — including ones I refuse and/or refund — so that I can respond to your transaction-related questions, inquiries, and/or comments; for administrative, accounting/bookkeeping, tax reporting, and/or legal compliance purposes; for service improvement purposes; for fraud prevention and/or other security purposes; so that I can respond appropriately in the event of a payment dispute, audit, or other investigation; and/or to otherwise fulfill my contractual obligations to the applicable payment processor(s), financial institution(s), and/or other relevant third parties (e.g., my agent(s) and/or manager(s), if any). (My service agreements with my payment processors and/or financial institutions typically require me to cooperate with their investigations and to respond promptly to their requests for relevant information.) See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The retention of transaction-related data by third parties (such as, without limitation, applicable tax agencies, bank(s)/financial institution(s), and/or payment processor(s)) is subject to the individual policies of the applicable third parties, and in most cases is outside of my control.

Customer Service Information

If you have questions about this Financial Transactions Policy or need help with a transaction, you can reach me via email at admin (at) aaronseverson (dot) com; by using the Contact Form (if available); or by calling or texting my Google Voice number, (310) 909-7846‬. (IMPORTANT NOTE: Calls or messages to this number may be transcribed and/or recorded, and transcriptions, recordings, call notifications (including notifications of missed calls), texts, and/or other messages may be forwarded to me via email. This telephone number is provided by the Google Voice communications service, a Voice over Internet Protocol service provided by Google Voice, Inc., a subsidiary of Google LLC. All communications made or received through this number are subject to the Google Privacy Policy and the Google Voice Privacy Disclosure as well as to this Privacy Policy. Google Voice is a trademark of Google LLC; Google is a registered trademark of Google LLC.)

You can also contact me via postal mail:

Aaron Severson
Attn: Customer Service
11100 National Bl. #3
Los Angeles, CA 90064

Information I Receive from Other Sources

Transaction-Related Information I Receive from Third Parties

  • Categories of information gathered: Visitor activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; images and/or other media (possibly including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: amounts and other transaction-specific details and/or other financial information such as transaction IDs and/or payment amounts*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)* (Please note that the applicable vendor(s), service(s), and/or payment processor(s) may also collect other types of information not listed here.)
  • Purpose(s): Providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; advertising and other commercial purposes
  • Data retention: Typically indefinite; see below.

As noted in the “Financial Transactions Policy” section above, I may receive information about you from third parties in connection with your transactions with me (e.g., transaction reports). See that section for more details.

If I offer products or services through some third-party vendor or service (e.g., if I offer a book I’ve written through a third-party publisher), that vendor or service may provide me with information about completed sales or transactions, which in some cases may include personal information about individuals or households who purchase my products or services (rather than just aggregated statistics such as total sales). Similarly, if I purchase products or services through a third-party vendor or service, or complete some other financial transaction via such means, the applicable vendor or service may provide me with additional personal information about other individual(s) or entities involved in the transaction — for example (but without limitation), the seller’s profile picture and/or geographical location, and/or the name of the individual salesperson who processed my order.

Where I receive personal information in such contexts, I may use that information so that I can (if applicable) process and complete the relevant transactions; to respond to transaction-related questions, inquiries, and/or comments; for my administrative, accounting/bookkeeping, tax reporting, and/or legal compliance purposes; for service improvement purposes; for fraud prevention and/or other security purposes; and/or to fulfill my contractual obligations to the applicable third-party vendor or service and/or any other relevant third parties (e.g., my agent(s) and/or manager(s), if any). As noted in the “Financial Transactions Policy” section above, if the information pertains to my purchase of site-related products or services (or some other, similar transaction(s)), I may also use relevant portions of that information as part of and/or in connection with reviews and/or other commentary regarding the applicable transaction(s). For example (but without limitation), if I post a review of a recent site-related purchase, I might mention my experience with the specific salesperson or customer service representative who assisted me.

I typically retain such information indefinitely; it isn’t necessarily separable from transaction records I must retain for bookkeeping and compliance purposes, and some services retain such information (and may continue to make it available to me) indefinitely, whether or not I separately retain it. (See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.) I may disclose such information as described in “Disclosure of Personally Identifying Information” below. The retention of data by third-party vendors or service providers is subject to the individual policies of the applicable third parties, and in most cases is outside of my control.

Information I Receive from Third Parties for Security Purposes

  • Categories of information gathered: IP addresses*; domain names*; user agent information*; email addresses*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*; geolocation data (estimated based on IP address/domain name and/or inferred from other data)*; URLs/websites*; other personal information*; metadata*; special: other technical details (some of which might be potentially personally identifying and/or constitute personal information in certain jurisdictions)*
  • Purpose(s): Fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
  • Data retention: Varies, but potentially indefinite.

Some of the security measures I use to secure this website, its data, and/or my system and devices periodically supply me with ban lists/blacklists/block lists of IP addresses, domain names, email addresses, user agents, and/or other such information that may be associated with malicious activity such as (without limitation) spam and/or attempts to transmit or otherwise propagate malicious code. I may also obtain similar information or lists from sources such as (again without limitation) HackRepair.com; the MVPS HOSTS file; Perishable Press; The Spamhaus Project (Spamhaus is a registered trademark of The Spamhaus Project SLU); security plugins such as (without limitation iThemes Security (iThemes is a trademark of iThemes) and/or Sucuri Security plugin (Sucuri and Sucuri Security are trademarks of Sucuri Inc. and may be registered in certain jurisdictions); the security components of the Microsoft® Windows® operating system and/or its associated software and/or services (Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries); Avast Software s.r.o and/or their subsidiary Piriform (CCleaner®) (AVAST and avast! are registered trademarks of Avast Software s.r.o., while Piriform and CCleaner are registered trademarks of Piriform Ltd.); Bitdefender (Bitdefender is a trademark of Bitdefender); the BlackBerry Limited DTEK by BlackBerry® app on my BlackBerry smartphone(s) (BlackBerry, DTEK, and DTEK by BlackBerry are the trademarks or registered trademarks of BlackBerry Limited); Malwarebytes (Malwarebytes is a trademark of Malwarebytes); Mozilla Firefox (Mozilla and Firefox are trademarks of the Mozilla Foundation in the U.S. and other countries) and/or other web browsers; the NetGuard mobile firewall; Safer-Networking Ltd. (through and/or in connection with their Spybot® security and privacy software/tools; Spybot® and Spybot – Search & Destroy® are registered trademarks of Patrick Kolla-ten Venne); Steven Black’s StevenBlack/hosts; the TinyWall firewall; the security features, firmware, software, and/or services of my ASUS® wireless router(s) (ASUS is either a U.S. registered trademark or trademark of ASUSTeK Computer Inc. in the United States and/or other countries. Reference to any ASUS products, services, processes, or other information and/or use of ASUS Trademarks does not constitute or imply endorsement, sponsorship, or recommendation thereof by ASUS.) and/or NETGEAR® wireless router(s) (NETGEAR is a trademark and/or registered trademark of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries); social media services; the Google Safe Browsing API (which is used by Bitdefender, various web browsers, and some other apps and online services), the Play Protect feature of Google Play, the Google Voice communications service, and/or other Google services (which are subject to the Google Privacy Policy and, for Google Voice, the Google Voice Privacy Disclosure; Google Play, Google Safe Browsing, and Google Voice are trademarks of Google LLC; Google is a registered trademark of Google LLC); Disconnect (whose Tracker Protection lists some web browsers may use to help prevent fingerprinting and/or certain other forms of tracking; Disconnect is a trademark of Disconnect, Inc.); browser extensions such as (without limitation) Adblock Plus® by eyeo and that extension’s related lists (Adblock Plus is a registered trademark of eyeo GmbH), Privacy Badger and/or other browser add-ons or privacy tools Electronic Frontier Foundation (which are subject to the EFF Privacy Policy: Software and Technology Projects; EFF, Electronic Frontier Foundation, and Privacy Badger are trademarks of the Electronic Frontier Foundation), the NoScript extension developed by Giorgio Maone of InformAction; and/or the uBlock Origin extension developed by Raymond Hill; and/or other filter list providers such as (without limitation) EasyList and/or Hosh Sadiq (who maintains the adblock-nocoin-list). From time to time, I may also receive additional security-related information from my web host, Internet service provider(s), mobile carrier(s), and/or bank(s)/financial institution(s); the support forums on WordPress.org (WordPress is a registered trademark of the WordPress Foundation) and/or other support forums or online resources; and/or other sources not specified above.

Naturally, my security software and/or services also maintain regularly updated lists of virus signatures and other detection data to identify and prevent malicious activity. I may also receive alerts and/or other security-related information from various sources regarding third-party data breaches that could potentially expose my online credentials and/or other personal information to malicious actors.

Such security-related information is not necessarily personally identifying (for example, the IP addresses included on spam block lists are typically for email servers rather than individual users), but certain information may be personally identifying or potentially personally identifying (e.g., email addresses associated with spam or telephone numbers used by telemarketers or as part of scams or other malicious activity).

In some cases, I may perform WHOIS, RDAP (Registration Data Access Protocol), and/or similar lookups on visitors’ IP addresses and/or domain names, especially if they have been used for suspicious or malicious activity directed at the website or at me. Such lookups may enable me to determine information such as (though not limited to) the owner of a particular domain registration or the geographic location associated with a particular IP address. My firewalls and/or other security applications/software/services may provide me with similar information about any online servers or resources to which my devices connect or try to connect. (For example, but without limitation, the NetGuard firewall app retrieves such info via IPinfo (a service provided by IDB LLC; IPinfo is a trademark or service mark of IDB LLC or its licensors) to help me understand and control the Internet connections my mobile apps make or attempt to make.)

As noted in the “Data Related to Recruitment/Hiring or Professional Partnerships” section above, I may also commission background checks on candidates I am considering hiring and/or individuals or entities with whom I am considering entering a business partnership or other formal professional relationship, to help me make informed decisions about whether that hire or relationship would present an undue risk to my security.

My retention of such data varies. Much of the information I collect of this kind is managed automatically by my security tools, which regularly update the associated data, adding new information and sometimes changing or removing older data. Also, I periodically make manual changes to that information, such as (without limitation) when I whitelist an email address that was wrongly flagged for spam or blacklist an email address or domain that has sent me suspicious emails.

Special Note: The reason I include “fulfilling a contractual obligation” among the possible purposes listed above is that certain sources from which I obtain security information may impose contractual limits on how I collect and handle that information (e.g., terms of service prohibiting me from altering security update data or interfering with the normal update process) and/or may not permit me to pick and choose which data I do or do not add.

In many cases, such data is already publicly available (for instance, the HackRepair.com list is readily available at their website). I may also share or otherwise disclose such information if I need additional technical assistance and/or otherwise consider such disclosure appropriate for my security and/or the security of others. For example (but without limitation), I might submit to the maintainers of these lists or databases certain email addresses or domain names that have been used in malicious activity directed at me, or post information on support forums in order to obtain help or advice in preventing and/or remediating certain malicious activity.

I may also disclose such information in connection with legal action involving malicious activity, and/or as otherwise described in “Disclosure of Personally Identifying Information” below.

Other Information I Receive from Third-Party Sources

  • Categories of information gathered: Names; email addresses*; other contact information*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data (provided by sources and/or inferred from other data)*; URLs/websites*; other personal information*; special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)*
  • Purpose(s): Functionality; providing a service; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships; advertising and other commercial purposes
  • Data retention: Varies depending on context; see below.

  • From time to time, I may receive personal information about site visitors or otherwise related to this website from other third-party sources. The following are some representative examples of this information-gathering:

    I routinely gather information about the content I write and/or edit (and/or on which I consult), whether for this website or in connection with my business and/or other creative endeavors, professional or otherwise. This often includes information about people involved with and/or otherwise relevant to that content. My research, writing, and editing process often involves discussing and sharing such information with third parties such as (without limitation) subject matter experts, other writers, historians, researchers and/or other academics, journalists, enthusiasts/collectors, librarians, archivists, observers, eyewitnesses, and/or other knowledgeable parties (and/or, in the case of work I perform for others, the applicable client(s) or employer(s)), as well as looking up names and other relevant personal details in sources such as (as applicable, but without limitation) books; magazines; newspapers; films or other videos; audio recordings; and/or online or offline electronic resources such as search engines, library catalogs, websites, and/or databases. My research, writing, and/or editing process may sometimes also include inviting comment from and/or presenting questions to the public regarding related topics. If you are or were somehow involved with the subject(s) of my content, and/or are a public figure, some of the information I gather may be about you, your work, and/or your career. In many cases, this information is drawn from sources that were already publicly available at the time of writing, but it may also include non-public information obtained from a variety of sources. It may also include images, such as (without limitation) publicity photos or official portraits, and/or other media, such as (again without limitation) videos, audio interviews, and/or podcasts. In some cases, I may look for your contact information so I can ask you questions related to my content, request an interview, and/or let you know about content in which you were mentioned. (Naturally, certain information I gather in connection with content I write, edit, and/or otherwise research may also come from you if I communicate with you in connection with my research and/or if you have disclosed the information in some other context known to me.)

    Published works (e.g., books, magazines, CDs, DVDs) I use and/or access in connection with this website, its content, and/or my other creative endeavors (and/or advertising and/or promotional materials related to such published works) often contain an assortment of personal information, both about the subjects of the work and about the people who created, produced, and/or published it. I may also gather additional information about the people described, depicted, and/or involved with such published works, such as (without limitation) seeking to identify pictured individuals not named in a photo caption, determine the names of contributors not credited in the work itself, and/or obtain the contact information of an editor or publisher.

    Similarly, whenever I install software/apps, services, themes, and/or add-ons — particularly software/apps/services/themes/add-ons I use under open source licenses — the software and/or installation files (and/or the website or other source from which I obtained them) may provide me with personal information about the developer/development team (e.g., names, contact information, digital signatures). If you’re a developer, I may collect or have collected information about you in such contexts. Software licenses typically prohibit altering or deleting the credits, copyright notices, and/or other developer information contained in the software, even where the license otherwise permits modification.

    If I use an image or other content you have offered under a Creative Commons license or other, similar license, I typically gather certain publicly available information about you for the purposes of properly attributing that content and otherwise complying with the applicable license terms. (Where I deem it appropriate, I sometimes do the same with content that is in the public domain in my jurisdiction, such as works created by U.S. federal employees in the context of their official duties.) This may include any creator information listed on the hosting service, archive, or repository from which I obtained the content as well as other relevant information I may find in various print or online sources. (Creative Commons, CC, all of the various Creative Commons license and dedication marks, and their associated buttons and icons are trademarks or registered trademarks of Creative Commons.)

    As noted in the “Data in Submitted Images” section above, when I gather photographs, other images, and/or other media intended for use on this website or for some related purpose (whether those images were created by me or obtained from others), I typically look for additional information about the subjects of those images. This information, which may come from a variety of public and/or private sources, may sometimes include personal information and/or potentially personally identifying information, such as (without limitation) biographical details about the famous owners of a particular object shown in a photograph.

    Third-party services and/or service providers may sometimes provide me with personal information about other people who use that service, particularly if those people interact or have previously interacted with me in some way. For example (but without limitation), a messaging service might notify me that someone listed in my phone’s contacts has joined that service, is typing, and/or has seen a particular message. The precise nature and extent of such information naturally depends on the specific service(s) involved.

    Similarly, third-party social media services typically offer a variety of information and insights about the people who interact with me and/or the content I post on those services, and/or whose content I view and/or otherwise interact with on a particular service or services — for example (but without limitation), sending notifications when someone “likes” or comments on my content, or providing insights such as summaries of how many people have viewed or otherwise interacted with a specific post. Again, the precise nature and extent of such information and/or insights obviously vary depending on the specific service and context, and at least some of the information may be in aggregated form (e.g., statistics and graphs showing trends in interactions over time), but it may include (or at least make readily available to me) any information about applicable person(s) and/or entities that is publicly visible (e.g., the username/account name, profile picture, and/or public profile information of someone who comments on one of my posts or marks it as a favorite) and/or that the person or entity has otherwise made visible to me through their individual settings. Such information may include, but is not necessarily limited to, details about an individual or entity’s connections with other users of that social media service and/or about the individual or entity’s other activity on that service (e.g., other posts on which they have just commented), and in some cases may also reveal a variety of other personal information.

    From time to time, visitors or other personal or professional acquaintances may provide me with personal information about someone. For example (but without limitation), another site visitor might provide me with your contact information for some specific purpose, send me a clipping of a newspaper interview with you, or submit photographs or other media in which you are visible. If you own an interesting or unusual car, someone might provide me with pictures of it, either for my general interest or for use on my Ate Up With Motor website and/or in connection with my other automotive writing.

    As noted in the “Comments” and “Other Inquiries, Messages, and Support Requests” sections above, I may sometimes gather additional information about individuals who contact me in order to better understand who they are and the context of their inquiries.

    As noted in the “Data Related to Recruitment/Hiring or Professional Partnerships” section above, if I contemplate hiring or entering into a business partnership or other professional relationship with someone, I may collect a range of personal information about them so that I can make informed hiring, employment, and/or business decisions.

    (Again, the above scenarios are just some representative examples, not an exhaustive list. The disclosures in the “CCPA Information Collection and Sharing Notice” section below will give you a sense of what kinds of personal information I may collect.)

    My retention of such information varies depending on the nature of the information and the context in which I received it. I normally retain indefinitely my research notes and other information relevant to my past, current, or possible future articles or content, including image-related information. (Obviously, I can’t and don’t retain or remember every fact I see, read, or hear, but I do typically retain my notes in some form or other, although I may delete or discard certain research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.) Since software licenses typically prohibit redacting or altering any of the developer credits or copyright information, I usually retain that information for at least as long as I continue using the applicable software. With some social media platforms, certain types of information, insights, and/or notifications can be muted or hidden, but cannot normally be deleted, and may still remain in the social media service’s files even if the applicable content and/or users have been removed, whether or not I separately retain such information. See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The retention of data by third parties (such as, without limitation, my vendors and/or service providers) is subject to the individual policies of the applicable third parties, and in most cases is outside of my control.

    Obviously, information I gather for my articles or other content may be published or disclosed in that context; other, non-public information generally will not be except as otherwise described in “Disclosure of Personally Identifying Information” below.

    Additional Information About Data Retention

    In addition to the data retention practices described in the various sections above, I typically retain indefinitely:

    • Information pertaining to my professional writing/editing/writing consulting work and/or other creative endeavors, including — except as otherwise stipulated by a specific client or employee agreement and/or other applicable legal requirement(s) — research notes, drafts, and/or other relevant data, which may sometimes include information about or in some way connected with visitors to this website. (I may delete or discard certain drafts and/or research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.)
    • Information pertaining to any financial transactions and/or legal agreements involving this website, including (but not limited to) records of purchases or payments I make or receive in connection with the website or related matters. (Obviously, my financial and legal records often necessarily include some personal data.) I must also retain my tax records for bookkeeping and compliance purposes. (Naturally, the applicable bank(s)/financial institution(s) and/or payment processor(s) may also retain transaction-related information, which is outside of my control.)
    • The contact information of individuals with whom I repeatedly or regularly correspond regarding this website and/or related matters.
    • Names and/or company/domain names I’ve entered into my spell-checking dictionaries (which I retain for what I hope are obvious reasons!).
    • Copies of published works (e.g., books, magazines, CDs, DVDs, software) that I own or for which I have a perpetual license, along with (where applicable) associated documentation and/or notes and any inventories, catalogs, and/or lists that I may create and/or utilize to manage my collection of such works. (I may dispose of copies that are duplicates, that are damaged or otherwise unusable, and/or that I no longer need; naturally, copies of published works that I have borrowed or rented are eventually returned as appropriate.)
    • Information pertaining to my licenses/authorizations for the use of intellectual property owned by others, including any relevant contact information. (I may discard this information if I discontinue using that intellectual property, e.g., if I uninstall a particular app or other software.)
    • Information pertaining to site-related technical or legal questions.
    • Any information pertaining to a site-related dispute or legal issue. Similarly, for compliance purposes, I must retain information pertaining to certain privacy-related requests to the extent required by applicable law and/or regulation. (For example, if you send me a request to exercise your rights under the California Consumer Privacy Act of 2018 (CCPA), I am legally required to retain records of that request for at least 24 months.)

    Even where it is my customary practice to indefinitely retain certain information, my retention of individual communications/messages may vary based on the medium and/or format of those communications/messages:

    • Email: I typically retain indefinitely most site-related emails, excepting obvious spam, mass mailings, messages and/or attachments that contain suspicious code, and/or certain automated notification/alert emails (which I may delete if they are no longer needed and/or relevant).
    • Communications/messages via third-party services (including, without limitation, calls and/or texts made or received through the Google Voice communications service, social media services, and/or other communications services): Most site-related communications/messages that I send and/or receive via third-party services are retained indefinitely in some form, although in such cases, I may, to the extent possible, retain local and/or off-line copies in addition to (or instead of) leaving the original communication/message(s) on the applicable third-party service. For example (but without limitation), if I receive Google Voice messages, I may remove the original messages from my Google Voice account, but retain the notification emails and/or other local copies of those messages. Recordings of calls (if any) made via Google Voice or other third-party services, and/or voice mail messages received through such services, may be retained for as long as I reasonably need those recordings, except as otherwise required by law and/or the applicable service’s terms of use/terms of service. Please note that in some cases, third-party services may retain records of messages sent via those services even if the users who sent and/or received those messages delete their copies and/or their accounts, which is outside of my control. (As noted elsewhere in this policy, Google Voice is a trademark of Google LLC; Google is a registered trademark of Google LLC.)
    • Text messages: My retention of site-related SMS/MMS text messages and/or other, similar non-voice direct messages that I send and/or receive via my phone(s) is highly variable. (My older smartphone(s) could be set to automatically delete older messages after a certain period of time — I normally set that interval to 60 days — unless they were deliberately saved, but some of my current devices and apps no longer provide that functionality, at least not in the same global manner.) Depending on the nature and context of the specific message(s), I may delete them immediately, retain them indefinitely, or something in between; in some cases, I may set messages to automatically delete themselves after a certain period of time, and/or retain only a certain number of messages in any particular text “conversation.” In any event, even if I delete a text message or messages, any included information and/or attachments for which I have some ongoing need may be transferred to other records before the deletion of the original message(s). (For example, if you send me a text message asking me to contact you via postal mail, I typically will separately record your mailing address in order to comply with and retain records of your request.) Text messages may also be captured in periodic phone backups, which I may retain for a year or more. Please note that my mobile carrier(s) and/or other service providers may also retain records of text messages sent or received via my phone(s), which is outside of my control.
    • Phone calls: Records of calls I make or receive via my phone(s) (i.e., NOT via Google Voice or some other third-party service) are typically included in my phone bills and/or other phone usage records, which I customarily retain indefinitely. (My phone service provider(s) and/or mobile carrier(s) may also retain such records, which is outside of my control.) My retention of call logs or records on my phone(s) is typically determined on a case-by-case basis and is highly variable. Recordings of phone calls (if any) and/or voice mail messages may be retained for as long as I reasonably need them, except as otherwise required by law (and/or, in the case of voice mail messages, the policies of the applicable phone company or mobile carrier).
    • Postal mail and/or physical documents: I promptly discard most mass mailings and unsolicited business inquiries (“junk mail”) I receive via postal mail or other physical means. Where I receive legitimate correspondence or business documents pertaining to this website and/or related matters (e.g., copies of contracts or receipts) by mail or some other physical means, I typically retain them, although, where possible, I may scan, photograph, or photocopy them (and/or retain the electronic versions, if I have received both electronic and physical copies) in addition to (and in some cases instead of) retaining the original physical copies. Naturally, if I have agreed and/or have some contractual or legal obligation to return or destroy specific business documents, I will do so as appropriate.

    Personal information I may collect in connection with this website that is not specified above or mentioned elsewhere in this Privacy Policy is normally retained only as long as I reasonably need that information, which is determined on a case-by-case basis depending on the nature of the information and how and why I received it. In some cases, my retention of certain information may be dictated by applicable law/regulations and/or other legal obligations (e.g., a contractual obligation to return or destroy certain information after a specific period of time).

    In all cases (even circumstances where I typically retain information indefinitely), I may delete, discard, or destroy specific messages, communications, documents, files, records, and/or data (of any type, format, and/or medium) if:

    • They are duplicates, and/or:
    • I reasonably believe that they are substantially redundant of other data I still retain (e.g., an “order shipped” notification for an order for which I also have a delivery receipt), and/or:
    • They are unreadable, inaccessible, and/or otherwise unusable, and/or:
    • They are corrupted, contaminated, or otherwise damaged, particularly if I reasonably believe that the corruption, contamination, or damage poses a danger to health, safety, security, and/or the integrity of other data and/or property, and/or:
    • I have agreed and/or have some contractual or legal obligation to delete, discard, or destroy them, and/or:
    • I have some other compelling reason to do so.

    Even where it is my normal practice to retain personal information about site visitors, I periodically remove certain personal data from the website’s online database(s) and/or mail servers, transferring the data to local and/or offline storage for greater security and/or redacting portions of the data that I no longer need.

    Special Note on Subpoenas, Court Orders, and Preservation Requests: In certain cases, I may be legally compelled to retain and preserve certain data, even data I would not otherwise retain, pursuant to a subpoena, a valid court order, or a preservation request from a government or law enforcement agency. In such event, I will preserve the specified information (and may disclose it to the requesting party) to the extent required by applicable law, which in some cases may also require me to keep the order or request confidential.

    The retention of data by third parties (such as, without limitation, my vendors and/or service providers) is subject to the individual policies of the applicable third parties, and in most cases is outside of my control.

    Reports and Aggregated Statistics

    From time to time, I may may compile aggregated statistical information about users of the website. For example, I may create reports on trends in the usage of the website, such as total page views, the average number of unique visitors per month, the most popular pages on the site, and/or the average time visitors spend on the site.

    I may also, to the extent required and/or otherwise permitted by applicable law and/or regulations, publish de-identified information and/or statistics about requests I receive pursuant to the California Consumer Privacy Act of 2018 (CCPA), (as described in “California Privacy and Data Protection Rights” below) and/or other privacy laws (e.g., how many requests of a particular type I received in a given period).

    Aggregated reports and statistics — which I may display publicly and/or otherwise share with third parties (including, where applicable, potential advertisers and/or other commercial partners) — will not include personally identifying information about any individual or specific household.

    Information Captured by Service/Software/App/Device Telemetry

    Many modern electronic services, software programs, apps, and devices, from operating systems to office software and even printers/print drivers, now incorporate surveillance mechanisms (often called “telemetry”) that gather information about the use of that service/software/app/device and then transmit that data to the manufacturer/developer and/or other third parties. The information collected by these mechanisms can sometimes include personal information or potentially personally identifying information about me and/or other individuals and/or households.

    Here are some examples of how this might occur:

    • If a service/app/software/device crashes while I am accessing a file or website containing personal information, details about that file or website and its contents might be captured and transmitted as part of a crash report.
    • If a website or online service I access uses Google’s familiar reCAPTCHA security service, the reCAPTCHA service may collect detailed information about my activity on that site or service, including (but not limited to) taking snapshots of my browser window and any personal information that may be visible there. Google provides no way to opt out of this data collection, which with current versions of reCAPTCHA is not limited to interactions with the reCAPTCHA interface itself. (Google is a registered trademark of Google LLC.)
    • Security features incorporated into my web browsers and/or devices might capture personal information contained in the filenames, metadata, and/or contents of documents or other files I download from or upload to the Internet.
    • My antivirus software and/or other security services/software/apps might capture personal information in scanned email messages and/or other electronic files.
    • My office software might record the filenames and/or other metadata of files I access, and/or capture any text on which I use the software’s spelling and/or translation features.
    • Mapping or navigation services/software/apps I use, particularly ones with access to my mobile phone’s location data, might record the geographical locations and/or addresses of people I meet or visit.
    • Services/apps/software/devices with access to device microphone(s) might overhear and/or record my calls or other conversations.
    • Certain services/apps/software/devices might record what I type while using that service/app/software/device.

    Again, these examples are just a small sampling of the possible scenarios. The specifics of device and software telemetry vary widely, and manufacturers/developers are not always forthcoming about the details of their information-gathering.

    Such surveillance can be difficult or impossible to escape. Certain services/software/apps/devices, like malware detection services, cannot adequately perform their intended functions without full access to device/system data. Some information-gathering features (like the telemetry incorporated into recent versions of the Microsoft® Windows® operating system; Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries) can’t be completely disabled without modifications that would violate the license agreement or terms of service. Even where it is theoretically possible to disable the telemetry features of a specific service/software/app/device, doing so may require advanced technical knowledge and/or special tools. Also, my work and research sometimes involves my using devices, software, and/or apps controlled by third parties — e.g., the computers offered to patrons of public libraries — that may incorporate telemetry or other surveillance mechanisms that I cannot disable or with which I am not familiar.

    While I have made an effort to block and/or minimize such surveillance — for my privacy and security as well as yours — the bottom line is that some of the services/software/apps/devices I use retain at least the potential to collect and transmit personal information about me, the subjects of my writing/editing/writing consulting work, and/or the people with whom I interact in the course of operating this website.

    The examples of third-party vendors and service providers listed in the “Disclosure of Personally Identifying Information” section below include a representative sampling of services, software, apps, and/or electronic devices I may use that could gather personal information related to this website and/or its visitors through telemetry and/or other integrated information-gathering/surveillance features. Please note that this is NOT an exhaustive list. I may sometimes use services, software, apps, and/or devices not listed (obviously, it’s not practical for me to list every service, device and/or piece of software I might conceivably use!); certain services/software/apps/devices that did not previously incorporate information-gathering/surveillance features might add them in subsequent updates; and certain services/software/apps/devices may incorporate surveillance features that are not readily apparent to me.

    As noted in the “Security Scans” section above, the likelihood and possible extent of any disclosure of personal information in such ways is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising my security, the functionality of the tools and devices I use, and my ability to perform my work and provide my services.

    Disclosure of Personally Identifying Information

    I may share, release, or otherwise disclose personal information I collect through and/or in connection with this website:

    • To publish your submitted comments (including, as applicable, any images, other media files, and/or links they may contain), as described in the “Comments” section above. As explained in that section, this may include emailing copies of your comment to other users who have requested email notifications of replies/follow-up comments, and/or emailing you directly (at the email address you provided with your comment) prior to or instead of publishing your comment(s).
    • To respond (publicly and/or privately) to your messages, inquiries, and/or support requests, as described in the “Contact Forms” and “Other Inquiries, Messages, and Support Requests” sections above.
    • To appropriately credit someone for the use of their photos, fonts, themes/plugins, or other content or intellectual property — particularly where such credit is required by the applicable license terms. As noted in “Data in Submitted Images” above, this may include adding copyright and license information to the applicable filename and/or metadata to ensure that the attribution is clear. If you want to modify or remove your credit information, please contact me!
    • To publicly acknowledge and/or thank someone for their assistance, whether with the management of this website, my content, and/or some related matter(s), except where they have specifically asked me not to or where their communications with me reasonably suggest that they prefer not to be acknowledged or identified. Such acknowledgments will typically be limited to their name/pseudonym, the nature of their assistance, and (where applicable) the date(s), although in some cases, certain other personal information may be obvious or implicit in the nature of the assistance provided.
    • As part of and/or in connection with my content and/or other creative endeavors — and/or content I write and/or edit (and/or on which I consult) for others — if the person(s) to whom the information pertains are the subject(s) of and/or otherwise pertinent to such content and/or creative endeavor(s). (This may include, without limitation, information contained in images, other media, bibliographies, annotations, and/or metadata.) For obvious reasons, journalistic, historical, and/or other nonfiction content, and many reviews and other critical accounts, routinely incorporate personal information about relevant people, as do some works of fiction and other types of art and/or creative work. As noted in “Other Information I Receive from Third-Party Sources” above, the process of researching, writing, and editing such content routinely involves sharing and discussing relevant information with various third parties and/or the public; the same is true of publishing, promoting, and/or otherwise disseminating such content.
    • In photographs, images, and/or other media in which someone (and/or information such as their car’s license plate number) may be visible or otherwise included. Photographs, images, and/or other media (such as videos) I publish and/or collect for publication on and/or in connection with this website — not all of which are necessarily created by me — may include recognizable people (and/or their voices) and/or personal information or potentially personally identifying information about individuals and/or households, whether in the image or other media itself and/or in the filenames, titles, and/or other metadata (see the “Data in Submitted Images” section above for more about what the metadata may include). For various reasons, it is not always practical or even feasible for me to completely obscure visible bystanders or potentially personally identifying information (for example, the license terms under which I use photos owned by others may not permit me to modify those images in such a way). In many cases, I have no reasonable way to identify such individuals or associate the photos and/or other media in which they appear with other information about them. If you have recognized yourself (or your information) in a photo or other media I have published and would like me to obscure or remove it, please contact me!
    • If that information is or was already publicly available (such as — without limitation — information that’s available on the website of the person(s) to whom the information pertains; that they’ve included in their published memoirs, books, articles, or other published works, or in public posts or public comments they’ve made on this or other websites; that appears in published interviews or in books, articles, or other works about the person(s) to whom the information pertains; and/or that is otherwise part of the public record, such as court records or transcripts of public hearings).
    • If the information is contained in and/or otherwise incorporated into artwork, a copy of a published work, or a useful article (including, without limitation, information inscribed or imprinted upon and/or affixed or otherwise attached to such work(s), copies, or article(s), particularly where that information cannot reasonably be removed without damaging the item or article in question — for example (again without limitation), an autograph signed on a trading card; an artist’s signature and/or watermark on a lithograph or original art piece; the original subscriber’s name and mailing address imprinted upon the cover of a magazine; a previous owner’s name stamped on the flyleaf of a book; and/or handwritten notes in the margins of some text). For obvious reasons, such information is typically (and often necessarily!) included in any loan, donation, sale, and/or other disposal of those items or articles.
    • To editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services; to whom I may license, sell, or otherwise offer my content and/or other creative work; for whom I may otherwise work and/or provide services; and/or as I may reasonably be requested or directed to do as part of and/or in connection with such services, content, and/or work (and/or the offer thereof), where the information is part of and/or otherwise pertains to such services, content, and/or work. For example (but without limitation), if I approach a publisher about turning one or more of my posts on this website into a book, or if I apply for some similar or related job or assignment, those activities might include discussions of this website and/or its content.
    • To my independent contractors, employees, agents, and/or business partners (if any) that need to know the information in order to collaborate with me and/or to perform services for me or on my behalf (such as, without limitation, accounting, tax preparation, legal services, translation, transcription, technical troubleshooting, website development/improvement, malware recovery/removal, and/or other types of repair/maintenance/service) and that have agreed to follow this Privacy Policy (or that have their own, comparably strict or stricter confidentiality policies) regarding any personal information that I share with them. Some or all of these contractors, employees, agents, and/or partners may be located outside your home country and/or the European Economic Area; by using this website, you consent to my transfer of such information to them.
    • To my third-party vendors and/or service providers that need to know that information in order to provide services available on this website, support my business operations, and/or otherwise perform services for me or on my behalf. (As noted in the “Information Captured by Service/Software/App/Device Telemetry” section above, this may include, but is not limited to, services, software, apps, and/or electronic devices I may use that could gather personal information related to this website through telemetry and/or other integrated information-gathering and/or surveillance features, some of which cannot be disabled without simply ceasing to use that service, software, app, or device.) Please note that some or all of my vendors and/or service providers may use various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners, not necessarily listed here, in order to provide their services for me. Representative examples of my third-party vendors and/or service providers may include (as applicable, but without limitation):
      • Social media services (including, without limitation, chat rooms, online bulletin boards/message boards/discussion groups, wikis, and/or similar online forums) on which I have accounts and/or where I might research, discuss, and/or promote this website, its content, the management of my business operations, and/or my other creative endeavors, such as (without limitation) Blogger (a.k.a. Blogspot), which is a Google service (both Blogger and Blogspot are trademarks of Google LLC; Google is a registered trademark of Google LLC) and subject to the Google Privacy Policy (I don’t currently have a Blogspot blog, nor do I actively use Blogger, although I could theoretically still use Blogger through my Google account(s) if I chose to do so in the future); Facebook (I initiated the deletion of my Facebook account on December 11, 2018, and have no intention of reactivating or recreating it, but Facebook likely retains at least some of its data, and I retain an offline copy of my account data as of that date; Facebook is a trademark of Facebook, Inc., registered in the United States and other countries); Flickr (a photo-sharing service — owned until April 2018 by Yahoo! (Yahoo! is a trademark of Yahoo! Inc., which is now part of Verizon Media®, a division of Verizon Communications, Inc.; their services are subject to the Verizon Media Privacy Policy and/or the previous Yahoo! Privacy Policy; Verizon and Verizon Media are registered trademarks of Verizon) but now owned by SmugMug, Inc. (Flickr and SmugMug are trademarks of SmugMug), which has moved the service to an Amazon Web Services platform (making Amazon Web Services a principal Flickr subprocessor; Amazon Web Services is a trademark of Amazon.com Inc. or its affiliates in the United States and/or other countries) — on which I have shared some site-related images and which I use to communicate with some of the people who have allowed me to use their images); IntenseDebate (which is owned by Automattic Inc. and subject to their Privacy Policy); Tumblr (Tumblr is a trademark of Tumblr, Inc. in the United States and other countries); Twitter (which I currently use only through my Ate Up With Motor account, although I have had a personal account in the past and might again at some point in the future; Twitter is a trademark of Twitter, Inc. or its affiliates); and/or WordPress.com (which is also owned by Automattic Inc. and subject to their Privacy Policy; Automattic and WordPress.com are trademarks or registered trademarks of Automattic or Automattic’s licensors; WordPress is a registered trademark of the WordPress Foundation). I technically still have a LiveJournal account, but I can no longer use or even delete that account because I refuse to accept the current user agreement.
      • Providers whose services I may use in operating this website, such as (without limitation) my web host, DreamHost® (which provides — directly and/or through its applicable subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners — various services for me, including (without limitation) hosting this website and its associated files, database(s), and server logs; managing my domain name registration for the aaronseverson.com domain name; hosting the mail servers for all aaronseverson.com email addresses; and providing certain of my administrative and security tools, as well as technical support and troubleshooting; DreamHost is a registered trademark of DreamHost, LLC); Let’s Encrypt®, the certificate authority (CA) service of the nonprofit Internet Security Research Group&#x2122 described in the Certificate Authority Checks section above (Internet Security Research Group and Let’s Encrypt are trademarks of the Internet Security Research Group; all rights reserved), and/or other certificate authorities I may use or access; Liquid Web, LLC, d/b/a iThemes (whose iThemes Security plugin I may use on this website; iThemes is a trademark of iThemes); Media Temple, Inc. d/b/a Sucuri, a subsidiary of GoDaddy Operating Company, LLC (Sucuri), which provides the Sucuri Security plugin described in the “Security Scans” section above, which is subject to the Sucuri Security Privacy Policy and the Data Processing Addendum to the Sucuri Security Terms of Service; Sucuri and Sucuri Security are trademarks of Sucuri Inc. and may be registered in certain jurisdictions; GoDaddy is a registered trademark of GoDaddy Operating Company, LLC); GoDaddy® (which I previously used for domain registration and certain related services, although I ceased to use their services (except for those provided by Sucuri, a subsidiary) several years ago and permanent closed my GoDaddy account on October 8, 2020; GoDaddy is a registered trademark of GoDaddy Operating Company, LLC); embedded content providers such as (though not necessarily limited to) those described in the “Embedded Content” section above; Font Awesome (which, in addition to any embedded content it may serve on this site, may also be used by some of my other vendors and/or service providers in connection with other services I use, such as (without limitation) my web host’s online control panel and webmail interfaces; Font Awesome is a trademark of Fonticons, Inc.); the phpMyAdmin project, whose open source database administration tool my web host provides for managing my website databases; the project doesn’t appear to have a privacy policy, but its source code is freely available for review; my use of this tool in connection with this website is subject to the DreamHost Privacy Policy, since DreamHost actually provides the tool and owns and operates the servers that store and run the databases I use the tool to access and manage — as noted above, DreamHost is a registered trademark of DreamHost, LLC); the Roundcube project and its associated libraries, whose open source webmail client software my web host uses for my browser-based email access (Roundcube doesn’t appear to have a privacy policy, but the mail client’s source code is freely available for review; my use of the mail client through my web host is also subject to the DreamHost Privacy Policy, since DreamHost actually operates the client and the mail servers to which it connects — as noted above, DreamHost is a registered trademark of DreamHost, LLC); WordPress.org (as explained in “Embedded Content” above, this website uses the WordPress content management system, so WordPress.org may gather certain information about users who access the website’s administrative dashboard in the course of managing the site and its various plugins, themes, and add-ons, as well as about my use of the WordPress website and/or forums to help me manage and troubleshoot this site; WordPress is a registered trademark of the WordPress Foundation); the developers of the various plugins, themes, and/or add-ons used on this website (who may gather information via telemetry features incorporated into those plugins, themes, and/or add-ons and/or through my communications with the developers regarding the management, troubleshooting, and/or security of their respective plugins, themes, and/or add-ons — such communications are typically but not always via the aforementioned WordPress forums; WordPress is a registered trademark of the WordPress Foundation); PayPal® (which serves the payment buttons that appear on the site and processes certain payments I make or receive; PayPal is a registered trademark of PayPal, Inc. All button icons, custom graphics, logos, page headers, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal or PayPal’s licensors); my bank(s)/financial institution(s) and/or other applicable payment processor(s) (which process — and may sometimes audit or otherwise investigate — my financial transactions); the Blacklight tool (click here for more about how Blacklight works) developed and offered by the nonprofit newsroom The Markup, which I may use to help me identify potential privacy and/or security issues with this website and/or other websites and online services I use in the course of my business (Blacklight and The Markup are trademarks and/or service marks of The Markup); WebAIM (Web Accessibility in Mind) (whose WAVE Accessibility Tool and/or other tools I may use to improve the accessibility of this website and its contents); website speed testing services/tools (which examine the publicly accessible/visible portions of the website to analyze how quickly they load and identify technical issues that may affect loading speed and/or other functionality); and/or WHOIS and/or RDAP (Registration Data Access Protocol) lookup providers (if I need to look up an IP address or a domain registration using tools such as (though not necessarily limited to) the ICANN Domain Name Registration Data Lookup tool; ICANN is a trademark or registered trademark of the Internet Corporation for Assigned Names and Numbers).
      • Google (which provides the Google Fonts, Google Hosted Libraries, Google Maps, Google Safe Browsing API, Blogger, Blogspot, Gmail, FeedBurner, and Firebase services described elsewhere in this Privacy Policy; the Android platform and the related Google Mobile Services applications and APIs; the Android Open Source Project SDK Platform Tools, such as (without limitation) the Android Debug Bridge (adb); Google Play and its related services; the well-known Google search engine(s); Google Search Console (formerly known as Google Webmaster Tools), a tool that lets webmasters identify issues that may affect their site’s indexability, search visibility, and/or performance; various advertising services such as (without limitation) AdMob, AdSense, DoubleClick, and/or Google Ads (which I don’t use on this website, but may be used by some websites, apps, and/or services I use, and/or may serve advertising through embedded YouTube videos, as noted in the “Embedded Content” section above); the reCAPTCHA security service (which I don’t currently use on this website, but which is found on various websites and/or online services I use and which can gather information about my online activity in those contexts, as noted in the “Information Captured by Service/Software/App/Device Telemetry” section above); the Google Voice communications service (a VoIP (Voice over Internet Protocol) service provided by Google Voice, Inc., a subsidiary of Google LLC, which is subject to the Google Voice Privacy Disclosure as well as the Google Privacy Policy linked above); and other apps, services, and/or tools I may use and/or offer (which are too numerous to list here); and which also owns YouTube, as noted in the “Embedded Content” section above. AdMob, AdSense, Android, Blogger, Blogspot, DoubleClick, FeedBurner, Firebase, Gmail, Google Ads, Google Maps, Google Play, Google Safe Browsing, Google Voice, Google Webmaster Tools, G Suite, and YouTube are trademarks of Google LLC (as are many of the names of other Google products and services). Google is a registered trademark of Google LLC.)
      • Microsoft®, which provides some of the software, apps, tools, and services I may use and/or offer — which are too numerous to list here, but may include (without limitation) the operating systems and associated software and services for some of the devices I use and the Microsoft Office suite of software and services — and gathers certain information about the use of such software, apps, tools, and services as described in the Microsoft Privacy Statement. (Microsoft and Office are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries, as are the names of many other Microsoft products and services.)
      • Other providers whose services enable me to operate and/or secure my devices and/or data, such as (without limitation) TCL Communication Ltd. (a.k.a. TCT), the manufacturer of my BlackBerry® KEY2 LE smartphone, which may gather information about the use of that device and/or its associated software and services as described in the BlackBerry Mobile Privacy Policy (BlackBerry, KEY2, and KEY2 LE are the trademarks or registered trademarks of BlackBerry Limited; TCL is a registered trademark of TCL Corporation); BlackBerry Limited (and/or, where applicable, their subsidiaries and/or affiliates), which makes the suite of BlackBerry® apps and services used by and with my BlackBerry smartphones; manufactured (under the previous corporate name of Research in Motion Limited) the older of those devices; owns much of the underlying intellectual property of both devices and their associated software; and may gather information related to the use of those devices, software, apps, and/or services as described in the BlackBerry Privacy Policy (BlackBerry is the trademark or registered trademark of BlackBerry Limited); Dell (which manufactured certain of my devices and may gather information about their use and/or the use of their associated drivers and/or software as described in their U.S. Privacy Statement; Dell is a trademark of Dell Inc.); HP®, which may gather certain information about my use of HP printer, scanner, and/or copier devices and their associated drivers, software, and/or services as described in the HP Privacy Statement; Intel® (which manufactured certain of my devices and/or hardware and may gather information about the use of that hardware and its associated drivers and/or software as described in the Intel Privacy Statement; Intel is a trademark of Intel Corporation or its subsidiaries in the U.S. and/or other countries); I.R.I.S. (whose optical character recognition software I may use in connection with my printer(s) and/or scanner(s); I.R.I.S. is an I.R.I.S. trademark); LG Electronics (which manufactured certain of my displays and/or other peripheral devices and may gather information about their use and/or the use of their associated drivers and/or software as described in, as applicable, their website Privacy Policy and any applicable product privacy policies); Logitech® (which manufactured certain of my peripheral devices and may gather information about their use and/or the use of their associated drivers and/or software as described in, as applicable, their Product Privacy Policy and Website Privacy Statement; Logitech is either a registered trademark or trademark of Logitech in the United States and/or other countries); Nuance Communications, Inc., present owner of the VoiceSignal VSuite voice dialing system installed on the older of my BlackBerry® smartphones, which may gather information through and/or about my use of that software (to the extent that software still works, which is unclear) as described in the Nuance Privacy Policy (BlackBerry is the trademark or registered trademark of BlackBerry Limited); Qualcomm® (which manufactured some of the components and provides some of the services of my BlackBerry® KEY2 LE smartphone and my desktop computer and may collect data on the use of such hardware and/or services, and/or any associated software and/or drivers, as described in their Privacy Policy; Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries, and BlackBerry, KEY2, and KEY2 LE are the trademarks or registered trademarks of BlackBerry Limited); Realtek Semiconductor Corp., the manufacturer of certain of my devices and peripherals as well as their associated software and drivers (the Realtek® website does not appear to have any privacy policy; Realtek is a trademark of Realtek Semiconductor Corporation); Seagate® (which manufactured certain of my hard drive(s) and their associated drivers and/or software, whose use is subject to the Seagate Privacy Statement; Seagate is a trademark or registered trademark of Seagate Technology LLC or one of its affiliates); Waves Audio Ltd. (which makes the Waves MaxxAudio® Pro audio processing software I use on some of my devices and may gather information about the use of that software as described in the Maxx Privacy Policy; Maxx, MaxxAudio, and Waves are trademarks or registered trademarks of Waves Audio Ltd.); Western Digital® (which manufactured certain of my hard drives and other memory storage devices and their associated drivers and/or software, whose use is subject to the Western Digital Privacy Statement; Western Digital and WD are registered trademarks or trademarks of Western Digital Corporation or its affiliates in the U.S. and/or other countries); Avast Software s.r.o and/or their subsidiary Piriform (CCleaner®), whose security and maintenance tools I may use on some or all of my systems and devices (their Data Factsheet explains what data their products may gather; AVAST and avast! are registered trademarks of Avast Software s.r.o., while Piriform and CCleaner are registered trademarks of Piriform Ltd.); Bitdefender, whose Bitdefender Mobile Security and Bitdefender Central apps and associated services I may use on some of my devices (Bitdefender is a trademark of Bitdefender); like many apps and services for the Android platform, the Bitdefender apps and services may incorporate and/or utilize various Google services such as (without limitation) the Crashlytics crash reporter and/or other services of Google’s Firebase platform and the Google Safe Browsing API (all of which are subject to the Google Privacy Policy; Android, Firebase, and Google Safe Browsing are trademarks of Google LLC; Google is a registered trademark of Google LLC) as well as various other subprocessors such as (without limitation) Akamai Technologies, Inc. and Amazon Web Services; Akamai is a registered trademark or service mark of Akamai Technologies, Inc. in the United States (Reg. U.S. Pat. & Tm. Off); Amazon Web Services is a trademark of Amazon.com Inc. or its affiliates in the United States and/or other countries); Malwarebytes (whose security tools I may use on some or all of my systems and devices; Malwarebytes is a trademark of Malwarebytes); Safer-Networking Ltd. (whose Spybot® security and privacy software/tools I may use on some or all of my systems and devices; Spybot® and Spybot – Search & Destroy® are registered trademarks of Patrick Kolla-ten Venne); developers of Internet firewall applications/software/services, such as (without limitation) Károly Pados’ TinyWall and/or Marcel Bokhorst’s NetGuard mobile firewall and Internet traffic monitor (see the NetGuard privacy statement; NetGuard may also connect to IPinfo, a service provided by IDB LLC, to obtain information about IP addresses and/or domains to which mobile apps attempt to connect; IPinfo is a trademark or service mark of IDB LLC or its licensors); other providers of filter lists, block lists, and/or other security information, such as (without limitation) HackRepair.com; the MVPS HOSTS file; Perishable Press; StevenBlack/hosts; and/or The Spamhaus Project (Spamhaus is a registered trademark of The Spamhaus Project SLU); and/or encryption software and/or services such as (without limitation) the open source GNU Privacy Guard for Windows (Gpg4win) and the software included with it, which may include (again without limitation) GnuPG (the encryption backend) and the GNU Privacy Assistant (GPA), the GpgOL and GpgEX plugins, and the Kleopatra certificate management application developed by KDE Software (Windows is either a registered trademark or a trademark of Microsoft Corporation in the United States and/or other countries); the OpenKeychain open source mobile encryption app; and/or the open source VeraCrypt disk encryption tool developed by IDRIX (portions of which were developed by various others, summarized in the VeraCrypt Copyright Information notice; IDRIX and VeraCrypt are trademarks of IDRIX).
      • Other providers whose services I may use in accessing the Internet, such as (without limitation) my home Internet service provider, Spectrum Internet® (formerly Time Warner Cable®) (which processes and thus has information about much of my online activity; Spectrum Internet is a registered trademark of Charter Communications); my mobile carrier(s) (currently T-Mobile USA, Inc.) which provide my mobile voice, text, and data plan and may process certain emails sent to and from my phone(s), and thus have information about voice calls, texts, and online activity made, received, and/or otherwise conducted on my mobile device(s) (T-Mobile and T-Mobile USA are registered or unregistered trademarks of Deutsche Telekom AG; this website is not sponsored, certified, endorsed or approved by, or affiliated with, Deutsche Telekom AG or T-Mobile USA, Inc.); other Internet service providers, mobile carriers, phone service providers, and/or wireless network services; ASUS® and/or NETGEAR® (the manufacturers of my wireless routers and their associated software and/or services; ASUS is either a U.S. registered trademark or trademark of ASUSTeK Computer Inc. in the United States and/or other countries; NETGEAR is a trademark and/or registered trademark of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries); the open source Simple DNSCrypt utility developed by Christian Hermann and other contributors (which doesn’t have a privacy policy, although its source code is freely available for review; it implements Frank Denis’s open source dnscrypt-proxy to allow me to encrypt my domain name system (DNS) queries when I browse the web from my desktop computer(s)); Cloudflare® (through my use of their recursive domain name system (DNS) resolver services Cloudflare 1.1.1.1 (which is a partnership between Cloudflare and APNIC, subject to the Cloudflare Privacy Policy; 1.1.1.1 is a trademark of Cloudflare, Inc.; Cloudflare is a registered trademark of Cloudflare, Inc.); the 1.1.1.1 App and/or its associated WARP mobile security/encryption service (which are subject to the Cloudflare Application Privacy Policy; 1.1.1.1 and WARP are trademarks of Cloudflare, Inc.); the Cloudflare Resolver for Firefox® (which has its own privacy policy; Firefox and Mozilla are trademarks of the Mozilla Foundation in the U.S. and other countries); and/or other Cloudflare services, such as (without limitation) the content delivery network (CDN) and distributed denial-of-service (DDoS) protection services used by some websites and/or online services I may access and/or use (most other Cloudflare services are subject to the Cloudflare Privacy Policy and/or the Cloudflare Application Privacy Policy, as applicable); any other DNS resolver service(s) I may use; the Guardian Project, through my use of their Orbot app and Tor Browser apps (which connect to the Tor® network developed by The Tor Project, Inc.; Tor is a registered trademark of The Tor Project), which is subject to the project’s Data Usage and Protection Policies; hCaptcha (a service of Intuition Machines, Inc., which I do not currently use on this website, but which may be used by some websites and/or online services I may access and/or use; hCaptcha is a registered trademark of Intuition Machines, Inc.); Hidden Reflex Inc. (through and/or in connection with my use of their Epic Privacy Browser, integrated proxy/VPN service, and associated EpicSearch.in (which submits anonymized queries to the Yandex search engine(s) as an alternative to the default search function of the Epic Privacy Browser, which now submits anonymized search queries to the Yahoo! search engine(s), which I may use on some or all of my systems and devices (Hidden Reflex, Epic Privacy Browser, Epic Browser, and EpicSearch.in are trademarks of Hidden Reflex; Yandex is a trademark of Yandex LLC; and Yahoo! is a trademark of Yahoo! Inc., which is part of Verizon Media®, a division of Verizon Communications, Inc., and subject to the Verizon Media Privacy Policy (Verizon and Verizon Media are registered trademarks of Verizon))); Mozilla Corporation (which may gather certain information about my use of their Firefox®, Firefox Focus, and/or Fennec F-Droid web browsers (whether for desktop, mobile, or both) as described in the Mozilla Privacy Policy (Mozilla, Firefox, and Firefox Focus are trademarks of the Mozilla Foundation in the U.S. and other countries); the Phishing and Malware Protection features of these browsers may also use the Google Safe Browsing API, which is subject to the Google Privacy Policy — Google Safe Browsing is a trademark of Google LLC; Google is a registered trademark of Google LLC); Opera Software AS (through and/or in connection with my use of the Opera web browser and/or its integral VPN/proxy service (Opera is a trademark of Opera Software AS); providers of other web browsers I may use; and/or the providers and/or developers of browser add-ons I may use, such as (without limitation) Abine Blur (formerly known as DoNotTrackMe; Abine, Blur, and DoNotTrackMe are trademarks of Abine Inc.) — I’ve also used their email masking tool in an effort to reduce the spam and mass mailings I tend to receive after filling out comment or petition forms; the Cookie AutoDelete browser extension developed by Kenny Do and CAD Team (which does not appear to collect usage data; its source code is freely available for review); Francesco De Stefano’s Opena11y Toolkit browser extension (which doesn’t appear to have a privacy policy, although its source code is freely available for review; the extension facilitates use of the open source tota11y accessibility visualization tool developed by Khan Academy® to assess potential accessibility issues in a website; Khan Academy is a registered trademark of Khan Academy); the various EasyList adblocking and other filter lists; the Adblock Plus® browser extension by eyeo and its related lists (Adblock Plus is a registered trademark of eyeo GmbH); browser add-ons and/or other privacy tools offered by the Electronic Frontier Foundation (which are subject to the EFF Privacy Policy: Software and Technology Projects; EFF and Electronic Frontier Foundation are trademarks of the Electronic Frontier Foundation); the Ghostery® browser extension (Ghostery is a trademark of Cliqz International GmbH); the NoScript extension developed by Giorgio Maone of InformAction (which, according to the developer, does not collect personal information); Nodetics’ Cookiebro – Cookie Manager browser extension (which currently asserts that it does not collect personal information); Thomas Rientjes’s open source Decentraleyes browser extension (whose Privacy Policy says the extension does not collect user data); Hosh Sadiq’s adblock-nocoin-list); the uBlock Origin browser extension (which is developed by Raymond Hill) and its related lists (which are developed and maintained by a variety of people); and/or the Cookie Quick Manager extension developed by ysard.
      • Other providers of apps, tools, and/or services I may use in connection with this website, its content, the management of my business operations, and/or my other creative endeavors, such as (without limitation) Adobe® (which provides some of the apps, software, and other services and/or tools I may use and/or offer and may collect information about the use of such apps, software, services, and/or tools as described in the Adobe Privacy Policy; Adobe is either a registered trademark or trademark of Adobe in the United States and/or other countries); Apple (which may gather information about my use of iTunes, the iTunes Store, and/or other Apple products and/or services as described in the Apple Customer Privacy Policy; Apple and iTunes are trademarks of Apple Inc., registered in the U.S. and other countries, and iTunes Store is a service mark of Apple Inc., registered in the U.S. and other countries); Artifex Software, Inc. (which may gather certain information about my use of their SmartOffice® mobile app as described in their App Privacy Policy; Artifex and SmartOffice are registered trademarks of Artifex Software, Inc.); Audacity® open source audio recording and editing software (which doesn’t appear to have a privacy policy, although its source code is freely available for review; Audacity is a registered trademark of Dominic Mazzoni); Peter Batard’s open source Rufus utility (whose source code is freely available for review); Cannaverbe Limited (in connection with the use of their CDBurnerXP software); the open source CDex audio utility developed by Georgy Berdyshev, Ariane Paola Gomes, and Albert L. Faber; CompanionLink Software, Inc. and their associated subprocessors (whose CompanionLink® and/or DejaOffice® CRM products/services I may use to synchronize data and manage contacts, calendar entries, tasks, and notes on my mobile device(s); the CompanionLink Data Processing Agreement applies to data the service processes that may be subject to European Union data protection laws; CompanionLink and DejaOffice are registered trademarks of CompanionLink Software, Inc.); Pavel Cvrček’s open source MozBackup utility, (whose source code is freely available for review); the ComicRack comics reader developed by cYo Soft; DataViz®, Inc. (which might gather information about the use of the Documents To Go app on the older of my BlackBerry® smartphones — DataViz, Documents To Go, and Docs To Go are registered trademarks of DataViz, Inc.; BlackBerry is the trademark or registered trademark of BlackBerry Limited); The Document Foundation (which may gather information related to my use of the LibreOffice suite of open source office software as described in their Privacy Policy; LibreOffice and The Document Foundation are registered trademarks of The Document Foundation or are in actual use as trademarks in one or more countries); the open source F-Droid repository and client app (which may gather a limited amount of information about and/or in connection with my use of the repository and/or app, as described in the “Terms, etc.” section of their About page); Shahin Gasanov’s ZoneIDTrimmer tool; the open source GNU Image Manipulation Program (which doesn’t appear to have a privacy policy, although the source code is freely available from their downloads page) and plugins for it, such as (without limitation) Alessandro Francesconi’s open source Batch Image Manipulation Plugin (whose source code is also freely available); Kovid Goyal’s calibre ebook management software (which lacks a privacy policy, although its code is open source and publicly available; Christopher Gurnee’s open source HashCheck Shell Extension; Mark Harman’s open source Open Camera mobile app; Phil Harvey’s ExifTool utility and Bogdan Hrastnik’s related ExifToolGUI user interface for it; Florian Heidenreich’s Mp3tag utility; Don Ho’s open source editing tool Notepad++ (which doesn’t appear to have a privacy policy, although again its source code is freely available for review); Ivan Ivanenko’s open source Librera Reader app (the F-Droid version, which omits the Internet access features, ads, and analytics and to which I have granted no Internet access privileges; the F-Droid version does not appear to gather personal information except to the extent necessary to manage updates, but the technically inclined can always browse the source code to be sure); JoeJoe‘s Rename Master utility; Tibor Kaputa’s Simple Mobile Tools Voice Recorder app (whose source code is freely available for review); Tim Kosse’s open source FileZilla® FTP client (whose source code is freely available from the project’s downloads page; FileZilla is a registered trademark of its respective owners); Petr Lastovicka’s open source Precise Calculator utility (which doesn’t have a privacy policy, although its source code is freely available for review); the ImgBurn freeware disc-burning utility developed by Lightning UK; the open source Media Player Classic – Black Edition (MPC-BE) (which doesn’t have a privacy policy, although its source code is freely available for review); Igor Pavlov’s 7-Zip utility (which doesn’t have a privacy policy, but whose source code is freely available for review); Dương Diệu Pháp’s open source ImageGlass (which doesn’t have a privacy policy, but whose source code is freely available for review); the open source PuTTY SSH/Telnet client utility (whose source code is freely available for review); the open source SQLiteStudio SQL editing tool developed by SalSoft (whose source code is freely available for review); JHM Schaars’ vDos DOS emulator (which doesn’t appear to have a privacy policy); Ted Smith’s open source QuickHash utility (which doesn’t have a privacy policy, although its source code is freely available for review); the suite of PDF creation and editing software offered by Tracker Software Products (Canada) Ltd. and PDF-XChange Co. Ltd. (PDF-XChange is a registered trademark of PDF-XChange Co. Ltd.); Jesse van den Kieboom’s open source gitg GNOME GUI client for viewing git repositories (which doesn’t appear to have a privacy policy, although its source code is freely available for review); and/or the open source VLC media player developed by VideoLAN (which doesn’t appear to have a privacy policy, although the player’s source code is freely available for review; VideoLAN, VLC, and VLC media player are trademarks internationally registered by the VideoLAN nonprofit organization).
      • Manufacturers of other electronic devices I may use, such as (without limitation) cameras, recorders, or memory storage devices, either through my direct interactions with those manufacturers (e.g., my use of their customer service and/or technical support resources) and/or through telemetry or other information-gathering mechanisms incorporated into the devices and/or their associated software and/or drivers. I don’t believe that my current Canon® or FUJIFILM® digital cameras; SanDisk® audio player(s) and/or memory storage devices; Sansui analog television; Sony® digital recorder or DVD player; headphones and/or headsets; webcams and/or microphones; various USB drives, memory cards, or drive enclosures (which are from an assortment of different manufacturers); home appliances (e.g., refrigerator, air conditioner, dehumidifier); or other such devices, equipment, and/or accessories independently transmit personal information to third parties, and I generally seek to avoid or at least limit my use of these devices’ proprietary software (if any), but any information they did collect would be subject to the manufacturers’ respective privacy policies (and/or any applicable product- and/or software-specific privacy policies), as is any information they may collect through my use of the manufacturers’ websites, customer service, and/or technical support resources. (Canon is a registered trademark of Canon Inc. in the United States and may also be a registered trademark or trademark in other countries. FUJIFILM is a registered trademark of FUJIFILM Corporation in various jurisdictions. SanDisk is a registered trademark or trademark of Western Digital Corporation or its affiliates in the US and/or other countries. Sansui, which is no longer in business, was a registered trademark of Sansui Electric Co., Ltd. Sony is a registered trademark of Sony Corporation.)
      • Providers of other search engines and/or other research tools I may use, such as (without limitation) DuckDuckGo (DuckDuckGo is a trademark or registered trademark of DuckDuckGo); Startpage.com (I also use the associated Startpage “Anonymous View” proxy service; Startpage and Startpage.com are trademarks or registered trademarks of Startpage B.V.); Yahoo!, whose search engine(s), email service, and/or other services and/or tools I may use (Yahoo! is a trademark of Yahoo! Inc., which is now part of Verizon Media®, a division of Verizon Communications, Inc.; their services are subject to the Verizon Media Privacy Policy and/or the previous Yahoo! Privacy Policy; Verizon and Verizon Media are registered trademarks of Verizon); Microsoft Bing Search (and/or other Bing search engines such as, without limitation, Bing Maps), use of which is subject to the Microsoft Privacy Statement (Microsoft and Bing are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries); any other search engines I may use; the International DOI Foundation, whose servers resolve the Digital Object Identifiers (DOI® numbers) used to identify certain academic papers and other online documents and redirect DOI requests to the appropriate online address(es) (DOI and DOI.ORG® are trademarks of the International DOI Foundation); the Wikimedia Foundation (through and/or in connection with my use of Wikimedia Commons, Wikipedia®, and/or other Wikimedia projects and services; Wikipedia and Wikimedia Commons are trademarks or registered trademarks of the Wikimedia Foundation, Inc., as are most of the names of other Wikimedia projects); museums, libraries, archives, and/or databases, public or otherwise, including but not limited to the Los Angeles Public Library and L.A. County Library (through my use of their computers, catalogs, databases, and/or other systems, and/or my communication with their librarians, archivists, and/or other staff); other online information services, repositories, news services, online publications, websites, blogs, video blogs (“vlogs”), podcasts, file-sharing services, photo-sharing services, other services or platforms for sharing images and/or other media, and/or audiovisual streaming services or platforms; and/or bookstores and/or other retailers or vendors through which I may search for and/or purchase materials related to this website, its content, the management of my business operations, and/or my other creative endeavors.
      • Services and/or service providers that help me promote and/or sell (or otherwise offer for commercial advantage) my content, writing/editing/writing consulting services, and/or other creative endeavors, such as (without limitation) literary or talent agents or agencies, publicists, promoters, public relations services, advertising agencies and/or services, brokers, distributors, publishers, print-on-demand publishing and/or distribution platforms (such as, without limitation, Lulu Press, Inc. (Lulu.com); Lulu, Lulu.com, and the names of its other products and/or services are trademarks and/or service marks or registered trademarks and/or service marks of Lulu), platforms and/or services for publishing and/or distributing audiovisual content (e.g., videos and/or podcasts), wholesalers/resellers, booksellers or other retailers, job search and/or professional networking sites and/or services, and/or staffing agencies/employment agencies.
      • Other types of service providers, such as (without limitation) other applicable telephony services and/or email providers (through my phone, text, and/or email communications with you and/or others, and/or as appropriate for security and/or troubleshooting purposes); Voice over Internet Protocol (VoIP), voice chat, teleconferencing, and/or video chat apps, clients, platforms, and/or services; other types of messaging and/or chat apps, clients, platforms, and/or services, such as (without limitation)Discord (Discord is a trademark of Discord Inc.) and/or Signal (a service of Signal Messenger LLC whose associated service providers and/or subprocessors may include, but are not necessarily limited to, services provided by Google and/or Amazon Web Services; Signal is a registered trademark of Signal Technology Foundation in the United States and other countries; Amazon Web Services is a trademark of Amazon.com Inc. or its affiliates in the United States and/or other countries; and Google is a registered trademark of Google LLC); online time servers; online scheduling, task management, meeting, and/or collaboration platforms, tools, and/or services; online file transfer, file sharing, and/or file storage services (which may include, but are not necessarily limited to, cloud storage services); storage facilities (including, though not limited to, providers of safe deposit boxes) and/or document/information management services; data and/or document destruction/shredding services; third-party printers and/or print services; providers of public computers and/or wireless networks I may periodically use; photo development, photo processing, video conversion, and/or other processing services for audiovisual materials; repair, maintenance, installation, and/or technical service providers; transcription and/or translation services, automated or otherwise; notaries; insurers and/or warranty providers (and/or, where applicable, their respective administrators, affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries); identity theft protection services; staffing agencies/employment agencies; background check services; credit bureaus and/or credit reporting agencies; payroll services; bookkeeping, accounting, and/or tax preparation services; auditing services; management consulting services; financial planning, financial management, and/or financial advisory services; brokerages; attorneys and/or law firms; legal aid and/or other legal consulting or legal counseling services; healthcare providers and/or their respective support staffs; cleaning and/or janitorial services; mapping, navigation, and/or trip-planning services and/or apps such as (though not limited to) the OsmAnd mobile app by OsmAnd B.V. (OsmAnd is a trademark of OsmAnd B.V.); taxi, livery, shuttle, carpool, and/or ride-share services (which I may use if I travel via such means and/or arrange such transportation for someone in some context related to this website and/or in the course of my business); travel agencies, travel bureaus, ticket brokers, and/or similar services (in connection with trips I take and/or arrange in some context related to this website and/or in the course of my business); airlines, bus services, and/or rail services (in connection with trips I take and/or arrange in some context related to this website and/or in the course of my business); hotels, motels, and/or other lodging providers (if I use and/or arrange such lodgings in some context related to this website and/or in the course of my business); rental services and/or rental agencies for vehicles such as (without limitation) cars, trucks, vans, bicycles, scooters, and/or boats (if I use and/or arrange such services in some context related to this website and/or in the course of my business); parking attendants, security guards, property managers, receptionists, and/or other such functionaries (if I must communicate with such functionaries in some context related to this website and/or in the course of my business — for example (but without limitation) when signing in at the front desk prior to attending a meeting); towing and/or roadside assistance services (if I use and/or arrange such services in some context related to this website and/or in the course of my business); movers (professional or otherwise), moving companies, and/or relocation services (in the event I relocate and/or need to transfer some or all of my business assets to some other site); and/or postal services, common carriers, shipping agencies, delivery services, and/or mailbox rental services (for the purposes of sending and/or receiving correspondence, packages, and/or shipments).

      Some or all of my third-party vendors and/or service providers (and/or any subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners those entities may employ and/or utilize in providing their respective services) may be located outside your home country and/or the European Economic Area; by using this website, you consent to my transfer of such information to them. Adobe, Cloudflare, Google, HP, Microsoft, and Sucuri (and probably others among my vendors and/or service providers) are certified under the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks for processing data from residents of the European Economic Area subject to the European General Data Protection Regulation (EU GDPR) and/or Swiss data protection laws. (Although the EU-U.S. and Swiss-U.S. frameworks are similar, the specific requirements vary, so not all companies certify under both, and additional requirements and limitations may apply to the transfer of data subject to the UK GDPR.) A recent ruling by the Court of Justice of the European Union declared the EU-U.S. Privacy Shield Framework invalid as a means of complying with EU GDPR data protection requirements, leaving the future of the program uncertain; see the Privacy Shield Program website for more information.

    • As I deem reasonable and appropriate (and as permitted by applicable law/regulations) to enable me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, and/or business partners, as described in the “Data Related to Recruitment/Hiring or Business Partnerships” section above.
    • If I am required by law to do so, such as (without limitation) pursuant to a subpoena, search warrant, or other court order or administrative order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; or in connection with an audit, civil or criminal trial, or other official investigation or proceeding. In some cases, I may disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure is not expressly required. For example (again without limitation), if I enter into a financial transaction with you that is subject to sales/use tax, I might provide your address to the applicable tax agency in order to determine the correct tax rate.
    • If I am contractually obligated to do so pursuant to my agreement(s) with my business partner(s), vendor(s), and/or third-party service(s), such as (without limitation) in connection with a dispute, investigation, or audit involving my bank(s)/financial institution(s), payment processor(s), or social media services, or as otherwise described in “Financial Transactions Policy” above. For example, if my payment processor investigates a payment I received that they suspect of being fraudulent, the payment processor’s terms of service may require me to provide relevant information to their investigators. Similarly, third-party services such as social media websites may compel me to provide information related to suspected violations of their terms of service.
    • If I believe in good faith that such disclosure is reasonably necessary to protect my property, rights, security, and/or safety, and/or the property, rights, security, and/or safety of third parties and/or the public at large. Additionally, as noted in the Copyright/Intellectual Property Violations section of the Terms of Use, if you submit a notice asserting that material on or linked to by this website that was provided to me by a third party violates your copyright, I may forward (and you expressly authorize me to forward) your claim to that third party (since such claims may implicate their rights).
    • If the person(s) to whom the information pertains have asked or authorized me to do so.
    • If the information is de-identified, anonymized, redacted, and/or aggregated such that it could not reasonably be used to identify the specific person(s) and/or household(s) to whom the information pertains (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information).
    • In the event that I sell or transfer control of this website, or if I enter bankruptcy or cease operating the website due to my death or incapacity, personal information I have gathered through this site would likely be among any assets transferred to the third-party purchaser(s) or acquirer(s) (and/or, where applicable, my heirs, successors, and/or assigns), who could continue to use that information only as set forth in this policy.

    Additionally, if I have roommates, houseguests, other cohabitants, and/or visitors, they may, from time to time, become incidentally aware of certain personal information pertaining to this website and/or my business operations — for example (but without limitation), noticing the sender and/or recipient information on letters or packages I send or receive via postal mail or common carrier, and/or overhearing some portion of voice calls or video conferences in which I participate. The likelihood and potential extent of any such incidental disclosures is difficult to quantify, but the possibility is hard to avoid with any business activity conducted at home.

    In general, I do not sell or rent the information I collect from individual visitors to the aaronseverson.com website, at least not in the sense most people understand the terms “sell” and “rent.” (Some local privacy laws, such as the California Consumer Privacy Act of 2018 (CCPA), have greatly complicated this question by expanding their definitions of “sale” to include virtually any disclosure in which any party has any financial stake whatsoever; see the “Information Shared for Business or Commercial Purposes” subsection of the “CCPA Information Collection and Sharing Notice” section below for more information on this issue.)

    There are a number of potential exceptions:

    First, as noted above, if I sell or transfer control of this website, personal information I have collected through and/or in connection with the site would likely be among the assets involved in such sale or transfer (which, surprisingly, the CCPA apparently does not regard as a sale for the purposes of that law).

    Second, if I possess artwork, copies of published work(s), and/or useful article(s) that contain and/or otherwise incorporate personal information about certain individual(s) or household(s) who have visited this website (such as, without limitation, a book by or about you; a magazine you once owned that still bears your name and address on the subscription mailing label; a DVD of a movie in which you appeared; or some item you once autographed), I might sell, lend, donate, or otherwise dispose of such artwork, my copy or copies of such published work(s), and/or such useful article(s).

    Third, it is conceivable that from time to time, personal information about one or more site visitors may be included in content that I research, write, adapt, edit, share, publish, and/or otherwise disseminate (and/or on which I consult) as part of and/or in connection with my profession writing/editing/writing consulting services, and/or in connection with my automotive website, Ate Up With Motor. For example (but without limitation), if you are a public figure or were involved in some newsworthy event, it is possible that a client may hire me (or has previously hired me) to research and write a profile about you for a magazine or other publication; if you own an interesting old car, I might include a photo I took of it at a car show in an article I license to some website or publication. (There are many possible scenarios — these are just a few representative examples.) Therefore, in the event that I incorporate your name, other relevant personal information, and/or potentially personally identifying information about you into my written content and/or bibliographies, annotations, and/or metadata; if your name and/or information is incorporated into content I research, write, adapt, edit, share, publish, perform, and/or otherwise disseminate (and/or on which I consult) in or for some other format or medium, and/or the metadata of such content; and/or if you and/or your information are somehow visible, audible, and/or otherwise included in certain of my images and/or other media, and/or present in their metadata, I may license, sell, and/or otherwise offer it for commercial advantage in that context.

    Please note that in many cases, I have no reasonable way of associating data gathered through this website with information I may have collected about you in other contexts, or of associating different types of personal information and/or potentially personally identifying information I may have obtained about a given individual or household. For example (again without limitation), your IP address being recorded in my server logs doesn’t necessarily mean that I know your name or can recognize your face in the background of a photo! (If you have questions about this, please contact me through one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.)

    Fourth, as noted in “Advertising” above, I don’t permit the site’s advertisers or sponsors to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible portions of the aaronseverson.com website. (Advertisements, banners, or donation boxes on the site’s administrative dashboard may sometimes collect personal information, but since the dashboard is only accessible to logged-in administrative users, such information-gathering and disclosure normally only involves my information, not that of other site visitors.) However, if you click on ad links to visit the websites of my advertisers or otherwise patronize their businesses, they may gather and use information about you — potentially for various commercial purposes — as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control. This could conceivably be deemed to constitute sharing information “for commercial purposes” as the CCPA defines it, even if I do not directly provide any information about you to those advertisers.

    Fifth, some of my service providers and/or vendors (including, though not necessarily limited to, providers of embedded content used on this website, as described in “Embedded Content” above) may use and/or disclose — potentially for advertising, marketing, and/or other commercial purposes — personal information they gather through my use of their content and/or services in ways that are beyond my control. (For example, but without limitation, I have no control over how YouTube uses information they collect about visitors who watch embedded videos I share, or how companies such as search engines or social media services use data they gather through the use of their services.)

    As previously noted, while no online website, Internet-accessible device, or data storage system can be 100 percent secure, I take reasonable measures to protect against unauthorized access, use, alteration, or destruction of personal information I collect through and/or in connection with this website, including, but not limited to, the use of encryption and encrypted (HTTPS) connections, online and offline malware scans, and appropriate password protection.

    Your Rights (GDPR and Other National or State Privacy Laws)

    If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (aka the “GDPR” or “EU GDPR”), the UK GDPR, or Brazil’s Lei Geral de Proteção de Dados (LGDP), or in certain U.S. states, such as California (see “Your California Privacy Rights” below), applicable data protection laws may give you certain rights with respect to your personal data, subject to any exemptions provided by the law and/or associated regulations. For example, the rights provided by the GDPR include the rights to:

    • Request access to your personal data
    • Request rectification (correction) of your personal data
    • Request deletion of your personal data
    • Object to my use and processing of your personal data
    • Request that I limit my use and processing of your personal data
    • Request portability of your personal data; and
    • Make a complaint to the applicable government data protection authority.

    In the UK, the applicable data protection authority is the Information Commissioner’s Office (ICO); for a list of European data protection authorities, see the European Data Protection Board Members page.

    If you have questions or would like to exercise these rights, you can contact me through one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. I’ve also added a Privacy Tools page that will let you automatically request your data based on your email address. (Please note that the data you obtain through this tool does not include personal data not associated with your email address, such as server and error log data; data not stored on this website itself (like emails you send me directly); or any non-electronic data (like physical copies of letters or photographs).)

    To safeguard your privacy and the privacy of others, I may (to the extent permitted — and/or required — by applicable law/regulation) take steps to verify your identity and/or residency before processing certain requests pertaining to your personal information.

    Also, please note that I may be obligated to retain certain data (such as financial transaction records) for legal or administrative purposes and/or to secure this website and its data.

    Your California Privacy Rights

    California Do Not Track Disclosure

    This website does not currently respond to Do Not Track browser settings.

    Information-Sharing Disclosures (Shine the Light Law)

    California Civil Code § 1798.83 et seq. (the “Shine the Light” law) gives California residents who have established business relationships with certain businesses the right to request information about those businesses’ disclosure of the customer’s personal information to third parties for direct marketing purposes.

    The law defines “direct marketing purposes” as “the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes.” An “established business relationship” is defined as “a relationship formed by a voluntary, two-way communication between a business and a customer” that is either ongoing or was established with a purchase or other transaction within the past 18 months.

    Under the Shine the Light law, if you are a California resident and have an established business relationship with a business subject to the law’s requirements, you may request, once per calendar year, an Information-Sharing Disclosure that details:

    1. What categories of personal information about you, if any, that business shared with third parties for direct marketing purposes in the preceding calendar year, and
    2. The names/identities and addresses of such third parties.

    (The law does not require the business to reveal which specific pieces of information may have been shared, only the categories of information, as defined by the applicable statutes.)

    Although I believe I am exempt from the requirements of this law, since I have fewer than 20 employees, I will nonetheless make every reasonable effort to provide you with such a disclosure within 30 days of my receipt of your request. To submit a request, please contact me through one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.

    Please note that this disclosure only covers information shared for direct marketing purposes. See the other sections of this Privacy Policy to learn more about other types of information I collect and how I use it.

    California Privacy and Data Protection Rights

    Starting January 1, 2020, California’s data protection laws, including the California Consumer Privacy Act of 2018 (CCPA), give California residents additional rights with respect to their personal data. The rights the CCPA provides California residents include:

    1. The Right to Know and the Right to Access: You have the right to request access — free of charge, up to two times in a given 12-month period, and (where possible) in “a readily usable format” — to:

      1. The categories and/or specific pieces of personal information I have collected about you in the preceding 12 months, and
      2. The categories of business and/or commercial purposes for which I collected and used the information, and
      3. The categories of sources from which I collected that information, and
      4. The categories of personal information about you that I have shared with third parties for business or commercial purposes in the past 12 months, and
      5. The categories of third parties with whom personal information was shared.
    2. The Right to Delete: You have the right to request the deletion of your personal information.
    3. The Right to Opt-Out of the sale of your personal information.
    4. The right to not be discriminated against or penalized for exercising these rights.
    5. The right to make a complaint to a state government supervisory authority.
    6. The right to take private legal action in the event of a data breach that exposes your personal information to theft or unauthorized access.

    These rights are subject to certain exemptions, exceptions, and restrictions provided by the law and/or its associated regulations. You need not be physically present in California to exercise these rights provided that you have a current California residence. You may designate an authorized agent to act on your behalf in exercising these rights.

    While I believe I do not technically meet any of the applicability thresholds specified by this California law, I am committed to providing visitors with as many privacy choices as I reasonably can.

    You (or your authorized agent) can exercise your California privacy rights via any of the methods specified on the Do Not Sell My Personal Information page.

    Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to your request. There is no charge for for making a request.

    In order to better safeguard your privacy and the privacy of others, I may be required to verify your identity before processing certain requests pertaining to your personal information. I may be unable to fulfill your request if I cannot verify your identity to the degree of certainty applicable law and/or regulations require. Also, please note that in addition to any exceptions and exemptions applicable law and/or regulations may provide to the rights provided by the CCPA (particularly with regard to the deletion of your personal information), I may be unable to delete certain information (e.g., my web host’s server and error logs) for technical reasons.

    Except as otherwise required by law, privacy-related requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.

    Do Not Sell My Personal Information

    If you are a California resident and would like to exercise your Right to Opt-Out of the sale of your personal information, or any of your other rights under the California Consumer Privacy Act of 2018 (CCPA), such as the Right to Know, the Right to Access, and/or Right to Delete your personal information, such as the Right to Know, the Right to Access, and/or Right to Delete your personal information, you (or your authorized agent) should visit the Do Not Sell My Personal Information page.

    CCPA Information Collection and Sharing Notice

    The California Consumer Privacy Act of 2018 (CCPA) also requires certain businesses to disclose the categories of information that the business has collected about individuals or households during the preceding 12 months; that the business disclosed for business purposes during the preceding 12 months; and that the business disclosed for commercial purposes during the preceding 12 months. These disclosures must be updated at least once a year.

    As noted above, I believe I do not meet any of the CCPA’s applicability thresholds, but for the avoidance of doubt, I make the disclosures listed below.

    Categories of Personal Information Collected

    The following list summarizes the categories of personal information I have collected about individuals and/or households, both through and/or in connection with this website and in the context of my business, which for the purposes of this notice includes both my work as a professional writer/editor and writing consultant (which is subject to the separate 6200 Productions Privacy Policy) and my automotive website, Ate Up With Motor (which also has its own privacy policy).

    Please note that I do not necessarily collect all of these categories of personal information about every individual, or even most individuals. While I collect certain information from all site visitors (e.g., IP addresses, user agent information), the categories listed below also encompass the range of information I gather in connection with the articles and other content I create and/or edit (and/or on which I consult), which is far more extensive than I customarily gather about site visitors. These categories also include information (a) that certain people volunteer to me, whether about themselves or someone else; (b) that I only collect from/about certain people for some specific reason(s); and/or (c) that I infer or surmise from other data (e.g., inferring an approximate geographical location based on an area code or email domain).

    The statutory definitions of some of these categories overlap, with certain types of information (e.g., real names) technically falling into multiple categories; I have tried to limit repetition in the interests of space and comprehensibility. This list also includes some types of information that the law would probably regard as personal information, but that are not specifically described in the applicable statutes.

    The examples listed for each category are intended to be a representative sampling, NOT an exhaustive list of all the specific pieces of information I may have gathered within a particular category. Also, this list describes the categories of information I have collected on individuals and/or households from ANY locale, NOT only from California residents. (In many cases, I have no reasonable way to know whether the individuals and/or households to whom certain personal information pertains are California residents or not.)

    During the past 12 months, I have collected the following categories of personal information in the course of my business:

    • Identifiers, such as:
      • First and/or last names, pseudonyms/aliases, nicknames, usernames, and/or account names
      • IP addresses
      • Email addresses
      • Postal mailing addresses and/or street addresses
      • Social Security Numbers, taxpayer ID numbers, driver’s license numbers, and/or other government-issued identification information
      • Unique personal identifiers, online identifiers, or other similar identifiers
      • Information collected through cookies and/or similar technologies
    • Additional categories of personal information as defined in the California Customer Records statute, California Civil Code § 1798.80(e), such as:
      • Signatures, physical and/or digital
      • Other physical characteristics or descriptions of individuals (e.g., height, weight, hair color)
      • Telephone numbers (and/or FAX numbers)
      • Other contact information
      • Account numbers
      • Records of financial transactions with me, including, as applicable, transaction ID numbers, tax-related information, and check/bank account information (I do NOT collect any bank account or credit card information in connection with PayPal® transactions; PayPal is a registered trademark of PayPal, Inc.)
      • Other financial information (e.g., credit ratings; whether someone has (or had) loans, past foreclosures, and/or declared bankruptcy; other information pertaining to creditworthiness, assets, income, and/or liabilities; the net worth of public figures)
      • Medical information (e.g., information about health conditions; tests and/or treatments received; drugs, therapies, and/or medical products and/or equipment used)
      • Health insurance information (e.g., whether or not individuals are insured and with which insurance carrier(s) — I do NOT collect policy numbers or similar data, and much of what health-insurance-related data I do collect is in aggregated form)
      • Information about other types of insurance and/or insurance coverage
    • Characteristics of classifications protected by law, such as:
      • Age and/or date of birth
      • Race, color, ancestry, national origin, and/or citizenship status
      • Religion or creed
      • Marital/relationship status and/or information about spouses/partners
      • Medical condition and/or physical or mental disability
      • Sex, gender, gender identity, and/or gender expression
      • Pregnancy, childbirth, and/or related medical conditions
      • Sexual orientation
      • Veteran or military status
      • Information about children (such as the number of children and/or their names, ages, and/or genders) and/or other family members
      • Language(s) spoken and/or preferred
    • Commercial information, such as:
      • Information about cars and/or other vehicles an individual has owned, purchased, rented, leased, otherwise obtained, or considered; that they have indicated they want to purchase, rent, lease, or otherwise obtain; and/or that they are considering
      • Information about art, books, other publications, films, videos, and/or other media an individual or household has considered, read, watched, or otherwise consumed; desires/intends to consume; and/or is considering consuming
      • Information about personal property, products, goods, and/or services an individual or household owns, rents, leases, and/or otherwise uses; has owned, purchased, rented, leased, obtained, or considered; desires to purchase, rent, lease, obtain, and/or use; and/or is considering purchasing, renting, leasing, obtaining, and/or using
      • Information about retailers, vendors, and/or service providers an individual or household has patronized, is considering patronizing or planning to patronize, prefers, and/or disdains
      • Information about real property an individual has purchased, leased, or rented, and/or property records indicating who owns a particular building, lot, or other real property
      • Information about stocks and/or securities ownership and/or purchases/transfers (e.g., whether an individual owns or has recently purchased or sold shares in a particular corporation or other business entity)
      • Information about other types of purchases, transactions, and/or investments
      • Information about an individual or household’s participation in sports, games, hobbies, and/or other pastimes
      • Information about an individual or household’s scores, achievements, winnings, and/or prizes in games of chance or skill
      • Opinions, critical judgments, tastes, preferences, and/or other information about an individual or household’s purchasing or consuming history and/or tendencies
    • Biometric information, such as if you provide me with information about your sleep and/or exercise habits, or if documents or other physical objects I receive contain visible fingerprints (I have no means of analyzing, identifying, or using fingerprint data, but the law and its associated regulations make no such distinction)
    • Internet or similar network activity information, such as:
      • Web browsing activity and/or history
      • Search history
      • Information gathered through cookies and/or similar technologies
      • User agent information
      • Online avatars, profile images, and/or icons
      • Domain names and/or URLs of personal blogs, social media pages/feeds, or other online profiles
      • Network, shared device, and/or online service information (e.g., names, passwords/login credentials, technical details, and/or other information pertaining to wireless networks; local area networks; shared printers and/or other devices; websites; online service accounts; and/or other means of networking, sharing, and/or otherwise connecting electronic devices, files, and/or data)
      • Other information about an individual or household’s interactions with websites, applications, and/or online advertisements (including, but not limited to, errors and/or suspicious activity)
    • Geolocation information, such as an individual or household’s geographical location and/or movements, whether directly observed; stated or described to me (directly or indirectly); and/or determined, estimated, and/or inferred from other data (e.g., from an IP address, telephone area code, and/or GPS coordinates)
    • Audio, electronic, visual, thermal, olfactory, or similar information, such as photographs, illustrations and/or other images, videos, audio recordings, and/or other media in which recognizable individuals and/or likenesses are visible and/or their voice(s) audible
    • Professional or employment-related information, such as:
      • Resumes/CVs
      • Current and/or past employer(s) and/or client(s)
      • Job title(s) or position(s)
      • Compensation
      • Business ownership/registration information (e.g., whether an individual has some ownership interest in and/or is an officer of a corporation or other business entity)
      • Other professional relationships (e.g., publishing or licensing deals, management, representation, partnerships)
      • Military service information
      • Other group or organization membership and/or affiliation information
      • Professional certifications and/or licensure
      • Skills, aptitudes, abilities, and/or intelligence
      • Professional achievements and/or honors
      • Network, shared device, and/or online service information (e.g., names, passwords/login credentials, technical details, and/or other information pertaining to wireless networks; local area networks; shared printers and/or other devices; websites; online service accounts; online service accounts; and/or other means of networking, sharing, and/or otherwise connecting electronic devices, files, and/or data)
      • Authorship, other credits, and/or rights holder information for artwork, books, films, software, photographs, other media, other published works or designs, and/or other intellectual property such as trademarks and/or patents
      • Professional references
      • Performance evaluations and/or information about individuals’ professional reputations and/or conduct
      • Other information about an individual’s vocation and/or trade
    • Education information, such as schools attended; grades and/or scores on standardized or aptitude/skill tests; and/or degrees and/or credentials earned
    • Inferences I make based on other data, such as my estimation of an individual’s personality, aptitudes, predispositions, psychological trends, and/or behavior.
    • Other types of personal information not specifically described in the applicable statutes, such as:
      • Information about specific vehicles, such as license plate numbers, vehicle identification numbers, related information (e.g., vehicle registration dates), and/or other identifying characteristics or details (e.g., year, make, model, body style, color, equipment, features, distinguishing markings, modifications, customization, damage, repairs, and/or maintenance)
      • Legal information (e.g., information regarding an individual having been accused of, charged with, and/or convicted of crime(s), infraction(s), and/or misconduct; having been a victim (or alleged victim) of crime(s) and/or misconduct; and/or being involved in a civil lawsuit)
      • Information about an individual or household’s agents, representatives, and/or service providers (e.g., attorney(s) or legal counsel, talent or literary agency, manager(s), accountant(s), auditor(s), assistant(s) and/or secretaries, and/or other authorized representatives and/or professional service providers)
      • Information about wills, estates, executorship, inheritance, trusts, and/or trusteeship
      • Information about gifts, donations, charitable contributions, and/or political contributions made and/or received
      • Information about community service (e.g., jury duty), volunteer work, and/or charitable activity
      • Information about political affiliations, opinions, and/or activity
      • Information about membership in and/or affiliation with other types of groups and/or clubs
      • Information about awards, honors, prizes, and/or other recognition
      • Information about individuals’ public and/or personal reputations
      • Information about friendships, personal relationships, and/or social interactions (including observations and/or inferences regarding individuals’ tendencies and/or preferences therein)
      • Information about other household members (e.g., roommates) and/or pets
      • Encryption public keys and/or similar security data
      • Other potentially personally identifying information in electronic files and/or associated metadata
      • Handwritten notes, documents, illustrations, paintings, sketches, and/or other examples of individuals’ handwriting, calligraphy, and/or artwork (in whatever medium)
      • Other types of personal information, and/or other types of data that could potentially be deemed personal information, that do not readily fit into any of the above-listed categories.

    Although I do not knowingly collect personal information from children under 18 through this website, I may sometimes collect such information as part of my professional writing/editing/writing consulting work. (For example (but without limitation), I might write or edit a news article about a minor child’s notable achievements or involvement in some matter of public interest, which could include personal information obtained through an interview with that child and/or from other sources.) If you have questions, if you are a parent or legal guardian and believe that I may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via one of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. (Parents or legal guardians can also submit CCPA requests on behalf of their minor children via any of the methods specified on the Do Not Sell My Personal Information page.)

    The fact that I collected and/or inferred certain information does not necessarily mean that I still retain it, or that I have any practical way to associate the different categories of information I may have collected about a given individual or household (e.g., to connect a visitor’s name with an IP address in the server logs and/or a face visible in the background of a photograph).

    Keep in mind that if you have interacted with me via some third-party service, that service may have collected and/or shared — potentially for commercial purposes — personal information about you that is not reflected in the above list. The collection, use, and/or retention of personal information by third-party services are subject to the applicable service’s privacy policy and terms of use/terms of service, and are outside of my control. (The disclosures above DO include categories of personal information that third-party services have provided to me.)

    Collection Sources

    Personal information I collect about you and/or your household comes from one or more of the following categories of sources:

    • You, whether directly through your communications with me, through other public disclosures you’ve made (e.g., social media posts), or through your use of this website
    • My employees, independent contractors, agents, and/or business partners (as applicable)
    • My vendors and/or service providers
    • Other visitors/users, whether directly or indirectly
    • Published and/or publicly available sources (e.g., books, articles, films, videos television programs, radio programs, podcasts, other audio recordings, social media, online databases, public records)
    • Photographers, videographers, illustrators, podcasters, and/or other media creators
    • Subject matter experts, historians, biographers, researchers and/or other academics, archivists, librarians, observers, eyewitnesses, and/or other knowledgeable parties
    • Clients or employers for whom I provide (or have provided) writing/editing/writing consulting services.

    Each of the above-listed categories of sources may provide me with information that falls into several or all of the categories of personal information listed in “Categories of Personal Information Collected” above.

    Collection Purposes

    Personal information I collect in the course of operating this website and/or my business is collected for one or more of the following purposes:

    • Functionality
    • Providing services
    • Completing a transaction
    • Fulfilling a contractual obligation
    • Legal compliance or audit
    • Research and publishing
    • Security, troubleshooting, quality control, and technical improvement
    • Recruitment/hiring or business partnerships
    • Advertising and other commercial purposes

    These purposes are defined in the “Categories of Information and Purposes for Collection” section above and have the same meanings here as in other sections of this Privacy Policy.

    Information Shared for Business or Commercial Purposes

    The CCPA defines sharing information “for business purposes” as disclosing personal information about individuals or households to third parties such as service providers or independent contractors for any of the following purposes:

    1. Auditing interactions with consumers
    2. Security
    3. Debugging/repair
    4. Certain short-term uses
    5. Performing services
    6. Internal research for tech development
    7. Quality and safety maintenance and verification.

    A disclosure of personal information is considered to be “for commercial purposes” if it serves to “advance a person’s commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction,” with the exception of “engaging in speech that state or federal courts have recognized as noncommercial speech, including political speech and journalism.”

    The CCPA’s definitions are so expansive that almost any disclosure or transmission of virtually any piece of information about any individual or household — even information that was already publicly available — could potentially be considered sharing of personal information for business or commercial purposes if it takes place in any business-related context. Furthermore, by the CCPA’s definitions, a disclosure for commercial purposes may be deemed “selling” personal information even if it does not constitute a sale as most people understand that term.

    I may disclose personal information I collect through and/or in connection with this website as described in the “Disclosure of Personally Identifying Information” section above. Also, as noted in that section and elsewhere in this Privacy Policy, my work as a professional writer/editor and writing consultant and/or other creative endeavors routinely involve collecting and sharing personal information, often for publication. Such information routinely encompasses most or all of the categories of personal information listed in “Categories of Personal Information Collected” above, although I don’t necessarily disclose every type of information that may fall within a particular category, nor do I necessarily disclose every piece of information I collect of a given type.

    Therefore, by the law’s definitions, I may share any or all of the categories of personal information I collect in the course of my business with any or all of the following:

    • My employees, independent contractors, agents, and/or business partners, if any.
    • My service providers and/or vendors.
    • Any government agency, investigator, auditor, court, arbiter, or other official entity that requires or compels me to disclose personal information related to my business.
    • Any individual or entity with whom I communicate, consult, and/or collaborate in the process of researching and developing my content, writing/editing/writing consulting work, and/or other creative endeavors, and/or who communicates and/or consults with me regarding their content and/or other creative endeavors.
    • Editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services; to whom I may license, sell, or otherwise offer my content and/or other creative work; for whom I may otherwise work and/or provide services; and/or as I may reasonably be requested or directed to do as part of and/or in connection with such services, content, and/or work (and/or the offer thereof).
    • Individuals or entities who help me promote and/or sell (or otherwise offer for commercial advantage) my content, writing/editing/writing consulting services, and/or other creative endeavors.
    • The public, through the publication, performance, broadcast, other dissemination, and/or public discussion of my content and/or other creative work; my sharing, discussing, and/or otherwise disseminating information that is already publicly available (e.g., in news articles, published works, and/or public records); my disposal of my personal property (e.g., lending, donating, or selling my copies of books, magazines, and/or other published works); and/or, as applicable, my publication of your comments, any images and/or other media you submit to me for publication and/or for use in or with my published work(s), and/or your other communications with me.

    As indicated in the “Disclosure of Personally Identifying Information” section above, I may also share personal information:

    • If that information otherwise is or was already publicly available (which is also noted in the list above, but bears repeating for emphasis — I strenuously reject and regard as unconstitutional any attempt to use the CCPA, its associated regulations, and/or similar privacy laws to restrict or limit my right to share, disclose, and/or discuss publicly available information, whether or not that information is offered through official government sources); and/or:
    • If the information is contained in and/or otherwise incorporated into artwork, a copy of a published work, or a useful article (including, without limitation, information inscribed or imprinted upon and/or affixed or otherwise attached to such work(s), copies, or article(s), particularly where that information cannot reasonably be removed without damaging the item or article in question); and/or:
    • To appropriately credit someone for the use of their photos, fonts, themes/plugins, or other content or intellectual property, particularly where such credit is required by the applicable license terms; and/or:
    • As I deem reasonable and appropriate (and to the extent permitted by applicable law/regulations) to enable me to make informed hiring, employment, and/or other business decisions regarding prospective employees, independent contractors, and/or business partners; and/or:
    • If I am legally or contractually obligated to do so (which would typically be to comply with a subpoena, search warrant, or other court order or administrative order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; in connection with an audit, civil or criminal trial, or other official investigation or proceeding; or in connection with a payment dispute or other contractual dispute, but could also be in other circumstances that I cannot reasonably anticipate; I may also disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable law or regulation, even if the specific disclosure is not expressly required, such as (without limitation) if I need to contact a tax agency to determine the correct sales/use tax rate for a particular address); and/or:
    • If I believe in good faith that such disclosure is reasonably necessary to protect property, rights, security, and/or safety, and/or to forward copyright claims pertaining to material provided to us by a third party to that third party (since such claims may implicate their rights); and/or:
    • If the person(s) to whom the information pertains have asked or authorized me to do so; and/or:
    • If the information is de-identified, anonymized, redacted, and/or aggregated such that it could not reasonably be used to identify specific person(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information); and/or:
    • As part of a business transfer (e.g., if I sell or transfer control of this website, enter bankruptcy, or pass my assets to my heirs, successors, and/or assigns through my death or incapacity).

    Additionally, as also noted in the “Disclosure of Personally Identifying Information” section above, if I have roommates, houseguests, other cohabitants, and/or visitors, they may, from time to time, become incidentally aware of certain personal information pertaining to this website and/or my business operations, in ways that are hard to avoid with any business activity conducted at home.

    For what I hope are obvious reasons, it is not feasible for me to enumerate every possible entity or even category of entities to whom I might disclose information in the above contexts, but any such disclosures could also involve any or all of the categories of personal information I collect in the course of my business.

    Much if not all of the personal information I collect or access may be processed by one or more third parties. For example (but without limitation):

    • For obvious reasons, it is impossible for me to call, text, email, or mail any individual or household without disclosing a certain amount of the recipient’s personal information to third parties. For example, making a phone call or sending a text message requires communicating the recipient’s telephone number to the applicable telephone companies or mobile carriers.
    • My web host, DreamHost®, owns the web servers on which this website runs as well as the mail servers for my associated email addresses. Therefore, DreamHost has full administrative access to most files, messages, and data processed by or stored on those servers. This is in addition to any information I deliberately share with DreamHost for purposes such as troubleshooting or security. (DreamHost is a registered trademark of DreamHost, LLC.)
    • If in the course of my business I access any website or online resource that is not encrypted (i.e., via an HTTP rather than HTTPS connection), any data I access on that site or resource is visible to my Internet service provider and potentially also other third parties. Even if a website or online resource IS encrypted, my Internet service provider and other third parties (such as my DNS (domain name system) server and the website or resource’s certificate authority and embedded content providers) can generally see that I have connected to that site or resource, as can that site/resource’s certificate authority and embedded content providers, if any. If I use a proxy server or VPN, the VPN or proxy server can also see my connections and any unencrypted data I access.
    • Most files and data on my systems and devices are routinely scanned by one or more malware detection and/or other security tools, some of which may incorporate cloud-based scanning or analysis features, as explained in the “Security Scans” section of this Privacy Policy. (As noted in that section, some website security log data is also stored by Sucuri. Sucuri is a trademark of Sucuri Inc. and may be registered in certain jurisdictions.)
    • Most payments I receive are processed by my bank(s) (or other applicable financial institution(s)) and the applicable payment processor(s), if any (e.g., PayPal®). Those payments and related tax documents must also be disclosed to several different tax agencies, and may be discussed with my tax preparer and/or other financial or legal professionals for administrative and compliance purposes. (PayPal is a registered trademark of PayPal, Inc.)
    • Some information about my activities and/or data accessed on my systems and devices may be captured by the telemetry and/or other surveillance features of the software, apps, services, and devices I use, as explained in the “Information Captured by Service/Software/App/Device Telemetry” section of this Privacy Policy.

    Any or all of the above would likely be considered sharing information for business purposes by the CCPA’s definitions.

    Actions like the following could also be deemed sharing information “for business purposes” if I do so in some business-related context:

    • Looking up someone’s name in a search engine, library catalog, or other database.
    • Entering someone’s address into a mapping or navigation service to look up driving directions, or meeting with someone face to face while my phone’s geolocation services are turned on.
    • Using an automated translation service to translate text containing any names and/or other types of personal information.
    • Printing a document containing names and/or other types of personal information using a commercial print service or a printer controlled by a third party (e.g., printing a copy of a news article I read at the public library).
    • Performing a WHOIS lookup on an IP address from the website’s security or error logs, or allowing my firewall or other security software to perform such lookups.
    • Storing or transmitting any electronic file containing personal information using any cloud storage service or other online storage system.
    • Sharing links to a news article or online post that contains names and/or other types of personal information.
    • Describing an unusual or distinctive vehicle I saw on the street or in some other public setting.
    • Discussing the life and career of a well-known public figure with other writers, historians, or subject matter experts, whether or not the information discussed is already publicly available.
    • Lending or giving someone a copy of a book or other published work that was autographed by the author and/or contains someone’s handwritten marginal notes, or a magazine with the original subscription mailing label still affixed to or imprinted upon the cover.
    • Publishing or submitting for publication any content that contains any personal information such as names, photographs, videos, or biographical information. (Even publishing a bibliography with authors’ names might count.)

    (These are just a few examples, not an exhaustive list.)

    As noted in the “Disclosure of Personally Identifying Information” section above, the CCPA apparently does NOT regard transfers of personal information as part of the sale or transfer of a business (that is, where the information is among the assets of the business being sold or transferred) to be “sales” for purposes of the law. However, it remains unclear how the CCPA and/or its associated regulations will regard sales and/or other commercial distribution or disposal of artwork, copies of published works (e.g., books, magazines, CDs, DVDs), and/or useful article(s) that contain and/or otherwise incorporate personal information (as most published works do!). I regard as both absurd and terrifying the idea that the CCPA could effectively prohibit me from selling, lending, donating, or otherwise disposing of personal property such as my copies of published books, magazines, CDs, and/or DVDs (which I may do from time to time). My assumption is that California’s attorney general and courts will choose not to interpret the law in such a broad and ridiculous way — which would have far-reaching, frightening implications for free speech — but to my knowledge, there has not yet been any official guidance on this point.

    Furthermore, because I am a professional writer/editor and writing consultant and much (though not all) of the information I collect in connection with that work is intended for publication, a variety of activities I routinely undertake in connection with my work could potentially be deemed “commercial” as defined by the CCPA, even if my actual content is deemed “noncommercial speech.” (For writers, photographers, and other creative professionals, the distinction between “commercial” activity and engaging in “noncommercial speech” as an integral part of one’s business is a complicated, muddy legal question mark.) Examples could include:

    • Licensing, selling, or otherwise offering my content or writing/editing/writing consulting services for money or other valuable consideration (including offering the content on this website, which is supported by advertising and user contributions) if that content incorporates or involves any names and/or other types of personal information about individuals or households.
    • Advertising, promoting, and/or marketing my content, or published works incorporating my content, if that content contains any names and/or other types of personal information, and/or if such information is referenced in the promotion or marketing.
    • Proposing or pitching any article, book, and/or other content containing names and/or other types of personal information to editors, agents, and/or publishers.
    • Sharing, exchanging, or discussing with clients, coauthors, and/or collaborators any personal information pertaining to articles, books, and/or other content I am creating and/or editing (and/or on which I am consulting) for commercial advantage.
    • Arranging for people featured and/or quoted in my content to receive complimentary copies of my published work or be notified of its publication or commercial availability.

    Even if disclosures like these are NOT deemed to be “for commercial purposes” (or “sales”) by the CCPA’s definitions, they are certainly “for business purposes.”

    From time to time, I may also facilitate other types of commercial transactions, whether directly or indirectly, such as:

    • By putting into contact (with their mutual consent) parties who have expressed interest in some transaction with one another. For example, if a visitor asks about licensing a photo or other content I have used that is owned by someone else, I might ask the applicable rights holder if they’re comfortable with my putting them in touch with the interested party.
    • By recommending that a professional contact or acquaintance be hired for a job, assignment, or commission, or chosen as a vendor or service provider.
    • By endorsing (explicitly or by implication) some author, artist, service provider, or vendor, and/or their products or services.

    By the CCPA’s definitions, disclosing any personal information in such circumstances might be deemed sharing information “for commercial purposes” whether or not any transaction is actually completed, whether or not I am a party to that transaction, and whether or not I receive any compensation or consideration in connection with it.

    As noted in “Advertising” above, I do not allow my advertisers (if any) to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of this website. (Advertisements that appear on portions of the site’s administrative dashboard, which is not normally accessible to visitors other than site administrators, may sometimes include embedded content and/or other information-gathering mechanisms.) However, if you click on advertising links or otherwise patronize my advertisers’ businesses, they may gather and use information about you — potentially for various commercial purposes — as described in their respective privacy policies (and may be able to tell that you came from this website), which is outside of my control. This could conceivably be deemed to constitute sharing information “for commercial purposes” as the CCPA defines it, even if I do not directly provide any information about you to those advertisers.

    Additionally, some of my embedded content providers (described in the “Embedded Content” section above) and/or other service providers might use information collected about my visitors (and/or otherwise obtained from me) for commercial purposes. For example (but without limitation), if you accessed a YouTube video I shared, particularly if you were logged into a Google Account at the time, YouTube may have shown you advertisements and likely added your viewing history to the repository of data Google (which owns YouTube) has compiled about you, much of which is used for commercial purposes. Although I typically have no control over such use (other than completely discontinuing the use of embedded content or third-party services), this too could be deemed sharing information “for commercial purposes” as defined by the CCPA. (YouTube is a trademark of Google LLC; Google is a registered trademark of Google LLC.)

    Put simply, by the law’s extremely broad definitions, any or all of the categories of personal information I collect in the course of my business could be deemed to be shared for business and/or commercial purposes, whether or not I “sell” personal information in the way most people understand that term.

    You can learn more about the circumstances under which I may share or otherwise disclose personal information I collect through and/or in connection with this website in the “Disclosure of Personally Identifying Information” section above.

    If you have general questions about my data-sharing practices (i.e., questions about my typical practices rather than about the personal data of any specific individual or household), feel free to contact me using any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. If you are a California resident and would like to exercise your rights under the CCPA, such as the Right to Know, the Right to Access, the Right to Delete, and/or the Right to Opt-Out of the sale of your personal information, you (or your authorized agent) should visit the Do Not Sell My Personal Information page.

    Controller/Responsible Party, Questions, and How to Reach Me

    The controller (or “responsible party,” for jurisdictions that use that term) for processing personal information related to this website is Aaron Severson, 11100 National Bl. #3, Los Angeles, CA 90064. If you have questions about this policy or my use of personal information, or if you would like to contact me regarding the rights mentioned in “Your Rights (GDPR and Other National or State Privacy Laws)” above, you can reach me via postal mail at that address or by sending an email to admin (at) aaronseverson (dot) com.

    If you are a California resident and would like to exercise your rights under the California Consumer Privacy Act of 2018 (CCPA), such as the Right to Know, the Right to Access, the Right to Delete, and/or the Right to Opt-Out of the sale of your personal information, you (or your authorized agent) can submit a request using any of the methods specified on the Do Not Sell My Personal Information page.

    Privacy Policy Changes

    I may change this Privacy Policy from time to time, at my sole discretion. Your continued use of this website after any changes to this Privacy Policy will constitute your acceptance of such changes, the effective date of which is shown near the top of this page. If the policy has changed since your last visit to this website, the website may prompt you to review and accept the changes.

    Recent Revisions

    Here is a list of recent changes to this Privacy Policy, in reverse order by date:

    • November 26, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, rearranged the examples of “Internet or similar network activity information” to put them in a (hopefully) more logical order. Also in that subsection, changed the phrase “about an individual’s interactions with a website, application, or advertisement” to “about an individual or household’s interactions with websites, applications, and/or online advertisements” for greater completeness.
    • November 23, 2020: Updated Other Information I Receive from Third-Party Sources to change “user name” to “username” and updated Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice to change “user names” to “usernames” for internal consistency of spelling.
    • November 20, 2020: In the Refunds and Returns subsection of the Financial Transactions Policy section, updated the bullet point on Other Purchases to change “digital goods or services other than advertising” to “digital goods and/or services other than advertising” (for completeness) and changed “(e.g., the purchase of an ebook)” to “(such as, without limitation, the purchase of an ebook and/or payment(s) for my writing/editing/writing consulting services)” (to better illustrate the intended scope). Updated the bullet point on Other Types of Transactions to change “transactions that do not fit any of the above categories …” to “transactions that do not fit into any of the above categories (including, though not limited to, payment(s) of license fees and/or royalties for the reuse of my content) …”
    • November 19, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, made some minor grammatical and punctuation adjustments to the “Education information” bullet point (separating the examples with semicolons rather than commas and adding “and/or” before “degrees and/or certifications earned”). Under the “Other types of personal information” bullet later in that section changed “Information about wills, estates, executorship, and/or inheritance” to “Information about wills, estates, executorship, inheritance, trusts, and/or trusteeship”.
    • November 17, 2020: In Disclosure of Personally Identifying Information, added hCaptcha to the examples of third-party service providers. Also updated and adjusted the references to Cloudflare in that section for greater accuracy and better readability, also adding and rearranging some trademark notices in that text and adjusting which portions of the text are anchor text for the applicable links.
    • November 16, 2020: In Disclosure of Personally Identifying Information, added Discord to the examples of third-party service providers and adjusted the wording of the reference to Signal in the same section to be more readable, also rearranging the trademark notices in that text.
    • November 14, 2020: In the Website Server, Error, and Security Logs; Security Scans; and Information I Receive from Third Parties for Security Purposes sections, added “other personal information*” to the listed categories where it wasn’t already included, and changed “special: other technical details (some of which might be potentially personally identifying)*”; and “special: other technical details relevant for security purposes (some of which might be potentially personally identifying)*”; and “special: other security-related technical details (some of which might be potentially personally identifying)*” to “special: other technical details (some of which might be potentially personally identifying and/or constitute personal information in certain jurisdictions)*” for consistency. (These changes are really just clarifications; some jurisdictions have adopted such expansive definitions for “personal information” that certain types of information may be considered “personal information” even if it could not reasonably be used to individually identify you.) In Disclosure of Personally Identifying Information, changed “travel agencies, travel bureaus, ticket brokers, and similar services” to “travel agencies, travel bureaus, ticket brokers, and/or similar services” for consistency of wording. Also in that section, updated the PayPal reference to change “processes some payments for me” to “processes certain payments I make or receive” for greater clarity. In the Transaction-Related Information Gathering section of the Financial Transactions Policy section, added a paragraph referencing the Transaction-Related Information I Receive from Third Parties section, including an internal link to that section. In both those sections, added “images and/or other media (possibly including metadata)*” to the listed categories of information I may collect (since the information I receive may include profile pictures or other types of images and/or media). Also in Transaction-Related Information I Receive from Third Parties, changed “the seller’s profile picture” to “the seller’s profile picture and/or geographical location,” since the latter is another common example of this type of information, and made a number of clarifications to the paragraph on data retention. In Additional Information About Data Retention; Controller/Responsible Party, Questions, and How to Reach Me; and this revisions list, removed some duplicated commas.
    • November 13, 2020: In Advertising, changed “settings/configurations/addons” to “settings and/or add-ons” to better align with the Embedded Content section (and to make the spelling of “add-ons” consistent throughout this policy).
    • November 11, 2020: In Disclosure of Personally Identifying Information, amended the paragraph about possible incidental disclosures involving roommates, houseguests, other cohabitants, and/or visitors for better grammar and changed the conjunction separating the listed examples from “or” to “and/or.” Also in that section, added a trademark notice for Akamai.
    • November 8, 2020: In Disclosure of Personally Identifying Information, added “online time servers” to the examples of third-party service providers. Also in that section, updated the reference to the manufacturers of my wireless routers to change “their associated software/services” to “their associated software and/or services” (for greater accuracy). Amended a previous item on this list for October 30, 2020, to change “examples of third-party services” to “examples of third-party service providers” for internal consistency. Removed some extra spaces throughout this page. In Consents and Agreements, completely revised and updated the text to be more broadly applicable and more accurate (it was originally written to refer mostly to the privacy banners and consent checkboxes, but the new version is more comprehensive), also splitting the second paragraph into two separate paragraphs in the interests of readability. Tinkered with the updated wording.
    • November 7, 2020: In Disclosure of Personally Identifying Information, updated the bullet point on comments to add the following phrase to the end of the sentence beginning “As explained in that section …”: “and/or emailing you directly (at the email address you provided with your comment) prior to or instead of publishing your comment(s).” (Since this point is already spelled out explicitly in the Comments section above, this is a just a clarification for easier reference.) Also in that section, updated the bullet point on inquiries and support requests to change “As part of a public response to an inquiry or support request” to “To respond (publicly and/or privately) to your messages, inquiries, and/or support requests” for greater accuracy. (Even if I only respond to you privately, doing so typically involves communicating at least some information to third parties in ways some jurisdictions now regard as a disclosure of personal information — for example, sending you an email in response to your inquiry necessarily involves transmitting your email address to the servers of our respective email providers!)
    • November 3, 2020: In Website Server, Error, and Security Logs, changed “Additionally, if a logged event or action involved or appeared to involve any of this website’s administrative users, certain logs may also record the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s)” to “Additionally, if a logged event or action involves or appears to involve any of this website’s administrative users, and/or involves credentials I create to allow specific users to access certain resources (e.g., the login credentials for certain FTP folder(s) associated with this website), certain logs may also record the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s) and/or credentials.” Also in that paragraph, changed the phrase “the routine operation of the website and its host” to “the website and its related systems” (which is more correct).
    • November 2, 2020: In Disclosure of Personally Identifying Information, updated the reference to WebAIM to change the phrase “whose WAVE Accessibility Tool …” to “whose WAVE Accessibility Tool and/or other tools …” for completeness. (They have a number of useful tools besides the WAVE tool.) Later in that same section, changed “repair, maintenance, and/or technical service providers” to “repair, maintenance, installation, and/or technical service providers” and changed “postal services, common carriers, shipping agencies, and/or mailbox rental services (for the purposes of sending and/or receiving correspondence and/or packages)” to “postal services, common carriers, shipping agencies, delivery services, and/or mailbox rental services (for the purposes of sending and/or receiving correspondence, packages, and/or shipments)” (again for completeness).
    • October 30, 2020: In Disclosure of Personally Identifying Information, adjusted the wording of the reference to Audacity audio editing software (for greater correctness and better grammar). Also added identity theft protection services to the examples of third-party service providers listed in that section.
    • October 29, 2020: In Website Server, Error, and Security Logs, updated the categories of information gathered to add asterisks to “IP addresses,” “user agent information” and “geolocation data” (since such information may be collected and/or inferred in some circumstances and not in others, depending on the specific logs involved) and added “domain names*” to the listed categories for completeness. In the first paragraph of that section, deleted the phrase “such as submitting comments” (which was grammatically awkward); added a new sentence: “Many (though not necessarily all) of those logs record the IP address and/or user agent information of the applicable device (and sometimes the referring site, if any), which sometimes makes it possible to determine, estimate, and/or infer certain other information (e.g., geographical location and/or device type)”; and changed “Most such logs also include …” to “Most such logs include …” In the paragraph beginning “Please keep in mind that …” changed “server and server error logs” to “server access and server error logs” for clarity. In Disclosure of Personally Identifying Information, amended the reference to insurers and/or warranty providers to change “their respective affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries” to “their respective administrators, affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries” for completeness.
    • October 28, 2020: In Disclosure of Personally Identifying Information, changed “Abine, Inc.” to “Abine Inc.” to reflect their stylization. In Your Rights (GDPR and Other National or State Privacy Laws), changed “or in some U.S. states” to “or in certain U.S. states” for grammatical reasons; changed “I may (to the extent permitted — and/or required — by applicable law/regulation) ask you to provide additional information to verify your identity and/or residency before processing any data-related requests” to “I may (to the extent permitted — and/or required — by applicable law/regulation) take steps to verify your identity and/or residency before processing certain requests pertaining to your personal information”; and changed “for legal or administrative purposes or to secure this website and its data” to “for legal or administrative purposes and/or to secure this website and its data.” In Controller/Responsible Party, Questions, and How to Reach Me, added a link to the former section and changed “If you have questions about this policy or my use of personal information, you can contact me …” to “If you have questions about this policy or my use of personal information, or if you would like to contact me regarding the rights mentioned in “Your Rights (GDPR and Other National or State Privacy Laws)” above, you can reach me …” In Other Information You Provide to Me, changed “These are just a few of the many possibilities” to “These are just a few of the many possibilities, not an exhaustive list.”
    • October 25, 2020: In Disclosure of Personally Identifying Information, updated the reference to LibreOffice to change “their LibreOffice suite” to “the LibreOffice suite of open source office software” for clarity, added a link to the homepage for that software, and updated the trademark notice. Also updated the reference to FileZilla to add a link to the FileZilla privacy policy and remove the (inaccurate) statement that the software did not have such a policy (which was an unfortunate error on my part; the project website’s privacy policy does include a section pertaining to the software itself). Throughout that section and in older items on this revisions list (on this page only, not in the older revisions now archived on a separate page), removed the hyphen from “open source” for consistency. Also changed “Social media services (including, without limitation, chat rooms, online bulletin boards/message boards/discussion groups, and/or similar online forums)” to “Social media services (including, without limitation, chat rooms, online bulletin boards/message boards/discussion groups, wikis, and/or similar online forums)” for completeness. (Whether a wiki can be considered a social media service is arguable, but there is not necessarily a strong distinction between a wiki dedicated to a specific topic and a chat room or online bulletin board dedicated to the same topic.)
    • October 24, 2020: In Disclosure of Personally Identifying Information, added towing and/or roadside assistance services to the examples of third-party service providers; changed “mapping and/or navigation services” to “mapping, navigation, and/or trip-planning services and/or apps” (for completeness, although these are to some extent different terms for very similar types of services); and changed the parenthetical note in the listing for cars, trucks, vans, bicycles, scooters, and/or boats from “if I use such services …” to “if I use and/or arrange such services …”
    • October 21, 2020: Added credit bureaus and/or credit reporting agencies to the examples of other types of service providers under Disclosure of Personally Identifying Information. In that section, also changed “third-party printers/print services” to “third-party printers and/or print services” for clarity.
    • October 18, 2020: In Disclosure of Personally Identifying Information, added print-on-demand publishing and/or distribution platforms to the examples of third-party service providers, including one specific example. (This is just a clarification, since that section already lists both publishers and distributors.) In the same part of that section, also changed “sites and/or services for publishing and/or distributing audiovisual content” to “platforms and/or services for publishing and/or distributing audiovisual content” (this is just a nitpicking change for consistency with the wording of the privacy policy of my professional writing website).
    • October 16, 2020: In Embedded Content, clarified the bullet point regarding jQuery to also mention the API service as well as the CDN service.
    • October 15, 2020: In Security Scans, Information I Receive from Third Parties for Security Purposes, and Disclosure of Embedded Content, updated references to Bitdefender to remove the registered trademark symbol (which Bitdefender apparently prefers that third parties not use in connection with Bitdefender marks). Also in Information I Receive from Third Parties for Security Purposes, adjusted the wording of the reference to Spybot. In Embedded Content, amended the recently added bullet point for jQuery CDN to clarify that it may also use cookies and/or store potentially personally identifying information on your device. In that section and Security Scans, changed references to content distribution network(s) to content delivery network(s), which is the correct term for such services.
    • October 14, 2020: In Embedded Content, updated the bullet point regarding Yoast SEO to describe the plugin’s latest integration, with the SEMrush SEO and Internet marketing firm, also adding a link to the SEMrush Privacy Policy and their trademark notice. (It may be worth noting that in adding trademark notices on this page, I have generally omitted the phrase “All rights reserved” (which many trademark owners prefer or insist on incorporating into such notices) in contexts where it would seem likely to cause confusion. I am sensitive to the importance of appropriately presenting such marks, but given the unavoidable density of the information on this page and the sheer number of notices in the text, there is a danger of inadvertently creating uncertainty over which rights are being reserved by whom, which seems counterproductive. In general, you should can reasonably assume that all rights to the various third-party trademarks mentioned on this page are reserved by those marks’ respective owners, whether that phrase expressly appears in the text or not.) Made a correction in the revision summary for October 13, 2020, below, to fix an inadvertent use of “we” rather than “I.” In Embedded Content, updated the bullet point regarding BootstrapCDN to add a trademark notice and links to the StackPath Privacy Statement and California Privacy Rights page and to update the link to the StackPath GDPR page. Added a new bullet point pertaining to the jQuery CDN. In the Financial Transactions Policy, changed “PayPal’s User Agreement, Privacy Statement, and any other applicable PayPal policies or requirements” to “the PayPal User Agreement, the PayPal Privacy Statement, and any other applicable PayPal policies and/or requirements” and adjusted the positions of the applicable hyperlinks to match. In Information I Receive from Third Parties for Security Purposes and Disclosure of Personally Identifying Information, adjusted the wording of certain descriptions to avoid some awkward possessive use.
    • October 13, 2020: In Do Not Sell My Personal Information; the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice; and Controller/Responsible Party, Questions, and How to Reach Me, updated the text to better distinguish the Right to Know and the Right to Access (which under the CCPA are distinct, though obviously related) and capitalize the names of the various CCPA rights, since each has a specific legal meaning. Made some minor adjustments to the adjacent text to accommodate these changes and for consistency. In those sections, Contact Forms, Additional Information About Data Retention, Reports and Aggregated Statistics, and Disclosure of Personally Identifying Information, adjusted the references to the CCPA to spell out “California Consumer Privacy Act of 2018 (CCPA)” for consistency. In Additional Information About Data Retention, changed “for compliance purposes, I must retain information pertaining to privacy-related requests” to “for compliance purposes, I must retain information pertaining to certain privacy-related requests” (since the retention requirements may apply in some cases and not others) and changed “receive under” to “receive pursuant to” for grammatical reasons.
    • October 11, 2020: Updated the Financial Transactions Policy to clarify that where your transaction is pursuant to a separate written agreement with us, the terms of that agreement shall, where applicable, take precedence over the terms of the Financial Transactions Policy present on this page.
    • October 10, 2020: In Security Scans and Embedded Content, added a trademark notice for GoDaddy to the paragraph on the Sucuri Security plugin. Also added the same notice to the first reference to Sucuri in Disclosure of Personally Identifying Information.
    • October 8, 2020: In Disclosure of Personally Identifying Information, revised the reference to embedded content providers to change “the embedded content providers described in …” to “embedded content providers such as (though not necessarily limited to) those described in …” to better align with the language Embedded Content section (which makes clear that its list of providers is not intended to be exhaustive). Added GoDaddy to the examples of third-party service providers in that section (mostly for completeness, since I haven’t used their domain registration services for years and permanently closed my account today). In that section, Security Scans, and Embedded Content, updated references to GoDaddy Operating Company, LLC, to match their current stylization.
    • October 7, 2020: Fixed a broken internal link in Security Scans. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a bullet point under “Internet or similar network activity information”: “Online avatars, profile images, and/or icons” (this is essentially just a clarification, since such images would also reasonably be encompassed by several of the categories and examples already listed).
    • October 5, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point under “Other types of personal information” about awards and honors to change “Information about awards, honors, other recognition, prizes, and/or winnings in games of chance or skill” to “Information about awards, honors, prizes, and/or other recognition” and moved the part about games of chance or skill to a new bullet point under “Commercial information”: “Information about an individual or household’s scores, achievements, winnings, and/or prizes in games of chance or skill.” Under “Professional or employment-related information,” added a bullet point: “Professional achievements and/or honors.” (These clarifications are intended to arrange these points in a more logical order and better reflect the fact that there are many different kinds of awards and honors, some of which the law may regard as different categories of information.) Also made a minor revision to the bullet point for “Audio, electronic, visual, thermal, olfactory, or similar information,” changing “recognizable individuals or likenesses” to “recognizable individuals and/or likenesses.”
    • October 4, 2020: Made a further clarification in Data in Submitted Images, changing “… some of which may be personally identifying” to “… some of which may include and/or constitute personal information and/or potentially personally identifying information” and changed “the metadata could also include other personal information” to “the metadata could also include other personally identifying and/or potentially personally identifying information” (mostly for greater consistency with the Definitions).
    • October 3, 2020: Updated Categories of Information and Purposes for Collection to note that any or all of the listed purposes may include communicating with you (and/or third parties), which is why I haven’t listed that separately. (This is a clarification, more clearly spelling out a point I had hoped would be reasonably self-evident!) In Reports and Aggregated Statistics, changed “may compile and publish aggregated statistical information” to just “may compile aggregated statistical information” (since the possible publication and/or sharing of such information is discussed later in that section). In Data in Submitted Images, changed “digital files contain metadata (such as EXIF information)” to “digital media files usually contain metadata (such as Exif information)” for clarity and to conform to how the official standard stylizes “Exif” (which is an acronym for “exchangeable image file”); added a sentence later in that paragraph: “Video and/or audio recording devices and/or editing software may add various metadata to other types of digital media files”; and, in the final sentence of that paragraph, changed “for your individual device” to “for your individual device and software.”
    • September 30, 2020: In Website Server, Error, and Security Logs and Security Scans, added an additional type of information to the categories of information gathered (“special: other identifiers*”). In Website Server, Error, and Security Logs, changed the sentence “Most such logs also include the date and time each logged event took place” to “Most such logs also include the date and time each logged event took place; certain types of events may also be assigned unique ID numbers and/or other identifiers for reference purposes.” In Security Scans, added a sentence to the paragraph beginning “Like the logs described …”: “Certain events may be assigned unique ID numbers and/or other identifiers for reference purposes.” (These additions are a clarification intended to better describe the information that may be recorded in the various logs, not all of which is within my technical understanding.)
    • September 29, 2020: In Information I Receive from Third Parties for Security Purposes, fixed misspellings of Spamhaus, updated the link to the MVPS HOSTS file homepage, added a trademark notice for IPinfo, and changed “the security components of the Microsoft® Windows® operating system …” to “the security components of the Microsoft® Windows® operating system and/or its associated software and/or services …” In Disclosure of Personally Identifying Information, updated the description of Microsoft in the examples of third-party service providers to change “which provides some of the software, apps, tools, and services I may use and/or offer — including, but not limited to, the operating systems for some of the devices I use and the Microsoft Office suite of software and services — and gathers certain information about such use as described …” to “which provides some of the software, apps, tools, and services I may use and/or offer — which are too numerous to list here, but may include (without limitation) the operating systems and associated software and services for some of the devices I use and the Microsoft Office suite of software and services — and gathers certain information about the use of such software, apps, tools, and services as described …” (mostly for the sake of internal consistency of wording). Also added to that section the providers of filter lists, block lists, and/or other security information listed in Information I Receive from Third Parties for Security Purposes that were not already among the examples listed in Disclosure of Personally Identifying Information and adjusted the wording of the existing references to NetGuard and IPinfo in that section, mainly to add a trademark notice for the latter. (For the record, the IPinfo website is inconsistent about the spelling and stylization of both IPinfo and IDB LLC, the company that provides the service; I went with what seemed to be the most frequently used iterations and took my best guess at an appropriate trademark notice.) Removed some extra spaces. Renamed the License for This Policy section “Credits and License for This Policy.” In Legal Bases for Collecting and Using Information, corrected the abbreviation for Brazil’s new privacy law (the LGPD). In the Your Rights (GDPR and Other National or State Privacy Laws) section, moved the language about the right to make a complaint to the applicable data protection authority to the bullet-pointed list, adjusting the preceding items in that list and the text of following paragraph accordingly.
    • September 26, 2020: In Disclosure of Personally Identifying Information, updated the bullet point beginning “To editors, publishers, clients, employers, and/or other third parties …” to change “and/or for whom I may otherwise work and/or provide services” to “for whom I may otherwise work and/or provide services; and/or as I may reasonably be requested or directed to do as part of and/or in connection with such services, content, and/or work (and/or the offer thereof)” (since there are various scenarios in which my work and/or services, and/or the sale or licensing of my content, might entail my sharing certain pertinent information directly with third parties other than the actual editor(s), publisher(s), client(s), or employer(s)). In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the related bullet to change “and/or for whom I may otherwise work and/or provide services” to “for whom I may otherwise work and/or provide services; and/or as I may reasonably be requested or directed to do as part of and/or in connection with such services, content, and/or work (and/or the offer thereof)” for consistency. Tinkered a bit with the wording of these amendments.
    • September 25, 2020: Added the Blacklight tool developed by The Markup to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • September 24, 2020: In Definitions, updated the definition for geolocation data to change “(or, obviously, if I meet you in person), but I (and/or my service providers, where applicable) may also determine or estimate your geographical location or movements based on other data …” to “(or, obviously, if I meet or otherwise encounter you in person); if someone else directly or indirectly describes your location or movements to me; or if I (and/or my service providers, where applicable) determine, estimate, and/or infer your geographical location or movements based on other data …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Geolocation information, such as a geographical location estimated based on an IP address and/or GPS coordinates, or a location and/or movements that you describe to me” to “Geolocation information, such as an individual or household’s geographical location and/or movements, whether directly observed; stated or described to me (directly or indirectly); or determined, estimated, and/or inferred from other data (e.g., from an IP address, telephone area code, and/or GPS coordinates)” (for internal consistency with language elsewhere in this policy).
    • September 23: 2020: In Definitions, updated the definition for user agent information to change “certain settings such as (though not necessarily limited to) …” to “certain settings such as (though not limited to) …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point under “Additional categories of personal information” regarding health insurance information to change “much of what insurance-related data I do collect” to “much of what health-insurance-related data I do collect” for clarity and added an additional bullet point: “Information about other types of insurance and/or insurance coverage.” Under “Commercial information,” added a bullet point: “Information about an individual or household’s participation in sports, games, hobbies, and/or other pastimes.” Under “Internet or similar network activity,” changed “Network and/or shared device information” to “Network, shared device, and/or online service information” and added “websites; online service accounts;” to the listed examples after “shared printers and/or other devices.” In “Other types of personal information,” added three bullet points: “Information about an individual or household’s agents, representatives, and/or service providers (e.g., attorney(s) or legal counsel, talent or literary agency, manager(s), accountant(s), auditor(s), assistant(s) and/or secretaries, and/or other authorized representatives and/or professional service providers)”; “Information about wills, estates, executorship, and/or inheritance”; and “Information about community service (e.g., jury duty), volunteer work, and/or charitable activity.” Also changed “Encryption public keys and similar security data” to “Encryption public keys and/or similar security data.” Fixed an accidental duplication in these additions.
    • September 22, 2020: In Categories of Information and Purposes for Collection, updated the bullet point on “Research and publishing” to change “… and/or other creative endeavors” to “… and/or my other creative endeavors.” In Embedded Content, updated the bullet point regarding PayPal content to change “that some plugins place on the administrative dashboard” to “that certain themes and/or plugins place on the administrative dashboard” and updated the bullet points on embedded YouTube videos, Vimeo videos, and blog feeds to change “by certain plugins on portions of the administrative dashboard” to “by certain themes and/or plugins on portions of the administrative dashboard” (for internal consistency).
    • September 19, 2020: In Website Server, Error, and Security Logs, changed “In general, DreamHost has access to any data or files on any server they own — except in cases where I have specially encrypted such file(s) or data …” to “In general, DreamHost has access to any data and/or files on any server they own — except in cases where I have specially encrypted such file(s) and/or data …” In Disclosure of Personally Identifying Information, updated the reference to DreamHost to more fully (though still not exhaustively) describe the range of services they provide for us. Also fixed a capitalization error elsewhere in that section.
    • September 18, 2020: In Disclosure of Personally Identifying Information, made a minor revision to the reference to Blur (changing “Abine, Inc.’s Blur” to “Abine Blur” to reflect their current usage), and added a clearer trademark notice for Khan Academy. Made a minor clarification in the Cookie Notice: In the “Commenting” subsection, changed “are associated with their user ID number and user profile” to “are associated with their user ID number and user profile information” for clarity.
    • September 15, 2020: In Disclosure of Personally Identifying Information, changed “Second, if I possess artwork, one or more copies of published work(s), and/or useful article(s) that contain and/or incorporate personal information about certain individual(s) or household(s) who have visited this website (such as, without limitation, a book by or about you (or that you once owned and in which you wrote your name), a magazine that published a letter or article you once wrote, or a DVD of a movie in which you appeared), I might sell, lend, donate, or otherwise dispose of such artwork, my copy or copies of such published work(s), and/or such useful article(s)” to “Second, if I possess artwork, copies of published work(s), and/or useful article(s) that contain and/or otherwise incorporate personal information about certain individual(s) or household(s) who have visited this website (such as, without limitation, a book by or about you; a magazine you once owned that still bears your name and address on the subscription mailing label; a DVD of a movie in which you appeared; or some item you once autographed), I might sell, lend, donate, or otherwise dispose of such artwork, my copy or copies of such published work(s), and/or such useful article(s).” In the related paragraph of the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “that contain and/or incorporate personal information” to “that contain and/or otherwise incorporate personal information” for consistency. Also revised the wording of the related bullet points in that section and Disclosure of Personally Identifying Information in an effort to better align the language, changing the first portion of the text of each bullet point to “If the information is contained in and/or otherwise incorporated into artwork, a copy of a published work, or a useful article (including, without limitation, information inscribed or imprinted upon and/or affixed or otherwise attached to such work(s), copies, or article(s), particularly where that information cannot reasonably be removed without damaging the item or article in question …” (although the formatting of each instance is a little different, and the examples listed in the Disclosure bullet point are now contained in the same parentheses as “including, without limitation …” in the interests of clarity). In the Disclosure bullet point, also struck the sentence “(There are many possible scenarios; these are just a few illustrative examples.)” (The revised wording hopefully makes this statement extraneous.)
    • September 13, 2020: In Other Information I Receive from Third-Party Sources, updated the paragraph regarding the types of people with whom I routinely discuss and/or share information regarding my research to also include “researchers and/or other academics” in the interests of completeness. For the same reason, in the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, changed “Subject matter experts (e.g., historians, biographers), archivists, librarians, observers, eyewitnesses, and/or other knowledgeable parties” to “Subject matter experts, historians, biographers, researchers and/or other academics, archivists, librarians, observers, eyewitnesses, and/or other knowledgeable parties.” (These are clarifications and efforts to more fully illustrate the intended scope, not an actual change in my practices.) In Certificate Authority Checks and Disclosure of Personally Identifying Information, rearranged and updated the trademark notices for Let’s Encrypt. In Embedded Content and Disclosure of Personally Identifying Information, added trademark notices for Font Awesome.
    • September 12, 2020: In Comments, changed “Also, if your comment contains HTML/PHP code (including hyperlinks), emojis, and/or special characters, they may be removed (“stripped”) prior to publication” to “Also, if your comment contains hyperlinks, certain types of HTML/PHP or other code, emojis, and/or special characters, they may be removed, either by being automatically “stripped” prior to publication or manually deleted by me” for greater clarity. Later in that section, updated the paragraph on commenting-related cookies to refer to the Commenting subsection of the Cookie Notice rather than the Cookies and Similar Technologies section, adding a link to the Cookie Notice and making some minor wording and punctuation adjustments to that paragraph for consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, added a bullet point on information inscribed or imprinted upon, affixed to, and/or otherwise attached to or incorporated into artwork, a copy of a published work, or a useful article, for consistency with the similar bullet point in Disclosure of Personally Identifying Information. Throughout this page, fixed a recurrent typographical error in the HTML attributes of certain hyperlinks (I realized I had frequently misspelled “noopener”!).
    • September 11, 2020: In the Data Retention subsection of the Financial Transactions Policy, Transaction-Related Information I Receive from Third Parties, Other Information I Receive from Third-Party Sources, and Additional Information About Data Retention, added disclaimers that the retention of data by third parties (e.g., vendors and/or service providers) is subject to the individual policies of the applicable third parties, and in most cases is outside of my control. (The wording of the disclaimer varies slightly from section to section, but the intent is the same.) Added a similar disclaimer (also worded slightly differently, but again with the same intent) to Data Related to Recruitment/Hiring or Business Partnerships. In Additional Information About Data Retention, also updated the bullet point on financial transactions and/or legal agreements to add “(Naturally, the applicable bank(s)/financial institution(s) and/or payment processor(s) may also retain transaction-related information, which is outside of my control.)” to further emphasize and illustrate the point. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “The collection/sharing of personal information by third-party services is subject to the applicable service’s privacy policy and terms of use/terms of service, and is outside of my control” to “The collection, use, and/or retention of personal information by third-party services are subject to the applicable service’s privacy policy and terms of use/terms of service, and are outside of my control.” Also in the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, under “Other types of personal information,” changed “Handwritten notes, documents, and/or other examples of individuals’ handwriting (in whatever medium)” to “Handwritten notes, documents, illustrations, paintings, sketches, and/or other examples of individuals’ handwriting, calligraphy, and/or artwork (in whatever medium).” Did some minor tinkering with the wording of these additions.
    • September 10, 2020: In Information I Receive from Third Parties for Security Purposes, updated the reference to EFF browser add-ons to specify Privacy Badger as an example, also making some minor adjustments to the wording. Also added Disconnect (whose Tracker Protection lists some web browsers now use to help block fingerprinting and/or certain other forms of online tracking) to that section’s listed examples of information sources. Fixed a minor punctuation error in that section and Disclosure of Personally Identifying Information (replacing a colon with a semicolon).
    • September 8, 2020: In Data Related to Recruitment/Hiring or Business Partnerships and the examples of third-party service providers under Disclosure of Personally Identifying Information, changed “employment agencies” to “staffing agencies/employment agencies” in the interests of completeness (although these terms can generally be considered synonymous).
    • September 6, 2020: In the list of examples of third-party service providers and vendors in Disclosure of Personally Identifying Information, updated the bullet point on electronic devices to also mention other types of home appliances, headphones and/or headsets, and webcams and/or microphones. Also changed “I do not presently use these devices’ proprietary software” to “I generally seek to avoid or at least limit my use of these devices’ proprietary software (if any)” and changed “any applicable product-specific privacy policies” to “any applicable product- and/or software-specific privacy policies.” (Although I generally loathe both Internet-enabled appliances and proprietary device software, they are becoming harder to avoid, which calls for additional caveats.) In that same bullet point, changed “incorporated into the devices and/or their associated software, firmware, and/or drivers” to “incorporated into the devices and/or their associated software and/or drivers” (since many electronic devices can’t work without their associated firmware, it didn’t really make sense to try to distinguish the two in this context). In Disclosure of Personally Identifying Information, updated the bullet point on social media services to note that I retain an offline copy of my Facebook account data as of December 11, 2018 (the date I initiated the deletion of my account). Also in Additional Information on Data Retention, changed “… social media accounts, and/or social media services” to “… social media services, and/or other communications services” (which was how that phrase was intended to read). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended a bullet point in the examples of Professional or employment-related information to change “and/or similar and/or other comparable information …” to “and/or other, similar and/or comparable information …” in the interests of clarity. Made a number of minor corrections to earlier items in this revisions list.
    • September 5, 2020: In Disclosure of Personally Identifying Information, changed “… or otherwise perform services for me or on my behalf” to “… and/or otherwise perform services for me or on my behalf” (for internal consistency) and changed an instance of the phrase “again, without limitation” to “again without limitation” (for stylistic consistency). In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “Service providers and/or vendors I use in connection with this website, my other professional activities, and/or the management or operation of my business” to just “My service providers and/or vendors” in the interests of clarity (and to avoid inadvertently obfuscating or contradicting the corresponding language in Disclosure of Personally Identifying Information).
    • September 2, 2020: In Disclosure of Personally Identifying Information, updated the bullet point on social media services in the examples of third-party service providers to add a note regarding LiveJournal. Also added Tumblr to the examples listed in that bullet point. Fixed a minor punctuation issue.
    • August 30, 2020: In Other Information I Receive from Third-Party Sources, made a number of minor adjustments to the paragraph on information provided by social media services (mostly nitpicking, and intended to make the language as broadly applicable as possible), also changing the first words of that paragraph from “Social media services …” to “Similarly, third-party social media services …” (to help clarify that it’s intended to refer to social media services outside of this website) and eliminating the potentially confusing use of the second person in the first sentence. In Disclosure of Personally Identifying Information, updated the reference to the software included with Gpg4win to change the phrase “including (again without limitation)” to “which may include (again without limitation).”
    • August 28, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, removed the FAX number bullet point from Other types of personal information to Additional categories of personal information, combining it with the bullet point in that section for telephone numbers (i.e., “Telephone numbers (and/or FAX numbers)”), which is probably a more appropriate place for it. In Disclosure of Personally Identifying Information, restored the bullet points on third-party service providers, which I had accidentally replaced with the equivalent section of the 6200 Productions Privacy Policy while making other changes on August 25, 2020, and (hopefully) recreated the changes I had intended to make at that time. In the bullet point on social media services in that section, also changed “discuss and/or promote” to “research, discuss, and/or promote” for completeness. Later in that section, updated one of the references to Yahoo! to change the phrase “their services are now subject to …” to just “their services are subject to …” to avoid confusion, fixed some errors in the anchor text for several of the links to the Verizon Media Privacy Policy (the name of which had been listed incorrectly in a couple of places in this policy), and further adjusted the references to and trademark notices for Yahoo and Verizon Media (which had gotten garbled in the previous attempt to update them). Made a couple of minor corrections to this revisions list (in particular, the FAX number addition was actually in the In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, not the Information Shared for Business or Commercial Purposes subsection!). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, also made a number of adjustments to the examples under Additional categories of personal information (updating the “Other financial information” bullet point to also include “other information pertaining to creditworthiness, assets, income, and/or liabilities” and updating the “Medical information” bullet point to list include drugs and/or medical products and/or equipment used rather than vaccinations received); Characteristics of classifications protected by law (updating the bullet point on “Information about children and/or family members” bullet point to add after “children” the parenthetical phrase “(such as the number of children and/or their names, ages, and/or genders)”; and Commercial information (amending the first and third bullet points to also mention rental and leasing as well as purchase, which was already partially reflected in the first bullet point; changing “Property records (e.g., information about who owns or has owned a particular building or other real property)” to “Information about real property an individual has purchased, leased, or rented, and/or property records indicating who owns a particular building, lot, or other real property”; and changing “Information about other types of purchases or transactions” to “Information about other types of purchases, transactions, and/or investments”). (Most of these are just clarifications and to better align the listed examples with certain statutory language.) In Information I Receive from Third Parties for Security Purposes, changed “For example (but without limitation), I might submit to the maintainers of these lists or databases certain email addresses or domain names that have been used in malicious activity directed at me” to “For example (but without limitation), I might submit to the maintainers of these lists or databases certain email addresses or domain names that have been used in malicious activity directed at me, or post information on support forums in order to obtain help or advice in preventing and/or remediating certain malicious activity” (for clarity and further emphasis). In Disclosure of Personally Identifying Information, changed “insurers” to “insurers and/or warranty providers (for greater clarity and completeness).
    • August 27, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added FAX numbers to the examples listed under Other types of personal information.
    • August 25, 2020: In Other Inquiries, Messages, and Support Requests, changed “In general, you’re perfectly free to contact me using a pseudonym unless your message is a privacy request or pertains to a specific legal or financial matter” to “In general, you’re perfectly free to contact me using a pseudonym unless your communication(s) pertain to a legal matter, a specific financial transaction, or certain privacy-related requests, in which case I may need your legal name.” Later in that section, added a trademark notice for Verizon and Verizon Media and added links for the older Yahoo! Privacy Policy (which in some cases may apply in addition to or instead of the Verizon Media Privacy Policy). In Disclosure of Personally Identifying Information, made similar adjustments to the Yahoo! and Verizon Media privacy policy links, removed a potentially confusing reference to Oath (the corporate entity that is now Verizon Media), added or updated some other trademark notices in that section, and slightly amended the references to the DuckDuckGo and Startpage.com search engines (to separate the two with a semicolon and delete the phrase “the search engines I most commonly use,” although that statement remains true). Also updated some trademark notices elsewhere in this policy. Removed some extra spaces elsewhere in the text and fixed a number of minor punctuation issues. Throughout the text, updated some external links from HTTP to HTTPS.
    • August 24, 2020: In Disclosure of Personally Identifying Information, revised the reference to travel agencies and airline/bus/rail services to change “in connection with trips I take or arrange” to “in connection with trips I take and/or arrange” and revised the reference to hotels, models, and/or other lodging providers to change “in connection with trips I take or arrange in some context related to this website and/or in the course of my business” to “if I use and/or arrange such lodgings in some context related to this website and/or in the course of my business” (all nitpicking clarifications). Also in that section, changed “the Microsoft Office suite” to “the Microsoft Office suite of software and services” for clarity and updated the trademark notice. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “such as a geographical location estimated based on an IP address” to “such as a geographical location estimated based on an IP address and/or GPS coordinates” (again for clarification purposes, since either example would clearly fall into this category).
    • August 23, 2020: In Disclosure of Personally Identifying Information, added the phpMyAdmin project to the examples of third-party service providers whose services I may use in operating this website. In Information I Receive from Third Parties for Security Purposes, changed the phrase “(which is used by Bitdefender, Mozilla Firefox, various other web browsers, and some other apps and online services)” to “(which is used by Bitdefender, various web browsers, and some other apps and online services)” for the sake of conciseness.
    • August 22, 2020: In Information I Receive from Third Parties for Security Purposes, changed “… bank(s)/financial institution(s), and/or other sources not specified above” to “… and/or bank(s)/financial institution(s); the support forums on WordPress.org (WordPress is a registered trademark of the WordPress Foundation) and/or other support forums or online resources; and/or other sources not specified above” for completeness.
    • August 21, 2020: In Disclosure of Personally Identifying Information, updated the references to the Google, Yahoo, and Yandex search engines to change “search engine” to “search engine(s)” (since in some cases they may technically comprise families of distinct search engines that can’t reasonably be enumerated in this already-crowded list). Also updated the reference to Microsoft Bing Search to add the phrase “(and/or other Bing search engines such as, without limitation, Bing Maps)” for the same reason and fixed a typographical error in the trademark notice.
    • August 20, 2020: Made a minor clarification in Comments, changing “a request to retrieve, delete, or amend personal information” to “a request to access, delete, and/or correct personal information.” (The intended meaning is the same, but the latter terms are hopefully clearer.) In Website Server, Error, and Security Logs, changed “Like most websites, I and my web host” to “Like most websites, the aaronseverson.com website and my web host” (since I am obviously not a website) and changed “… or attempts to interact with the site in any unusual or suspicious way (such as trying to access the site’s administrative dashboard or run an unauthorized script)” to “&hellips; logs into or otherwise accesses the administrative dashboard and/or other administrative resources or controls; attempts to interact with the site in any unusual or suspicious way (such as trying to access the site’s administrative dashboard without authorization or run an unauthorized script); and/or performs certain other actions.” Also in that section, added “special: information collected via cookies and/or similar technologies*” to the listed categories of information that may be collected and changed “data pertaining to administrative resources” to “data pertaining to administrative resources or controls” for consistency. In Online Tracking, changed “web analytics tools” to “third-party web analytics services” (for clarification) and amended the entry below for August 19, 2020, to better explain the reasoning for the wording change.
    • August 19, 2020: In Website Server, Error, and Security Logs, changed the sentence “Certain website logs that contain only anonymous and/or administrative data (e.g., hit counters) may be retained for longer periods” to “Certain website logs and/or log reports that contain only aggregated data, anonymous information (e.g., hit counters), and/or data pertaining to administrative resources that are normally off-limits except to authorized administrative users, may be retained for longer periods” (in the interests of completeness). Also in that section, changed “Naturally, I may retain certain specific information from the website’s logs if I still need it …” to “Naturally, I and/or my web host may retain certain specific information from the website’s logs if it is still needed …” for greater accuracy and changed “… and are not in any way connected to or associated with any web analytics service” to “… and are not connected to or associated with any third-party web analytics service” for clarity. (Although I may sometimes use log data for purposes that could be described as analytic, such analysis involves examining data already collected as part of the site’s normal operations, in the same way one might analyze call data from one’s existing monthly phone bills.)
    • August 18, 2020: In Disclosure of Personally Identifying Information, added a new bullet point: “To editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services; to whom I may license, sell, or otherwise offer my content and/or other creative work; and/or for whom I may otherwise work and/or provide services, where the information is part of and/or otherwise pertains to such services, content, and/or work,” along with a few representative examples. (As already indicated elsewhere in this policy, I am a professional writer/editor and writing consultant. While that work is primarily covered by a separate privacy policy, it’s not beyond the realm of possibility that there could be some overlap with this website, a point that was already stated later in that same section and at various other points in this policy.) Amended the related bullet point in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice to better align with this language. Elsewhere in the Disclosure of Personally Identifying Information section, changed “somehow visible, audible, or otherwise included” to “somehow visible, audible, and/or otherwise included” (obviously, it’s entirely possible for someone to be both visible AND audible in certain media!). Throughout this document, changed various instances of “writing consultation” to “writing consulting” for internal consistency.
    • August 17, 2020: Updated Security Scans to note that the features of the Sucuri Security and iThemes Security plugins include testing the integrity of the website’s WordPress files (which involves communicating with WordPress API servers and/or repositories), making a number of revisions to the descriptions of those plugins to accommodate the added text (including noting that some of the features of iThemes Security may include transmitting information to other external sources as well as receiving information from them) and add links to the WordPress Privacy Policy. Updated the bullet point in Embedded content regarding WordPress.org content to change “associated content distribution networks” to “associated API servers, content distribution networks (CDNs), and/or repositories” and mention file integrity checking as a specific example of the kind of communication that may be involved, referring back to the Security Scans section.
    • August 16, 2020: In Disclosure of Personally Identifying Information, amended the reference to Dell to change “factory-installed software” to just “software” (since their software isn’t necessarily factory-installed); updated the reference to HP to change “software and/or services” to “drivers, software, and/or services”; and updated the references to Seagate and Western Digital to change “associated software and/or drivers” to “associated drivers and/or software” for consistency. (Most of this is just nitpicking to make the language in that section reasonably consistent.) Also updated the reference in that section to Tracker Software Products (Canada) Ltd. to also reference PDF-XChange Co. Ltd. (of which Tracker Software Products is a subsidiary), adjust the wording, and add a trademark notice. In Disclosure of Personally Identifying Information, also changed “… are the subject(s) of and/or otherwise pertinent to that content” to “… are the subject(s) of and/or otherwise pertinent to such content and/or creative endeavor(s)” for consistency.
    • August 15, 2020: In Information I Receive from Third Parties for Security Purposes, changed “from the StevenBlack hosts file” to “Steven Black’s StevenBlack/hosts” (which appears to be how the developer styles the name), mostly for grammatical consistency within that paragraph, and changed “WHOIS or similar lookups” to “WHOIS, RDAP (Registration Data Access Protocol), and/or similar lookups” for completeness. In Definitions, amended the Domain name definition to make some clarifications and correct a number of factual errors. In Disclosure of Personally Identifying Information, changed “WHOIS lookup providers” to “WHOIS and/or RDAP (Registration Data Access Protocol) lookup providers” (since RDAP is intended to fulfill the same function as and eventually replace WHOIS) and changed “tools such as the ICAAN WHOIS Lookup tool” to “tools such as, though not necessarily limited to, the ICANN Domain Name Registration Data Lookup tool,” also updating the link to the latter tool and adding a trademark notice. In the same section, also added a trademark notice for TCL.
    • August 14, 2020: In Embedded Content, rewrote the bullet point regarding WordPress.org content for greater accuracy and clarity (also updating and reordering the examples of domains used by content distribution networks associated with WordPress.org, such as s.w.org). In the following paragraph in that section, changed “I may post embedded content hosted and served by other third-party websites or services not listed above” to “I may post or otherwise use embedded content hosted on and served by other third-party websites or services not listed above” for similar reasons. Did some minor tinkering with the wording of these additions. Also made a minor amendment to the Information Sharing subsection of the Financial Transactions Policy, changing “…” deliver anything to you in connection with your transaction” to “… deliver anything in connection with your transaction.” (This is mostly a clarification; obviously, if your transaction is for or on behalf of someone else, it may involve mailing, shipping, or delivering something to some person or entity other than you.) Elsewhere in that section, also changed “so that I may communicate with you regarding your transaction” to “for purposes of transaction-related communications” for similar reasons.
    • August 13, 2020: Updated Security Scans and Information I Receive from Third Parties for Security Purposes to also make reference to iThemes Security. Corrected the second reference to the Sucuri Security privacy policy in Security Scans to change “As explained in the Sucuri Privacy Policy …” to “As explained in the Sucuri Security Privacy Policy …” Also added Sucuri Security to the Information I Receive from Third Parties for Security Purposes section (mostly for completeness, since it’s already discussed elsewhere in this policy), added “and/or other Google services” after Google Voice (since there may be other relevant Google services besides those already enumerated), and tidied up the grammar of the list of examples in that section (removing various extraneous instances of the words “through” and “via”). Added iThemes to the examples of third-party service providers in Disclosure of Personally Identifying Information. Removed some extra spaces. In Disclosure of Personally Identifying Information, also changed the phrase “associated images” to just “images” to avoid confusion (since in some cases, the images may BE the content in question rather than simply associated with it) and added a separate bullet point on information in images and other media. Did some minor tinkering with the wording of these additions.
    • August 12, 2020: In Disclosure of Personally Identifying Information, added a new bullet point pertaining to information “inscribed or imprinted upon, affixed to, and/or otherwise attached to or incorporated into artwork, a copy of a published work, or a useful article, particularly where the information cannot reasonably be removed without damaging that item or article,” which was already alluded to elsewhere in the text, but probably needs to be spelled out explicitly. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point beginning “The public …” to add “my disposal of my personal property (e.g., lending, donating, or selling my copies of books, magazines, and/or other published works)” for consistency. In the latter section, also added an additional bullet point to the list that follows the paragraph beginning, “Actions like the following could also be deemed sharing information …”: “Lending or giving someone a copy of a book or other published work that was autographed by the author and/or contains someone’s handwritten marginal notes, or a magazine with the original subscription mailing label still affixed to or imprinted upon the cover.” Did some minor tinkering with the wording of these additions. In the latter section and Disclosure of Personally Identifying Information, also changed existing language about personal information contained and/or incorporated into published works to also refer to useful articles containing and/or incorporating personal information, for consistency with today’s other additions. In the same paragraph of the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, also changed “… disposing of my copies of published books, magazines, CDs, DVDs, or other such personal property” to “… disposing of personal property such as my copies of published books, magazines, CDs, and/or DVDs” (again for consistency). In the applicable paragraph of Disclosure of Personally Identifying Information, also changed “a book by or about you” to “a book by or about you (or that you once owned and in which you wrote your name)” to further illustrate the point. Fixed some stray uses of “we” and “our” rather than “I” and “my.” In Other Inquiries, Messages, and Support Requests, changed “With some third-party services, our respective settings may also affect what information is shared and/or accessible in connection with messages and/or other communications” to “With some third-party services, individual settings may also affect what information is shared and/or accessible in connection with messages and/or other communications” for internal consistency. Did some minor tinkering with the wording of these additions (including updating it to include artwork as well). Removed some extra spaces.
    • August 11, 2020: In Disclosure of Personally Identifying Information, changed “as do some works of fiction and other types of artwork” to “as do some works of fiction and other types of art and/or creative work” (a nitpicking wording change that better expresses the intended scope with less risk of inviting argument about what constitutes an artwork) and removed the parentheses around that phrase, setting it off with a comma instead.
    • August 9, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added another bullet point to the examples listed under “Other types of personal information”: “Information about friendships, personal relationships, and/or social interactions (including observations and/or inferences regarding individuals’ tendencies and/or preferences therein)” and, under “Professional or employment-related information,” changed “Performance evaluations and/or information about individuals’ professional reputations” to “Performance evaluations and/or information about individuals’ professional reputations and/or conduct” (which more fully expresses the intended scope).
    • August 7, 2020: In Security Scans changed “my mobile carrier” to “my current mobile carrier”; updated the “Phone calls” bullet point in Additional Information About Data Retention” to change “My phone company/mobile carrier …” to “My phone service provider(s) and/or mobile carrier(s) …”; and updated Disclosure of Personally Identifying Information to change “my mobile carrier” to “my mobile carrier(s),” setting the name of the current carrier in parentheses and adjusting the remainder of that phrase for subject/verb agreement, and change “other Internet service providers, mobile carriers, and/or wireless network services …” to “other Internet service providers, mobile carriers, phone service providers, and/or wireless network services …” (As of this writing, I use only one mobile carrier, but I’ve had multiple phone service providers at some points in the past, and it’s not inconceivable that I might again in the future.) Also in that section of Disclosure of Personally Identifying Information, changed “process certain emails sent to and from my phone(s)” to “may process certain emails sent to and from my phone(s)” (since the way email is handled on my newer smartphone isn’t necessarily the same as on my older devices, which the original language was intended to describe) and changed “or otherwise conducted” to and/or otherwise conducted …” for consistency.
    • August 6, 2020: Made various minor changes to the Cookie Policy in the interests of clarity, consistency, and better grammar. (The most substantive changes are to clarify how the setting of cookies may differ for administrative users.)
    • August 5, 2020: Updated recent items in this revisions list (to add the preceding entry for August 4, 2020, and this one to explain it). In the Other Information I Receive from Third-Party Sources section, updated the paragraph on information in published works to also make reference to advertising and/or promotional materials and change “… also gather additional information about the people described, depicted, or involved with such published works, such as (without limitation) seeking to identify pictured individuals not named in a photo caption, the names of contributors not credited in the work itself, or the contact information of an editor or publisher” to “… also gather additional information about the people described, depicted, and/or involved with such published works, such as (without limitation) seeking to identify pictured individuals not named in a photo caption, determine the names of contributors not credited in the work itself, and/or obtain the contact information of an editor or publisher” (mostly in the interests of grammar and internal consistency; this is all hopefully self-evident!).
    • August 4, 2020: Made a minor correction in the previous entry in this revisions list. (There were no further changes to the policy itself, just to the description of the revisions made on August 3, 2020.)
    • August 3, 2020: Updated and revised some of the examples listed in the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice: changed “Names” to “First and/or last names”; changed “Cookies” to “Information gathered through cookies and/or similar technologies” for consistency; added a new bullet point under “Internet or similar network activity information” about network and/or shared device information; added a new catch-all bullet point under “Professional or employment-related information”: “Other information about an individual’s vocation and/or trade”; and amended the bullet point regarding legal information to change “information regarding an individual having been accused of, charged with, and/or convicted of crime(s), infraction(s), and/or misconduct, and/or involved in a civil lawsuit” to “information regarding an individual having been accused of, charged with, and/or convicted of crime(s), infraction(s), and/or misconduct; having been a victim (or alleged victim) of crime(s) and/or misconduct; and/or being involved in a civil lawsuit” for completeness. (Most of these changes are really just clarifications, but it occurred to me that the law may regard simply viewing lists of nearby wireless networks or devices — much less connecting to any of them — as the collection of personal information.) Updated the Cookie Notice to describe the wp-settings-UID and wp-settings-time-UID cookies (listed in the Administrative and Login Cookies category) in the plural rather than the singular. (There’s typically only one of each of these cookies, but there are some scenarios where there could be multiple versions.) Also corrected and clarified the description of the wp-saving-post cookies, including noting that there may be more than one; restored the sentence explaining the meaning of “xx” and “UID” in the cookie descriptions, which had been inadvertently deleted from the Administrative and Login Cookies category; made a grammatical change to the description of the wp-donottrack_feed cookie (to avoid an unclear antecedent); made a minor wording change to the PayPal® Button cookie descriptions (changing the phrase “and is used for …” to “and is probably used to facilitate …” in the interests of preciseness); renamed the latter category “PayPal® Buttons” (since it refers to more than one); added the phrase “(and potentially also for various other purposes, such as user analytics and/or advertising)” after “… to manage your PayPal login and transaction data”; and, in the Vimeo Videos category, changed the phrase “Vimeo’s Cookie Policy …” to “The Vimeo Cookie Policy …”. In the Cookie Notice and on this page, also updated the anchor text and/or title attributes for the links to the Legal Agreements for PayPal Services page. In Other Inquiries, Messages, and Support Requests, changed “in your public profile or that you otherwise make visible …” to “in your public profile and/or that you otherwise make visible …” and added a sentence to the end of that paragraph: “With some third-party services, our respective settings may also affect what information is shared and/or accessible in connection with messages and/or other communications.”
    • July 31, 2020: Updated the Cookie Notice to clarify the descriptions (and some of the names) of the commenting and WordPress cookies and add an additional category for the cookies used to access password-protected posts (which I might conceivably use at some point in the future). Also amended the first paragraph in the Categories of Cookies Used section of the Cookie Policy to insert an additional disclaimer about embedded content providers’ use of cookies (noting that content providers not currently listed might begin using cookies in connection with their embedded content, and/or may already do so in certain circumstances I have not yet recognized) and added a reference and link to the Embedded Content section above, with its links to my commonly used embedded content providers’ respective privacy policies.
    • July 29, 2020: Updated the Contact Forms section to change “If you ask me to publish some portion of your message …” to “If you ask or authorize me to publish your message (or some portion of it) …” (This clarification is mostly for internal consistency of language; I assume most people would consider it reasonably self-evident!) In Other Messages, Inquiries, and Support Requests, simplified the reference to the preceding section by changing the phrase “under the same circumstances as those described in the examples listed in …” to “under the same circumstances as described in the …” (which is hopefully a little clearer).
    • July 28, 2020: Updated Transaction-Related Information I Receive from Third Parties to fix a typographical error and clarify that that section may also apply in situations where I use a third-party vendor or service for other types of transactions, not just where I offer products or services in such ways. Updated that section and the Information Sharing subsection of the Financial Transactions Policy to note that I may also use certain information pertaining to my purchase of products or services (or other, similar transactions) as part of and/or in connection with reviews and/or other commentary regarding the applicable transaction(s). Made a minor editorial change in Embedded Content, changing “(such the ones placed on your device when you log into a specific third-party website or online service)” to “(e.g., the ones placed on your device when you log into a particular third-party website or online service).” Updated a number of trademark attribution notices.
    • July 27, 2020: Further updated the Cookie Notice to fix a typographical error (changing “needed to login” to “needed to log in”); change the words “disappear” and “disappears” to “expire” and “expires” (which is more technically precise); clarify the reference to the Google Video hosting service; add “compiling user analytics data” to the purposes for which YouTube may use cookies; rearrange the trademark notices in the YouTube Videos category for better readability; rearrange the text of the Vimeo Videos category for better readability (including moving the trademark notices to the end); fix a typographical error in the name of one of the Vimeo cookies (“Searchtoken” was misspelled “Sarchtoken”); add the parenthetical phrase “(without limitation)” after “such as” in the YouTube Videos and Vimeo Videos categories (to emphasize that the purposes described are not necessarily an exhaustive list).
    • July 26, 2020: Updated the Cookie Notice to fix a minor grammatical error in the Administrative and Login Cookies category (changing “if you click the “Remember Me” when logging in” to “if you click “Remember Me” when logging in”) and to fix a text formatting error. Amended the Embedded Content section to clarify the bullet point on blog feeds, reorganizing the text, cleaning up some patchy grammar, and making it clearer that such feeds may collect your IP address and user information and may be able to use cookies and/or stored information to track and/or identify you. (As already noted in that bullet point, this refers to feeds on the administrative dashboard, so it normally only applies to logged-in administrative users.)
    • July 25, 2020: In Disclosure of Personally Identifying Information, updated the reference to Intel to change the word “equipment” to “devices and/or hardware” (which is a more accurate description).
    • July 24, 2020: In Other Information I Receive from Third-Party Sources, updated the paragraph about information I may receive from other visitors (the paragraph beginning, “From time to time …”) to specifically mention car photos. (People frequently send me pictures of interesting cars for various reasons!) Updated Cookies and Similar Technologies and the Cookie Notice to clarify that while the cookie descriptions in the Cookie Notice and the cookie settings accessed through the “Access Your Privacy and Cookie Preferences” button are intended to be identical save for minor variations in formatting and text style, in the event of any substantive discrepancy, the Cookie Notice version(s) shall govern. Updated Browser Tests and the Browser Tests section of the Cookie Notice to note that the login page for the administrative dashboard also conducts similar tests (something that was already mentioned in the Cookie notice section on Administrative and Login Cookies) and amended some of the existing text, deleting the wording about the local storage lasting the duration of your visit (which may not always be the case depending on the test and what browser you’re using) and the line about not using the test results information to track or individually identify you. (Some jurisdictions now take such an expansive view of what information may be considered personally identifying that I’d rather not argue the latter point.) In the Who I Am section of this page, amended the anchor text for the link to the Controller/Responsible Party, Questions, and How to Reach Me section in the interests of clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added handwritten notes, documents, and/or other examples of individuals’ handwriting (in whatever medium) to the examples of other types of personal information.
    • July 23, 2020: In the Cookie Notice, made some changes to the descriptions of the cookies (principally stylistic) in hopes of making those descriptions clearer and easier to read. Also made some minor corrections to the references to PayPal on this page and the Cookie Notice (their privacy policy is called the Privacy Statement, and “Statement on Cookies and Tracking Technologies” was supposed to be singular rather than plural). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added information collected through cookie and/or similar technologies to the listed examples of identifiers collected. In that notice and the Data Related to Recruitment/Hiring or Professional Partnerships section, also changed “professional certification and/or licensure” to “professional certifications and/or licensure.”
    • July 22, 2020: Moved or copied some of the information from the Definitions and the Cookies and Similar Technologies section of this page to the Cookie Notice. Revised and rearranged the Cookie Notice text to accommodate the additions, improve clarity, and limit repetition. Revised the Cookies and Similar Technologies section to better reflect the move. Updated the Definitions of “Cookies and similar technologies” (both on this page and the Cookie Notice) to change “Some online services …” to “Some websites and/or online services …” Copied some of the information from the Browser Tests section to the Cookie Notice (since that section describes certain information that may be stored in a visitor’s browser). Added an additional category of information to Browser Tests; Security Scans; Embedded Content; Consents and Agreements; Age Verification; Comments; Other Messages, Inquiries, and Support Requests; and Data Related to Recruitment/Hiring or Business Partnerships: “special: information collected via cookies and/or similar technologies.” (This is really a clarification rather than an addition, since it pertains to how information may be collected rather than what information is collected, which was already encompassed by the existing categories. For example, the information the website may collect when someone submits a comment is the same whether that user has saved their name and email address in cookies or types it in each time.) In Disclosure of Personally Identifying Information, added an internal hyperlink to the Embedded Content section. Clarified some points in the previous entry (July 21, 2020) in this revisions list. Removed some extra spaces here and on the Older Privacy Policy Revisions page. Added a trademark disclaimer statement to the Older Privacy Policy Revisions page. Copied part of the final paragraph of Disclosure of Personally Identifying Information (a portion of the sentence beginning “While no online website —”) to the beginning of Security Scans — where it more logically belongs — and amended the paragraph in the latter section to clarify that it is (now) reiterating the point. (Also changed “https” to “HTTPS” for stylistic consistency.) In Website Server, Error, and Security Logs, changed “trying to access the site’s administrative area” to “trying to access the site’s administrative dashboard” for clarity. Added trademark notices for Creative Commons. In License for This Policy, changed the phrase “both the original and this document” to “both their policy and this document” in the interests of clarity.
    • July 21, 2020: Updated the Website Server, Error, and Security Logs and Security Scans sections to state explicitly that some of the information gathered by the logs and/or security measures “may be considered personal information or potentially personally identifying information in at least some jurisdictions” and more clearly explain that certain logs and/or security measures may record the username, user ID, and/or other identifiers associated with administrative users involved in (or appearing to be involved in) certain actions or events. Also added the latter to the categories listed in the Consents and Agreements, Age Verification, Comments, and Contact Forms sections. (I’ve categorized this type of data as “special” because it normally doesn’t apply to you at all if you’re not one of this website’s administrative users; in most cases, it’s only collected from me when I use site functions like comments. The principal exceptions would be if someone else used or attempted to use my user credentials on this website, or tried to create and/or use new user credentials, as part of an intrusion or hacking attempt.) In Website Server, Error, and Security Logs, also amended the paragraph about email alerts to change “If the event is a potential threat, it may include the IP address of the device involved (which is also recorded in the website logs)” to “The alert may include some or all of whatever data the logs recorded.” Made a number of minor changes to the language in those sections to accommodate these additions and improve readability. Updated Other Messages, Inquiries, and Support Requests to rename the category “information on or provided by third-party services (as applicable)” to “special: identifiers and/or other information provided by and/or specific to third-party services (as applicable)” for completeness. Also added that category to Data Related to Recruitment/Hiring or Business Partnerships (replacing “information provided by third-party services (as applicable)”), Financial Transactions Policy, Transaction-Related Information I Receive from Third Parties, and Other Information I Receive from Third-Party Sources. (This category is intended to better encompass a whole range of information that identifies or is associated with the users of various third-party services; for example, an individual’s unique ID number or username on a particular service would fall into this category. It’s necessarily general because it may vary dramatically depending on the specific services involved.) In Data in Submitted Images, also changed the category “potentially personally identifying information such as (without limitation) license plate and/or vehicle identification numbers*” to “special: other visible and/or audible identifiers and/or potentially personally identifying information (such as (without limitation) a pictured car’s license plate and/or vehicle identification numbers)*” (since a license plate number or VIN is probably now considered an identifier in many jurisdictions). Throughout this policy, also revised the category lists to ensure that sections listing multiple “special” categories separate them by semicolons, with each category preceded by “special:” (which is hopefully less confusing). In Other Messages, Inquiries, and Support Requests, also added a that information that pertains to my articles or other content (for example, if I interview or consult with you in connection with an article) may be published or disclosed in that context, as already stated in the Other Information I Receive from Third-Party Sources section. In Disclosure of Personally Identifying Information, changed “storage facilities” to “storage facilities (including, though not limited to, providers of safe deposit boxes)” and changed “postal services, common carriers, and/or shipping agencies” to “postal services, common carriers, shipping agencies, and/or mailbox rental services.” In Other Information I Receive from Third-Party Sources, made various minor edits to the paragraph about research related to my content (the paragraph beginning “I routinely gather information …”). In Contact Forms, changed “I may amend and/or update the applicable content to incorporate and/or reflect the factual substance of your corrections, clarifications, and/or suggestions” to “I may incorporate the factual substance of your corrections, clarifications, and/or suggestions into the applicable content” and added a new second bullet point to that list reading, “If your inquiry provides significant assistance with the management of this website, my content, and/or some related matter(s), I may elect to publicly acknowledge and/or thank you by name or applicable pseudonym, unless you ask me not to or I reasonably surmise that you prefer not to be acknowledged or identified.” Adjusted references to my newer smartphone to match the way the manufacturer styles the model name. Updated the preamble and Cookies and Similar Technologies to note that the Cookie Notice also constitutes the “cookie policy” for this website, for jurisdictions that explicitly require such a policy. Also added a similar note to the Cookie Notice itself. In Disclosure of Personally Identifying Information, completely rewrote the bullet point about information incorporated into my content (which previously began “As part of journalistic, historical, critical, or other nonfiction accounts”) and the paragraphs later in that section regarding information incorporated into content that I license or sell, also deleting the paragraph about keeping certain information separate (since it was confusingly framed and I couldn’t figure out a suitable generalizable way to coherently express the intent). (These revisions don’t represent a change in my practices — although the revised language is slightly broader in scope — but rather my ongoing efforts to explain the normal activities of a professional writer/editor within the context of this policy, something for which I have few useful models. As you may gather, I remain deeply uneasy about the potential impact of the various state and national privacy laws and regulations on freedom of expression, freedom of the press, and my livelihood.) Elsewhere in that section, changed the phrase “are difficult to quantify” to “is difficult to quantify” (a point of troublesome grammar). In that section, Advertising, and the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “they may gather information about you as described …” to “they may gather and use information about you — potentially for various commercial purposes — as described …” In the instance in Disclosure of Personally Identifying Information, also added the sentence “This could conceivably be deemed to constitute sharing information “for commercial purposes” as the CCPA defines it, even if I do not directly provide any information about you to those advertisers” to the end of the applicable paragraph.
    • July 20, 2020: In Disclosure of Personally Identifying Information, added I.R.I.S. (which makes OCR software) to the examples of third-party service providers. Added or updated more trademark notices through this page (and, where applicable, the Cookie Notice), sometimes making minor adjustments to the surrounding text to fit. Also corrected the capitalization of Startpage and fixed some stray uses of “we” and “our” rather than “I” and “my.” Made various other wording adjustments to Disclosure of Personally Identifying Information, including changing “other services for sharing images and/or other media, and/or audiovisual streaming services” to “other services or platforms for sharing images and/or other media, and/or audiovisual streaming services or platforms”; changing “sites and/or services for publishing and/or distributing audiovisual content” to “platforms and/or services for publishing and/or distributing audiovisual content”; and changing “Voice over Internet Protocol (VoIP), voice chat, teleconferencing, and/or video chat services; other types of messaging and/or chat services, apps, and/or clients …” to “Voice over Internet Protocol (VoIP), voice chat, teleconferencing, and/or video chat apps, clients, platforms, and/or services; other types of messaging and/or chat apps, clients, platforms, and/or services, such as (without limitation) …” (This is mostly nitpicking, as the distinction between a “platform” and a “service” is at best hazy and a client can be either an app or a service; the point is to cover a range of service providers who may use different terms for similar concepts.) Also changed “Other providers whose services enable me to operate and secure my devices and/or data …” to “Other providers whose services enable me to operate and/or secure my devices and/or data …” and adjusted the wording of the reference to IPinfo.io (mainly to avoid the possessive after “LLC”). Also in the Cookie Notice, made some minor changes to the description of the cookies used by the PayPal button(s). Throughout this page, changed a number of instances of the phrase “potentially identifying” to “potentially personally identifying” for internal consistency. In Website Server, Error, and Security Logs; Security Scans; and Information I Receive from Third Parties for Security Purposes, updated the category descriptions at the beginning of each section to note that of the other technical details collected, “(some of which might be potentially personally identifying)” (which, as noted in the Definitions, refers to information that may be personally identifying in some contexts and/or in combination with certain other information). Also added news services and online publications to the examples of third-party vendors and service providers under Disclosure of Personally Identifying Information.
    • July 19, 2020: In Disclosure of Personally Identifying Information, updated the references to Microsoft (to note explicitly that I also use Microsoft Office; this isn’t new, but it previously wasn’t expressly stated), Adobe and Apple (to adjust the trademark information), and LibreOffice (to properly capitalize The Document Foundation and change “LibreOffice software” to “LibreOffice suite,” since it’s technically a suite of several interrelated software programs). Also in that section, changed “public relations firms” to “public relations services”; changed “advertising agencies” to “advertising agencies and/or services”; added online scheduling, task management, meeting, and/or collaboration platforms, tools, and/or services to the specified examples of other types of service providers; changed “messaging services, apps, and/or clients” to “other types of messaging and/or chat services, apps, and/or clients” for completeness; and amended the reference to online file transfer, file sharing, and/or file storage services by adding the parenthetical phrase “(which may include, but are not necessarily limited to, cloud storage services)” to the description (for clarification). Added additional Microsoft trademark notices in Security Scans, Information I Receive from Third Parties for Security Purposes, Information Captured by Service/Software/App/Device Telemetry, and throughout Disclosure of Personally Identifying Information. Also added some additional Google trademark notices to those sections and to Embedded Content; Other Inquiries, Messages, and Support Requests; Financial Transactions Policy; Additional Information About Data Retention; and the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice. Added trademark notices to the references to Amazon Web Services in Other Inquiries, Messages, and Support Requests and Disclosure of Personally Identifying Information. Added or updated trademark notices throughout this page and added a variety of trademark notices to the Cookie Notice, sometimes making minor adjustments to the surrounding text to fit. In the Cookie Notice, also deleted the words “strictly necessary” from the description of the Privacy and Cookie Preferences cookies (since that may not have been entirely accurate from a legal standpoint, although those cookies are currently this website’s only means of managing your cookie preferences.) Also updated the License for This Policy section to note that a changelog for the Automattic Privacy Policy can also be found in the repository mentioned in that section. Moved items on this list from prior to January 1, 2020, to the separate Older Privacy Policy Revisions page for space reasons and updated the license information on that page to include trademark attribution. In Legal Bases for Collecting and Using Information, changed “complying with the terms of a Creative Commons or other license …” to “complying with the terms of a license …” In Other Information I Receive from Third-Party Sources, changed “under a Creative Commons or similar license …” to “under a Creative Commons license or other, similar license …”
    • July 18, 2020: In Disclosure of Personally Identifying Information, added “file-sharing services” in the examples in the bullet point on search engines and/or other research tools. (This is basically just a clarification, as such services would fall into one or more categories already listed among those examples, and are also listed among the “other types of service providers” examples.) Also in that section, further updated the language about the Privacy Shield Frameworks and added a note that a recent European court ruling has declared those frameworks invalid as a means of complying with European data protection regulations. Made a slight correction to the description of Signal: removing the comma from “Signal Messenger LLC” (upon belatedly realizing that they don’t use a comma before “LLC”). In Financial Transactions Policy, amended the Information Sharing subsection to change “To the applicable email and/or telephony provider(s) …” to “To the applicable email, telephony, and/or other communications service provider(s) …” (This is a clarification, and should hopefully be reasonably self-evident; obviously, transaction-related communications via some third-party service necessarily entail sharing certain information with the applicable service provider, even if the means of communication include something other than email or telephony.) Also made some minor adjustments to the description of Bitdefender in that section (to better describe the scope of Google services the these apps may incorporate and/or utilize). Also made some updates to the enumerated examples of Google trademarks in that section and changed the phrase “I could theoretically still use Blogger through my Google account” to “I could theoretically still use Blogger through my Google account(s).” In Cookies and Similar Technologies, Consents and Agreements, Age Verification, and the Cookie Notice, changed several instances of the phrase “on your computer or device” to “on your device/browser” for internal consistency. In Embedded Content, revised the description of BootstrapCDN to change the phrase “your computer or device” to just “your device” (again for internal consistency). In Website Server, Error, and Security Logs, changed “about each computer or device” to “about each computer or other device” for clarity (since in the context of this policy, a computer is a type of device, although not all devices are necessarily computers). Adjusted the wording of the first paragraph of the Cookie Notice, adding the phrases “though not necessarily limited to” and “again without limitation” after the word “including” and adding storing your comment data to the examples of site functions that use cookies.
    • July 17, 2020: In Security Scans, changed the phrase “Among the website security measures I use on this website is the Sucuri Security plugin …” to “Among the website security measures I may use on this website is the Sucuri Security plugin …” (As noted elsewhere in this policy, which specific security measures I use may vary.) In that section and Embedded Content, updated the language about Sucuri and Cloudflare’s Privacy Shield certification (they’re both certified under both the EU-U.S. and Swiss-U.S. frameworks, not just the EU-U.S. framework). Made some minor adjustments to the language regarding Privacy Shield in the Disclosure of Personally Identifying Information. (To be clear, I am not Privacy Shield certified, but some of my third-party service providers and/or vendors are, so I want to make sure I’m describing the Privacy Shield Frameworks correctly.) Also changed the Privacy Shield examples in that paragraph from “Adobe Inc., Cloudflare, Google, HP, and Sucuri …” to “Adobe, Cloudflare, Google, HP, Microsoft, and Sucuri …” In the list of examples of third-party service providers and vendors in that section, also changed “Adobe® Inc.” to just “Adobe®” and the first reference to “Apple Inc.” to just “Apple” (mainly for consistency of language. In Your Rights (GDPR and Other National or State Privacy Laws), changed the phrase “(aka the “GDPR”)” to “(aka the “GDPR” or “EU GDPR”) for clarity and amended the paragraph about government data protection authorities to distinguish the EU GDPR and the UK GDPR, update the link to the list of EU data protection authorities, and and add a link to the UK ICO (which is the British data protection authority and will remain so in the wake of the UK’s withdrawal from the EU). In the first paragraph of the California Privacy and Data Protection Rights section, deleted the comparison to the European GDPR to avoid confusion. In Legal Bases for Collecting and Using Information, changed “such as the EU or UK General Data Protection Regulation (GDPR) or the forthcoming Brazilian Lei Geral de Proteção de Dados (LGPD)” to “such as the European General Data Protection Regulation (aka the “GDPR” or “EU GDPR”), the UK GDPR, or Brazil’s Lei Geral de Proteção de Dados (LGDP)” for internal consistency. In the first item in the list of bases, changed the parenthetical example from “(such as comments)” to “(such as comments and user feedback forms).” In Who I Am, changed “many of the vendors and third-party service providers …” to “many of the other third-party vendors and service providers …”
    • July 15, 2020: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the wording of the bullet point on legal information to change “… accused of, charged with, and/or convicted of a crime …” to “… accused of, charged with, and/or convicted of crime(s), infraction(s), and/or misconduct …” In Disclosure of Personally Identifying Information, changed “some or all of those vendors and/or service providers may use …” to “some or all of my vendors and/or service providers may use …” for greater clarity. In Security Scans, updated the paragraph about anti-theft/loss-protection features to note that I may also use similar features to protect my desktop computer, including, though not necessarily limited to, security features of products and/or services provided by Microsoft. In Embedded Content, added the following sentence to the paragraph beginning, “Please note that the types of information embedded content providers may collect …”: “Similarly, some or all of my embedded content providers may use various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners to process information related to their services, which is also outside of my control and generally beyond my reasonable ability to enumerate here.”
    • July 14, 2020: In Disclosure of Personally Identifying Information, changed “where I might share information related to this website” to “where I might discuss and/or promote this website, its content, the management of my business operations, and/or my other creative endeavors” and changed “…” search for and/or purchase materials related to my research, my content, and/or this website” to “… search for and/or purchase materials related to this website, its content, the management of my business operations, and/or my other creative endeavors” for greater consistency. Also in that section, added a note explaining that the use of the Roundcube mail client is also subject to the DreamHost Privacy Policy (since DreamHost actually operates the client and the mail servers to which it connects); changed “operate and secure my devices” to “operate and secure my devices and/or data” (which is a more broadly accurate description); and changed various instances of “in the course of my business and/or in some context related to this website” to “in some context related to this website and/or in the course of my business” (which is more in keeping with the scope of this policy). In the description of the Sucuri Security plugin in Security Scans, changed “… that perform certain suspicious actions” to “… that perform certain actions (e.g., adding or editing a post, updating or installing a plugin).” (The plugin may log a variety of routine administrative activities that aren’t necessarily suspicious in and of themselves.) Updated the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice to add vaccinations to the enumerated examples of medical information collected. In the same section, in the the paragraph immediately following the bullet-pointed list, added the parenthetical phrase (“but without limitation”) after “(For example …” for emphasis.
    • July 13, 2020: In Definitions, made some nitpicking adjustments to the wording of some definitions, inserting additional instances of the phrases “(without limitation),” “(again without limitation),” and/or “(though not necessarily limited to)” for emphasis and changing an existing instance of “such as” to “e.g.” In the definition of Identifiers, changed “that expressly identify an individual, household, or specific device” to “that specifically identify an individual, a household, or a device” (which is a bit more accurate). In Disclosure of Personally Identifying Information, added photo-sharing services and other services for sharing images and/or other media to the examples of third-party service providers. (This is mainly a clarification, since most such services would also fall into one or more of the categories already described in that section.) In Legal Bases for Collecting and Using Information, changed “European data protection laws” to “data protection laws such as the EU or UK General Data Protection Regulation (GDPR) or the forthcoming Brazilian Lei Geral de Proteçao de Dados (LGPD).” Updated Security Scans to add a link to the Privacy Shield website for more information on that framework. In Disclosure of Personally Identifying Information, updated the note on the Privacy Shield Framework to note that Privacy Shield participation may in some instances also cover the transfer of data subject to Swiss data protection laws and/or the UK GDPR, but additional requirements may apply; added a link to the Privacy Shield Program website for more information. In Your Rights (GDPR and State Laws), updated the first paragraph to also reference the UK GDPR and the Brazilian LGPD. Changed the name of that section to “Your Rights (GDPR and Other National or State Privacy Laws)” and updated the Table of Contents. Added Google Search Console (formerly known as Google Webmaster Tools) to the enumerated examples of Google services among the examples of third-party vendors and service providers listed in Disclosure of Personally Identifying Information. (This again is just a clarification; as that section already indicated, the range of Google apps, services, and/or tools I may use and/or offer is too extensive to list more than a sampling.) Throughout the text of this policy and the Cookie Notice, changed various instances of the the phrase “potentially identifying information” to “potentially personally identifying information” for consistency. (I realized I had inadvertently alternated between the two versions in different portions of the text; although I regard those phrases as synonymous, I want to make the usage consistent throughout.)
    • July 12, 2020: In Disclosure of Personally Identifying Information, added parking attendants, security guards, property managers, receptionists, and/or other such functionaries to the examples of third-party vendors and service providers. In the Online Tracking section, changed the words “on this site” to “on this website” for clarity and added a final paragraph to the end of that section noting that other websites or online services, including ones to which I may link and/or on which I have accounts, may use various web analytics services and/or tools, which in most cases is outside of my control. That paragraph also notes that analytics tools used on my Ate Up With Motor and 6200 Productions websites are described in those websites’ respective privacy policies. Added a similar paragraph to the end of the Embedded Content section. Updated the Cookie Notice to change “The use of cookies and/or similar technologies by third-party sites and/or services …” to “The use of cookies and/or similar technologies by third-party websites and/or services …” for greater consistency. In Information I Receive from Third Parties for Security Purposes, added the DTEK by BlackBerry app to the listed examples of sources of security-related information. (DTEK is one of the suite of BlackBerry Limited apps and services that came preinstalled on the newer of my BlackBerry smartphones.) Also updated the Security Scans section to note that BlackBerry Limited is another of the principal providers of security measures I use for my mobile devices. (The BlackBerry security features are primarily concerned with electronic security rather than anti-theft/loss-protection, but there may be exceptions that would fall within the scope of that paragraph.) Fixed a formatting error in this Revisions List. Fixed a typo in Security Scans: “the security of my system, devices, and data” should have read “the security of my systems, devices, and data.”
    • July 10, 2020: In the first paragraph of Information I Receive from Third Parties for Security Purposes, changed “… and/or user agents that may be associated with malicious activity such as spam” to “… user agents, and/or other such information that may be associated with malicious activity such as (without limitation) spam and/or attempts to transmit or otherwise propagate malicious code.” (This is really just a clarification; the types of information enumerated in that paragraph are the most common and typical examples, but not necessarily an exclusive list, and of course spam is only one possible type of malicious activity.) In the following sentence, changed “(without limitation)” to “(again without limitation)” for better flow. In the following sentence, changed “(without limitation)” to “(again without limitation)” for better flow. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Information about other household members (e.g., roommates and/or pets)” to “Information about other household members (e.g., roommates) and/or pets.” (This is just a nitpicking clarification; a pet is usually not considered a household member in a legal sense.) In Disclosure of Personally Identifying Information, added job search and/or professional networking sites and/or services, employment agencies, and sites and/or services for publishing and/or distributing audiovisual content (e.g., videos and/or podcasts) to the examples in the bullet point about services and/or service providers that help me promote and/or sell (or otherwise offer for commercial advantage) my content, writing/editing/writing consulting services, and/or other creative endeavors, also rearranging the order of some of those examples. Corrected some inadvertent uses of “we” and “our” rather than “I” and “my” in recent entries in this Recent Revisions list.
    • July 9, 2020: In Embedded Content, added a bullet point for the Sucuri Security plugin described in the Security Scans section. (That section already describes the plugin’s functions, but some components of the plugin do qualify as embedded content, so I decided it would be appropriate to also mention it in the Embedded Content section.)
    • July 8, 2020: In Embedded Content, updated the entry on Yoast to also mention the remotely served functionality provided by Ryte (which is incorporated into recent versions of the Yoast SEO plugin) and my fruitless efforts to determine from the developers whether the plugin’s remotely served components gather personal information about logged-in administrative users. (Any such information-gathering would apply only to users logged into the site’s administrative dashboard, not visitors to the publicly facing website, but it needs to be reflected here regardless.) Elsewhere inn Embedded Content and in several prior entries in this Recent Revisions list, corrected some inadvertent uses of “we” and “our” rather than “I” and “my.” In Cookies and Other Technologies, moved the example about showing or hiding banners for first-time visitors to parentheses; changed “&hellip and to ensure that …” to “… and to help ensure that …”; and changed “such as” to “e.g.” Added another sentence to the end of that paragraph: “Certain other site functions and/or site content may require the use of cookies and/or similar technologies to function properly.” Toward the end of that section, changed “some site features may not function …” to “some site features and/or site content may not function … for consistency and added a paragraph about the use of cookies and/or similar technologies by third-party services. Also updated the Cookie Notice to mention that, to reflect the revised language about cookies and/or similar technologies recently added to the Embedded Content section, and to clarify that this Recent Revisions list now also includes changes to that notice. Fixed a punctuation error in this Recent Revisions list.
    • July 7, 2020: In Definitions, renamed “Cookies and local storage” to “Cookies and similar technologies” and further refined that definition. In Cookies, changed “(such as local storage)” to “(such as local storage objects)” (which is both more accurate and more grammatically correct in that sentence). In Embedded Content, further adjusted the language and descriptions, including using the phrase “cookies and/or similar technologies” (which is how other privacy policies tend to characterize these technologies), smoothing out the wording, and simplifying and/or further clarifying some of the specific descriptions. Subsequently made an additional round of revisions to Embedded Content to further refine this language. Renamed the Cookies section to “Cookies and Similar Technologies” and changed other references to that section accordingly (both on this page and the Cookie Notice, which previously had erroneously identified that section as the “Cookie Policy” section, an inadvertent holdover from an earlier version of this policy). In Comments, corrected another stray reference to “Cookie Policy” section to refer to the “Cookies and Similar Technologies” section instead and added an internal link to that section. In Financial Transactions Policy, changed “PayPal may use cookies and/or “web beacons” (such as so-called “tracking pixels” and “pixel tags”) in the payment button and/or in the shopping cart to collect and track data about users” to “PayPal may also use cookies and/or similar technologies in the payment button and/or the shopping cart to collect information about, track, and/or identify users, in addition to whatever information the service may collect to log you into your PayPal account (if any) and/or complete your transaction” (which is more accurate and more internally consistent). In Advertising, added the parenthetical aside about information-gathering by ads on the administrative dashboard that already appeared in the Disclosure of Personally Identifying Information section, for greater internal consistency. In the latter section, reordered that aside in the paragraph in which it appears (which entailed splitting the first sentence in that paragraph into two sentences with the parenthetical aside between them), again for the sake of consistency. Also in Definitions, amended the definition of “Personal information/personally identifying information” to change “(or in combination with certain other information)” to “(and/or in combination with certain other information” and amended the definition of “Identifiers” to change “… to be personal identifiers” to just “… to be identifiers” (which is more accurate).
    • July 6, 2020: In Definitions, fixed a formatting error inadvertently created during yesterday’s revisions and further amended the “Cookies and local storage” definition for greater accuracy. Updated the Cookies section to also mention “similar technologies” such as local storage of information. Also updated Browser Tests to note that the results of the tests may be stored in your browser’s local storage for the duration of your visit. (This is how the test have always worked, but I struggled to properly explain it.) Further amended the Embedded Content section for greater accuracy and to further refine the new language added yesterday about local storage. (Again, this isn’t a procedural change, but an effort to more accurately explain technically complex concepts of which I don’t have a robust understanding myself!)
    • July 5, 2020: In Embedded Content, changed the phrase “and/or other domains owned by WordPress, such as …” to “and/or other domains owned by WordPress, such as (without limitation) …” and changed “… or other WordPress-related messages” to “… and/or other WordPress-related information.” (This is just a clarification.) Fixed an HTML error in this revisions list. In Other Inquiries, Messages, and Support Requests, added a paragraph about communications by some means that is accessible to multiple users (e.g., via email discussion group or group chat, on social media, and/or by transmitting electronic files via shared FTP folder(s)) and/or publicly accessible, noting that such communications may be visible to anyone with access to the shared medium and that I cannot control and accept no responsibility for what third parties may do with information shared in such ways. (I hope this is reasonably self-evident!) In the following paragraph, changed “may publish such communications” to “may publish your communications” for a more natural progression from the inserted language. In the paragraph about data retention at the end of the section, changed “any third-party websites or services you use to contact …” to “any third-party websites or services you may use to contact …” Updated Information I Receive from Third Parties for Security Purposes to note that I may also receive alerts and/or other security-related information from various sources regarding third-party data breaches that could potentially expose my online credentials and/or other personal information to malicious actors. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, fixed a punctuation error (incorrectly nested parentheses in the example regarding the processing of payments) and changed “my bank(s) and the applicable payment processor, if any” to “my bank(s) (or other applicable financial institution(s)) and the applicable payment processor(s), if any (e.g., PayPal®)” for greater internal consistency. In Definitions, updated the definition of cookies (which has been renamed “Cookies and local storage”) to include a brief definition of local storage of potentially identifying information (a technology which is sometimes used in addition to or instead of cookies). Updated Embedded Content to add language about local storage (which many embedded content providers and other online services now use along with cookies), insert a new bullet point about embedded content from Twitter, and add a disclaimer that embedded content providers may also use and/or add other information-gathering and/or tracking technologies beyond what I can reasonably specify in that section. Made various other minor adjustments to the wording of that section for clarity. Further updated the adjusted language in that section to fix my repeated but unintentional use of “store other personally identifying information” when I meant to say “store other potentially identifying information” (an error I repeated an embarrassing number of times by careless use of copy-paste) and made a number of additional minor adjustments and updates to the text, including changing the language about displaying videos or Tweets to be a bit broader in scope (including sharing and/or otherwise displaying the content as well as posting it) and fixing an inadvertent use of “us” rather than “me.”
    • July 4, 2020: In Disclosure of Personally Identifying Information, added rental services and/or rental agencies for vehicles such as (without limitation) cars, trucks, vans, bicycles, scooters, and/or boats.
    • July 3, 2020: In Security Scans, added a new paragraph about anti-theft/loss-protection security measures for my devices that may collect additional personal information under certain circumstances.
    • July 1, 2020: In Disclosure of Personally Identifying Information, added the Roundcube project (whose open source webmail client software my web host uses) to the examples of third-party service providers. In the description of Font Awesome in that section, changed “web mail” to “webmail” for consistency. Updated the Other Information I Receive from Third-Party Sources section to add language about information I might receive from or through social media services and to insert an explicit reference and an internal link to the Additional Information About Data Retention section. (Since the latter section presently follows immediately after Other Information I Receive from Third-Party Sources, I hadn’t previously included such a link, but I added it now for convenience and ease of reference.) Toward the end of Other Information I Receive from Third-Party Sources, also changed “other non-public information” to “other, non-public information” (which better expresses the intended meaning).
    • June 29, 2020: In Other Information You Provide to Me, added a note regarding submitted images and/or other media, with an internal link to the Data in Submitted Images section. Also changed the parenthetical aside from “(These are just a few hypothetical possibilities.)” to “(These are just a few of the many possibilities.)”
    • June 28, 2020: In Information I Receive from Third Parties for Security Purposes, added social media services to the examples of sources from whom I may receive such information and changed “Internet service provider, mobile carrier, bank …” to “Internet service provider(s), mobile carrier(s), bank(s)/financial institution(s) …” for internal consistency. In Disclosure of Personally Identifying Information, created a new sub-bullet for social media services on which I have accounts and/or where I might share information related to this website in the list of examples of third-party service providers. Moved the existing bullet point about Flickr to that sub-bullet. Tinkered a bit with the wording of the new language.
    • June 27, 2020: In Security Scans, Financial Transactions Policy, and Other Information I Receive from Third-Party Sources, changed several instances of “such as (for example, but without limitation)” to just “such as (without limitation)” (for internal consistency and because “for example” is probably redundant in those instances).
    • June 26, 2020: In Security Scans, changed “and/or the various Google services I use (e.g., the Google Voice communications service …” to “and/or other applicable service provider(s) (e.g., the various Google services I use, such as (for example, but without limitation) the Google Voice communications service …” In Comments; Contact Forms; and Other Inquiries, Messages, and Support Requests, adjusted the language referring to the Security Scans section (regarding messages being scanned for spam and/or malware) to be more consistent with the wording of the latter section. Added similar language to the Information Sharing subsection of the Financial Transactions Policy section. In Other Inquiries, Messages, and Support Requests, also changed “other services place the entire message text in the notification” to “other services include some or all of the message in the notification.” In Website Server, Error, and Security Logs, added a sentence noting that email alerts may be scanned for spam and/or malware (also referring to the Security Scans section) and changed “since my web host …” to “because my web host …” (which is more grammatically appropriate).
    • June 25, 2020: A number of minor wording adjustments for internal consistency: In Website Server, Error, and Security Logs, changed “may be captured in backups created by me or my web host” to “may be captured in backups created by me and/or my web host.” In Comments, changed, “may have been accessed or used” to “may have been accessed and/or used.” In Data in Submitted Images, changed “backup files created by me or my web host” to “backup files created by me and/or my web host” and changed “may have already been accessed or used by third parties” to “may have already been accessed and/or used by third parties.” In Information I Receive from Third Parties for Security Purposes, changed “applications/services” to “applications/software/services.” In Disclosure of Personally Identifying Information, updated some of the descriptions of third-party service providers to change a number of instances of the word “applications” to “software” for greater clarity. In the latter section, also changed “Internet firewall applications/services” to “Internet firewall applications/software/services” and changed “TinyWall and …” to “TinyWall and/or …” for consistency. Also updated the sentence beginning “Where I become aware of such a case, I will take reasonable efforts to keep separate any information I have gathered through or in connection with this website …” to insert the parenthetical phrase “(e.g., the IP addresses in the logs, the email addresses associated with comments and/or form submissions)” in hopes of clarifying the intended scope of that paragraph.
    • June 23, 2020: In Disclosure of Personally Identifying Information, added a new paragraph following the bullet-pointed list regarding the possibility of roommates, houseguests, other cohabitants, and/or visitors becoming incidentally aware of certain personal information pertaining to this website and/or my business operations, in ways that are hard to avoid with any business activity conducted at home. Added similar language to the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice. In the subsequent paragraph of the latter section, also changed the phrase “in such contexts” to “in the above contexts” to avoid any potential confusion due to the added paragraph.
    • June 21, 2020: In Disclosure of Personally Identifying Information, further adjusted the description of BlackBerry Limited by adding “(and/or, where applicable, their subsidiaries and/or affiliates)” after the corporate name to better reflect the framing of their Privacy Policy. Also changed “its previous corporate name” to “the previous corporate name” to avoid an unclear antecedent. Changed “other service providers, and/or other vendors” to “various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners” and, at the end of that bullet point, changed “any third-party subcontractors, subprocessors, vendors, and/or partners those entities may employ or utilize …” to “any subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners those entities may employ and/or utilize …” for greater internal consistency. Updated the description of Abine’s Blur to also mention their email masking tool.
    • June 20, 2020: In Disclosure of Personally Identifying Information, updated the descriptions of TCT and BlackBerry Limited to clarify that TCT made the hardware for the newer device and BlackBerry Limited makes the suite of BlackBerry apps, services, and software both devices use. Also adjusted TCT’s corporate name to match their current usage (TCL Communication Ltd., with “Limited” abbreviated) and updated the description of VeraCrypt to clarify that portions of the software are the work of various developers besides IDRIX. In that section, also changed “may use various subprocessors and/or other vendors not necessarily listed here …” to “may use various subprocessors, other service providers, and/or other vendors, not necessarily listed here, …”
    • June 16, 2020: Updated the Information I Receive from Third Parties for Security Purposes and Disclosure of Personally Identifying Information sections to note that Bitdefender may also use the Google Safe Browsing API. Also updated the reference to Google Safe Browsing in the former section to note that some other apps (as well as web browsers and online services) may also use that service. Also in Disclosure of Personally Identifying Information, updated the bullet point on disclosures I deem reasonably necessary to protect property, rights, security, and/or safety to note that (as stated in the Copyright/Intellectual Property Violations section of the Terms of Use) I may forward copyright claims pertaining to material provided to me by a third party to that third party. (This provision has been in the Terms of Use for years, but I had previously neglected to mention it in the Privacy Policy.) Made a related update to the Information Shared for Business or Commercial Purposes section of the CCPA Information Collection and Sharing Notice.
    • June 15, 2020: In Other Information I Receive from Third-Party Sources, made a variety of clarifications to the paragraph regarding my research process: Added “(without limitation)” after “… with third parties such as …” and added “observers, eyewitnesses, and/or other knowledgeable parties” to the examples enumerated in that sentence. (These were already listed in the related language in the CCPA Information Collection and Sharing Notice.) Later in that paragraph, changed “the subjects of my content” to “the subject(s) of my content.” Added a new second-to-last sentence: “In some cases, I may look for your contact information so I can ask you questions related to my content, request an interview, and/or let you know about content in which you were mentioned.” In the final sentence of that paragraph, changed “… or if you have disclosed the information …” to “… and/or if you have disclosed the information …” In the same section, updated the paragraph regarding information provided by third-party services to add two more examples of the type of information that might be provided: whether a contact “is typing, and/or has seen a particular message.” (These are obviously just additional examples, not an exhaustive list of possibilities.)
    • June 14, 2020: Made some minor clarifications to the summary of the June 13 revisions below.
    • June 13, 2020: In Embedded Content, fixed a typographical error in the description of Font Awesome: correcting “your IP address and user information” to “your IP address and user agent information” (the word “agent” had been inadvertently deleted). In Disclosure of Personally Identify Information, amended the bullet point on public acknowledgments and thanks to note that those acknowledgments may also include (where applicable) the date(s) of the assistance. (This is just a clarification of my customary practice, not a change in how I handle such acknowledgments.) In that bullet point, also changed “the type of assistance” to “the nature of the assistance provided” for greater clarity.
    • June 11, 2020: In the list of examples of third-party service providers in Disclosure of Personally Identifying Information, updated the description of Firefox to clarify that that may include the desktop and/or mobile versions and changed “taxi and/or ride-share services” to “taxi, livery, shuttle, carpool, and/or ride-share services.” Also adjusted the description of Simple DNSCrypt to change “desktop computer” to “desktop computer(s).”
    • June 10, 2020: In the list of examples of third-party service providers in Disclosure of Personally Identifying Information, made some minor wording adjustments to the “accessing the Internet” bullet point for clarity and internal consistency (and to fix some questionable grammar). Also added “other Internet service providers, mobile carriers, and/or wireless network services I may periodically use.”
    • June 8, 2020: In Disclosure of Personally Identifying Information, added Microsoft Bing Search to the examples of third-party service providers. (This is mainly a clarification, since Bing is one of the many Microsoft “software, apps, tools, and services” mentioned elsewhere in that section.) Fixed a typo in this revisions list.
    • June 7, 2020: In Disclosure of Personally Identifying Information, fixed a typographical error in the description of CompanionLink and DejaOffice CRM and adjusted the description to better explain their function. Changed “Other providers of apps, tools, and/or services I may use in connection with this website and/or its content” to “Other providers of apps, tools, and/or services I may use in connection with this website, its content, the management of my business operations, and/or my other creative endeavors” to better reflect the current language elsewhere in this policy. Adjusted the description of DreamHost in that section to change “(which also hosts the mail servers for email addresses using this domain name)” to “(which also hosts the mail servers for all email addresses using the 6200productions.com domain name)” for greater clarity. Updated Other Information I Receive from Third-Party Sources to also mention that I may sometimes receive information through third-party services and/or service providers. Amended and simplified the language in that section about software developers, added a note that software licenses typically prohibit deleting the developer information, and moved that paragraph to an earlier point in the section. Fixed a typographical error. Later in that section, changed the phrase “any attribution information” to “any of the developer credits or copyright information” for greater clarity. In Disclosure of Personally Identifying Information, fixed a punctuation error in the description of Signal and updated that description to indicate that Signal is a registered trademark.
    • June 6, 2020: Updated the Additional Information About Data Retention section’s bullet points on text messages and phone calls to explain that my retention of text messages and phone records on my phone(s) is now highly variable. (This change is to reflect my increased use of a newer device that no longer allows me to globally control message retention the way my older smartphones did; if there’s a way to get the newer phone to automatically delete all unsaved messages after a certain period of time, I haven’t yet found it!)
    • June 4, 2020: In Disclosure of Personally Identifying Information, corrected the attribution for MozBackup, also reordering that item in the list of examples to keep that section in more or less alphabetical order.
    • May 31, 2020: In Disclosure of Personally Identifying Information, updated the attribution for Cookie-AutoDelete to reflect that browser extension’s current copyright statement. In Security Scans, updated the reference to the EU-U.S. Privacy Shield Framework to add periods to “U.S.” to match the reference in Disclosure of Personally Identifying Information.
    • May 30, 2020: In Contact Forms, split the final sentence (beginning “Otherwise, I may disclose …”) into a separate paragraph. Inserted a bullet point regarding incorporating corrections, clarifications, and/or suggestions (which hopefully was reasonably self-evident, but bears mentioning). In that section, also changed “infringe on” to “infringe upon.” In Other Inquiries, Messages, and Support Requests, deleted the bullet-pointed list beginning “Unlike comments, I do not generally publish …” and replaced it with a reference to the list in the Comments section above (to avoid repeating the same list twice). Fixed a typo in Data Related to Recruitment/Hiring or Business Partnerships.
    • May 23, 2020: In Data in Submitted Images, changed “I typically also gather additional information about the images I use …” to “I typically also gather additional information about the images and/or other media I use …” for internal consistency. Also changed several instances of “images or media files” to “images or other media files,” again for consistency of wording. In Other Information I Receive from Third-Party Sources, added a paragraph noting that published works I use and/or access may also contain a variety of personal information, and I may also obtain additional information about the people depicted, described, or involved with those works. Also changed “photographs and other images or media” to “photographs, other images, and/or other media.” Updated Additional Information About Data Retention to note that I typically retain indefinitely copies of published works I own, along with (where applicable) associated documentation and/or notes and any inventories, catalogs, and/or lists that I may create and/or utilize to manage my collection of such works.
    • May 20, 2020: Updated the description of the NoScript browser extension in Information I Receive from Third Parties for Security Purposes and Disclosure of Personally Identifying Information to better describe its attribution. (The NoScript website‘s copyright statement attributes it to InformAction, but the copyright statement in the extension’s source code credits the extension to InformAction co-founder Giorgio Maone.) Also updated the Security Scans section to correct a reference to the Information I Receive from Third Parties for Security Purposes section (from which the word “Parties” had somehow been dropped) and fix the link, which had been configured incorrectly. In Disclosure of Personally Identifying Information, changed “journalistic, historical, or other nonfiction accounts” to “journalistic, historical, critical, or other nonfiction accounts.” (This is mostly a clarification; a review or other work of criticism is a type of nonfiction account and sometimes also a journalistic one, but spelling it out helps to better explain the intended scope of that provision.) Also updated the description of uBlock Origin in Information I Receive from Third Parties for Security Purposes and Disclosure of Personally Identifying Information to note that the extension is developed by Raymond Hill (although its associated lists are developed and maintained by various people).
    • May 18, 2020: Updated the Cookie Notice to make some clarifications to the description of the WordPress administrative and login cookies. In the examples of third-party service providers in Disclosure of Personally Identifying Information, changed “bookkeeping and/or accounting services” to “bookkeeping, accounting, and/or tax preparation services.”
    • May 16, 2020: In Disclosure of Personally Identifying Information, updated and expanded the bullet point regarding contractual obligations by changing “If I am contractually required to do so in connection with a dispute, investigation, or audit involving a third-party service” to “If I am contractually obligated to do so pursuant to my agreement(s) with my business partner(s), vendor(s), and/or third-party service(s), such as (without limitation) in connection with a dispute, investigation, or audit involving …” (since a business partner, vendor, or service provider could also conceivably compel me to provide information in situations other than a formal dispute, investigation, or audit, although those are the most likely examples; I changed “required” to “obligated” principally to better distinguish this bullet point from the earlier bullet point regarding legal requirements). Also clarified the example by changing “their” to “the payment processor’s” (to avoid a potentially unclear antecedent). For related reasons, updated the Financial Transaction Policy subsection on Information Sharing to change the phrase “as otherwise required by my legal agreements with …” to “as otherwise required by my contractual agreements with …” (This is a clarification; a contract is of course a legal agreement, but “contractual agreements” better expresses the intent in this instance.) In the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes, changed the phrase “If I am legally obligated to do so …” to “If I am legally or contractually obligated to do so …” and added “or in connection with a payment dispute or other contractual dispute” to the enumerated examples for internal consistency. In Privacy Policy Changes, changed “This Privacy Policy may be modified from time to time, at my sole discretion. Your continued use of and access to the site signifies your acceptance of any such modifications …” to “I may change this Privacy Policy from time to time, at my sole discretion. Your continued use of this website after any changes to this Privacy Policy will constitute your acceptance of such changes …” (This change is mainly to better align the wording of this policy with the privacy policy of my freelance writing website, to help me avoid confusion in the future.) Also changed “If the policy has changed since your last visit …” to “If the policy has changed since your last visit to this website …” for greater clarity. Updated the preamble to change the phrase “… which summarizes recent modifications by date” to “… which summarizes recent modifications in reverse order by date” for consistency with the description at the beginning of this revisions list.
    • May 15, 2020: In Disclosure of Personally Identifying Information, added Apple Inc. to the examples of third-party service providers. Fixed a typographical error in another listed example and corrected an accidental use of “our” rather than “my.” Made some minor adjustments to the wording of the reference to Adobe in that list for greater internal consistency, also changing the first instance of “Adobe” to “Adobe Inc.” Changed the phrase “Some or all of my third-party vendors/service providers …” to “Some or all of my third-party vendors and/or service providers …” and changed “data subprocessors” to just “subprocessors” (a term that now has a specific legal meaning in some jurisdictions). Updated the reference to the EU-U.S. Privacy Shield Framework to add periods to “U.S.” (which is how the framework’s name is officially styled, at least in the U.S.); note that Adobe Inc. also complies with that framework; and add a parenthetical note that others among the listed examples of vendors and/or service providers probably do as well. (The Privacy Shield website currently lists more than 5,300 U.S. businesses as active participants, so the fact that I haven’t listed a specific service provider or vendor as a participant doesn’t necessarily mean that they are not one — there are just too many for me to keep track.) Added generic listings for “providers of other web browsers I may use” and “any other search engines I may use” to the examples of third-party service providers. (I hope this was already clearly implied, but I spelled it out for the avoidance of doubt.) Also added generic listings for healthcare providers and/or their respective staffs and “other online information services, repositories, websites, blogs, video blogs (“vlogs”), podcasts, and/or audiovisual streaming services.”
    • May 14, 2020: In Disclosure of Personally Identifying Information, updated the description of taxi and/or ride-share services to change “which I may use if I travel to meet with someone via such means and/or arrange such transportation for someone in some manner related to this website” to just “which I may use if I travel via such means and/or arrange such transportation for someone in the course of my business and/or in some context related to this website” (since such travel might not always be to meet with someone, that possibility is obviously implied without needing to be spelled out, and “context” is more correct than “manner” in this instance). In that same bullet point, changed references to business trips or travel to “in connection with trips I take or arrange in the course of my business and/or in some context related to this website” for internal consistency. Also in that section, changed “such that it could not reasonably be used to identify specific person(s)” to “such that it could not reasonably be used to identify the specific person(s) and/or household(s) to whom the information pertains.” (This is another attempt to clarify the intent of that bullet point’s somewhat cumbersome wording.) Elsewhere in that section, changed “financial consulting services” to “financial advisory services” (which is a more correct term for the type of service that language was intended to describe).
    • May 11, 2020: In Embedded Content, changed the phrase “what information I collect in connection with PayPal transactions with me” to “what information I may collect in connection with PayPal transactions to which I am a party and that pertain directly to this website” for greater clarity. Also fixed a typographical error in Disclosure of Personally Identifying Information (correcting the phrase “its and associated drivers” to “its associated drivers”).
    • May 10, 2020: In Disclosure of Personally Identifying Information, added some other generic types of services to the listed examples of third-party service providers. In Controller/Responsible Party, Questions, and How to Reach Me, changed the phrase “can file a request” to “can submit a request” for more consistent wording. Adjusted the wording of references to the Controller/Responsible Party, Questions, and How to Reach Me section in Notice to Parents Regarding Children Under 18; Not for Children, the Age Verification section, and the CCPA Information Collection and Sharing Notice so that those references all consistently say “methods described in” rather than “methods listed under …” or “methods described under …” For similar reasons, also adjusted the wording of a reference in the Cookies section to the Cookie Notice and Privacy Tools pages (changing “the list shown in” to “the list shown on”) and of a reference in Disclosure of Personally Identifying Information to the Financial Transactions Policy (changing “as otherwise described under” to “as otherwise described in”).
    • May 8, 2020: In Disclosure of Personally Identifying Information, changed the sentence “Please note that in many cases, I have no way of associating data gathered through this website with information I may have obtained about you in other contexts” to “Please note that in many cases, I have no reasonable way of associating data gathered through this website with information I may have collected about you in other contexts, or of associating different types of personal information and/or potentially personally identifying information I may have obtained about a given individual or household.” Also made that sentence the beginning of a new paragraph rather than a continuation of the previous one.
    • May 5, 2020: Corrected the HTML anchor in Other Information I Receive from Third-Party Sources, which had been configured incorrectly. In Disclosure of Personally Identifying Information, corrected the internal link to the Other Information I Receive from Third-Party Sources section, which had not been updated correctly in yesterday’s revision. (I had corrected the link text, but not the link itself.)
    • May 4, 2020: In Disclosure of Personally Identifying Information, revised the language of the bullet point regarding journalistic, historical, or other nonfiction accounts to change “it may also include information, corrections, clarifications, and/or additional details provided by the person(s) to whom the information pertains and/or obtained from third parties” to “it may also include non-public information obtained from a variety of sources.” Also corrected the reference in that bullet point to the Other Information I Receive from Third-Party Sources (which had not been updated properly in a previous revision) and adjusted the corresponding language in that section to match this current revision (deleting the word “certain” in the phrase “may also include certain non-public information obtained from a variety of sources,” since including that word was probably more confusing than helpful in that context).
    • May 3, 2020: In Disclosure of Personally Identifying Information, added online file transfer, file sharing, and/or file storage services to the examples of third-party service providers. Rearranged the order of some of the examples in that section. Also in that section, updated the description of Microsoft to change “some of the software, apps, tools, and services I use — including, but not limited to, the operating systems for some of my devices” to “some of the software, apps, tools, and services I may use and/or offer — including, but not limited to, the operating systems for some of the devices I use” (mostly for consistency with other language in this policy, but also because at present, I own only a single device with a Microsoft operating system, although that may change in the future, and I may still sometimes use other devices with their operating systems and/or other software, apps, tools, and/or services, whether or not I own those devices).
    • May 2, 2020: In Disclosure of Personally Identifying Language, amended the language about the sale or rental of information about individual site visitors to change the phrase “about a site visitor” to “about one or more site visitors.” Also amended the description of LG to change “my peripheral devices” to “my displays and/or peripheral devices” (to avoid any uncertainty about whether a display constitutes a peripheral device). In the CCPA Information Collection and Sharing Notice, changed the final bullet point in Categories of Personal Information Collected subsection from “Other data that could potentially be deemed personal information, but that does not easily fit into any of the above-listed categories” to “Other types of personal information, and/or other types of data that could potentially be deemed personal information, that do not readily fit into any of the above-listed categories.” Fixed an error in the HTML anchor for the “Controller/Responsible Party, Questions, and How to Reach Me” section.
    • April 30, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to add “any other DNS resolver service(s) I may use” (as there may be various others besides Cloudflare). Also added Ysard’s Cookie Quick Manager to the listed examples of browser extensions and updated the description of Adblock Plus to add the phrase “and its related lists” for consistency.
    • April 29, 2020: In Disclosure of Personally Identifying Information and the Information Shared for Business or Commercial Purposes of the CCPA Information Collection and Sharing Notice, updated the language about disposal of published works to change “incorporating personal information” and “that contain personal information” to “that contain and/or incorporate personal information” for consistency. In the latter section, also changed “or other personal property” to “or other such personal property” for greater clarity. In Disclosure of Personally Identifying Information, also added a sentence to the beginning of the list of examples of third-party vendors and service providers noting that some or all of those providers and/or vendors may use various subprocessors and/or other vendors not necessarily listed. Also amended the subsequent sentence to change “vendors/service providers” to “vendors and/or service providers.” Made a slight adjustment to this revisions list.
    • April 26, 2020: In Disclosure of Personally Identifying Information, added gitg, the vDos DOS emulator, and Shahin Gasanov’s ZoneIDTrimmer tool to examples of third-party service providers. Further amended the description of Gpg4win in that list to fix a typographical error and adjust the wording. Added the Android Open Source Project’s SDK Platform Tools to the enumerated examples of Google products and services and made some minor wording adjustments to the other item in that bullet point. In Website Server, Error, and Security Logs, changed “accesses the site and its content” to “accesses the site and/or its content.” (This is a clarification; the server and error logs will usually also record attempts to access certain site content without actually visiting the site, such as if someone “hotlinks” an image.) Fixed a typographical error in this bullet point. In Financial Transactions Policy and Transaction-Related Information I Receive from Third Parties, changed “transaction-related questions or inquiries” to “transaction-related questions, inquiries, and/or comments.”
    • April 25, 2020: Revised Disclosure of Personally Identifying Information and the Information Shared for Business or Commercial Purposes of the CCPA Information Collection and Sharing Notice to explain that I may also sell, lend, or otherwise dispose of copies of published works (e.g., books, magazines, DVDs) that contain someone’s personal information. (I’d hoped I wouldn’t need to spell this out, but California’s Office of the Attorney General has still failed to provide any guidance regarding the profound First Amendment implications of the CCPA regarding the sale or distribution of published works.) Also noted that the CCPA doesn’t regard transfers of information as part of the sale or transfer of a business to be sales. Rearranged and revised the text following the bullet-pointed list in Disclosure of Personally Identify Information to present the points described there in a (hopefully) more readable way. Made some further tweaks to the newly added language. Also in Disclosure of Personally Identifying Information, added the phrase “or other such devices, equipment, and/or accessories” to the bullet point on other electronic devices to emphasize that the enumerated examples are not intended to represent an exhaustive list of my electronic equipment. Also added Francesco De Stefano’s Opena11y Toolkit extension to the examples and tweaked the descriptions of the various browser add-ons in that list for more consistent wording.
    • April 24, 2020: Updated the effective date, which I had neglected to do yesterday. In the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes, simplified the paragraph beginning “I may disclose personal information I collect through and/or in connection with this website …” to change the second sentence to “Also, as noted in that section and elsewhere in this Privacy Policy, my work as a professional writer/editor and writing consultant and/or other creative endeavors routinely involve collecting and sharing personal information, often for publication.” Struck the links to the 6200 Productions and Ate Up With Motor privacy policies (which are already included earlier in the notice). In Disclosure of Personally Identifying Information, changed “… keep separate any information I have gathered through or in connection with this website” to “… keep separate any information I have gathered through and/or in connection with this website” for wording consistency. In Information I Receive from Other Third-Party Sources, revised the paragraph about my writing and editing process to also refer to my other creative endeavors, professional or otherwise (since “creative endeavors” are referenced elsewhere in this policy; the intent is to express that some aspects of what I do creatively are not strictly writing or editing); change the phrase “research and writing process” to “research, writing, and editing process”; and note that in some cases, my research, writing, and/or editing may include inviting comment from and/or presenting questions to the public regarding related topics. Made similar adjustments to the corresponding language in Disclosure of Personally Identifying Information for consistency, also changing the phrase “in the course of researching, writing, and/or editing same” to “in the course of researching, writing, and/or editing my content and/or other creative endeavors” for clarity and consistency and changing “including, as applicable but without limitation, any associated images …” to “which may include, as applicable but without limitation, information contained in associated images …” to better express the intended meaning. Elsewhere in that section, also amended language referring images and other media to change “visible” to “visible or otherwise included” (since no one may actually be visible in some types of media, such as audio recordings).
    • April 23, 2020: In Transaction-Related Information I Receive from Third Parties, corrected a reference to “transactions with us” to “transactions with me.” In the Financial Transactions Policy, fixed an inadvertent duplication of the word “and” and updated both the Transaction-Related Information Gathering and Data Retention subsections to note that I may use the information I gather to respond to your transaction-related questions or inquiries (which I hope would be self-explanatory). Expanded the Transaction-Related Information I Receive from Third Parties section to include information I may receive if I offer products or services through some third-party vendor or service. Updated that section and the Financial Transactions Policy to clarify that I may also use transaction-related information to meet my contractual obligations and fixed a grammatical issue. Further amended the Financial Transactions Policy subsection on information sharing to change “information pertaining to payments I make to you” to “personal information related to payments I make to you” (for greater clarity and to avoid using “pertain” twice in the same sentence) and to add bullet points regarding transactions made on behalf of some third party and information I share with my employees and/or independent contractors. (Those points were already effectively covered through the reference to the Disclosure of Personally Identifying Information section, but it seemed worth spelling them out more explicitly in the Financial Transactions Policy.) Made some further minor adjustments to the wording of those bullet points and to the first two paragraphs of the Financial Transactions Policy. In Disclosure of Personally Identifying Information, updated the reference to developers of WordPress plugins, themes, and/or add-ons to note that any information they collect may be through telemetry features incorporated into those plugins, themes, and/or add-ons as well as through my communications with the developers. In the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes, added links to the Ate Up With Motor and 6200 Productions privacy policies and inserted the phrase “… and much (though not all) of the information I collect in connection with that work is intended for publication” in the sentence beginning “Because I am a professional writer/editor and writing consultant …” Also revised the wording of the first paragraph of the Categories of Personal Information Collected subsection to better express the intended scope of the section and include references and links to the 6200 Productions and Ate Up With Motor privacy policies. Made a few other wording adjustments to match. Fixed several instances of the word “the” being duplicated. In the examples of third-party service providers listed under Disclosure of Personally Identifying Information, updated and corrected the descriptions of Gpg4win and VeraCrypt and rearranged the order of the encryption tools listed. Also fixed a couple of minor errors in this revisions list.
    • April 22, 2020: In the Financial Transactions Policy, changed “applies to financial transactions with me and/or pertaining to aaronseverson.com …” to “applies to financial transactions with me pertaining to the aaronseverson.com website …” In the following paragraph, changed “applies only to transactions with me, NOT to your transactions with third-party vendors, retailers, or services” to “applies only to transactions pertaining directly to the aaronseverson.com website, and then only to transactions you enter into with me, NOT to your transactions with third-party vendors, retailers, or services, which are outside of my control” and changed “if you purchase a copy of some work I have written through an online bookseller rather than directly from me …” to “if you purchase a copy of some work I have written through an online bookseller …” (I’m concerned that the previous wording was confusing and potentially misleading as to the intended scope of the policy.) Made similar wording changes through the rest of that policy for consistency. Also struck a confusing reference to “transactions with 6200 Productions,” which does not apply to this policy, and noted in the Transaction-Related Information Gathering subsection that I may also use transaction-related information I collect for service improvement, fraud prevention, and/or other security purposes. (This was already indicated in the data retention subsection.) Fixed some punctuation errors in the data retention subsection.
    • April 21, 2020: In the list of examples of third-party service providers in Disclosure of Personally Identifying Information, added Waves Audio Ltd. to the listed examples and clarified the bullet point regarding other electronic devices, also adding some other devices to the examples listed and removing one (which I just returned without ever really using). Made some further minor adjustments to the wording of my recent additions to the list of examples and changed several instances of the word “suite” to “software” for clarity. (In a number of instances in that list, I had previously used the word “suite” to refer to packages of software consisting of more than one distinct program or app, but “software” is probably clearer in context.) Removed some extra spaces.
    • April 19, 2020: In Disclosure of Personally Identifying Information, added another bullet point regarding other electronic devices such as cameras and memory storage devices to the examples of third-party service providers. Tinkered further with the wording of that addition. Fixed some typos in that section. Also added Realtek Semiconductor Corp. to the listed examples, updated the description of Qualcomm (also adding a registered trademark symbol), and rearranged the order of some of the examples in the list. Added another device to the examples of other electronic devices.
    • April 17, 2020: Added the Simple Mobile Tools Voice Recorder app to the examples of third-party service providers under Disclosure of Personally Identifying Information. (Hastily updated to add the correct link to the app’s privacy policy.) Also clarified the description of Librera Reader in that section. Updated Controllers, Questions, and How to Reach Me to note that I am also the “responsible party” with regard to the processing of personal information related to this website (for the purposes of local privacy laws that use that term rather than “controller”). Changed the name of that section to “Controller/Responsible Party, Questions, and How to Reach Me” and updated internal references to it accordingly.
    • April 16, 2020: In the CCPA Information Collection and Sharing Notice, revised the examples of professional or employment-related information, adding “and/or client(s)” to the bullet point about employer(s); changing the phrase “certification or licensure” to “certification and/or licensure”; adding a bullet point about other professional relationships; and rearranging the order of several bullet points in that list.
    • April 15, 2020: In Disclosure of Personally Identifying Information, updated the description of CompanionLink Software products listed among the examples of third-party service providers, removing the reference to DejaDesktop and adding the acronym “CRM” after “DejaOffice®.”
    • April 12, 2020: In the CCPA Information Collection and Sharing Notice, amended the second list in the Information Shared for Business or Commercial Purposes subsection (including adding a bullet point about appropriately crediting someone for the use of their intellectual property) to better align it with the list in Disclosure of Personally Identifying Information. Also adjusted the punctuation in that list for greater consistency. Updated Information I Receive for Security Purposes to note that I may also receive such security-related information through the security features, firmware, software, and/or services of my routers.
    • April 7, 2020: In Information I Receive from Third Parties for Security Purposes, changed the phrase “from other external sources such as …” to just “from sources such as …” (since “external” was potentially confusing here).
    • April 5, 2020: In the CCPA Information Collection and Sharing Notice, made a slight adjustment to the wording of the bullet point on sex, gender, gender identity, and/or gender expression (to separate the latter two items with a comma and “and/or” rather than a slash) and added a bullet point regarding language(s) spoken and/or preferred. (This doesn’t appear to be mentioned among the statutory categories, so I’ve listed it under “Characteristics of classifications protected by law,” since language would tend to suggest or implicate one or more characteristics that ARE specified by law.) In Disclosure of Personally Identifying Information, revised the description of dnscrypt-proxy to better describe what it does (viz., allow me to encrypt my DNS queries when I browse the web from my desktop computer).
    • April 4, 2020: Made some clarifications to yesterday’s entry on this revision list (April 3) regarding the changes to the Cookie Notice. Made some further adjustments to the Cookie Notice entries (regarding cookies set by embedded video players). In Definitions, updated the definition of “Cookies” to note that cookies are also used to help identify specific users or devices for analytics and/or advertising purposes. In Disclosure of Personally Identifying Information, amended the bullet point regarding journalistic, historical, and other nonfiction accounts to change “any associated illustrations, bibliographies, and/or metadata” to “any associated images, other media, bibliographies, and/or metadata”; revised the paragraphs following the bullet-pointed list to better explain the intended meaning of “non-public” information” and further clarify the intent and intended scope of that text; and added a reference to the CCPA Information Collection and Sharing Notice and the way some local laws have greatly expanded the definitions of the word “sale.” In the CCPA Information Collection and Sharing Notice, added a bullet point under “Commercial information” regarding information about retailers, vendors, and/or service providers. (This a clarification rather than a new type of information gathered, since this information is probably reasonably encompassed by the other examples listed in that category.) Amended the bullet point regarding “Information about specific vehicles” to also mention damage, repairs, and/or maintenance.
    • April 3, 2020: Updated the Definitions and Embedded Content section to explain that some embedded content may be saved (cached) in your browser. Also amended the latter section to clarify that this does not only apply to Google Fonts and Google Hosted Libraries. Further amended Embedded Content to note that embedded YouTube and/or Vimeo video players may show you ads (and may set cookies and/or use information the player gathers about you for that purpose). In the CCPA Information Collection and Sharing Notice, struck the word “permanent” in the phrase “death or permanent incapacity” (making it just “death or incapacity”) and changed “heirs and successors” to “heirs, successors, and/or assigns” for consistency with the corresponding language in Disclosure of Personally Identifying Information. In Disclosure of Personally Identifying Information, adjusted that bullet point to change “to third-party purchaser(s) or acquirer(s) (including, where applicable …” to “to the third-party purchaser(s) or acquirer(s) (and/or, where applicable …” for the sake of coherency and grammar. Also in Disclosure of Personally Identifying Information, updated the description of Librera Reader in the examples of third-party service providers to make some clarifications and add a link to their privacy policy; updated the description of Google services to add references to Google advertising services (which I don’t use, but may be used by apps, services, and/or websites I use) and a few additional trademark references; and updated the reference to Adobe to change “other services or tools” to “other services and/or tools”; and updated the reference to taxis and/or ride-share services to change “to meet with you via such means and/or arrange such transportation for you” to “to meet with someone via such means and/or arrange such transportation for someone.” Fixed a typographical error in an earlier item in this revisions list. Updated Cookies to clarify that the Cookie Notice forms part of this Privacy Policy; also added language to that effect to the preamble. Updated the Cookie Notice to also make that clearer, rearrange and update some text, and explain that the Privacy Policy license also applies to the Cookie Notice. Fixed a typo in this item. In the CCPA Information Collection and Sharing Notice, amended the bullet point regarding “Information about specific vehicles” to also include customization and/or modifications among the examples. (This a clarification rather than a new type of information gathered, since modifications or customization would reasonably be considered “other identifying characteristics or details,” but it seems worth specifying.)
    • April 1, 2020: Adjusted some wording in Embedded Content, for greater internal consistency and to clean up some grammatical issues. In the CCPA Information Collection and Sharing Notice, added a bullet point under “Other types of personal information” regarding gifts, donations, and contributions. (This is primarily a clarification, since gifts, donations, or contributions would probably also constitute “other types of purchases or transactions,” already listed under “Commercial information.”)
    • March 28, 2020: Added Nuance Communications, Inc. (present owner of the voice dialing software on the older of my BlackBerry devices) and the certificate management application Kleopatra (which is installed along with the Gpg4win suite) to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 27, 2020: In Disclosure of Personally Identifying Information, updated the bullet point regarding public responses to an inquiry or support request to also reference the Contact Forms section as well as the Other Inquiries, Messages, and Support Requests sections, for internal consistency. (I neglected to update this item when I added the Contact Forms section earlier this year.) Fixed some typographical errors in this revisions list. In License for This Policy, fixed the capitalization of Legalmattic.
    • March 23, 2020: Added the F-Droid repository and client app to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 22, 2020: Amended the revision made March 19 by changing the phrase “person or people to whom …” to “person(s) to whom …” (to better convey the intended meaning and specificity of that phrase). For the same reason, in the language about de-identified, anonymized, redacted, and/or aggregated information, changed “such that it could not reasonably be used to identify the specific person(s) to whom it pertains” to just “such that it could not reasonably be used to identify specific person(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonyimize, redact, and/or aggregate my own information).” Fixed a minor formatting error. In Advertising, Disclosure of Personally Identifying Information, and CCPA Information Collection and Sharing Notice, clarified the language about advertisers (to specify that I don’t let advertisers use technologies like scripts or cookies to gather information about you through the publicly visible portions of this website) and fixed some inconsistent wording. Also in Disclosure of Personally Identifying Information, struck the automotive sites listed among the examples of third-party service providers (as they’re unlikely to be applicable in the context of this website). In CCPA Information Collection and Sharing Notice, changed “to protect property, rights, and/or safety” to “to protect property, rights, security, and/or safety” to align with the recent revision of the corresponding language in Disclosure of Personally Identifying Information.
    • March 21, 2020: Added some additional automotive sites to those listed among the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 20, 2020: In CCPA Information Collection and Sharing Notice, amended the biometric information item to also mention fingerprints. (I have no means of analyzing, identifying, or using fingerprint data, but the law and its associated regulations make no such distinction.) Added Intel to the examples of third-party service providers under Disclosure of Personally Identifying Information.
    • March 19, 2020: In Disclosure of Personally Identifying Information, changed “Where that information otherwise is or was already publicly available” to “If that information otherwise is or was already publicly available” (to avoid potential ambiguity about the intended meaning of the word “where” in this context). In the bullet point regarding de-identified or aggregated information, inserted the word “specific” before “person or people to whom it pertains.” In the CCPA Information Collection and Sharing Notice subsection regarding Information Shared for Business or Commercial Purposes, changed “where” to “if” (and changed “Where I deem it reasonable and appropriate …” to “As I deem reasonable and appropriate …”) in the third bullet-pointed list and made some wording adjustments for consistency with the Disclosure language.
    • March 18, 2020: In Advertising, changed “use scripts or cookies to collect information about you while you are on the publicly visible/publicly accessible portions …” to “use scripts, cookies, web beacons, or other such technologies to collect information about you while you are visiting the publicly visible/publicly accessible portions …”; changed “(and can typically tell that you came from this website)” to “(and may be able to tell that you came from this website)”; and changed “NOT normal site visitors” to “NOT other site visitors.” In Disclosure of Personally Identifying Information, added a paragraph about advertising (basically to reiterate what it says in Advertising above) and fixed a technical problem with one of the links.
    • March 17, 2020: In the CCPA Information Collection and Sharing Notice subsection regarding Information Shared for Business or Commercial Purposes, changed the phrase “the management of my business” to “the management or operation of my business” and added the phrase “for publication and/or for use in or with my published work(s)” after “any images and/or other media you submit to me” in the interests of clarity. Also added a bullet point to the list following that one regarding the sharing of information that is already publicly available. (This is already noted elsewhere in that section, but I want to make it absolutely clear; I am quite alarmed by the unconstitutional effort of the CCPA and its associated regulations to restrict free expression and freedom of the press in the name of “consumer privacy.”)
    • March 16, 2020: In Disclosure of Personally Identifying Information, changed some additional instances of the second person to the third person (e.g, changing “you” to “someone,” “they,” or “the person or people to whom the information pertains”), continuing the update begun on March 15. In Embedded Content, changed the phrase “may include, but is not limited to …” to “may include, but is not necessarily limited to …”; changed “From time to time …” to “Not all of the above embedded content is necessarily used on the site at any given time, and from time to time …”; and added the phrase (“but without limitation”) after “for example” for greater clarity. Corrected some typographical errors in this revisions list.
    • March 15, 2020: In the CCPA Information Collection and Sharing Notice, amended the example under “Additional categories of personal information” regarding medical information to change “(e.g., health conditions, treatments or therapies received)” to “(e.g., health conditions and/or tests, treatments, and/or therapies received).” Also amended “and most of the insurance-related data I do receive is in aggregated form” to “and much of what insurance-related data I do collect is in aggregated form.” In Disclosure of Personally Identifying Information, amended “property, rights, and/or safety” to “property, rights, security, and/or safety” (to clarify the intended meaning of that phrase; obviously, “security” may encompass various threats and/or potential threats to property, rights, or safety). Also in that section, changed several instances of the second person to the third person (e.g, changing “you” to “someone,” “they,” or “the person or people to whom the information pertains”) to avoid potential confusion and amended the bullet point on historical, journalistic, and other nonfiction accounts to restore the word “accounts” (which had been accidentally deleted), change “associated bibliographies and/or metadata” to “associated illustrations, bibliographies, and/or metadata,” and change “which may include images and/or other media such as …” to “and may include images and/or other media such as, again without limitation …” Made a related change (adding “without limitation” and “again without limitation”) to the corresponding paragraph of Other Information I Receive from Third-Party Sources for consistency. In Information Captured by Service/Software/App/Device Telemetry, changed the phrase “about me and/or other individuals” to “about me and/or other individuals and/or households.” Removed some extra spaces.
    • March 14, 2020: In the CCPA Information Collection and Sharing Notice, amended the first example under identifiers to also specify nicknames. (This is essentially a clarification rather than an addition, as I would consider nicknames to be a type of alias/pseudonym.) In Disclosure of Personally Identifying Information, added automotive history and information sites (such as, without limitation, Allpar, AROnline, AutoZine, CarDomain, Curbside Classic, Dean’s Garage, Hemmings, Hooniverse, Indie Auto, Mazda 3 Forums, Mazdas247, The Truth About Cars, and TrueDelta) and the Opera browser (and/or its integral VPN/proxy service) to the examples of third-party service providers. Clarified an earlier item on this revisions list.
    • March 13, 2020: In the CCPA Information Collection and Sharing Notice, updated the geolocation data bullet to change the word “data” to “information” and edited the examples to illustrate that geolocation information can include movements as well as location (as is already noted in the Definitions).
    • March 12, 2020: In Disclosure of Personally Identifying Information, updated the paragraph following the bullet-pointed list to clarify that that language also applies to content I edit and/or write, and/or on which I consult, as part of my professional work (as well as work that I write and/or publish myself in that context). (I hope that this was previously implicit, but I don’t want there to be any confusion on this point.) In the bullet points, changed “journalistic or historical accounts” to “journalistic, historical, or other nonfiction accounts” (to limit hairsplitting about what is and isn’t “journalism”) and changed “in the course of researching and writing same” to “in the course of researching, writing, and/or editing same.” Also made some related clarifications in Other Information I Receive from Third-Party Sources.
    • March 11, 2020: Some wording adjustments: In Other Inquiries, Messages, and Support Requests, changed “the message itself might also be publicly visible” to “the messages themselves might also be publicly visible.” In the CCPA Information Collection and Sharing Notice, clarified the examples under commercial information by changing “property and/or services” to “personal property, products, goods, and/or services” (which is what that bullet point was always intended to encompass; the change is simply to make that clearer), fix a missing serial comma in that section, and change “purchasing or consuming history or tendencies” to “purchasing or consuming history and/or tendencies” (since one tends to suggest the other).
    • March 10, 2020: In Disclosure of Personally Identifying Information section, changed “repair, maintenance, and/or service providers” to “repair, maintenance, and/or technical service providers” for clarity.
    • March 9, 2020: In Disclosure of Personally Identifying Information, added Dell, LG, and Logitech to the examples of third-party service providers. In that same list, updated the description of WordPress.org to note that their privacy policy also applies to my use of their website and/or support forums to help me manage and troubleshoot this site. In the CCPA Information Collection and Sharing Notice, changed instances of the phrase “names or other personal information” to “names and/or other types of personal information” for internal consistency (and so as not to cause confusion with the usage outlined in Definitions). Also added airlines, bus or rail services, hotels, motels, other lodging providers, travel agencies, travel bureaus, travel brokers, and the developers of this website’s theme(s), plugins, and/or add-ons to the examples of third-party service providers under Disclosure of Personally Identifying Information (noting that my communications with such developers are typically but not always via the WordPress forums). Fixed a typo in this list.
    • March 8, 2020: In the CCPA Information Collection and Sharing Notice, struck the word “larger” in the phrase “and in the larger context of my business …” (since it might be confusing in this context).
    • March 7, 2020: In Disclosure of Personally Identifying Information, amended the bullet point on journalistic and/or historical accounts to clarify that, where applicable, information may be shared as part of the bibliographies and/or metadata of such content as well as within the content itself. Adjusted the formatting of that bullet point for greater readability.
    • March 6, 2020: In Disclosure of Personally Identifying Information, added Wikimedia Foundation, Wikipedia, and other Wikimedia projects and services to the examples of third-party service providers and changed “libraries, archives, and/or databases” to “museums, libraries, archives, and/or databases.” Removed some extra spaces.
    • March 4, 2020: In the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes, changed “for whom I provide writing/editing/writing consulting services” to “for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services.” (I believe this was implicit before, but it seemed worth spelling it out.) In Disclosure of Personally Identifying Information, updated the description of messaging services/apps/clients to strike the phrase “if I communicate with you through such means” and move that example to an earlier point in the same bullet point. Also changed the phrase “which I may use if I need to correspond with you via postal mail and/or send or receive packages” to “for the purposes of sending and/or receiving correspondence and/or packages.” Added other VoIP, voice chat, teleconferencing, and/or video chat services to the examples of third-party service providers. Further updated the CCPA Information Collection and Sharing Notice to clarify that the categories of information collected are NOT necessarily only from California residents (since I often have no reasonable way of knowing whether someone is a California resident or not) and made some minor textual adjustments for clarity.
    • March 3, 2020: In Definitions, amended the geolocation definition to more closely align with the statutory definition, broaden the examples presented, and note that geolocation information can also refer to movements as well as location. In CCPA Information Collection and Sharing Notice, further adjusted the wording, order, and examples of the listed categories to better align with the categories defined by the applicable statutes. Also added language explaining that some categories may overlap, that the list includes some categories the law does not specifically describe, and that the examples are intended to be representative but not exhaustive. Throughout this policy, changed several references to “local/offline storage” to “local and/or offline storage.” Fixed a typo in this revisions list.
    • March 2, 2020: In License for This Policy, added a link to Automattic’s Legalmattic repository and fixed an HTML issue with one of the existing links. In Definitions, updated the definition of embedded content to change “such as scripts, fonts, or video players” to “such as (without limitation) images, scripts, fonts, or video players”; updated the cookies definition to include definitions of first-party and third-party cookies and tracking cookies; and added a definition of pixel tags (in the cookies bullet point). In Embedded Content, changed “In certain cases, embedded content providers can also detect …” to “In some cases, embedded content providers can also detect other information, such as (without limitation) …” In Additional Information About Data Retention, added language about preservation requests from government and/or law enforcement agencies. In Disclosure of Personally Identifying Information, added storage facilities, information/document management services, movers, moving companies, and/or relocation services to the examples of third-party service providers. Removed some extra spaces.
    • February 29, 2020: In Disclosure of Personally Identifying Information, changed the phrase “either provided by you or obtained from third parties” to “provided by you and/or obtained from third parties” for greater consistency of wording and updated the descriptions of some of the open source and freeware tools listed among the examples of third-party service providers to better reflect who created/develops those tools (also reordering some of them to put them in mostly alphabetical order by developer). Added the GIMP Batch Image Manipulation Plugin by Alessandro Francesconi to the listed examples. Fixed a punctuation error in that section. In the last paragraph of the CCPA Information Collection and Sharing Notice section, changed the phrase “using one of the methods shown under …” to “using any of the methods described under …” In the Controllers, Questions, and How to Reach Me section, adjusted the language about CCPA requests for greater consistency with the preceding sections. (There’s no substantive change, just an effort to make the wording more internally consistent.)li>
    • February 28, 2020: Made some adjustments to the wording of the final paragraph in the Disclosure of Personally Identifying Information section regarding security measures, borrowing some additional language from the Automattic Privacy Policy as of December 31, 2019. (See the “License for This Policy” section toward the top of this page for links to that policy and its license.) Updated the Definitions to note that this policy treats “gather” and “collect” synonymously and changed some instances of “gather” to “collect” throughout. (This change is to hopefully avoid any confusion about the wording of certain legally required disclosures.) In Disclosure of Personally Identifying Information, updated the link to the BlackBerry Mobile Privacy Policy; fixed a punctuation error in that section; changed “messaging services, apps, and/or clients such as …” to “messaging services, apps, and/or clients such as (without limitation) …”; and added repair, maintenance, and/or service providers to the listed examples of independent contractors and third-party service providers Amended the data retention bullet point under Contact Forms to clarify that retained form data is typically moved to offline/local storage after receipt and I may sometimes redact portions that I no longer need. In the last paragraph of the Additional Information About Data Retention section, changed “the website’s online database(s) and mail servers, transferring the data to offline storage” to “the website’s online database(s) and/or mail servers, transferring the data to local/offline storage.” Updated Information I Receive from Third Parties for Security Purposes to include the Play Protect feature of Google Play among the listed examples of security data sources.
    • February 27, 2020: Amended the CCPA Information Collection and Sharing Notice section to add other types of identification, account, and/or membership numbers/identifiers to the examples of identifiers collected; add information about membership in and/or affiliation with other types of groups and/or clubs to the examples of other types of personal information collected; amend several of the examples under commercial information to include considering purchasing or using as well as desiring/intending to do so (making various minor wording adjustments to fit that into the existing language); change “Audio, electronic, visual, or similar information” to “Audio, electronic, visual, olfactory, or similar information”; and change “Skills/aptitudes” to “Skills, aptitudes, abilities, and/or intelligence.” (These changes aren’t new additions so much as an effort to better describe the types of information I have collected/may collect.)
    • February 26, 2020: In the CCPA Information Collection and Sharing Notice section, corrected an erroneous reference to the CCPA as the “California Consumer Protection Act” rather than the California Consumer Privacy Act.
    • February 25, 2020: Updated the preamble to add links to the privacy policies of my other websites. In Other Information You Provide to Me, changed “through or in connection with this website (and/or pertaining to my work and/or other creative endeavors)” to “through and/or pertaining to this website.” In Disclosure of Personally Identifying Information, added a bullet point about publicly acknowledging and/or thanking you for your assistance. Corrected an erroneous use of “us” rather than “me” in that section. Made a number of minor wording adjustments to Categories of Information and Purposes for Collection; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; Data Related to Recruitment/Hiring or Business Partnerships; Other Information I Receive from Third Parties; Additional Information About Data Retention; and Disclosure of Personally Identifying Information to replace some general references to my “business” to relate more specifically to this website (which is the intended scope of this policy). In Categories of Information and Purposes for Collection, also changed “Providing a service” to “Providing services” to match the wording used elsewhere in this policy. (I somehow missed that in the earlier revision.) In Disclosure of Personally Identifying Information, added notaries to the examples of third-party service providers. In Additional Information About Data Retention, changed “correspond regarding this website or related matters” to “correspond regarding this website and/or related matters” and changed “Any names and/or company/domain names I’ve entered into my spell-checking dictionaries” to “Names and/or company/domain names I’ve entered into my spell-checking dictionaries.” In that section and Other Information I Receive from Third-Party Sources, changed “… that I deem unusable and/or elect not to use” to “… that I deem unusable, elect not to use, and/or no longer need.”
    • February 24, 2020: In the Contact Forms and Other Information I Receive from Third-Party Sources sections, added links to the Additional Information About Data Retention section. Updated the references to that section in the Other Inquiries, Messages, and Support Requests; Other Information You Provide to Me; and Financial Transactions Policy sections for consistency of wording (also adding a link to the data retention bullet point at the beginning of the latter section). Clarified the data retention language in Data in Submitted Images and Data Related to Recruitment/Hiring or Business Partnerships. Further amended Other Information I Receive from Third-Party Sources to add some provisos to the data retention bullet point at the beginning; change “I can’t retain or remember every fact I see, read, or hear, but I do typically retain my notes” to “I can’t and don’t retain or remember every fact I see, read, or hear, but I do typically retain my notes in some form or other”; and note that I may delete or discard certain research notes, materials, and/or information that I deem unusable and/or elect not to use. Added similar language (also including drafts) to the first bullet point in Additional Information About Data Retention. Rearranged some of the text in the latter section to put it in a more logical order and made some other minor clarifications and additions. In Information I Receive from Third Parties for Security Purposes, clarified the reference to EasyList to note that it provides filter lists I may use with browser extensions (rather than being a browser extension in itself). Also added Hosh Sadiq’s filter list to that section. In the latter section, slightly amended the language regarding Epic Privacy Browser to change “through my use of …” to “through and/or in connection with my use of …” and changed “if you are or were involved with the subject(s) of content I write and/or edit” to “if you are and/or were involved with the subject(s) of such content.”
    • February 23, 2020: Streamlined and clarified the first paragraph of the Other Inquiries, Messages, and Support Requests section. Added a bullet point to Additional Information About Data Retention regarding postal mail and physical documents and amended the bullet point about email to include “mass mailings” as well as “obvious spam” among the types of email messages I promptly delete.
    • February 22, 2020: In Financial Transactions Policy and Disclosure of Personally Identifying Information, amended references to common carriers and/or shipping agencies to specify postal service(s), common carrier(s), and/or shipping agencies (singular or plural). (I had previously assumed that government-operated postal services were considered a type of common carrier, but I recently learned that that isn’t technically accurate in at least some jurisdictions; in any case, that language was intended to encompass both publicly owned postal services and other types of shipping/delivery services!) Updated the wording of the policy’s descriptions of some Google services, including noting that Google is a registered trademark of Google LLC. Also adjusted the descriptions of Yahoo! services. Fixed a formatting error. Added reCAPTCHA to the examples of Google services and added language about that service to Information Captured by Service/Software/App/Device Telemetry.
    • February 20, 2020: In the Contact and Image Authorization Forms section, clarified Data Retention slightly to note that I must retain information from California Privacy Request Form submissions.
    • February 19, 2020: In the Financial Transactions Policy, updated the Google Voice notice to clarify that notifications of missed calls to clarify that number may also be forwarded via email; change “… texts, or other messages” to “… texts, and/or other messages”; and clarify that calls and/or messages are subject to this Privacy Policy as well as the listed Google policies. Simplified and clarified the Data Retention subsection, adding a link to the Additional Information About Data Retention section of this policy. Updated Other Inquiries, Messages, and Support Requests and Additional Information About Data Retention, moving the information about data retention from the former to the latter section and making various amendments and clarifications to that information. In the Data Retention bullet point at the beginning of the Comments section, changed
      “… or comments on …” to “… and/or comments on …” In the Data Retention bullet point at the beginning of the Contact Forms section, changed “…” or any submission …” to “… and/or any submission … and added “… for compliance purposes” after “California Privacy Request Form submissions must be retained for at least 24 months.” Amended Data in Submitted Images to note that I may also elect to remove metadata from images or media files and/or may remove it incidentally while preparing the images/files for use. In Other Information You Provide to me, changed “… through or in connection with this website” to “… through or in connection with this website (and/or pertaining to my work and/or other creative endeavors).”
    • February 18, 2020: Made further amendments to the Financial Transactions Policy, principally to indicate that some provisions apply to payments I make as well as ones I receive and make a number of minor clarifications. Also changed “… such as (again without limitation) Form 1099-MISC” to “… such as (again without limitation) Form 1099-MISC and/or Form W-9.” In Disclosure of Personally Identifying Information, changed the phrase “(which process — and may sometimes audit or otherwise investigate — site-related financial transactions)” to “(which process — and may sometimes audit or otherwise investigate — my financial transactions).” Fixed some errors in the Table of Contents, including a reference to a section that no longer exists and an incorrectly named (and ordered) reference to the Data Retention section, renaming the latter “Additional Information About Data Retention” to avoid confusion. In Other Information You Supply to Me, changed “My use of personal information …” to “My use and retention of personal information …” and added a link to the Additional Information About Data Retention section. Removed some extra spaces. Fixed an error in this revision list (a previously listed change that wasn’t actually implemented due to some mishap). In Additional Information About Data Retention, changed “any financial transactions or legal agreements” to “any financial transactions and/or legal agreements”; changed “… which includes records of purchases or payments I make in connection with the website” to “… which includes (but is not limited to) including (but not limited to) records of purchases or payments I make or receive in connection with the website and/or my business”; and added an extra sentence to that bullet point: “I must also retain my tax records for bookkeeping and compliance purposes.”
    • February 17, 2020: Added a new Financial Transactions Policy subsection, following Data Related to Recruitment/Hiring or Business Partnerships, and a corresponding Transaction-Related Information I Receive from Third Parties section. Amended the Embedded Content bullet point about PayPal to refer to the Financial Transactions Policy for information related to PayPal transactions with me. Amended the Information You Provide to Me section to also refer to the Financial Transactions Policy. Amended the bullet point in Disclosure of Personally Identifying Information about dispute investigations involving third-party service to refer back to the Financial Transactions Policy and add some additional explanatory text. In Disclosure of Personally Identifying Information, changed “… for me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, or business partners” to “… to enable me to make informed hiring, employment, and/or business decisions regarding prospective employees, independent contractors, and/or business partners.” Amended the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes to better align text on information-sharing with the provisions in the Disclosure of Personally Identifying Information section. Made various minor clarifications throughout the CCPA Information Collection and Sharing Notice.
    • February 16, 2020: Amended the CCPA Information Collection and Sharing Notice to add “Information about individuals’ professional reputations” to the examples of employment-related information and “Information about individuals’ public and/or personal reputations” to the examples of other types of personal information (to spell out more explicitly what was hopefully already indicated by the other examples presented).
    • February 15, 2020: Amended the text throughout to clarify that I am a professional writer/editor and writing consultant (as well as a writer/editor). (This doesn’t represent any change in my actual business, just an effort to better describe it here.) To that same end, in the CCPA Information Collection and Sharing Notice, amended the Information Shared for Business or Commercial Purposes subsection to change “offering my articles or other content” to “offering my content or writing/editing/writing consulting services”; change “if that content incorporates any names or other personal information” to “if that content incorporates or involves any names or other personal information”; change “other content I am creating and/or editing for commercial advantage” to “other content I am creating and/or editing (and/or on which I am consulting) for commercial advantage.” In Other Information I Receive from Third Parties, changed “articles or other content I write and/or edit” to “articles and/or other content I write and/or edit (and/or on which I consult)” and changed “including people involved with …” to “including information about people involved with …” Added a bullet point to Disclosure of Personally Identifying Information about information incorporated into journalistic and/or historical content I publish or otherwise disseminate. Fixed a number of typographical errors. In Consents and Agreements, changed “site-related dispute or legal action” to “related dispute or legal action.” In Other Inquiries, Messages, and Support Requests, changed “my phone” to “my phone(s)” for internal consistency. In the examples of third-party service providers under Disclosure of Personally Identifying Information, changed “… and/or purchase site-related materials” to “… and/or purchase materials related to my research and/or my business.” Added registered trademark symbol to Flickr; removed it because it’s unclear if that’s correct or not.
    • February 12, 2020: Made some minor adjustments to the wording of Reports and Aggregated Statistics. Updated the text throughout to change the name of the CCPA Request Form to the California Privacy Request Form to reduce the risk of confusion. Updated Controllers, Questions, and How to Reach Me to add another link to the Do Not Sell My Personal Information page. In the Your California Privacy Rights section, added q attributes to longer quotes; subsequently removed them to avoid browser compatibility issues. In CCPA Information Collection and Sharing Notice, amended the wording of the Categories of Personal Information Collected subsection to change “… and/or similar records for writers, artists, designers, performers, developers, engineers, scientists, and/or other professionals” to “… and/or other comparable information about writers, artists, designers, performers, developers, engineers, scientists, and/or other professionals” and change “e.g., if an individual has been accused of or charged with a crime …” to “e.g., regarding an individual having been accused of, charged with, and/or convicted of a crime, and/or involved in a civil lawsuit …” (As with most of the many wording adjustments and minor amendments I’ve made to this policy in recent months, this change doesn’t represent a new type of collection, but rather my ongoing struggle to describe and categorize the scope of my normal business practices, particularly as regards my research!) Made assorted minor clarifications to this revision list. Further amended the CCPA Information Collection and Sharing Notice to note that parents or legal guardians can submit requests on behalf of their minor children through the Do Not Sell My Personal Information page; to fix some discrepancies in the contact instructions; and to change “Applicable law and/or regulations may stipulate the maximum time allowed for acknowledging and/or responding to your request” to “Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to your request.” Clarified some potentially confusing language in Your Rights (GDPR and State Laws).
    • February 11, 2020: In Other Information I Receive from Third-Party Sources, changed “… will give you a sense of what kinds of personal information I collect” to “… will give you a sense of what kinds of personal information I may collect.” In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to change “Information about other property or services …” to “Information about property and/or services …”; change “sports and/or other pastimes” to “sports, games, and/or other pastimes”; change “Publishing histories/bibliographies/discographies/filmographies/portfolios/development credits/patent records…” to “Publishing histories/bibliographies/discographies/filmographies/performance histories/broadcast histories/portfolios/development credits/patent records and/or similar records …”; and change “… scientists, and other professionals” to “… scientists, and/or other professionals.” In Disclosure of Personally Identifying Information, added Abine Inc.’s Blur (formerly known as DoNotTrackMe) and Cliqz International GmbH’s Ghostery® browser extension to the examples of third-party service providers. Updated Contact Forms to note that while CCPA Request Forms will not be published, I may release de-identified and/or aggregated information or statistics about requests received. (Also fixed some punctuation issues and changed some instances of “or” to “and/or.”) Added a new section on Reports and Aggregated Statistics. Made some further updates to Contact Forms, including adding additional language regarding CCPA Request Forms.
    • February 10, 2020: Fixed an error in an older item on this revision list. In Categories of Information and Purposes for Collection, renamed “Providing a service” to “Providing services” (also making this change globally) and added a new category: “Recruitment/hiring or business partnerships.” Added that category to the listed purposes in the Consents and Agreements; Comments; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; Information I Receive from Third Parties for Security Purposes; and Other Information I Receive from Third-Party Sources sections. Added “advertising and other commercial purposes” to the purposes listed for Comments and Personal Information. (These changes don’t represent a change in how I use information so much as an effort to more accurately categorize it.) Added a new subsection, Data Related to Recruitment/Hiring or Professional Partnerships, and added corresponding language to Other Information I Receive from Third-Party Sources, Information I Receive from Third Parties for Security Purposes, and Disclosure of Personally Identifying Information. In Disclosure of Personally Identifying Information, added employment agencies and background check services to the examples of third-party service providers. In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to add sports and/or other pastimes to the existing bullet point about opinions and tastes in the examples of commercial information; add grades and/or scores on standardized or aptitude/skill tests to the examples of education information; add professional certification or licensure, skills/aptitudes, professional references, and resumes to the examples of professional or employment-related information (combining “resumes/CVs” into a new bullet point); add credit ratings and past foreclosures to the examples of other financial information; and change “… of a public figure” to “… of public figures.” In Definitions, amended the definition of “referring site” to change the word “Whenever” to “When” and change the phrase “although the actual name of the HTTP header is …” to “although the actual name of the HTTP header that conveys this information is …” Amended California Privacy and Data Protection Rights to more clearly state that authorized agents can also find information on filing a request on the Do Not Sell My Personal Information page and to add a hyphen to “opt-out” to align with the usage in the applicable regulations. Added a new Contact Forms section. Updated Data Retention to add that I must retain CCPA requests for at least 24 months for compliance purposes and note that how long I reasonably need to retain other types of information may be dictated by applicable law/regulations and/or other legal obligations. Amended Advertising and the CCPA Information Collection and Sharing Notice subsection on Information Shared for Business or Commercial Purposes to note that if you click on advertising links, the advertiser may be able to tell that you came from this website. In CCPA Information Collection and Sharing Notice, made some further clarifications to the Collection Sources and Information Shared for Business or Commercial Purposes subsections.
    • February 8, 2020: In the CCPA Information Collection and Sharing Notice section, clarified the Categories of Personal Information Collected subsection by changing “These categories include information …” to “These categories also include information …” In Categories of Information and Purposes for Collection, amended the description of “Functionality” to strike the word “listed” and amended the description of “Providing a service” to change “… to provide some service or perform some action you ask (or have asked) me to perform” to “… to perform some action you have asked me to perform, provide my services, and/or conduct the normal activities involved in running my business and offering my services.” In that same section, also reworded the description of “Research and publishing” to change “I use the information as part of the research involved in my writing and editing work and/or other creative endeavors, and/or to help me decide what content to create and/or publish on this website in the future” to “I use the information as part of the research involved in creating and publishing my content, my other writing/editing work, and/or other creative endeavors, and/or to help me decide what content and/or other work to create and/or publish in the future”; reworded the description of “Security, troubleshooting, quality control, and technical improvement” to change “… to help me protect this website, its data, its users, and me from malicious activity; troubleshoot and resolve technical problems; and/or improve the quality and functionality of the site” to “… to help me protect this website, its users, my data, my systems/devices, my business, and/or me from malicious activity; troubleshoot and resolve technical problems; and/or maintain and/or improve the quality and functionality of the site and/or my services”; and reworded the description of “Advertising and other commercial purposes” to change “… monetize the site and its content in other ways” to “… monetize the site and/or my content in other ways.” Added “fulfilling a contractual obligation” to the listed purposes for Certificate Authority Checks; Online Tracking (along with some additional explanatory text); Security Scans (along with some additional explanatory text); Consents and Agreements; Other Inquiries, Messages, and Support Requests; Data in Submitted Images; and Other Information I Receive from Third-Party Sources. Added “functionality,” “fulfilling a contractual obligation,” and “legal compliance or audit” to the listed purposes for Website Server, Error, and Security Logs (along with some additional explanatory text). Added “fulfilling a contractual obligation” and “legal compliance or audit” to the listed purposes for Information I Collect from Third Parties for Security Purposes (along with some additional explanatory text). Fixed a typographical error in Embedded Content.
    • February 7, 2020: In Browser Tests, amended the purposes to also include “security, troubleshooting, quality control, and technical improvement.” In Embedded Content, amended the categories of information gathered to change “other browser settings/configuration details*” to “other browser settings/configuration details/add-ons*” and added “the presence of other cookies*” to better align with the actual text of that section. Amended the Advertising section and the CCPA Information Collection and Sharing Notice section’s subsection on Information Shared for Business or Commercial Purposes to clarify that some ads that appear on the site’s administrative dashboard (not normally visible or accessible to visitors other than logged-in site administrators) may include embedded content and/or other information-gathering mechanisms. Amended the CCPA Information Collection and Sharing Notice subsection on Categories of Personal Information Collected to note that while I do not knowingly collect personal information from minor children through this website, I may sometimes do so as part of my other writing/editing work.
    • February 6, 2020: In Disclosure of Personally Identifying information, updated the examples of third-party service providers to include insurers (and/or, where applicable, their respective affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries).
    • February 4, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include other applicable telephony and/or email providers and note that Bitdefender may also use various subprocessors such as (without limitation) Akamai Technologies, Inc., and Amazon Web Services. Restored the Age Verification section, which had been inadvertently deleted, made some minor updates to its language and formatting, and added category information like that of the other sections.
    • February 3, 2020: In Other Inquiries, Messages, and Support requests, further clarified the language regarding the use of third-party webmail services. Added links throughout to the Google Voice Privacy Disclosure and clarified some references to Google Voice. Fixed some punctuation issues. Corrected the spelling of FeedBurner.
    • February 2, 2020: Throughout, replaced most instances of the phrases “images or other media” and “photos and/or other media” with “images and/or other media” for greater internal consistency. In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to include information about awards, honors, other recognition, prizes, and/or winnings in games of chance or skill. Fixed a typo in this list. Tidied up the language recently added to Other Inquiries, Messages, and Support Requests.
    • February 1, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection to change “Political affiliations and/or activity” to “Political affiliations, opinions, and/or activity.” In Definitions, clarified the definition of “Images or other media.” Updated Security Scans to note that Google services may also scan messages for spam or malicious code. Updated Other Inquiries, Messages, and Support Requests to describe Google Voice among the examples of communication methods, fix a formatting problem, note that Google Voice notifications and/or transcripts are among the types of messages that may be sent via Gmail, update the trademark notice, and change “personal Gmail account” to “personal Gmail accounts.” Updated Information I Receive from Third Parties for Security Purposes to include Google among the listed information sources. In Disclosure of Personally Identifying Information, added Google Voice to the examples of Google Services and fixed a typographical error in that section.
    • January 31, 2020: In Disclosure of Personally Identifying Information, added Qualcomm to the examples of third-party service providers.
    • January 30, 2020: Added Adblock Plus and EasyList to the examples of information sources under Information I Receive from Third Parties for Security Purposes and the examples of third-party service providers under Disclosure of Personally Identifying Information. Corrected a couple of inadvertent uses of “our” rather than “my.”
    • January 29, 2020: In Disclosure of Personally Identifying Information, amended the description of Epic Privacy Browser to update the name of their associated search engine (now called EpicSearch.in) and note that their default search engine is now Yahoo.
    • January 28, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected to change “such as photographs, videos, audio recordings, and/or other media …” to “such as photographs, illustrations and/or other images, videos, audio recordings, and/or other media …” Also changed “… which are often revealed in IP address and/or user agent information)” to “… which are often revealed in IP addresses, user agent information, email signatures, and/or metadata).” Added an additional example under commercial information regarding stocks and/or securities ownership and/or purchases/transfers. Amended the Collection Sources subsection to also include podcasters and/or other media creators.
    • January 26, 2020: In Definitions, corrected the spelling of “referer” [sic] and clarified that it is (mis)spelled that way on purpose.
    • January 24, 2020: In CCPA Information Collection and Sharing Notice, further amended the Information Shared for Business or Commercial Purposes subsection to change the bullet point that read “Any individual or entity with whom I communicate and/or collaborate in the process of researching and developing my content, writing/editing work, and/or other creative endeavors” to “Any individual or entity with whom I communicate, consult, and/or collaborate in the process of researching and developing my content, writing/editing work, and/or other creative endeavors, and/or who communicates and/or consults with me regarding their content and/or other creative endeavors.” In Disclosure of Personally Identifying Information, added “taxi and/or ride-share services” to the examples of third-party service providers. In that list, separated Microsoft into its own bullet point and fixed a typographical error.
    • January 23, 2020: In Information I Receive from Third Parties for Security Purposes, changed “via the Mozilla Firefox browser” to “via Mozilla Firefox and/or other web browsers” and also added Google Safe Browsing (which is used by Mozilla Firefox, various other web browsers, and some other online services) to the examples of information sources. Fixed a typo in that list. Added InformAction’s NoScript extension to that section and to the examples of third-party service providers listed under Disclosure of Personally Identifying Information. Also added the CAD Team (maker of the Cookie AutoDelete browser extension), Nodetics (maker of the Cookiebro – Cookie Manager extension), and Thomas Rientjes’ Decentraleyes to the latter list.
    • January 22, 2020: In CCPA Information Collection and Sharing Notice, further amended the Information Shared for Business or Commercial Purposes subsection to change “… sharing and/or discussion of information that is already publicly available” to “… sharing, discussing, and/or otherwise disseminating information that is already publicly available.” Added Font Awesome to the examples of Embedded Content providers and third-party service providers in Disclosure of Personally Identifying Information.
    • January 21, 2020: In CCPA Information Collection and Sharing Notice, amended the Categories of Personal Information Collected subsection’s examples of commercial information collected to include information about art, books, other publications, films, videos, and/or other media an individual or household has read, watched, or otherwise consumed (or desires/intends to consume) and opinions, critical judgments, tastes, and/or preferences, expressed or implied, regarding cars and/or other vehicles; art, books, other publications, films, videos, and/or other media; and/or other products, goods, or services. Also amended the item beginning “Information about other property or services …” to append “and/or desires/intends to purchase or use,” slightly rearranging the wording to better accommodate the additional clause. Amended the item under professional or employment-related information regarding authorship and rights holder information to change “for books, films, software, photographs, other published works or designs, and/or for other intellectual property …” to “for artwork, books, films, software, photographs, other media, other published works or designs, and/or other intellectual property …” Amended the Information Shared for Business or Commercial Purposes subsection to reiterate that I may also share and/or discuss information that is already publicly available (e.g., in news articles, published works, and/or public records). Also changed “the general public” to just “the public.”
    • January 20, 2020: In CCPA Information Collection and Sharing Notice, amended the Collection Sources list to also include employees, independent contractors, agents, business partners, photographers, videographers, illustrators, observers, eyewitnesses, and clients or employers for whom I provide (or have provided) writing/editing services. Made some minor adjustments to the wording and punctuation of other items on that list. Amended the Information Shared for Business or Commercial Purposes subsection to change “Editors, publishers, clients, and/or other third parties …” to “Editors, publishers, clients, employers, and/or other third parties …”
    • January 18, 2020: Updated the examples of third-party service providers in Disclosure of Personally Identifying Information and revised the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice to include service providers and other entities who help me promote and/or sell (or otherwise offer for commercial advantage) my content, other creative endeavors, and/or services (e.g., literary or talent agents or agencies, publicists, promoters, public relations firms, ad agencies, brokers, and the like).
    • January 17, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include DataViz®, Inc. (in connection with the Documents to Go BlackBerry® app), Tracker Software Products (in connection with their PDF creation and editing software), and a variety of open source and freeware programs/apps. Fixed some inconsistent punctuation in that section and changed “and bookstores …” to “and/or bookstores …” Fixed a typo in this list.
    • January 16, 2020: In Disclosure of Personally Identifying Information, updated the examples of third-party service providers to include Librera Reader and Notepad++. Rearranged several items in that bullet point to put them in alphabetical order and made some minor text edits for consistency of presentation.
    • January 15, 2020: Amended California Privacy and Data Protection Rights to note that, except as otherwise required by law, privacy-related requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative and change “You may authorize an agent …” to “You may designate an authorized agent …”
    • January 14, 2020: Updated Information I Receive from Third Parties for Security Purposes to include some additional information sources.
    • January 13, 2020: In California Privacy and Data Protection Rights: Categories of Personal Information Collected, changed “photographs, videos, audio recordings, and other media …” to “photographs, videos, audio recordings, and/or other media …” In Comments, clarified some of the language about data retention and the deletion of comments and fixed some clunky grammar in the language about the information that becomes publicly visible when a comment is published. Rearranged some text in that section for better flow.
    • January 12, 2020: In California Privacy and Data Protection Rights, changed “The purposes for which I shared or disclosed the information” to “The categories of business and/or commercial purposes for which I collected and used the information”; changed “The categories of such third parties” to “The categories of third parties with whom personal information was shared”; rearranged the order of those bullet points; and struck the word “unredacted” from the phrase “… that exposes your unredacted personal information …”
    • January 10, 2020: In Disclosure of Personally Identifying Information, amended the language about embedded content providers’ possible use or disclosure of information to also include other service providers and/or vendors. Amended Website Server, Error, and Security Logs to clarify that the logs typically include dates and times in addition to the other types of information described.
    • January 8, 2020: Further clarified some language in CCPA Information Collection and Sharing Notice. Fixed some inconsistent punctuation and an improperly configured anchor link. In Disclosure of Personally Identifying Information, amended the link to the privacy policy for the Artifex SmartOffice app.
    • January 7, 2020: Made some minor adjustments to Categories of Information and Purposes for Collection, fixing a grammatical error and removing a parenthetical aside about “associated services” that doesn’t apply to this website. Added “advertising and other commercial purposes” to the list of potential purposes under Other Inquiries, Messages, and Support Requests; Data in Submitted Images; and Other Information I Receive from Third-Party Sources.
    • January 6, 2020: Amended Cookies to note that while the cookie descriptions include the cookies typically used on this website, embedded content providers may sometimes change or add cookies, and the descriptions may not include cookies set by certain administrative dashboard components.
    • January 5, 2020: Further amended CCPA Information Collection and Sharing Notice to include a more emphatic statement about how by the law’s broad definitions, any or all of the categories of personal information I collect in the course of my business could be deemed to be shared for business and/or commercial purposes, even if I do not “sell” personal information in the way most people understand that term. Also, in the lists of categories of personal information, moved “signatures” from “Identifiers” to “Other types of personal information” (also changing “written and/or digital” to “physical and/or digital”) and moved “domain names and/or websites/URLs” to “Internet or other online activity information.” Renamed “Information about an individual or household’s financial status” to “Other financial information” and made it a separate category. Reordered several of the items under “Other types of personal information.” Added “Other information about an individual’s online interactions” to “Internet or other online activity information” and changed “Errors and/or suspicious activity” to “Errors and/or suspicious activity on this website.” Fixed an inadvertent use of “us” rather than “me” in “Commercial information.”
    • January 4, 2020: In CCPA Information Collection and Sharing Notice, amended the examples of commercial information collected, changing “personal property or services” to “property or services” and adding a separate item about property records.
    • January 3, 2020: In Information I Receive from Third Parties for Security Purposes, added the StevenBlack hosts file to the list of examples of sources. In Definitions, in the item on “personal information,” changed “(which for the purposes of this policy I treat synonymously)” to “(terms this policy uses synonymously).” Amended Legal Bases for Collecting and Using Information to reword the first sentence (fixing the grammar and making clear that it applies to people in areas subject to European data protection laws); reorder several items; and change “to troubleshoot technical problems, and/or to appropriately respond” to “to troubleshoot technical problems, and to appropriately respond” in the last bullet point. Added the calibre ebook management suite to the examples of third-party service providers under Disclosure of Personally Identifying Information. Amended Website Server, Error, and Security Logs to add “special: other technical details*” to the types of information gathered. In Data Retention, amended the item about information related to the use of intellectual property owned by others to note that I may delete such information if I discontinue using that intellectual property for some reason (e.g., if I uninstall and delete some app or software) and change “it is my customary practice to retain …” to “I typically retain …”
    • January 2, 2020: In the Information Shared for Business or Commercial Purposes section, amended that section’s second list (the one prefaced with the sentence “I may disclose personal information I collect …”) to refer back to the Disclosure of Personally Identifying Information section, split the list into two separate lists, reordered some items, struck the phrase “for commercial advantage,” added some additional language about comments and public discussion, and adjusted the punctuation. Later in that section, in the sentence “Much if not all of the personal information I collect or access in the course of my business …” struck the words “in the course of my business” (this statement remains true whether the information is business-related or not). Also, changed the phrase “Because the proprietor of this website is a professional writer/editor and much (though not all) of the information I collect in connection with my business is intended for publication — whether on this website or elsewhere — a …” to just “Because I am a professional writer/editor …” and added some additional language about advertising disclosures. Amended Disclosure of Personally Identifying Information to reiterate (as already explained in Other Information I Receive from Third-Party Sources) that my research and writing process process often involves discussing or sharing relevant information with third parties. In the Data Retention, Disclosure of Personally Identifying Information, and CCPA Information Collection and Sharing Notice sections, changed the word “freelance” to “professional” (because not all of my professional writing/editing work is necessarily in a freelance capacity). Clarified some of the language in the Ads section and renamed that section “Advertising,” updating other references to the section accordingly. Fixed a link formatting error in Embedded Content. In Data in Submitted Images, amended the list at the beginning to note that geolocation data may be “provided by provided by the creator/rights holder/repository, determined from metadata, and/or inferred from other data.” In Definitions, in the definition of “IP address,” changed “Each device that can access the Internet has its own IP address; if you use several different Internet-capable devices, their individual IP addresses are usually all different” to “If you use several different Internet-capable devices, their individual IP addresses are typically all different (although if you have several devices connected to the same router or tethered together, they might share the same IP address so long as they remain connected or tethered).”
    • January 1, 2020: Added the International DOI Foundation to the examples of third-party service providers under Disclosure of Personally Identifying Information. In the first sentence of that section, changed “may release or disclose …” to “may share, release, or otherwise disclose …” Under California Privacy and Data Protection Rights, simplified the language about verifying your identity before processing certain privacy requests. Under Categories of Personal Information Collected, added compensation to the examples of professional or employment-related information collected and changed “Current or past employer(s)” to “Current and/or past employer(s).” Under Definitions, changed the boldface heading “Personal information” to “Personal information/personally identifying information,” since this policy treats those terms synonymously. Under Your Rights (GDPR and State Laws), clarified the wording of the first paragraph and the list of rights provided by the GDPR.

    For space reasons, I have moved the older entries in this revision list to a separate Older Privacy Policy Revisions page.

    Privacy Preference Center

    Privacy and Cookie Preferences

    These cookies manage your cookie and privacy preferences. There will typically be several such cookies, each beginning with "gdpr" (e.g., gdpr[allowed_cookies], gdpr&5Bprivacy_bar&5D, and gdpr[consent_types]). They normally expire after about one year. If you delete or disable these cookies, your existing preferences will be lost and you may not be able to save your privacy settings for this website. (These cookies may not be set at all for administrative users unless they access the publicly visible portions of the website.)

    gdpr, gdpr[allowed_cookies], gdpr&5Bprivacy_bar&5D, gdpr[consent_types]

    Accessibility Settings

    If you change certain aspects of the site's appearance using the accessibility sidebar, it may set these cookies to manage and remember your settings. The wahFontColor and wahBgColor cookies, which are set if you alter the site's color scheme, normally expire after about 14 days, but you can remove them immediately by clicking the "Restore Defaults" button on the sidebar.

    I may sometimes present an alternative version of the sidebar offering different options, which may set the a11y-desaturated, a11y-high-contrast, and/or a11y-larger-fontsize cookies if you change those settings. These a11y cookies normally expire after about seven days, but are removed immediately if you restore the applicable settings to their default values.

    wahFontColor, wahBgColor, a11y-desaturated, a11y-high-contrast, a11y-larger-fontsize

    Age Verification

    Viewing certain site content may require you to first verify your age by entering your date of birth. If your birth date indicates that you are 18 or older, the website places the age_gate cookie (whose value is "1," meaning "yes, passed") to allow you to access age-restricted content. The cookie remains active for up to 14 days if you click the "Remember me" check box when you enter your birth date; otherwise, the cookie normally expires when you close your browser. If the birth date you entered indicates that you are NOT 18 or older, the website may place the age_gate_failed cookie (whose value is also "1") to prevent you from trying again to access age-restricted content. (The website does not retain your birth date or your age. See the "Age Verification" section of the Privacy Policy for more information about how the age verification system works.)

    age_gate, age_gate_failed

    Password-Protected Posts

    Accessing certain posts or pages on this website may require you to enter a specific password. If you correctly enter the password, the site saves this cookie on your device to allow you access to the password-protected post or page. (For this cookie, "xx" will be a cryptographic hash.) The cookie normally expires in about 10 days and is not set at all if you do not access any password-protected content.

    wp_postpass_xx

    Commenting

    When you submit a comment, you may have the option save your information for future comments, storing the info in these cookies. (For each of these cookies, "xx" will be a cryptographic hash.) The cookies are not set at all unless you select that option when submitting a comment. They normally expire in just under one year, but you can delete the cookies in your browser at any time. (These cookies are not usually set for administrative users, since comments they submit while logged in are associated with their user ID number and user profile information rather than a manually entered name and email address.)

    comment_author_xx, comment_author_email_xx, comment_author_url_xx

    YouTube Videos

    These third-party cookies may be set by YouTube (which is now owned by Google, superseding the now-defunct Google Video hosting service) in connection with embedded videos, for purposes such as (without limitation) managing video settings (such as tailoring the playback to your connection speed), storing video preferences, providing certain functionality such as allowing you to stop and restart a video without losing your place, showing you advertisements, associating your video viewing and other activity with your Google account (if any), ensuring proper functioning of the service, and/or compiling user analytics data. The cookies may be set by various domains, including (but not necessarily limited to) youtube.com, youtube-nocookie.com, googlevideo.com, ytimg.com, google.com, accounts.google.com, and/or doubleclick.net (which is part of the DoubleClick advertising service). Some are session cookies that expire when you close your browser; others may remain on your device as long as your browser settings permit. Some cookies Google sets in connection with your Google account and/or advertising served through YouTube (which may include others not listed here) are persistent cookies that may remain in your browser for as long as your individual browser settings permit. See Google's "Types of Cookies Used by Google" page for more information about the functions of their various cookies. To learn more about how Google uses the information they collect, see the Google Privacy Policy. (YouTube, Google Videos, and DoubleClick are trademarks of Google LLC. Google is a registered trademark of Google LLC.)

    yt.innertube::nextId, yt.innertube::requests, yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name, recently_watched_video_id_list, use_hotbox, demographics, GPS, LOGIN_INFO, PREF, VISITOR_INFO1_LIVE, YSC, AID, ANID, APISID, CONSENT, DSID, FLC, GAPS, IDE, NID, HSID, OTZ, SID, SNID, SIDCC, TAID, exchange_uid, 1P_JAR

    Vimeo Videos

    These third-party cookies may be set by Vimeo in connection with embedded videos, for purposes such as (without limitation) managing video settings, storing video preferences, providing certain functionality (such as allowing you to pause a video at a particular point), associating your video viewing and other activity with your Vimeo account (if you have one), showing you advertising, and/or compiling user analytics data. The cookies whose names begin with "_ga" and "_ut" are associated with Google Analytics (which is subject to the Google Privacy Policy); the ones whose names begin with "_ceg" are associated with the Crazy Egg web analytics service (which is subject to the Crazy Egg Privacy Policy); the ones that begin with "optimizely" are associated with the Optimizely digital experience optimization service (which is subject to the Optimizely Privacy Policy); and the ones beginning with "adsense" or listed in all caps are associated with Google AdSense and/or other Google advertising services (which are also subject to the Google Privacy Policy). The Vimeo Cookie Policy does not currently disclose the normal durations of their cookies, but some are persistent cookies that may remain in your browser for as long as your individual browser settings permit; some Google Analytics cookies can persist for up to two years. For more information about how Vimeo uses the information they collect, see the Vimeo Privacy Policy. (Vimeo is a trademark of Vimeo, Inc. AdSense and Google Analytics are trademarks of Google LLC; Google is a registered trademark of Google LLC. Crazy Egg is a trademark of Crazy Egg, Inc. Optimizely is a trademark of Optimizely, Inc., registered in the United States, EU, and elsewhere.)

    _abexps, aka_debug, clips, continuous_play_v3, embed_preferences, has_logged_in, is_logged_in, jsessionID, player, search_click_position, Searchtoken, stats_end_date, stats_start_date, sst_aid, uid, v6f, vimeo, vuid, _ga, _gads, _utma, _utmb, _utmc, _utmv, _utmz,_ceg.s, _ceg.u, optimizelyBuckets, optimizelyEndUserId, optimizelySegments, adsense, adsenseReferralSourceId, adsenseReferralSubId, adsenseReferralUrl, adsenseReferralUrlQuery, S_adsense, APISID, GAPS, HSID, NID, N_T, PREF, SAPISID, SID, SNID, SSID

    PayPal® Buttons

    The payment or donation buttons that may appear on portions of the administrative dashboard (which is not normally accessible except to logged-in administrative users) contain embedded content served by PayPal®. Those buttons may set the third-party cookies PYPF (via paypalobjects.com), which appears to check whether or not you are a logged-in PayPal user and is probably used to facilitate the PayPal user login process, and/or 01A1 (via abmr.net), which stores certain technical information about your device and browser, probably to facilitate the login and shopping cart functions. The PYPF cookie normally expires in approximately four weeks, the 01A1 cookie in approximately one year.

    If you use the buttons to make a payment or donation, PayPal sets additional cookies (not listed here) to manage your PayPal login and transaction data (and potentially also for various other purposes, such as user analytics and/or advertising). For more information on what data PayPal collects and what they do with it, visit their Legal Agreements for PayPal Services page to review the PayPal Privacy Statement and Statement on Cookies and Tracking Technologies that apply in your location. (PayPal is a registered trademark of PayPal, Inc. All button icons, custom graphics, logos, page headers, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal or PayPal's licensors.)

    PYPF, 01A1

    Administrative and Login Cookies

    These functionality cookies are used to manage user logins and other WordPress administrative functions, such as post editing. If you are not an administrative user, they shouldn't normally be placed on your device at all unless you somehow access the login area, which is off-limits to non-administrators.

    Accessing the login page places the wordpress_test_cookie (a session cookie that tests whether your browser will allow the cookies needed to log in and expires when you close your browser) and the itsec-hb-login-xx cookie (which expires after about one hour and helps protect the site against "brute force" attempts to hack user passwords).

    Logging in sets the wordpress_logged_in_xx, wordpress_sec_xx, and/or wordpress_xx cookies, which store your user login credentials to allow access to the administrative dashboard and other administrative functions; these cookies expire in about 15 days if you click "Remember Me" when logging in, but if you don't, they normally expire when you close your browser (or, failing that, within about two days). The wp-settings-UID cookies store a logged-in user's configuration settings, while the wp-settings-time-UID cookies store the time those configuration settings were set; these cookies normally expire after about one year. One or more wp-saving-post cookies may be placed while creating and/or editing posts or pages, to help manage version control and the autosave feature; these cookies normally expire after about 24 hours. The wp-donottrack_feed cookie, which controls a blog feed, may be set by accessing the dashboard menu for the WP DoNotTrack plugin (if I currently have that plugin enabled); this cookie normally expires in about one year.

    For all of these administrative and login cookies, the "xx" will be a cryptographic hash while "UID" will be the administrative user's user ID number in this website's WordPress database. (WordPress is a registered trademark of the WordPress Foundation.)

    wordpress_test_cookie, itsec-hb-login-xx, wordpress_sec_xx, wordpress_logged_in_xx, wordpress_xx, wp-settings-UID, wp-settings-time-UID, wp-saving-post, wp-donottrack_feed

    Change Font Size
    Contrast Mode (Note: This option sets cookies to save your settings)