This Privacy Policy explains what personal information I may collect through and/or in connection with the aaronseverson.com website (including, where applicable, its web feeds, if any) and how I may use and/or disclose that information. Please read this policy carefully. By accessing and/or using the aaronseverson.com website, you indicate your acceptance of the policy described below and of the Cookie Notice (which forms part of this Privacy Policy and is incorporated herein by reference; the Cookie Notice also constitutes the “cookie policy” for this website, for jurisdictions that specifically require such a policy).
Please note that your use of any third-party websites or services, including those linked from the aaronseverson.com website and/or on which I may have accounts, is subject to those sites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use, which may apply in addition to or instead of this Privacy Policy and/or the Terms of Use for the aaronseverson.com website. My automotive website, Ate Up With Motor, has its own privacy policy, as does my professional writing/editing/writing consulting website, 6200 Productions, whose privacy policy also applies to my writing/editing/writing consulting services outside of Ate Up With Motor. Those policies are separate from this one. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor. 6200 Productions is a trademark of Aaron Severson dba 6200 Productions.)
EFFECTIVE DATE: This version of the Privacy Policy was last updated on and is effective Friday, January 12, 2024. If the last time you reviewed this policy was prior to that date, or if you received a notice indicating that the Privacy Policy has changed, you may want to jump directly to the “Recent Revisions” section at the bottom of this page, which summarizes recent changes in reverse order by date.
Variations in text style (e.g., different font weights, sizes, or colors) are used throughout this Privacy Policy to improve readability, but have no legal significance or effect.
IMPORTANT NOTE: In the event you make some separate written agreement with me pertaining to this website and/or its content (e.g., a contract for professional services, an advertising or endorsement agreement, or a license agreement for the use of my content) that includes provisions pertaining to the use, disclosure, and/or retention of certain information related to such agreement and/or the subject(s) thereof (e.g., confidentiality or nondisclosure provisions, and/or stipulations to not disclose certain information prior to a specific date/time), the terms of that agreement shall, where applicable, take precedence over this Privacy Policy.
Who I Am
For purposes of this Privacy Policy, the words “I,” “me,” and “my” refer to Aaron Severson, the owner and operator of the aaronseverson.com website, an individual U.S. citizen residing in Los Angeles, California, USA. I, along with my web host, DreamHost® (which also hosts the mail servers for my aaronseverson.com email addresses; DreamHost is a registered trademark of DreamHost, LLC), and many of the other third-party vendors and service providers I use in connection with the aaronseverson.com website, are located in the United States and are subject to U.S. law, which may differ from the laws of your area. For my contact information, see the “Controller/Responsible Party, Questions, and How to Reach Me” section toward the bottom of this page.
Credits and License for This Policy
Portions of this Privacy Policy were adapted from the Automattic Privacy Policy and from the Automattic Terms of Service for WordPress.com (both of which you can also find at their Legalmattic repository), which are both licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. Therefore, this Privacy Policy is also licensed under CC BY-SA 4.0, as the terms of that license require. If you elect to use or further adapt this policy, please credit Automattic as well as me (Aaron Severson). I also strongly recommend that you note the effective date shown above and include that date in your attribution if it is reasonably practical to do so. Recent changes to this policy are summarized in the “Recent Revisions” section below; see the change log at the bottom of the Automattic policies linked above (or check their repository) for their revision history — both this policy and the Automattic policies have been modified many times! (Automattic, Legalmattic, and WordPress.com are trademarks or registered trademarks of Automattic (or Automattic’s licensors). WordPress is a registered trademark of the WordPress Foundation in the United States and other countries. I am not affiliated with or endorsed by Automattic or the WordPress Foundation in any way.)
Notice Regarding Children Under 18; Not for Children
This website is not intended for or directed to children, and should not be accessed or used by children under 18 years of age. Except as otherwise required by law, in the event I receive any personal information through this website that I know or subsequently discover to be from a child under the age of 18 (e.g., a message to the site’s administrative email address or a comment), it is my policy to promptly delete such information or, if complete deletion is not possible, to take whatever steps I reasonably can to de-identify or anonymize that information.
If you are a parent or legal guardian and believe that this website may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. You may also contact me via any of the methods described in that section to request and obtain removal or deletion of content or information you posted on this website while under the age of 18. (Please note that such removal or deletion does not ensure complete or comprehensive removal of the content or information you posted on this website.)
Except as otherwise required by law, requests or inquiries pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.
Definitions
To help simplify and clarify the rest of this policy, the following definitions will be used throughout this document:
- User(s) and visitor(s): For the purposes of this policy, I use the terms “visitor” and “user” synonymously to mean any individual who accesses and/or uses this website. This policy assumes that you, the reader, are such a visitor/user. This policy sometimes also refers to administrative user(s) (or site administrator(s) — these terms are used synonymously), which refers to me and/or any other users I have specifically authorized to access and manage the website’s various administrative functions; see “Data Related to Administrative Users” below.
- Personal information/personal data/personally identifying information/personally identifiable information: Different jurisdictions and different laws have different definitions of “personal information,” “personal data,” “personally identifying information,” and “personally identifiable information” (although this policy uses those terms synonymously), but in general, these terms describe any information that identifies and/or relates to a particular individual or “household” (another term that may have different legal definitions depending on the specific jurisdiction and law in question). Information that describes and/or could be linked to or associated with someone and/or their household can constitute personal information even if it doesn’t identify them by name. This policy also uses the term “potentially personally identifiable information” to describe information that might be individually identifiable in certain contexts (and/or in combination with certain other information); earlier versions of this policy called this “potentially personally identifying information,” which meant the same thing.
- Gather and collect: This Privacy Policy uses the terms “gather” and “collect” synonymously.
- Identifiers: “Identifiers” are pieces of personal information that specifically identify a particular individual, household, or device, such as (though not limited to) a real name or unique pseudonym, a postal mailing address, an email address, a Social Security number or other taxpayer identification number, a driver’s license or state ID card number, a passport number, a unique device ID number, or the unique advertising ID that many modern operating systems (for desktop computers as well as mobile devices) automatically transmit to the websites and/or apps you use (although the latter identifier can often be reset, removed, and/or disabled; for details, consult the documentation for your specific device and operating system). Some jurisdictions also consider IP addresses to be identifiers.
- Protected classifications: Some pieces of personal information are characteristics of one or more classifications that are protected by civil rights law and/or nondiscrimination laws, e.g., race, religion, gender, medical condition, and/or disability.
- IP address: An Internet Protocol (IP) address is the numerical address of any device capable of accessing the Internet. If you use several different Internet-capable devices, their individual IP addresses are typically all different (although if you have several devices connected to the same router or tethered together, they might share the same IP address so long as they remain connected or tethered). An IP address usually has an associated “hostname,” which is a type of domain name (defined below) that identifies a specific device connected to the Internet. A visitor/user’s hostname is typically a combination of their IP address and the name of a server, network node, or data center of the Internet service provider, mobile carrier, or other network provider that provides that IP address; mechanisms that collect and/or use visitor/user IP addresses generally also collect and/or use the associated hostnames, if any (although there are some exceptions). A given device’s IP address may change periodically (especially if the device is configured to use “dynamic” IP addresses assigned by the Internet service provider or mobile carrier, and/or if the device is used with several different Internet service providers/mobile carriers). It is possible to hide a device’s IP address and Internet service provider/mobile carrier by using a virtual private network (VPN) or proxy service; with such services, you first connect to a remote server provided by the VPN or proxy service and that server then connects to other Internet sites and/or resources, which “see” only the IP address of the proxy server. For the purposes of this policy, when I refer to IP addresses, I mean the IP address that actually connects to my website or that I otherwise receive, whether that is your device’s actual IP address or a proxy. (In many cases, I have no way to tell the difference.)
- User agent information: A “user agent” is any software program, service, or system that allows a user to access and/or retrieve online content — for example, a web browser, an email client, or a web “crawler” of the kind used by search engines. User agents automatically reveal certain information about themselves — and therefore about the user — to any online resource they access, enabling that resource to deliver its content in a way the user agent can correctly handle. The information that may be revealed in this way naturally varies depending on the specific user agent involved. A web browser’s user agent information typically reveals, at a minimum, the browser type and version, the operating system in which the browser is running, and certain settings such as (though not limited to) preferred language and time zone; if you’re using a mobile browser, the user agent information may also reveal the specific type of mobile device you’re using. While it can constitute personal information in at least some jurisdictions, user agent information is not necessarily personally identifiable in and of itself, although it is sometimes possible to identify an individual user based on their specific combination of user agent and device characteristics, a technique called “browser fingerprinting.”
- Domain name and/or hostname: A domain name is the name of an online resource such as (without limitation) an email server or a website; for example, “aaronseverson.com” is a domain name. A domain name is usually associated with one or more IP addresses. When you access an online resource by its domain name, your device first connects to a Domain Name System (DNS) server, which is an online directory that contains the IP addresses associated with domain names, to look up the appropriate IP address so your device can connect to it. Certain domain names, known as “hostnames,” identify specific devices connected to the Internet and/or other network(s). (Websites and online services may use multiple servers, sometimes located in different places, and thus may have multiple hostnames.) When you access the Internet, your hostname — which the websites and online services you visit and/or use can usually see — is typically a combination of your IP address and the name of a server, network node, or data center of the Internet service provider, mobile carrier, or other network provider you’re currently using. The ownership of an Internet domain name must be registered, and the current contact information of the registered owner(s) must be available to the public, although some registrars and registry services offer anonymizing or proxy services that limit the public visibility of that information while still enabling the public to contact a domain’s registered owner.
- Embedded content: Most web pages consist of many different elements, including not only the code that makes up each page, but also various images, other media files, fonts, and scripts. For this website, most of those elements are hosted on and are served (i.e., loaded and run in your browser or other user agent) by web servers owned by my web host and/or its subprocessors; this policy describes such elements as “local,” “locally served,” or “locally hosted” content (these terms are used synonymously). Certain elements of the website, such as (without limitation) images, scripts, fonts, and/or video players, may be hosted on and served by servers and/or services not owned or operated by my web host or their subprocessors, such as (again without limitation) third-party hosted libraries or content delivery network (CDN) servers; this policy describes such elements as “embedded content.” Whenever you access a portion of this website that includes embedded content, the site instructs your browser (or other user agent, as applicable) to request and load that content from its respective provider(s). Some types of embedded content (e.g., fonts) may be cached (stored) on your device for faster loading; additionally, your browser (or other user agent) may store certain associated data (e.g., the date and time the embedded content was loaded and/or last updated). With most modern web browsers, this process is completely automatic, although it can sometimes be managed through the browser’s advanced settings and/or the use of browser add-ons.
- Visitor activity: For purposes of this policy, “visitor activity” refers to any information I may collect about my visitors’ online activity and/or actions, whether on this website or elsewhere online, e.g., web pages they’ve visited, links they’ve clicked, and/or search terms they have looked for.
- Malicious activity: I define “malicious activity” as any activity or action intended to harm, abuse, compromise, or disrupt the functions of this website, its data, my web host, my embedded content providers, my visitors/users, my system(s) and/or device(s), my business, me, and/or others, or defraud or attempt to defraud me, my service providers and/or vendors, my visitors/users, and/or anyone else. (I consider spamming to be a form of malicious activity.).
- Errors and suspicious activity: For purposes of this policy, “errors” means any visitor activity that generates an error message of some kind, e.g., when some of the images or elements that should appear on a particular page fail to load. “Suspicious activity” means any activity and/or action(s) that could be a sign of malicious activity. Of course, not all suspicious activity is actually malicious; often, it results from a harmless mistake or a technical glitch beyond anyone’s reasonable control.
- Names: Except as otherwise specified, where I refer to “names” in this policy, it includes both real names (first and/or last name(s), and in some cases middle name or middle initial) and pseudonyms/aliases. In general, I only require your full legal name in certain circumstances (e.g., for contracts and/or other legal matters). Otherwise, you are free to communicate with me using only a pseudonym or alias, although if you do so, I may have no way of associating those communications with information I may have about you under your real name and/or other pseudonyms or aliases. (Also, if your pseudonym or alias looks like a real name, I may have no way to know it isn’t one!)
- Email address(es): Email is the main means by which I respond to visitor/user questions and inquiries, as well as how this website associates posted comments with the people who made them. For purposes of this policy, I assume that email addresses naturally include domain names even where I don’t expressly specify “domain names” in the list of information collected. (I may sometimes collect domain names that are not associated with a single email address.)
- Email header information: All email messages include email headers (sometimes called “Internet headers”) that contain not only the sender and recipient email addresses, but also the IP addresses and/or hostnames of the mail servers that transmitted the message, routing information, security protocols, encryption information (if any), the mail client(s) used, and/or other technical details; in some cases, the headers may also include your IP address and/or hostname. (The precise details may vary depending on your email client and provider and how you’re connecting to the Internet.) Although email headers always include your email address, there are situations where I may have your email address, but not your email header information, usually because I have never actually exchanged any email messages with you.
- Other contact information: This is a blanket term intended to encompass any type of contact information other than email addresses, e.g., someone’s telephone number(s) and/or postal mailing address(es), and/or any other identifier that allows a specific individual to be contacted either physically or online.
- Images and/or other media: “Images” is hopefully self-explanatory; for purposes of this policy, “other media” (or “other media files”) is a blanket term intended to encompass any audio, visual, audiovisual, and/or multimedia content that is not an individual image, including, but not limited to, films and/or other videos, audio recordings, broadcasts and/or streams, comic books, presentations, and/or slide shows.
- Other documents/materials: This includes any type of physical or electronic document and/or material, e.g., books, magazines, letters sent via postal mail, press releases, and/or clippings.
- Metadata: Many types of data — particularly electronic data, documents, and communications — include and/or contain data that describes that data, often generically known as “metadata.” For example, the metadata of most electronic files typically includes (but is not necessarily limited to) data such as the filename, file size, type, creation date, and last modified date as well as technical details like bit rate and/or pixel dimensions. The information in telephone records (e.g., the phone numbers of the callers, the date and time of each call, the call durations) can also be considered metadata. (These are just a few examples.) While metadata is not necessarily personally identifiable, it can sometimes constitute personal information, particularly if it includes or can be associated with identifiers such as the name and/or contact information of a specific individual. (Note: “Metadata” is a registered trademark of Metadata LLC in the United States, although the word metadata has been in widespread use for years as a generic descriptive term for data about other data. I use the word metadata strictly in a generic descriptive sense; I am not affiliated in any way with Metadata LLC, and no affiliation or association with that company or its products or services is implied.)
- Geolocation data: Geolocation data means information about an individual or household’s physical location and/or movements, such as (though not necessarily limited to) the fact that an individual is or was present in a particular geographical location or traveled between two or more geographical locations. I may receive geolocation data from you directly, e.g., when you tell me your location in a comment or other communication (or, obviously, if I meet or otherwise encounter you in person); if someone else directly or indirectly describes your location or movements to me; and/or if I (and/or my service providers, where applicable) determine, estimate, and/or infer your geographical location or movements based on other data (e.g., your IP address and/or hostname, the area code of your telephone number, and/or GPS coordinates in the metadata of your submitted images). Although some jurisdictions regard geolocation data as personal information, it doesn’t necessarily reveal where you live or work, and in some cases may not reflect your actual location at all, particularly if you use a VPN or proxy service.
- Websites/URLs: “URL” (an acronym for Uniform Resource Locator) is the technical term for a web address. A website URL isn’t necessarily personally identifying, at least by itself, but the URLs of your social media profile(s), online resume/CV, and/or other such web page(s) would probably be considered personal information. (Those are just two obvious examples; there various possible scenarios in which a URL might contain and/or constitute personal information.) Where this policy refers to “websites/URLs” as a category of personal information, I mean URLs that may contain (or that link to) personally identifiable information about individuals or households.
- Referring site: When your browser or other user agent connects to some online resource — e.g., when you click a link or access embedded content on a web page or in an email message — that online resource can generally see the website or other online location, if any, from which the request originated, which is known as the “referring site” or “referer” [sic — some sources use the correct spelling, referrer, although the actual name of the HTTP header that conveys this information is (mis)spelled “referer”]. If the referer is the results of a search query (for example, when you click on a link from search engine results), the online resource you access can typically see not only the referring site, but also the specific search terms you were looking for. (Some privacy-focused search engines claim to take steps to remove this referer information so the destination site can’t see it, but most popular search engines do not.)
- Other personal information: This may include any information about an individual or household that could be considered personal information or personally identifiable information. As noted above, some jurisdictions now regard nearly any piece of data about an individual or household as “personal information,” from the career history of a public figure to the fact that a website visitor once owned a car of a particular model.
- Special: This policy uses this term as a prefix in referring to certain types of information that call for special explanation because they aren’t easily categorized, overlap several different categories of personal information, and/or may or may not necessarily constitute personal information in all cases.
- Administrative dashboard/backend: Like most modern websites, this site has both a publicly visible/publicly accessible (“front-end”) portion and a “backend” administrative area that includes various controls for managing the site and its content. The WordPress content management system, which this website uses, describes the administrative backend as the “dashboard,” so this policy uses “administrative backend” and “dashboard” synonymously. The administrative dashboard is not normally accessible to visitors other than authorized administrative users, and I take various measures to guard against unauthorized access to it. (WordPress is a registered trademark of the WordPress Foundation in the United States and other countries.)
- Cookies and similar technologies: A cookie is a small text file — a string of information — that a website or online service places (or “sets” — these terms are used synonymously) in your browser (or other user agent) or device and that your browser, other user agent, or device then provides to that site or service when you access it. (It is sometimes also possible for a website or service to detect cookies set by other sites/services.) Cookies may be used in many different ways, but the most common uses are to save your settings or preferences, to manage logins, and to help identify specific users or devices for analytics and/or advertising purposes. Most cookies are specific to each browser (or other user agent) and device; if you access a website using multiple browsers (and/or other user agents) and/or multiple devices, the website may place cookies in each browser (and/or other user agent) on each device. A cookie set by the website or service you are currently visiting is called a “first-party” cookie, while cookies set by other services or domains (e.g., the cookies set when you access an embedded video player) are known as “third-party” cookies. Some websites and/or online services may also use similar technologies, e.g., storing information in your browser’s web storage and/or plugins. Data items stored in your browser (or other user agent) and/or on your device in such ways aren’t cookies in the usual sense, but they may perform similar functions and may be used instead of or in addition to cookies. Such technologies are often used to manage functional details, e.g., settings and preferences, but are sometimes also used to help websites and/or services identify you. Online services may also use “web beacons,” which are small code blocks or tiny image files (sometimes called “tracking pixels” or “pixel tags”) that transmit certain information about you and your user agent (as defined above) to the service from which the web beacon is loaded. Web beacons (which are a form of embedded content) are sometimes also used instead of or in conjunction with cookies to identify users and track their behavior online. You can learn more about how cookies work and how you can manage or delete them in different browsers by visiting KnowCookies.com. You can find additional tools for controlling certain cookies and similar technologies used for behavioral advertising purposes (e.g., to show you personalized ads based on your online activity and/or interests) at YourAdChoices (for the U.S.), AdChoices in Canada (for Canada), or Your Online Choices (for the EU, Switzerland, and the UK). (I am not affiliated in any way with these websites or the organizations that run them, and offer these links purely for your information. The names of these websites, and/or other related names, terms, slogans, logos, and/or icons, may be (and/or may incorporate) trademarks or registered trademarks; such marks are the property of their respective owners and are used here strictly for purposes of identification.)
Legal Bases for Collecting and Using Information
If you are located in a part of the world that is subject to data protection laws such as the European General Data Protection Regulation (GDPR, now sometimes called the EU GDPR to distinguish it from the similarly named regulations of other regions), the UK GDPR, or Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), my legal bases for collecting and processing your information are that:
- The use is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and/or:
- The use is necessary for compliance with a legal obligation; and/or:
- The use is necessary in order to protect your vital interests and/or those of another person; and/or
- The use is necessary for the purposes of my legitimate interests and/or those of a third party (e.g., to provide the functions of this website, to conduct research related to my content and/or other creative endeavors, to create and/or publish or otherwise disseminate my content and/or other creative endeavors (and/or otherwise exercise my rights of free speech and freedom of expression), to promote and market my content and/or professional services, to safeguard this website and/or my business data, to troubleshoot technical problems, to update and/or improve this website, to comply with the laws and regulations that apply to me and my business, and/or to appropriately respond to your inquiries regarding my work); and/or:
- You have given me your consent. (You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.)
Because I am based in the United States, the information about you that I process if you use this website may be used, stored, and/or accessed by individuals operating outside your home country and/or the European Economic Area, including me, people who work for me, and/or third-party data processors (including, though not limited to, my web host, which also hosts the mail servers for my aaronseverson.com email addresses). This is required for the purposes described in “Categories of Information and Purposes for Collection” below.
You can ask for more information about the steps I take to protect your personal information when transferring it internationally by contacting me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” section toward the bottom of this page.
Cookies and Similar Technologies
The aaronseverson.com website and/or its embedded content providers (see “Embedded Content” below) may use cookies and/or similar technologies (e.g., storing data in your browser’s web storage) for a variety of purposes. Some cookies and stored data may be placed automatically while others are only set when you perform certain actions or use certain site functions.
For more specific information about the categories of cookies that may be used on this website, what purposes they serve, how long they normally last, and your options for managing them, see the Cookie Notice page or click the “Access Your Privacy and Cookie Preferences” button below and review the summaries under “Cookie Settings”:
(You can also access this button via the Privacy Tools page.) As noted in the preamble above, the Cookie Notice forms part of this Privacy Policy and constitutes the “cookie policy” for this website, that specifically require such a policy.
While the cookie descriptions presented in the Cookie Notice and the ones listed in the Cookie Settings menu accessed through the “Access Your Privacy and Cookie Preferences” button are intended to be identical (save for minor variations in formatting and text style), in the event of any substantive discrepancy between those versions, the Cookie Notice version shall govern and control.
Third-party websites or services (including, without limitation, ones I may use in connection with this website) may also use cookies and/or similar technologies. The use of cookies and/or similar technologies by third-party websites or services is subject to those sites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use, and in most cases is outside of my control.
Categories of Information and Purposes for Collection
In each of the sections below, I indicate the categories of personal information I may collect and the categories of purposes for which I collect and use that information.
Those purposes may include:
- Functionality: I use the information so that this website, or certain specific functions thereof, can work properly. For example (but without limitation), none of the pages or content on this website will load if the web server doesn’t have a valid IP address to which to transmit the necessary data.
- Providing services: I use the information to perform some action(s) you have asked me to perform; respond to comments, inquiries, and/or other messages; provide services; and/or otherwise conduct the normal activities involved in running this website and/or its associated business operations. For example (but without limitation), I probably couldn’t send you a physical document without your mailing or delivery address.
- Completing a transaction: I use the information to conduct or complete financial transactions.
- Fulfilling a contractual obligation: I use the information to honor my obligations under my contractual agreements, whether with you, with some third party or parties, or both.
- Legal compliance or audit: I use the information to ensure my compliance with applicable laws and/or regulations; so that I can demonstrate my legal and/or regulatory compliance to auditors or investigators if needed; and/or to otherwise comply with my legal obligations (e.g., to respond to subpoenas, court orders, and/or other official orders).
- Research and publishing: I use the information in researching, creating, and/or publishing (and/or performing, broadcasting, exhibiting, and/or otherwise disseminating, as applicable) my content, my writing/editing/writing consulting work, and/or my other creative endeavors, and/or to help me decide what content, work, and/or creative endeavors to create and/or publish (and/or perform, broadcast, exhibit, and/or otherwise disseminate) in the future.
- Security, troubleshooting, quality control, and service improvement: I use the information to help me safeguard this website, its users/visitors, my data, my system(s) and/or device(s), my business, me, and/or others against malicious activity; protect my property, rights, security, and/or safety, and/or the property, rights, security, and/or safety of others and/or of the public at large; troubleshoot and/or resolve technical problems; and/or maintain and/or improve the quality and/or functionality of the site and/or my services.
- Recruitment/hiring/employment or business partnerships: I use the information in recruiting/hiring employees, independent contractors, and/or interns; in entering or considering entering business partnerships or other professional relationships with someone; in making other types of employment decisions and/or business decisions regarding professional relationships; in administering employment benefits; and/or in otherwise administering and/or conducting employment relationships, business partnerships, and/or other professional relationships.
- Advertising or other commercial purposes: I use the information to help me promote, pitch, and/or advertise my content, services, and/or other creative endeavors; otherwise monetize the site, my content, my writing/editing/writing consulting work, and/or my other creative endeavors; and/or achieve some other commercial purpose(s).
(I haven’t listed “communicating with you” as a separate category in the above list because achieving any or all of the above-listed purposes may involve communicating with you and/or third parties; listing that separately seemed redundant as well as potentially confusing.)
In many cases, I may collect information for several purposes or potential purposes. Obviously, not every individual piece of information in a particular category will necessarily be used or even useful for each listed purpose.
(Where the sections below list multiple purposes or potential purposes, separated by semicolons, the order does not signify any comparative priority or significance.)
In the sections below, certain categories of information are followed by a single asterisk (*), which indicates that I may collect such information in some circumstances and not in others. (For example, but without limitation, I generally don’t need your postal mailing address except for certain financial transactions and/or legal matters, or if you ask me to send you some physical letter or package, so I only collect mailing addresses from certain visitors, not from everyone.)
Keep in mind that the categories of information listed in each section below are just the types of information I may collect in the specific context(s) described in that section, which may or may not apply to you.
Please also note that while the listed categories are intended to encompass the types of personal information I typically collect in the specified contexts, I can’t anticipate every possible scenario. (For example, again without limitation, it would be difficult for me to list every category of information someone might conceivably send me in a comment or email communication!) For this reason, I have also listed “other personal information*” in many of these sections as a kind of catch-all category. Depending on the specific context and circumstances, the “other personal information*” category may encompass various different types or categories of personal information, such as, though not limited to, physical and/or digital signatures; physical characteristics and/or descriptions (e.g., how tall someone is or what they look like); education information (e.g., whether someone has a college degree and from what school); financial information (e.g., information about someone’s income, assets, benefits, liabilities, and/or taxes); medical information (e.g., whether someone has had and/or been vaccinated against certain diseases); insurance information (e.g., whether someone has health insurance); protected classifications (e.g., race, religion, national origin); commercial information (e.g., information about products and/or services someone uses); information about sleep and/or exercise habits (which some jurisdictions may consider biometric information); Internet or other electronic network information (e.g., if someone provides me with login credentials for their wireless network or online file sharing account); information about someone’s location and/or movements (e.g., information about a trip someone recently took), which some jurisdictions may consider geolocation data; professional or employment-related information (e.g., someone’s occupation and/or where they work); other types of personal information not easily categorized (e.g., information about someone’s pets); and/or inferences drawn from these and/or other types of personal information. This catch-all category may sometimes include information that is considered sensitive personal information in some jurisdictions (e.g., political opinions, religious or philosophical beliefs, union membership, sexual orientation).
Additionally, please keep in mind that the categories listed in the “Categories of information collected” bullet points of the sections below, which are based on my “Definitions” above, may differ from the categories of personal information defined by law in certain jurisdictions, e.g., California. (To learn more about how the personal information I collect could be categorized under California law, see the “Categories of Personal Information Collected” subsection of the “CCPA Information Collection and Sharing Notice” section below.)
Ways I Collect Information
I may collect information about you in three ways: automatically through this website; if and when you provide information to me; and from other sources. Each of these three types of data collection, and my use of that information, will be further explained in the sections below.
Information I Collect Automatically
Certificate Authority Checks
- Categories of information collected: IP addresses; domain names and/or hostnames; user agent information; visitor activity; geolocation data (estimated from IP addresses and/or hostnames, and/or inferred from other data)*; special: mobile device types/models (determined from user agent information)*
- Purpose(s): Functionality; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and service improvement
- Data retention: Typically less than seven days.
To allow visitors (and me!) to connect to the site securely (that is, via encrypted connections), this website uses domain validation (DV) certificates issued by the Let’s Encrypt® certificate authority (CA), a service provided by the nonprofit Internet Security Research Group™. These certificates enable a web browser or other user agent to confirm that it has an SSL/TLS (Secure Sockets Layer/Transport Layer Security) connection to the correct domain, an important security measure. For a further explanation, see the Let’s Encrypt “How It Works” page.
When you access this website, your browser (or other user agent) may check whether the aaronseverson.com certificate is valid by briefly connecting to the servers of the Let’s Encrypt certificate repository to perform an Online Certificate Status Protocol (OCSP) check (sometimes called an OCSP request or an OCSP query — these terms are synonymous). This OCSP check provides those servers with your IP address and/or hostname and user agent information; for obvious reasons, it also informs those servers that you have accessed the aaronseverson.com website. The Let’s Encrypt CA service may log and use such data as described in the Let’s Encrypt Privacy Policy. Any further questions about their use and/or retention of public repository log data should be directed to the certificate authority itself (e.g., via the contact information listed in their Privacy Policy), as it is outside of my control. (Internet Security Research Group and Let’s Encrypt are trademarks of Internet Security Research Group. All rights reserved.)
Most aspects of the setup, maintenance, and periodical renewals of my DV certificates are administered on my behalf by my web host, DreamHost®, which also provides technical support for any issues with those certificates. DreamHost also has administrative access to the certificates themselves, subject to the DreamHost Privacy Policy and General Terms of Service. (DreamHost is a registered trademark of DreamHost, LLC.)
Browser Tests
- Categories of information collected: User agent information; special: browser technical capabilities and/or settings; special: information collected via cookies and/or similar technologies
- Purpose(s): Functionality; security, troubleshooting, quality control, and service improvement
- Data retention: Your current visit or current session.
Each time you visit this website, the site may perform certain automated tests to determine the specific technical capabilities of your browser (or other user agent), allowing the website to adjust the presentation and functionality of the site appropriately. The site’s administrative login page (which is off-limits except to authorized administrative users) may perform similar tests, e.g., testing whether the user’s browser will allow the cookies required to log into the site’s administrative dashboard. The site may also show you specific messages or other content based on the results of such tests, e.g., displaying a warning notification that your current browser is incompatible with certain site features.
The results of some such tests (which generally don’t contain any personally identifying information) are stored only in your device’s memory, and only for the length of your current visit. If any such test results are stored in your browser (or other user agent), whether in cookies and/or using other technologies (e.g., in web storage), that data normally expires and is automatically removed at the end of your current session — that is, when you next close your browser (or other user agent).
Online Tracking
As of January 29, 2012, I have discontinued the use of third-party web analytics services on this website. However, I may use Google Search Console tools and reports, which aid webmasters in analyzing and improving a website’s indexability and search performance. Unlike web analytics services, Google Search Console tools and reports focus primarily on the website’s search performance rather than the characteristics or behavior of individual visitors, although some of the available reports may present certain aggregate user information — e.g., how many Google search engine users saw and clicked on links to this website from search results and/or which search queries led those users to the site. Such aggregate user information is based on Google search engine and search service usage data, the collection of which is subject to the Google Privacy Policy and is outside of my control. (Google, Google Search Console, and other related marks and logos are trademarks of Google LLC.)
Obviously, other websites or online services, including ones to which I may link and/or on which I have accounts, may use various web analytics services and/or tools, which in most cases is outside of my control. See the applicable website or service’s privacy policy for more information. The analytics tools used on my automotive website, Ate Up With Motor, and my professional writing/editing/writing consulting website, 6200 Productions, are described in those websites’ respective privacy policies. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor. 6200 Productions is a trademark of Aaron Severson dba 6200 Productions.)
Website Server, Error, and Security Logs
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity; errors and suspicious activity*; names*; email addresses*; email header information*; geolocation data (estimated from IP addresses and/or hostnames, and/or inferred from other data)*; URLs/websites*; other personal information*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: other technical details (some of which might be potentially personally identifiable and/or constitute personal information in certain jurisdictions)*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation; legal compliance or audit; security, troubleshooting, quality control, and service improvement
- Data retention: Varies, but typically no more than about 90 days, except for recent data captured in backups or specific data for which I have some ongoing need.
Like most websites, the aaronseverson.com website has various logs (some of which I administer directly and some of which are administered by my web host) that may collect certain information (some of which may be considered personal information or potentially personally identifiable information in at least some jurisdictions) about each computer or other device that (as applicable, but without limitation) accesses the site and/or its content; uses certain site features; is redirected from an outdated link to a current one; generates an error (e.g., attempting to access a nonexistent page or file); logs into, otherwise accesses, or attempts to log into or otherwise access the administrative dashboard and/or other administrative resources or controls; generates or attempts to generate authentication codes for multi-factor authentication (which may be used for administrative logins and/or certain other site functions); attempts to interact with the site in any unusual or suspicious way (e.g., trying to access the site’s administrative dashboard without authorization or run an unauthorized script); and/or performs certain other actions. (These examples are a representative sampling, but not an exhaustive list; I may also use or add other logs not specified here, and not all logs are necessarily in use at any given time.)
The information these logs record may include (but is not necessarily limited to) the IP address, hostname, and/or user agent information of the applicable device (and sometimes the referring site, if any), which sometimes makes it possible to determine, estimate, and/or infer certain other information (e.g., geographical location and/or device type). In some cases, the logs may also record device identifiers (e.g., the advertising identifier(s) and/or other unique identifiers of a smartphone, tablet computer, desktop computer, or other device). Most such logs include the date and time each logged event took place; certain types of events may also be assigned unique ID numbers and/or other identifiers for reference purposes. Additionally, if a logged event or action involves or appears to involve any of this website’s administrative users, and/or involves or appears to involve credentials I create to allow specific users to access certain resources (e.g., login credentials for FTP folder(s) associated with this website), certain logs may also record the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s) and/or credentials. All these logs are part of the routine operations of the website and its related systems and are not connected to or associated with any third-party web analytics service.
Most of the routine website log data I and my web host collect is retained on a rolling basis — that is, we customarily retain only the most recently collected data. Typically, website log data is retained for no more than about 30 days (and often only a fraction of that time) before being automatically overwritten by newer data or otherwise deleted. Some security audit log data recorded by the Sucuri Security plugin (further described in the “Security Scans” section below) — which is provided by GoDaddy Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company, LLC (Sucuri) — may be stored both locally and on remote servers controlled by Sucuri, and is normally retained for about 90 days. (Sucuri, Sucuri Security, Sucuri Security Inc., and Sucuri Inc. are trademarks of Sucuri Inc. and may be registered in certain jurisdictions. GoDaddy is a registered trademark of Go Daddy Operating Company, LLC.) Certain website logs and/or log reports that contain only aggregate data, anonymous information (e.g., hit counters), and/or data pertaining to administrative resources or controls that are normally off-limits except to authorized administrative users may be retained for longer periods. For example (but without limitation), logs showing the last access dates of certain resources, or showing which administrative user last edited a particular post, may remain unchanged until that resource is accessed or edited again, or until I manually delete the logs.
Naturally, I and/or my web host may retain certain specific information from the website’s logs for longer periods if it is still needed for ongoing security, troubleshooting, and/or service improvement purposes, and/or for legal reasons. For example, but without limitation, if the logs indicate that a specific IP address has been used in repeated attempts to attack this website, I may take steps to block that IP address or otherwise impede future malicious activity from it. Certain security-related log data (e.g., records my website security features compile of administrative logins and/or failed attempts to log in as an administrative user) may be retained indefinitely unless manually deleted.
Also, some recent log data may be captured in backups created by me and/or my web host, which in some cases may be retained for a year or more.
Certain events may trigger automated email alerts to the site administrator, notifying me of potential threats, errors, or the status of some automated operation. The alerts may include some or all of whatever data the logs recorded. Such email alerts may be scanned for suspected spam, malware, and/or other suspicious activity, as explained in the “Security Scans” section below. I may retain these email alerts for as long as I need the information they contain.
Please keep in mind that, because my web host, DreamHost®, controls the servers on which this website runs, they have full access to the site’s server access and server error logs. (My access to those logs is read-only, so I cannot redact or remove any of that log data without the aid of my web host’s technical support staff, and I am not permitted to tamper or interfere with the normal functions of DreamHost servers or other systems.) In general, DreamHost has access to any data and/or files on any server or other system they control — except in cases where I have specially encrypted such file(s) and/or data — subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service. I may disclose additional data to them if I deem it appropriate for purposes such as troubleshooting and/or security. (DreamHost is a registered trademark of DreamHost, LLC.)
I may also disclose website log data as otherwise described in “Disclosure of Personally Identifying Information” below.
Security Scans
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity; names*; email addresses*; email header information*; other contact information (e.g., phone numbers)*; images and/or other media (including metadata)*; geolocation data (determined directly, estimated from IP addresses and/or hostnames, and/or inferred from other data)*; URLs/websites*; other personal information*; special: visitor mobile phone types/models (determined from user agent information)*; special: device identifiers*; metadata*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: other technical details (some of which might be potentially personally identifiable and/or constitute personal information in certain jurisdictions)*; special: fingerprint data*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and service improvement
- Data retention: Varies; potentially indefinite.
While no website, online service, Internet-accessible device, or data storage system can be 100 percent secure, I take reasonable measures to protect personal information I collect through and/or in connection with this website from unauthorized or illegal access, destruction, use, modification, or disclosure.
I and my web host, DreamHost®, use a variety of security measures to protect this website and its data, including, but not limited to, scanning the site, site-related files, and/or the site database for malware and blocking suspicious and/or malicious activity. Some of these measures are purely automated, but in some cases, I may manually initiate additional security measures and/or request that my web host’s technical support staff take additional steps to investigate and/or block security threats and/or suspicious activity. (DreamHost is a registered trademark of DreamHost, LLC.)
Like the logs described in the “Website Server, Error, and Security Logs” section above, some of these security measures may collect certain information (some of which may be considered personal information or potentially personally identifiable information in at least some jurisdictions) about any device(s) and/or individual(s) involved in suspicious and/or malicious activity. For example (but without limitation), if an unauthorized visitor attempted to execute an unusual or suspicious server request on this website (which might indicate an intrusion or hacking attempt), one or more security measures might record that visitor’s IP address and/or hostname; their user agent information; and other details about their device and/or browser or other user agent along with details about the action(s) they attempted to perform. In some cases, the data recorded may also include device identifiers (e.g., the advertising identifier(s) and/or and/or other unique identifiers of a smartphone, tablet computer, desktop computer, or other device). Certain events may be assigned unique ID numbers and/or other identifiers for reference purposes. If the activity in question involves or appears to involve any of this website’s administrative users, and/or involves or appears to involve credentials I create to allow specific users to access certain resources (e.g., the login credentials for certain FTP folder(s) associated with this website), the information collected may also include the username(s), user ID number(s), and/or other identifiers associated with such administrative user(s) and/or credentials. The specific information that my security measures may collect in connection with suspicious and/or malicious activity naturally varies depending on the context and the security measure(s) involved; there are too many possible scenarios to enumerate here.
Certain events may trigger automated email alerts to the site administrator, notifying me of potential security threats. These alerts may include some or all of the data described above. Such email alerts may also be scanned for suspected spam, malware, and/or other suspicious activity, as further explained below.
Among the security measures I may use on this website is the Sucuri Security plugin, provided by GoDaddy Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company, LLC (Sucuri), whose available features (not all of which are necessarily used on this website) include, but are not necessarily limited to, activity monitoring, notifications, security auditing tools, a security logging feature that allows certain security audit log data to be stored remotely to deter tampering, a remote scanning feature that can detect security vulnerabilities and some forms of malware and malicious activity involving this website, a remote firewall service intended to block certain forms of suspicious and/or malicious activity, a WordPress file integrity checker (which tests the files of this website’s WordPress installation by accessing a remote API service associated with the WordPress.org websites), and a blocklist-checking feature that warns if this website has been flagged for malicious activity by search engines and/or Internet security services (an obvious sign that a site may have been hacked and/or infected with malware). (A list of the features of the plugin (not all of which I necessarily use on this website) can be found in the “WordPress plugin & API Key” section of the Sucuri Security Terms of Service and the “Plugins” section of the Sucuri documentation.) Some data collected and/or processed by this plugin, the remote scanning feature, and/or other associated features and/or tools — which may sometimes include personal information such as (without limitation) IP addresses and/or hostnames that perform certain actions (e.g., adding or editing a post, updating or installing a plugin); the website domain name, username, and email address of an administrative user who generates an API key for communication with the remote service; and/or information contained in published comments and/or other published content — may be processed and/or stored by Sucuri as well as me and/or my web host; data processed and/or stored by Sucuri is subject to the Sucuri Security Privacy Policy, the Sucuri Cookie Policy (“Our Use of Cookies, Web Beacons, and Similar Technologies”), and/or the Data Processing Addendum to their Terms of Service (which applies to personal data Sucuri services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), as applicable. Certain plugin components may be served by the Cloudflare® content delivery network, which is subject to the Cloudflare Privacy Policy, the Cloudflare Data Processing Addendum (which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), and/or the Cloudflare Cookie Policy, as applicable. Communications with API servers, repositories, and/or content delivery networks associated with the WordPress.org websites are subject to the WordPress.org Privacy Policy and Cookie Policy. Communications with any other third-party services are subject to the respective privacy policies of those services. (Sucuri, Sucuri Security, Sucuri Security Inc., and Sucuri Inc. are trademarks of Sucuri Inc. and may be registered in certain jurisdictions. GoDaddy is a registered trademark of Go Daddy Operating Company, LLC. Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions. WordPress is a registered trademark of the WordPress Foundation in the United States and other countries.)
Some other security measures I use on this website are provided by the free, open source version of the Solid Security plugin from SolidWP. While most of this plugin’s features operate locally (that is, on the same server this website runs on), certain features may transmit information (which may include, but is not necessarily limited to, personal information and/or potentially personally identifiable information about visitors involved in suspicious and/or malicious activity on this website) to SolidWP servers, and/or send and/or receive security-related information (which may also include personal information and/or potentially personally identifiable information about site visitors and/or other individuals) to and/or from external sources (for example, but without limitation, for the purposes of testing the files of this website’s WordPress installation via remote API services associated with the WordPress.org websites and/or operated by SolidWP or its parent company, and/or to generate a QR Code® (which this website’s administrative users may use to set up multi-factor authentication) by connecting to a remote API service operated by SolidWP or its parent company). Because SolidWP is now one of the StellarWP brands, part of the Liquid Web family of brands, the Solid Security plugin and related services are subject to the StellarWP Privacy Policy and/or, for the plugin’s security-related communications with other third parties, those entities’ respective privacy policies, such as (again without limitation) the WordPress.org Privacy Policy and Cookie Policy. (Solid Security, SolidWP, StellarWP, and Liquid Web are trademarks of Liquid Web, LLC. WordPress is a registered trademark of the WordPress Foundation in the United States and other countries. QR Code is a registered trademark of DENSO WAVE INCORPORATED; DENSO and DENSO WAVE are registered trademarks of DENSO Corporation.)
I also use a variety of other tools and security measures to protect my device(s), software, and data. A representative sampling of providers of such tools and security measures is included among the examples of third-party vendors and/or service providers that appear in the “Disclosure of Personally Identifying Information” section below. (Since the specific tools, devices, and security measures I use may change over time, those examples should not be regarded as an exhaustive list, and I don’t necessarily use all of those providers at any given time.)
In addition, my web host also hosts the email servers for many of my email addresses, and may use various measures to detect and/or prevent malicious activity and/or abuse involving those addresses and/or domains, including (though not necessarily limited to) scanning incoming, outgoing, and/or stored messages for suspected spam, malware, and/or other suspicious activity. My Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s) may also use their own security tools to detect and/or prevent suspected spam, malware, and/or other suspicious activity involving my account(s) and/or connections. (For example, but without limitation, my current mobile carrier sometimes warns me that certain incoming voice calls and/or text messages could be associated with a scam of some kind.)
Some of the security measures I use to protect my device(s) may collect additional personal information under certain circumstances. For example (but without limitation), security features I use for my smartphone(s) might automatically photograph anyone attempting unsuccessfully to unlock the device, and/or remotely track the device’s location to help me find or recover the device in the event of loss or theft.
As noted above, the tools, devices, and security measures I use may change over time, so I may also use and/or add other security measures that have other features not specified here.
(Naturally, malware scanning services and other security tools may also provide me with additional security-related information, e.g., “signatures” of known malware types. Much of this information is of a technical nature and is not personally identifiable, but it may sometimes include certain personal information; see the “Information I Receive from Third Parties for Security Purposes” section below.)
By their nature, some anti-malware scanners and other security tools routinely access almost any file or data on the systems or devices they protect. Since modern security tools sometimes incorporate web- or cloud-based scanning features, and/or may transmit samples of suspicious files or code to such services for analysis, this means a certain amount of personal information (e.g., names, contact information, and/or other personal details contained in scanned email messages or electronic documents) could be disclosed to the scanning service and/or other third parties in the course of a scan or security analysis. The likelihood and possible extent of such disclosure is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising the security of my systems, devices, and data.
Special Note: I include “fulfilling a contractual obligation” among the potential purposes listed above for several reasons: First, my various contractual agreements may require me to take appropriate steps to secure my systems and/or data, obligations which the security measures described in this section help me to fulfill. Second, certain of the security scans and/or associated logs described in this section are operated and/or maintained by third parties (e.g., my web host and/or other service providers); in such cases, I may be contractually prohibited from interfering with the normal functions of those scans or with the data they collect. Third, the license agreements and/or terms of service for certain of my security tools may impose specific restrictions on my use of those tools and/or any associated data (e.g., prohibiting me from modifying the scanning functions of a malware detection application beyond what the application’s settings normally permit).
My retention of data related to security scans and/or other security measures varies depending the tools involved, whether they are operated by me or a third party, and the context. As noted in the “Website Server, Error, and Security Logs” section above, any security audit log data remotely stored by Sucuri via the Sucuri Security plugin is normally retained for about 90 days, while most other website security log data is typically retained for no more than about 30 days, although I may retain certain information for longer periods if it is still needed for ongoing security, troubleshooting, and/or service improvement purposes; for legal reasons; and/or if it pertains to administrative resources or controls that are normally off-limits except to authorized administrative users. Security data for my devices (e.g., malware scan results, system error logs, logs of traffic blocked by a firewall) may in some cases be retained for at least as long as I own that device and/or use the applicable security tool(s). I also typically retain indefinitely any correspondence regarding specific security threats or problems, although I generally only retain automated email alerts for as long as I need the information they contain. The retention and use of security-related data by my web host, Internet service provider(s), mobile carrier(s), and/or other third-party service providers varies, and is generally outside of my control. (As noted in the “Website Server, Error, and Security Logs” section above, DreamHost services are subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service.)
I may disclose information from security scans and/or other security measures to third parties, and/or publicly disclose such information, if I need technical assistance and/or consider such disclosure appropriate for my security and/or the security of others (e.g., to notify my web host’s technical support if I identify malware that might threaten the integrity of their web or email servers). I may also disclose information from security scans and/or other security measures as otherwise described in “Disclosure of Personally Identifying Information” below.
Embedded Content
- Categories of information collected: IP addresses; domain names and/or hostnames; user agent information; visitor activity; errors and suspicious activity*; geolocation data (estimated from IP addresses and/or hostnames, and/or inferred from other data); special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: other identifiers*; special: other browser/user agent settings/configuration details/add-ons*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation [see below]; research and publishing; security, troubleshooting, quality control, and service improvement
- Data retention: Varies depending on the specific content provider; in most cases, I do not have access to the data collected by embedded content providers, and its retention is generally outside of my control.
As explained in the “Definitions” section above, this policy defines embedded content as content hosted on and served by some server or service other than my web host and/or its subprocessors. If you access a portion of this website that contains embedded content, your browser (or other user agent) requests that content from the respective content provider(s), which enables those embedded content provider(s) to collect information about you. Such information is collected and processed by the applicable embedded content providers, not by me, and is subject to such providers’ respective privacy policies, cookie policies, and/or terms of service/terms of use, which in most cases are outside of my control.
You should generally assume that the information an embedded content provider collects when you access their content through a website or online service includes, at a minimum, your IP address and/or hostname, your user agent information, which specific embedded content you accessed (and/or requested, since the request may be recorded even if the content fails to load for whatever reason), and the website or URL from which you accessed and/or requested the embedded content. (Some embedded content providers claim to remove or discard the latter information.) In some cases, embedded content providers can also detect and/or otherwise determine other information, such as (without limitation) your country and/or geographical location (typically — though not necessarily always — estimated based on your IP address and/or hostname); the presence of certain cookies (e.g., the ones placed on your device when you log into a particular third-party website or online service); certain of your settings (e.g., your time zone and/or preferred language settings); whether your browser is using certain add-ons (e.g., ad blocker extensions); and/or device identifiers (e.g., the advertising identifier(s) and/or other unique identifiers of a smartphone, tablet computer, desktop computer, or other device). If you interact with the embedded content in some way — for example, if you play an embedded video or click on an embedded payment button — the embedded content provider usually logs that activity as well.
Embedded content providers may collect personal information about your online activities over time and/or across different websites and/or online services; for example (but without limitation), an online video platform may add information about the embedded videos you watch on this website to information that platform has collected about videos you’ve watched on other websites and/or on the platform’s own website.
Some embedded content providers may also use cookies and/or similar technologies to track and/or identify you, and/or store information on your device that could be used for those purposes. For example (again without limitation), an embedded video player might place cookies on your device when the player loads; if you watch the video, portions of the content may also be stored (cached) in your browser to reduce playback interruptions, and certain associated information (e.g., your playback settings and/or how much of the video you’ve watch so far) may be saved in your browser’s web storage and/or plugins. Cookies and/or other information stored on your device in such ways are not necessarily personally identifying (and often have straightforward functional purposes), but some may be used to track you and/or to help identify you, and therefore may constitute potentially personally identifiable information.
The Cookie Notice includes more information about the cookies I know the specified embedded content providers have used in at least some instances. Please note that some cookies may be set only in certain circumstances, providers may periodically add new cookies not listed and/or retire ones listed in my Cookie Notice, and content providers not currently listed in the Cookie Notice might begin using cookies in connection with their embedded content (and/or may already do so in circumstances I have not yet recognized), all of which is outside of my control.
Embedded content providers may use various third-party service providers to provide and/or in connection with their content. For example (but without limitation), a video hosting platform might use one or more third-party analytics services to track how many people view an embedded video, use one or more third-party ad services to show advertisements during playback of that video, and/or subcontract certain related data processing functions to third-party subprocessors. Those third parties may collect personal information about you, use cookies and/or similar technologies to track and/or identify you, and/or store information on your device that could be used for those purposes, in the same ways as the embedded content provider(s) for whom such third parties provide their services. They may also collect personal information about your online activities over time and/or across different websites and/or online services. Because the use of such third-party services is highly variable, may change over time, isn’t necessarily disclosed to me, and in most cases is entirely outside of my control, I have not attempted to fully enumerate such service providers. Where I recognize an embedded content provider’s use of specific third-party service providers based on the presence of their cookies, I have listed such service providers in the Cookie Notice, although given the above caveats, that should not be considered an exhaustive list — again, too many factors are simply outside of my control.
Since embedded content on this website is served through secure (encrypted) connections, your browser (or other user agent) may also contact the embedded content provider’s certificate authority to check the validity of their encryption certificate. (The “Certificate Authority Checks” section above describes how these certificate checks work, although embedded content providers may use different certificate authorities than the one used by this website.)
In some cases, you may be able to hide or disable certain types of embedded content on this website (for example, by using options I may provide through the Privacy Tools, or through your web browser or browser add-ons). Disabling embedded content may prevent that content from functioning, but will generally also prevent it from collecting information about you, at least as long as the content remains disabled. Please note that this does not remove any data the embedded content previously collected about you or any cookies or potentially personally identifiable information it may have placed on your device. If you re-enable the embedded content, or if you visit the website using a different device, browser, or other user agent on which that content is not disabled, the embedded content provider may again be able to collect information about you.
Special Note: The reason I include “fulfilling a contractual obligation” among the potential purposes listed above is that the terms of service or terms of use for most embedded content providers typically prohibit me from modifying their embedded content or interfering with the normal function of their servers, which prevents me from (for example, but without limitation) removing tracking features or attempting to block or “spoof” information their servers would otherwise collect.
Third-party embedded content on the aaronseverson.com website may include, but is not necessarily limited to:
- Fonts from the Google Fonts API and/or scripts and/or other content from the Google Hosted Libraries, which are libraries of resources hosted on and served by a content distribution network (i.e., remote servers and data centers) operated by Google and/or its subprocessors, which may be located in the United States or elsewhere. The Google Fonts API does not place cookies on your device, but may collect certain information about your device and browser (or other user agent) (including, though not necessarily limited to, your IP address and/or hostname, user agent information, and possibly also device identifiers) when you visit a page that uses one or more of those fonts, as well as recording which specific fonts your browser (or other user agent) requests and the website or URL from which your browser (or other user agent) requested and/or accessed that those fonts. The Google Fonts API may also store (cache) certain information, e.g., font data and stylesheet requests, in your browser or other user agent’s web storage for faster loading. To learn more about how the service works and how Google uses the information it collects, see the Google Fonts “Privacy and Data Collection” FAQ. The Google Hosted Libraries may use cookies and/or similar technologies and/or store potentially personally identifiable information on your device in addition to collecting certain information about your device and browser (or other user agent) (including, though not necessarily limited to, your IP address and/or hostname, user agent information, and possibly also device identifiers) and which specific content your browser (or other user agent) requests and/or accesses. Google asserts that the Google Hosted Libraries systems remove referring site information from the request logs (so that the logs indicate which content your browser (or other user agent) requested, but not the websites or online services you were visiting when your browser (or other user agent) sent those requests). For more information, see the “What does using the Google Hosted Libraries mean for the privacy of my users?” section of the Google Hosted Libraries Terms of Service. To learn more about what information these services (and/or certain other Google services I may periodically use and/or offer, e.g., embedded maps served by the Google Maps mapping service) may collect and how Google may use that information, see their “How Google uses information from sites or apps that use our services” page and the Google Privacy Policy. To learn more about how Google uses cookies and/or other technologies that may collect and/or process personal information, see the “Technologies” section of their Google Privacy & Terms site. (Those pages do not currently discuss the storage of data in your browser (or other user agent) using technologies other than cookies, e.g., in web storage.) Google API services are also subject, where applicable, to their Google Controller-Controller Data Protection Terms, the CCPA Addendum, and/or the LGPD Controller Addendum, which supplement the Google APIs Terms of Service and apply to the processing of personal data that may be subject to certain regional privacy and/or data protection laws. (Google, Google Maps, and other related marks and logos are trademarks of Google LLC.)
- Fonts, styles, scripts, icons, and/or other content served by the BootstrapCDN service, which is now powered by the open source jsDelivr project (which is designed, developed, and maintained by Prospect One and Dmitriy Akulov). As with any embedded content provider, this service presumably collects certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers) when you access portions of the site containing content loaded from the BootstrapCDN service, as well as recording which specific content your browser (or other user agent) requests and/or accesses and the website or URL from which your browser (or other user agent) requested and/or accessed that content. To learn more about what data the service may collect and how that data may be used, see the jsDeliver Privacy Policy for cdn.jsdelivr.net. That policy states that the service does not use cookies, but may use various third-party service providers, a current list of which appears in the “Content Delivery” section of the Privacy Policy for cdn.jsdelivr.net; such third parties may collect and/or process data for and/or on behalf of the BootstrapCDN service and/or any other content delivery network powered by the jsDelivr project. (You should consult their privacy policy for further details, as the specific service providers the jsDelivr project uses may change periodically and is entirely outside of my control.)
- Scripts and/or other content served by the jQuery® CDN, a content delivery network provided by the OpenJS Foundation® nonprofit organization and powered by StackPath, and/or the jQuery API service. As with any embedded content provider, those services presumably collect certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers) when you access portions of the site that use content from the CDN and/or the API service, as well as recording which specific content your browser (or other user agent) requests and/or accesses and the website or URL from which your browser (or other user agent) requested and/or accessed that content. To learn more about what data these services may collect and how that data may be used, see the OpenJS Foundation Privacy Policy. The cookie policy links in that policy and the ones that appear on the CDN and API services’ respective home pages all currently point to the cookie policy of a different organization; it is unclear if this is intentional or an error, so I don’t know if the CDN and/or API services use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device. The CDN service is presumably also subject to the StackPath Privacy Statement and/or Data Processing Addendum (which applies to personal data StackPath services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws); you may also wish to consult the StackPath “GDPR” and “CCPA: California Privacy Rights” pages. (jQuery and OpenJS Foundation are trademarks or registered trademarks of the OpenJS Foundation in the United States and/or other countries. StackPath is a trademark of StackPath, LLC.)
- Certain scripts, images, and/or other content served by the Cloudflare® CDN (content delivery network). To learn more about what data the Cloudflare services may collect from visitors to websites that use those services (whom Cloudflare policies generally describe as “end users”) and how that data may be used, see the “Cloudflare’s commitment to GDPR compliance” page, the Cloudflare Privacy Policy, the Cloudflare Data Processing Addendum (which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), and/or the Cloudflare Cookie Policy, as applicable. (Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions.)
- Certain icons, fonts, and/or other content (whether on the administrative dashboard, the publicly visible/publicly accessible portions of the site, or both) served by the Font Awesome content delivery networks, which may collect certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers), as well as recording which specific content your browser (or other user agent) requests and/or accesses and the website or URL from which your browser (or other user agent) requested and/or accessed that content. To learn more about what data the Font Awesome content delivery networks may collect and how that data may be used, see the Font Awesome Privacy Policy. (They do not currently appear to have a cookie policy, and their Privacy Policy does not discuss the use of cookies or similar technologies except in the context of the Font Awesome website.) Font Awesome may use Cloudflare® CDN services to provide the Font Awesome content delivery networks; see the Cloudflare Privacy Policy, the Cloudflare Data Processing Addendum (which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), and/or the Cloudflare Cookie Policy, as applicable, to learn more about how information collected by Cloudflare services may be used. (Font Awesome is a trademark of Fonticons, Inc. Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions.)
- The payment or donation buttons that certain themes and/or plugins place on the administrative dashboard (not normally accessible to site visitors) incorporate content served by PayPal® served by PayPal® services. Accessing a portion of the site containing such content may enable the PayPal services to collect certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers) as well as recording which specific content your browser (or other user agent) requests and/or accesses and the website or URL from which your browser (or other user agent) requested and/or accessed that content. The embedded content may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device, and may be able to determine whether you are currently logged into a PayPal account. Naturally, if you use a PayPal button to initiate a payment or purchase, the PayPal services may collect various additional information pertaining to that transaction (e.g., payment information and login details for your PayPal account, if any), and will set additional cookies and/or store additional information on your device for that purpose. Additionally, PayPal may also use automated technologies (e.g., website crawling) to assess this website and collect publicly accessible or available data — which may include any publicly available personal information published on the site (e.g., in comments and/or other site content) — to ensure compliance with the PayPal User Agreement and to combat malicious or fraudulent activity. For more information about what data PayPal services may collect and how that data may be used, visit the “Legal Agreements for PayPal Services” page to review the PayPal Privacy Statement and Statement on Cookies and Tracking Technologies that apply in your location (the Statement on Cookies and Tracking Technologies that applies to each region is linked from within the applicable PayPal Privacy Statement). (Please note that the terms may differ depending on where you are.) See the “Financial Transactions Policy” section below to learn more about what information I may collect in connection with PayPal transactions with me that pertain directly to this website. (PayPal.com, PayPal, and all logos related to the PayPal services are either trademarks or registered trademarks of PayPal, Inc. or its licensors. In addition, all page headers, custom graphics, button icons, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal.)
- Embedded video players (whether posted and/or otherwise displayed by me and/or displayed by certain themes and/or plugins on portions of the administrative dashboard, which is not normally visible or accessible to site visitors other than logged-in administrative users) for content hosted on the YouTube video platform, which is owned by Google LLC. The embedded video player may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device as well as collecting certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers), the website or URL through which you accessed the embedded player, the specific video(s) and/or other content loaded through that player, and potentially also other information (such as, without limitation, whether you are currently logged into a Google account). In some cases, embedded video players may also use your IP address and/or hostname, geographical location (typically but not always estimated from your IP address and/or hostname), and/or other information (e.g., whether you are currently logged into a Google account) to determine whether or not you can view a specific video — for example (but without limitation), if the video is age-restricted, unavailable in certain locales, password-protected, and/or only accessible from certain IP addresses. If you play a video through the embedded player, the video platform may also show you ads, and may use cookies and/or other information stored on your device (and/or other information the embedded player, the YouTube platform, and/or Google have collected about you) for that purpose. Naturally, the YouTube platform may also record your interactions with the embedded video player (e.g., any adjustments you make to the playback settings and/or if you pause playback), and may associate that activity with your YouTube history and/or other Google account data. To learn more about what information the YouTube platform and other Google services may collect through and/or in connection with embedded video players and how Google may use that information, see their “How Google uses information from sites or apps that use our services” page and the Google Privacy Policy. For additional information about how Google uses cookies and/or other technologies that may collect and/or process personal information, see the “Technologies” section of their Google Privacy & Terms site and the “Our advertising and measurement cookies” section of their Google Business Data Responsibility site, which includes a detailed list of cookies associated with Google advertising and measurement products. (Those pages do not currently discuss the storage of data in your browser (or other user agent) using technologies other than cookies, e.g., in web storage.) For more information about Google advertising, see the “Advertising” section of their Google Privacy & Terms site, which also discusses the use of cookies by Google advertising services. The “Product Controls” section of their Google Business Data Responsibility site offers additional information about sharing of data from the YouTube platform. (Google, YouTube, and other related marks and logos are trademarks of Google LLC.)
- Embedded video players (whether posted and/or otherwise displayed by me and/or displayed by certain themes and/or plugins on portions of the administrative dashboard, which is not normally visible or accessible to site visitors) for content hosted on the Vimeo video platform. The embedded video player may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device as well as collecting certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers), the website or URL through which you accessed the embedded player, the specific video(s) and/or other content loaded through that player, and potentially also other information (such as, without limitation, whether you are currently logged into a Vimeo account). In some cases, embedded video players may also use your IP address and/or hostname, geographical location (typically but not always estimated from your IP address and/or hostname), and/or other information (e.g., whether you are currently logged into a Vimeo account) to determine whether or not you can view a specific video — for example (but without limitation), if the video is age-restricted, unavailable in certain locales, password-protected, and/or only accessible from certain IP addresses. If you play a video through the embedded player, the video platform may also show you ads, and may use cookies and/or other information stored on your device (and/or other information the embedded player and/or the Vimeo platform have collected about you) for that purpose. Naturally, the Vimeo platform may also record your interactions with the embedded video player (e.g., any adjustments you make to the playback settings and/or if you pause playback), and may associate that activity with other data about your use of Vimeo services (e.g., your Vimeo viewing history, if any). See the Vimeo Privacy Policy to learn more about what information the Vimeo platform collects and how that information may be used. For more information about the cookies and/or similar technologies the platform may use and how Vimeo users can control the use of third-party analytics and/or advertising cookies in connection with embedded Vimeo video players, see the Vimeo Cookie Policy. The “Vimeo Videos” section of the Cookie Notice for this website provides additional information about certain third-party advertising and/or analytics partners the Vimeo platform uses or has used, although this should not be regarded as an exhaustive list, since the specific partners that platform uses may change or vary, and are entirely outside of my control. (Vimeo and the Vimeo logos are trademarks of Vimeo.com, Inc., registered in the U.S. and other countries.)
- Certain backend (i.e., administrative dashboard) features (which are not normally visible or accessible to site visitors other than logged-in administrative users) served by the SEO firm Yoast BV, which provides one or more plugins I may use on the site. It appears that certain plugin components include embedded content served by Yoast that may collect certain data about the device and browser (or other user agent) of an administrative user who accesses such such content (e.g., their IP addresses and/or hostnames, user agent information, and possibly also device identifiers), as well as presumably recording which specific content their browser (or other user agent) requests and/or accesses and the website or URL from which their browser (or other user agent) requested and/or accessed that content; I am uncertain to what extent (if any) that embedded content may also use cookies and/or similar technologies to track and/or identify administrative users and/or store potentially personally identifiable information on their devices. My efforts to obtain more details from the developers proved unsuccessful, and I finally found a means to disable the applicable component entirely. See the Yoast Privacy Policy and their “Yoast and your privacy (GDPR)” page to learn more about how Yoast may use personal information they collect. Some versions of the Yoast SEO plugin have incorporated search tools and/or internal search integration features powered by the Algolia search platform, which I assume is subject to the Algolia Privacy Policy, their “Cookies” policy, and/or the Data Processing Addendum to the Algolia Terms of Service, as applicable. Some versions of the Yoast SEO plugin also incorporated optional functionality provided by Ryte GmbH, some of which may have been served remotely; I disabled the Ryte integration (which has since been removed), although it was enabled by default. My efforts to determine what personal information (if any) the Ryte features collected were fruitless, although I assume any data that service did collect would be subject to the Ryte Privacy Policy. A subsequent Yoast SEO update also added an optional integration with tools provided by the Semrush, an SEO and Internet marketing firm (which I have disabled, although as with the Ryte integration, the Semrush integration is turned on by default in current versions of the Yoast SEO plugin). I have so far been unable to determine what personal information (if any) the Semrush integration features may collect, although I assume any data those features do collect is subject to the Semrush Privacy Policy, Cookie Policy, and/or Data Processing Addendum, as applicable. A subsequent Yoast SEO plugin update added an optional integration with the Wincher rank tracker service, which assesses the keyword rankings of a website’s published content for SEO purposes. The nature of the integration (which I have disabled, and whose use would require a Wincher account I don’t currently have) makes it unlikely that it would collect personal information about site visitors (other than information already contained in the permalinks and/or metadata of the site’s published content, and of course data related to site administrators’ creation and/or use of a Wincher account in connection with the service), but any such data the Wincher service did collect would presumably be subject to the Wincher Privacy Policy. A subsequent plugin update added an optional integration with the WordProof timestamp service; I don’t currently use that integration on this website, but any personal information collected through the use of the WordProof integration would presumably be subject to the WordProof Privacy Statement. (Yoast is a trademark of Yoast BV, a Dutch limited liability company, registered both in the U.S. and in Europe. Algolia is a trademark of Algolia. Ryte is a trademark or registered trademark of Ryte GmbH. Semrush and SEMRush are trademarks or registered trademarks of Semrush Inc. in the U.S. and other countries. All rights reserved. Wincher is a trademark of Wincher International AB. WordProof is a trademark of WordProof B.V. All other trademarks are the property of their respective owners.)
- Blog feeds placed by certain themes and/or plugins on portions of the administrative dashboard (which is not normally visible or accessible to site visitors other than logged-in administrative users) via the FeedBurner services, which are web feed management services owned by Google LLC. If you access areas of the dashboard containing these blog feeds, the services may collect certain data about your device and browser (or other user agent) (including, though not necessarily limited to, your IP address and/or hostname, user agent information, and possibly also device identifiers); likely records the website or URL through which you accessed the services; may use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device; can usually determine whether you are currently logged into a Google account; and may use various means to track your use of the services (e.g., which feeds you’ve viewed and which posts you last viewed on a particular feed). The FeedBurner services may also show you ads (the use of which is controlled by the respective publishers of content viewed through the feeds; some publishers do not include ads in their feeds, but others do), and may use cookies and/or other information stored on your device (and/or other information the services and/or Google have collected about you) for that purpose. Again, these feeds are normally only visible to (and thus can only collect information about) logged-in administrative users, not site visitors who are not logged into this website’s administrative dashboard. To learn more about what information the FeedBurner services and/or other associated Google services collect and how Google may use that information, see their “How Google uses information from sites or apps that use our services” page and the Google Privacy Policy. For additional information about how Google uses cookies and/or other technologies that may collect and/or process personal information, see the “Technologies” section of their Google Privacy & Terms site and the “Our advertising and measurement cookies” section of their Google Business Data Responsibility site, which includes a detailed list of cookies associated with Google advertising and measurement products. (Those pages do not currently discuss the storage of data in your browser (or other user agent) using technologies other than cookies, e.g., in web storage.) For more information about Google advertising, see the “Advertising” section of their Google Privacy & Terms site, which also discusses the use of cookies by Google advertising services. (Google, FeedBurner, and other related marks and logos are trademarks of Google LLC.)
- Administrative dashboard menus that may load icons and/or other images from the Gravatar API via secure.gravatar.com. Although I have disabled support for user avatars, some administrative dashboard menus may still use them. The loading of such icons and/or other images allows the Gravatar service to collect certain data about the user’s device and browser (or other user agent) (e.g., their IP address and/or hostname, user agent information, and possibly also device identifiers), and in some cases also their hashed email address, which the Gravatar service uses to check for a current Gravatar or WordPress.com account. The service presumably records which specific icons and/or other images the user’s browser (or other user agent) requests and/or accesses as well as the website or URL from which the browser (or other user agent) requested and/or accessed them, and may also use cookies and/or similar technologies to track and/or identify users and/or store potentially personally identifiable information on their devices. (I believe I have limited the Gravatar service to backend administrative pages not normally accessible to site visitors, and I am endeavoring to remove it there as well.) The Gravatar service — like the WordPress.com services, with which it’s now apparently being integrated — is a venture of Automattic and is subject to the Automattic Privacy Policy, the Automattic Cookie Policy, and the WordPress.com Terms of Service. (Automattic, Gravatar, WordPress.com, their respective logos, and all other graphics and logos used in connection with those services are trademarks or registered trademarks of Automattic (or Automattic’s licensors). WordPress and the WordPress logos are registered trademarks of the WordPress Foundation in the United States and other countries.)
- Some components of the Sucuri Security plugin described in the “Security Scans” section above are served remotely (and/or involve communication with a remote server) and thus qualify as embedded content. As noted in the “Security Scans” section above, the plugin and its associated services are provided by GoDaddy Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company, LLC (Sucuri). In the course of monitoring the site for possible malicious activity, the plugin may log and/or transmit to Sucuri certain personal information about visitors and/or logged-in administrative users who perform certain actions (e.g., adding or editing a post, updating or installing a plugin). Such information may include, but is not necessarily limited to, those users’ IP addresses and/or hostnames as well as the specific action(s) they performed. Embedded content incorporated into the plugin’s dashboard controls may also allow Sucuri to collect certain data about the device and browser (or other user agent) of an administrative user who accesses the plugin controls (e.g., the user’s IP address, user agent information, and possibly also device identifiers) — and of course which specific content the user’s browser (or other user agent) accesses and/or requests — and/or may use cookies and/or similar technologies to track and/or identify such users and/or store potentially personally identifiable information on their devices. The Sucuri Security plugin and its various services are subject to the Sucuri Security Privacy Policy, the Sucuri Cookie Policy (“Our Use of Cookies, Web Beacons, and Similar Technologies”), and/or the Data Processing Addendum to their Terms of Service (which applies to personal data Sucuri services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), as applicable. Certain plugin components may be served by the Cloudflare® content delivery network described above, which is subject to the Cloudflare Privacy Policy, the Cloudflare Data Processing Addendum (which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), and the Cloudflare Cookie Policy. (Sucuri, Sucuri Security, Sucuri Security Inc., and Sucuri Inc. are trademarks of Sucuri Inc. and may be registered in certain jurisdictions. GoDaddy is a registered trademark of Go Daddy Operating Company, LLC. Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions.)
- Images and/or other content from Creative Commons, such as (without limitation) the various logos, buttons, and/or icons associated with Creative Commons licenses and/or public domain dedications. Accessing a portion of the site that contains images and/or other embedded content hosted on and/or served by a website or online service operated by Creative Commons Corporation allows Creative Commons to collect certain information about your device and browser (or other user agent) (e.g., your IP address and/or hostname, user agent information, and possibly also device identifiers) as well as which specific images and/or content your browser (or other user agent) requests and/or accesses and the website or URL from which your browser (or other user agent) requested and/or accessed the images and/or content; such embedded content may also use cookies and/or similar technologies to track and/or identify you and/or store potentially personally identifiable information on your device. Please note that this only applies to images and/or content hosted on and/or served by websites and/or online services operated by Creative Commons Corporation, not to Creative Commons images and/or content that is locally hosted on this website or that is hosted on and/or served by some other third-party website or online service not operated by Creative Commons. To learn more about what information Creative Commons may collect and how that information may be used, see the Creative Commons Privacy Policy and Creative Commons Cookies Notice. (Creative Commons, CC, the CC in a circle logo, CCPlus, CC+, the CC+ in a circle logo, CC0, all other Creative Commons license and public domain dedication marks, and their associated buttons and icons are trademarks or registered trademarks of Creative Commons.)
- Certain content served by by the WordPress.org websites and/or their associated API servers, content delivery networks (CDNs), and/or repositories, which may include domains such as (though not necessarily limited to) api.w.org, ps.w.org, s.w.org, and/or ts.w.org. This website periodically communicates with WordPress.org websites and/or associated associated API servers, content delivery networks (CDNs), and/or repositories to check for updates, announcements, warnings, and/or other information related to the WordPress content management system; to install, remove, and/or update plugins, themes, and/or other add-ons available through the WordPress.org websites; to serve certain elements of and/or content on the site’s administrative dashboard; and/or to check the integrity of the website’s WordPress files (which the site’s security features may do from time to time, as noted in the “Security Scans” section above). Any personal information collected through and/or in connection with such communications (which could include, without limitation, users’ IP addresses and/or hostnames, user agent information, and device identifiers, and in some cases might also involve the use of cookies and/or similar technologies to track and/or identify users and/or store potentially personally identifiable information on their devices) is typically that of logged-in administrative users rather than site visitors. However, in some cases, certain images, scripts, and/or other content on the publicly visible/publicly accessible portions of this website may be also served by and/or otherwise loaded from the WordPress.org websites and/or their associated servers, CDNs, and/or repositories, which may allow the WordPress.org websites to also collect certain information about the devices and browsers (or other user agents) of visitors who are not logged-in administrators (e.g., their IP addresses and/or hostnames, user agent information, and possibly also device identifiers); record which specific content visitors’ browsers (or other user agents) request and/or access and the website or URL from which their browsers (or other user agents) requested and/or accessed that content; use cookies and/or similar technologies to track and/or identify visitors; and/or store potentially personally identifiable information on visitors’ devices. To learn more about how the WordPress.org websites use the information they collect, see the WordPress.org Privacy Policy; for more information about their use of cookies, see their Cookie Policy. (WordPress and the WordPress logos are registered trademarks of the WordPress Foundation in the United States and other countries.)
Not all of the above embedded content is necessarily used on the site at any given time, and from time to time, I may post or otherwise use embedded content hosted on and served by other third-party websites or services not listed above — for example (but without limitation), an embedded player showing an externally hosted video or audio file, or an embedded map provided by some external mapping service. To learn more about what personal information such third-party websites or services may collect and how that information may be used, you should review those sites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use.
Please note that the types of information embedded content providers may collect (and/or may place on your device) and the technologies they may use to identify and/or track users are constantly evolving in ways that are outside my control (and sometimes beyond my technical understanding). This means that my embedded content providers may also use and/or add other information-gathering and/or tracking technologies to their embedded content beyond what I can reasonably hope to describe or specify in this section. Additionally, some or all of my embedded content providers may use various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners to process information related to their services, which is also outside of my control and generally beyond my reasonable ability to enumerate here.
I do not have access to the data embedded content providers may collect about website visitors/users in the manner described in this section, nor do I usually have any control over those providers’ use or retention of that data. Some embedded content providers may use the information they collect about you through your access to or interaction with that content for a variety of commercial purposes, e.g., showing you advertising and/or providing information about your online habits to the provider’s clients and customers. The only way I could completely avoid the possibility of such commercial use would be to cease using or offering embedded content and the functionality it provides.
Obviously, other websites or online services, including ones to which I may link and/or on which I have accounts, may also use embedded content, possibly including other types of content and/or content from providers not specified here, which in most cases is outside of my control. See those websites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use for more information. Embedded content used on my automotive website, Ate Up With Motor, and/or my professional writing/editing/writing consulting website, 6200 Productions, is described in those websites’ respective privacy policies; again, you can find links to those policies near the top of this page. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor. 6200 Productions is a trademark of Aaron Severson dba 6200 Productions.)
Advertising
Advertisements (including sponsored links), if any that appear on the publicly visible/publicly accessible portions of this website are locally served — that is, the advertisement content is hosted on my website server along with the other site content rather than being served by some external provider. I do not permit my advertisers to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of the site. However, if you click on advertising links or otherwise patronize my advertisers’ businesses, those advertisers may collect and use information about you — and may collect personal information about your online activities over time and/or across different websites and/or online services — as described in their respective privacy policies, cookie policies, and/or terms of service/terms of use, which is outside of my control. Such advertisers may also be able to tell that you clicked on an ad on this website.
The developers of some of the plugins, themes, and/or other add-ons I use on this website may sometimes display advertisements, donation boxes, or other commercial messages on portions of the site’s administrative dashboard, which is not normally visible or accessible to visitors other than logged-in administrative users. For example, the settings menu for a particular plugin might display an advertisement for a premium version of that plugin or for the developer’s other products or services. Such dashboard advertisements may set cookies and/or incorporate embedded content and/or other information-gathering mechanisms, which may collect information about administrative users who access that content (e.g., their IP addresses and/or hostnames, user agent information, and/or browser settings and/or add-ons) in the manner described in the “Embedded Content” section above; the providers of such advertising and/or embedded content may also collect personal information about administrative users’ online activities over time and/or across different websites and/or online services. The collection, use, and retention of such personal information is controlled by the applicable developers and/or their respective service providers and/or advertising partners and is typically outside of my control. Because these advertisements are usually not publicly visible or accessible, this information-gathering normally affects only site administrators, NOT other site visitors.
Subscribing via Web Feed (Atom and RSS)
Web feeds are a form of web syndication, using protocols such as the Atom Syndication Format or RSS to access online content. In essence, web feeds regularly check for updates on the linked site or resource and automatically display any new content in your feed management app or service (or, for web browser-based feed management add-ons, in a specific area of your browser), allowing you to easily keep track of new content on the linked site or resource. If I configure the aaronseverson.com website to allow such web feed syndication, you may “subscribe” via web feed if you are equipped to do so, and the website may provide buttons and/or other tools to facilitate that “subscription” process. The content displayed through a web feed is the same content shown to other visitors to this website, just formatted and delivered in a somewhat different way to suit the technical parameters of the web feed.
If you “subscribe” in this manner, the connections your web feed management app or service makes to this website to check for and display updates will be automatically recorded in the website logs as described in the “Website Server, Error, and Security Logs” section above, just as if you visited the site directly. It is sometimes possible to determine from the log data if certain individual log entries pertain to a web feed user or to a visitor who directly accessed the site through their browser (and the log data may reveal the type of web feed involved, if any), but otherwise, the types of information I collect from web feed users and my use and retention of that information are generally the same as if you visit the site directly. I don’t receive notifications when someone subscribes or unsubscribes via web feed, nor do web feeds provide me with information such as your name or email address. (There are services that provide such information about subscribers, but I don’t currently use any of them in connection with this website.)
If the website content you view through a web feed contains any third-party embedded content (e.g., an embedded video player), the provider of that content may be able to collect personal information about you as described in the “Embedded Content” section above, just as if you were accessing that content by visiting this website directly.
Some third-party apps and services for managing web feeds may themselves use cookies and/or similar technologies to track and/or identify you, store potentially personally identifiable information on your device, and/or employ other means to monitor the content you access via web feed. The details are specific to the app or service involved, and are outside of my control.
Information You Provide to Me
Through your access to and/or use of this website, you may provide me with personal information in a number of different ways, described in the sections below.
For obvious reasons, I cannot provide certain services or functionality if you don’t provide me with at least a certain amount of accurate information — for example, I can’t respond to your inquiries if I don’t have a valid email address or other contact information for you. I typically also need your real name and certain other personal information for financial transactions (see the “Financial Transactions Policy” section below), legal agreements, certain privacy-related requests, and other financial and/or legal matters (e.g., copyright notices). In some circumstances, I may be legally obligated to collect certain information from you (e.g., for tax reporting purposes, and/or if I hire or engage you to perform services for me — see “Data Related to Recruitment/Hiring or Business Partnerships” below).
Otherwise, you’re under no obligation to provide me with personal information beyond what I collect automatically.
Consents and Agreements
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; other documents/materials (including metadata)*; geolocation data (estimated from IP addresses and/or hostnames, and/or inferred from other data)*; URLs/websites*; other personal information*; special: details of legal agreements (where applicable)*; special: mobile device types/models (determined from user agent information)*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*
- Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships; advertising or other commercial purposes
- Data retention: Depends on context, but potentially indefinite; see below.
When you use this website and/or certain site functions, you may be asked to give your consent for my collection and/or use of your personal information; save your privacy preferences (e.g., your cookie settings); and/or accept certain legal terms (e.g., the Terms of Use). Some site functions and/or content may not be available unless you agree to the Privacy Policy and/or other applicable terms.
Certain consent and privacy preference settings may be stored in your browser (or other user agent) using cookies and/or similar technologies (see the “Cookies and Similar Technologies” section above). Other consents, agreements, and/or preferences may be recorded in the website database and/or other records, and may be associated with other information I have collected and/or that you provide to me (e.g., your comment(s) and/or form submission(s)). If you withdraw your consent(s), change your privacy preferences, and/or update or otherwise modify your consent(s) and/or agreement(s) (e.g., to indicate your acceptance of a revised version of this Privacy Policy), those changes may be stored and/or recorded in similar ways.
Where I compile records of user consents, agreements, and/or privacy preferences, those records are usually retained indefinitely unless a user requests deletion of their data (after which I may still retain certain records for audit and compliance purposes and/or for other legal reasons). However, I may periodically delete stored consents, agreements, and/or privacy preferences if they appear to have come from bots rather than human users, or, in some cases, if that information was recorded in connection with some plugin, service, or tool I no longer use (in which case the recorded information may no longer be usable).
Consents, agreements, and/or privacy preferences stored in your browser (or other user agent) using cookies and/or similar technologies are normally retained only for as long as the applicable cookies and/or stored information remain in your browser (or other user agent); if the cookies and/or stored information expire or are removed, you may be asked for your consent, agreement, and/or preferences again. (In general, I do not separately compile or maintain records of consents, agreements, or privacy preferences stored using cookies and/or similar technologies, although in some cases, if a logged-in administrative user indicates their consent(s), agreement(s), and/or preferences via cookies and/or similar technologies, such consent(s), agreement(s), and/or preferences may also be stored in the website database as part of the user’s profile. Additionally, if in addition to indicating your consent(s), agreement(s), and/or preferences via cookies and/or similar technologies, you ALSO enter into an agreement with me and/or indicate your specific consent(s) and/or preferences in some other way, such separate consent(s), agreement(s), and/or preferences may be retained as described above.) The Cookie Notice lists the normal durations of the cookies I use, although as the Cookie Notice explains, your actions and/or your browser (or other user agent) settings may affect how long cookies and/or stored information remain in your browser (or other user agent).
I may disclose saved consent and/or agreement data in connection with a related dispute or legal action, and/or as otherwise described in “Disclosure of Personally Identifying Information” below. (Naturally, the ways we use and/or disclose may depend on the nature and purpose(s) of the specific consent(s) and/or agreement(s) in question.)
Comments
- Categories of information collected: IP addresses; domain names and/or hostnames*; user agent information; visitor activity; errors and suspicious activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*
- Purpose(s): Functionality; providing services; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships; advertising or other commercial purposes
- Data retention: Typically indefinite, although I promptly delete spam and/or abuse, comments the submitter asks me to delete or that I otherwise elect to delete, and/or comments on or in reply to a comment or other content that has been deleted. IP addresses and/or user agent information of published comments may be redacted after publication.
Note: Although the comment function includes a box for your name, you are perfectly free to comment using only a pseudonym. However, without a valid email address, I won’t be able to contact you with any questions about your comment and I may not be able to associate that comment with other personal information I possess about you.
Comments you submit are usually moderated, meaning they are not published until I approve them. Any comment you submit may also be subjected to certain automated tests for security purposes, to discourage spamming, and/or to filter out comments submitted by automated bots rather than human users. For example (but without limitation), if your IP address or hostname was previously used in spamming this website; if your IP address, hostname, and/or user agent appear on ban lists/blacklists I have collected; if your comment contains hyperlinks, common spam keywords (e.g., the names of certain well-known prescription pharmaceuticals), and/or suspicious code; and/or if you posted the comment using an automated script rather than the normal comment form, your comment may be flagged as spam or automatically deleted. Also, if your comment contains hyperlinks, certain types of HTML and/or other code, and/or special characters, they may be removed, whether automatically “stripped” prior to publication or manually deleted by me.
Each time a comment is submitted, the website automatically forwards that comment as an email notification to the site administrator so that I can review the comment and decide whether or not to approve and publish it. If the author of the post or page on which the comment was submitted is an administrative user other than the site administrator (or has an email address different from the primary site administration email address), the comment is also forwarded as an email notification to that author. As noted in “Security Scans” above, this means that any information in your comment may be scanned for scanned for suspected spam, malware, and/or other suspicious activity by me and/or my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s).
I may publish and/or use your submitted comment(s) as described in the Comment Policy section of the Terms of Use. If your comment is approved and published, any information you entered in the “Name” and “Comment” fields (and/or the “Website” field, if I have enabled it) will become publicly visible. The email address you enter in the “Email” field will not be published with your comment, nor will your IP address or hostname, although any contact information you include in the “Comment” field may be, as may any images and/or other media files you include and the metadata of those files. (See the “Data in Submitted Images” section below.) If the site’s “Recent Comments” Widget(s) are enabled, your name/pseudonym and a link to your comment may also be visible on the home page and other areas of the website as well as the specific post or page you commented on; the contents of published comments may also appear in search results of the website’s search function and/or to users who have subscribed to this website’s web feeds (as described in “Subscribing via Web Feed (Atom and RSS)” above). If I have enabled the option that allows visitors to request email notifications of replies or follow-up comments, copies of your published comment may also be emailed to visitors who have requested such notifications. Once your comment is published, I cannot control and take no responsibility for what third parties may do with any publicly visible personal information that comment contains!
As explained in the “Commenting” subsection of the Cookie Notice, when you submit a comment, you may have the option to save your name, email, and URL for use in future comments. Doing so places a set of cookies in your browser (or other user agent) to store that information. These cookies are specific to your current device and browser (or other user agent) — that is, they work only in the browser or other user agent in which you set them, and only on your current device — and normally expire in just under one year unless otherwise deleted. These cookies are not set at all unless you select the appropriate option when submitting a comment, and you can delete the cookies from your browser (or other user agent) at any time.
When you submit a comment, you may also have the option to request email notifications each time a reply and/or follow-up comment is posted. If you have previously requested such notifications and wish to stop receiving them, please contact me via email at admin (at) aaronseverson (dot) com or leave a comment elsewhere on the site asking me to disable the notifications or remove that comment.
If you submit a valid email address with your comment, I may respond to your comment by emailing you at that address in addition to or instead of publishing the comment, particularly if I have questions or need to clarify some aspect of your comment. For example (but without limitation), if you have submitted two very similar comments, I might email you to ask which one you prefer me to publish, and if your comment contains what appears to be particularly sensitive information, I typically try to double-check that you wish to publish that information before approving the comment.
From time to time, I may gather additional information about you in connection with your submitted comment(s). For example (but without limitation), I might look up your name in a search engine to help me better understand who you are and the context of your comment, and/or, where applicable, verify your identity. In many cases, such additional information comes from sources available to the public, but I may sometimes also seek additional nonpublic information about you, which may come from a variety of sources, depending on the specific context and circumstances. Naturally, if you offer corrections and/or clarifications of my content, I will also take steps to verify that information and, if I deem it appropriate, incorporate the factual substance of such correction(s) and/or clarification(s) into the applicable content (and/or make a note for my future reference).
Although the website automatically collects the IP address (and/or hostname) and user agent information of anyone who submits a comment (information I need for security and troubleshooting purposes and to help distinguish human users from automated “bots”), I typically redact that information after a comment is published. I retain the email address originally submitted with each comment (which is stored in the website database as part of that comment) in case I need to contact the person who submitted it with any questions or issues related to the comment; email addresses are also my primary means of associating comments with the people who submitted them in the event I receive a request to access, delete, and/or correct personal information.
If you would like to edit or remove any of your published comments, please let me know by leaving another comment or emailing me at admin (at) aaronseverson (dot) com, specifying the comment(s) in question and explaining what you want me to do. (I may ask you to clarify or confirm your request before making the change or deletion, especially if I’m not sure exactly what you want me to do or if I need to take additional steps to verify your identity.)
The deletion of a comment (whether at your request or at my discretion) typically also deletes its associated information, although I may retain that information if I still need it for some specific purpose (e.g., for security or troubleshooting, for legal reasons, or because it contains information pertaining to my content and/or research), and copies of the comment and its associated information may remain for a time in backups or archives created by me and/or my web host. Keep in mind that even if a previously published comment is deleted, any publicly visible information in that comment (and/or any image(s) or other media it may have included) may have been accessed and/or used by third parties prior to its removal, which is outside of my control.
Obviously, if you’ve left multiple comments and/or communicated with me in other ways, I may still retain your email address and/or other information in connection with your other comments/messages even if certain of your individual comments are deleted.
I may also disclose personal information I collect through and/or in connection with user comments as otherwise described in “Disclosure of Personally Identifying Information” below.
Contact Forms
- Categories of information collected: IP addresses; domain names and/or hostnames*; user agent information; visitor activity; errors and suspicious activity*; names; email addresses; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: details of legal agreements (where applicable)*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*
- Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships; advertising or other commercial purposes
- Data retention: Typically indefinite, although I promptly delete obvious spam and/or abuse, duplicates, blank or unreadable submissions, and/or any submission containing suspicious code and/or suspicious links. Form submission data I retain is normally removed from the website server(s) to local and/or offline storage after receipt (although in some cases it may be captured in routine database backup files created by me and/or my web host, which may remain on the server(s) for longer periods) and I may sometimes redact certain portions that I no longer need. I must retain privacy requests submitted via the California Privacy Request Form to the extent necessary to comply with applicable law and/or regulations. See also the “Additional Information About Data Retention” section below.
This section applies to messages you send me via any contact or feedback forms I may offer on the aaronseverson.com website, including, though not limited to, privacy requests submitted via the California Privacy Request Form on the Do Not Sell My Personal Information page.
Special Note on Real Names vs. Pseudonyms/Aliases: I generally need your real name for financial transactions, communications that pertain to financial and/or legal matters, and certain privacy-related requests. For most other inquiries, you are free to submit forms using a pseudonym, although if you want me to reply, I do need a valid email address or other contact information. (If you enter a valid email address, the website will also automatically email you a copy of your submission for your records.)
This website may perform certain automated tests on form submissions in order to filter out submissions made by automated bots and discourage spamming and other malicious activity. For example (but without limitation), if your IP address or hostname was previously used in spamming this website; if your IP address, hostname, and/or user agent appear on ban lists/blacklists supplied by my security and/or anti-spam plugins; if your submission contains hyperlinks, common spam keywords (e.g., the names of certain well-known prescription pharmaceuticals), and/or suspicious code; if you submit the form using an automated script; if you incorrectly answer a captcha or math challenge; and/or if you fill in certain “honeypot” fields not intended to be completed by human users, your submission may be flagged as spam and/or automatically deleted. If your form submission contains HTML and/or other code, and/or special characters, they may be automatically removed. This automatic filtering is in addition to human moderation of form submissions; I routinely delete submissions that appear to be spam or contain suspicious code.
Because the website forwards new form submissions to me as email notifications, your submitted information may also be scanned for suspected spam, malware, and/or other suspicious activity, as described in the “Security Scans” section above.
When I receive your submission, I may gather additional information about you to help me better understand who you are and the context of your message, and/or, where applicable, verify your identity. For example (but without limitation), if you send me a message containing a business offer or advertising inquiry, I might look up your company name and/or visit your website to learn more about the nature of your business. In many cases, such additional information comes from sources available to the public, but I may sometimes also seek additional nonpublic information about you, which may come from a variety of sources, depending on the specific context and circumstances.
If I reply to your submission, I will normally do so via the email address you submitted unless you indicate that you wish me to respond in some other way.
If you use the California Privacy Request Form on the Do Not Sell My Personal Information page to submit a request to exercise your privacy rights under California law (see “Your California Privacy Rights” below for more information about these rights), or if you submit a California privacy request on behalf of someone else, I will contact you to discuss the next steps involved in processing your request, which may require me to verify your identity. (You can find more information about the verification requirements in the “Identity Verification Requirements” section of the Do Not Sell My Personal Information page.)
For contact or feedback form submissions OTHER than California Privacy Request Forms, I may publish your message or portions of it under the following circumstances:
- If your message includes corrections, clarifications, and/or suggestions pertaining to my content, my writing/editing/writing consulting work, and/or my other creative endeavors, I may incorporate the factual substance of your corrections, clarifications, and/or suggestions into the applicable content, work, or creative endeavor(s) (e.g., to correct or clarify factual or typographical errors you identified).
- If your message provides significant assistance with the management of this website, my content, my other creative endeavors, and/or some related matter(s), I may elect to publicly acknowledge and/or thank you by name or applicable pseudonym, unless you ask me not to or I reasonably surmise that you prefer not to be acknowledged or identified.
- If your message includes questions and/or comments about me, my content, and/or this website, or pertains to a technical problem with the site, and unless you specifically request otherwise, I may publish excerpts of your question or report on the aaronseverson.com website to publicly respond to your question(s) and/or comment(s), and/or to support other users with similar concerns. I will redact any information that appears to be personally identifying other than your name or pseudonym (unless you ask or authorize me to include other personally identifying information). If I have published your message (or an excerpt of it) in this manner and you wish me to amend or further redact it (for example, to remove your name and substitute a pseudonym), I will make a reasonable effort to accommodate your request provided that it does not infringe upon the rights of others or attempt to impersonate some other individual or organization. If you wish me to completely unpublish a message you submitted that I have published or excerpted in this way, please let me know and I will endeavor to do so (to the extent I reasonably can) at my earliest opportunity.
- In the event your message identifies a technical problem that I am unable to fix, I may publish or otherwise communicate the substance of your reported issue (but NOT your name or other personal information) on this website in other public forums (e.g., the WordPress.org support forums), and/or to other third parties to help me troubleshoot and/or resolve the problem you identified. (WordPress is a registered trademark of the WordPress Foundation in the United States and other countries.)
- If you ask or authorize me to publish your message (or some portion of it), I may do so as I deem appropriate.
Please note that once a message (or some portion of it) has been published, I cannot control and take no responsibility for what third parties may do with any personal information the published message may contain.
I may disclose information related to California privacy requests to the extent required and/or otherwise permitted by applicable law and/or regulations for compliance purposes; to comply with a legal obligation (e.g., to respond to a subpoena or other court order); and/or to publish aggregate information about requests I receive, as described in “Reports and Aggregate Statistics” below.
Otherwise, I may disclose personal information I collect through and/or in connection with form submissions as described in “Disclosure of Personally Identifying Information” below.
Other Inquiries, Messages, and Support Requests
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)*
- Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships; advertising or other commercial purposes
- Data retention: Varies, but potentially indefinite; see “Additional Information About Data Retention” below.
This section refers to messages or communications I receive about or in connection with this website OTHER than through comments or contact or feedback form submissions (such as, without limitation, support requests sent via email, site-related inquiries sent via postal mail, and/or site-related telephone calls and/or text messages).
Special Note: In general, you’re perfectly free to contact me using a pseudonym unless your communication(s) pertain to a legal matter, a specific financial transaction, or certain privacy-related requests, in which case I may need your real name. Obviously, some modes of communication are better suited than others for anonymity.
The types of personal information I collect in connection with such messages can vary significantly depending on the specific mode of communication. For example (but without limitation), a text message is unlikely to include your IP address, hostname, or user agent information, but will almost certainly reveal your phone number, and a voicemail message will obviously record your voice (which in some cases may be automatically transcribed). Email messages typically include a variety of potentially personally identifiable metadata in the email headers and any file attachments (including, though not limited to, any attached images and/or other media — see “Data in Submitted Images” below). If you contact me via a third-party website or service, e.g., a social media platform, the message will likely include your account name, profile picture, and potentially information in your public profile and/or that you make visible or otherwise accessible to me; the messages themselves might also be publicly visible. With some third-party services, individual settings may also affect what information is visible and/or accessible in connection with messages and/or other communications.
As noted in the “Comments” and “Contact Forms” sections above, when you contact me, I may sometimes gather additional information about you to help me better understand who you are and the context of your message, and/or, where applicable, verify your identity. For example (but without limitation), if I receive a telephone call from an unfamiliar number, I might look up the number in a search engine or reverse telephone lookup service, and if you email me a business proposition, I might visit your website to learn more about your business before replying. In many cases, such additional information comes from sources available to the public, but I may sometimes also seek additional nonpublic information about you, which may come from a variety of sources, depending on the specific context and circumstances.
If I reply to your message, I will normally do so via the same means you used to contact me unless you indicate that you wish me to respond in some other way. In some cases (e.g., if I receive messages related to one of my other websites through the admin address for this one, or if you send me site-related email through one of my personal accounts or addresses), I may, if possible, forward the message to an appropriate administrative account or address and respond from there instead.
Keep in mind that messages exchanged via third-party sites or services are subject to those sites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use, which are outside of my control, and which may apply in addition to or, in some cases, instead of this Privacy Policy and the Terms of Use of this website. For example, if you send me a commercial inquiry related to this website via a third-party messaging service, this Privacy Policy will govern how I use and/or retain that inquiry and the information it contains, but the applicable messaging service’s policies will govern how that service uses and/or retains information from and/or related to that communication. This includes (without limitation) calls and/or texts made or received using the Google Voice communications service and/or any messages sent or received via my account(s) on the Gmail email service. (Although I now strive to limit my use of third-party email services for site-related business, some messages related to this website (such as, without limitation, notifications, call and/or voicemail transcripts, texts, and/or other messages made or received via the Google Voice service, and/or notifications or other messages pertaining to other Google services I may use) may occasionally be sent or received via and/or remain archived in those accounts.) Those and other Google services are subject to any applicable Google terms and policies, including, but not necessarily limited to, the Google Terms of Service; other service-specific additional terms and policies (e.g., the various terms and policies that apply to the use of the Google Voice service, which are summarized in the Google Voice “Additional Terms of Service” help page); the Google Privacy Policy; and, where applicable, the Google Telephony Services Privacy Disclosure. (Google, Gmail, Google Voice, Google Workspace, and other related marks and logos are trademarks of Google LLC.) Obviously, I may also communicate with people via various other third-party services; these are just a few representative examples.
As explained in the “Security Scans” section above, messages I send or receive may be scanned for suspected spam, malware, and/or other suspicious activity by me and/or (as applicable) my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s). This may include messages I receive through a third-party website or service if I have message notifications forwarded to me via some other means. (With some services, notifications include only the fact that a new message was received from a particular sender; other services include some or all of the message in the notification.) I (and/or my applicable service providers) may also perform other types of automated tests on messages I receive — for example (but without limitation), I may automatically filter, flag, and/or categorize certain types of messages to help me better organize and manage my inbox(es).
If you communicate with me by some means or medium that is shared by (and thus accessible to) multiple users, and/or that is publicly accessible — for example (but without limitation), via an email discussion group or group chat, on social media, and/or by transmitting electronic files via shared FTP folder(s) — those communications and any personal information they contain may be visible or otherwise accessible to anyone with access to the shared medium. I cannot control and take no responsibility for what third parties may do with any personal information in shared and/or publicly accessible communications, so you should exercise caution when disclosing sensitive information in such contexts.
I may publish your messages or other communications, or portions thereof, under the same circumstances as described in the “Contact Forms” section above. Obviously, information that pertains to my content, writing/editing/writing/consulting work, and/or other creative endeavors (for example, if I interview or consult with you in connection with an article I’m writing) may be published and/or otherwise disclosed in that context. Otherwise, I may disclose personal information I collect through and/or in connection with inquiries, messages, and support requests as described in “Disclosure of Personally Identifying Information” below.
See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The data retention and data use policies of any third-party websites or services you may use to contact me are generally outside of my control.
Other Information You Provide to Me
In certain cases, you may provide me with personal information through and/or pertaining to this website in ways not specifically mentioned above. For example (but without limitation), if you send me an inquiry about this Privacy Policy via postal mail, it will likely include your mailing address as well as any information in your inquiry itself; if for some reason you visit my home and connect your mobile device to my personal wireless network (which is not available to the general public), my wireless router may log certain information about your device and/or its Internet connections. Any images and/or other media you provide to me may contain a variety of personal information; see “Data in Submitted Images” below. (These are just a few of the many possibilities, not an exhaustive list.)
My use and retention of personal information you provide to me in such ways will depend on the nature of the information and the context in which I collect it, although in general, I only disclose such information as described in “Disclosure of Personally Identifying Information” below. See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.
Data in Submitted Images
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata); other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: camera and/or mobile phone types/models (determined from metadata or inferred from other data)*; special: device identifiers*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)*; special: other visible and/or audible information that may be personally identifiable and/or potentially personally identifiable (e.g., a pictured car’s license plate and/or vehicle identification numbers)*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships; advertising or other commercial purposes
- Data retention: See below.
Photographs and other images or media I collect for use on this website, in connection with my content and/or other creative endeavors, and/or for some related purpose(s) — whether submitted by you in connection with a comment or other communication; created by me; or obtained from some other source — may contain an assortment of personal information.
First, the identifiable image and/or recognizable likeness of any individual person (and/or their audible voice, e.g., in a video or audio recording, broadcast, or other media) is usually considered to be personal information about that individual. Images or other media may also contain and/or make it possible to infer other types of personal information.
Second, digital media files usually contain metadata (e.g., Exif information) added by the camera or device that originally generated the file and/or by any software used to edit it, some of which may include and/or constitute personal information and/or potentially personally identifiable information. At a minimum, metadata normally includes the filename, type, size, creation date/time, and the date/time of the most recent modification of that file. For digital photos, metadata typically also includes the make and model of the camera/device, camera and image settings (e.g., shutter speed, F-stop, color profile, whether the flash fired), and sometimes the type and version of any editing software used. Depending on the type of camera/device, the software used, and the individual settings, the metadata could also include personal information and/or potentially personally identifiable information, e.g., the photographer’s name and/or the location where the photo was taken, based on GPS coordinates (a common option on modern GPS-equipped cameras and mobile devices). Video and/or audio recording devices and/or editing software may add various metadata to other types of digital media files. The number of potential variations is too great to detail here, so you should consult the documentation and settings for your individual device and software.
Naturally, if you submit an image or other media file to me, you are providing me with any information contained in the image or other media file and its metadata, as well as any other information you provide to me about the image or other media file, its subject(s) and/or setting(s), and/or the context in which it was created. If the image or other media file is published on this website, this information may be included, making it available to the public. I cannot control and take no responsibility for what third parties may do with any personal information a published image or other media file or its metadata may contain.
If I use your images and/or other media on this website, I may also ADD metadata to the file(s) and/or alter the filename(s) to indicate your copyright and license information (e.g., “© 2018 John Doe; used with permission”). This helps me to keep track of the provenance of the images and/or media files I use.
I typically also gather additional information about the images and/or other media I use and any subject(s) and/or setting(s) they depict or illustrate so that I can correctly identify and describe them (and/or so I can understand and/or accurately describe the circumstances under which the images and/or other media were created — e.g., where and when a particular photograph was taken). Such information may come from a variety of sources (which may include sources available to the public and/or nonpublic sources) depending on the nature of the images and/or other media files and the context in which I obtain them.
If you submit an image or other media file to me, you are free to remove or redact any personally identifiable metadata it may contain — and/or to obscure personal information in the image or other media itself — prior to submitting it to me. (Certain types of metadata (e.g., file extensions) are necessary for an electronic file to function properly, but other metadata can be edited or redacted, either through your computer’s file system or by using appropriate editing tools.)
In some cases, I may be able, upon your request, to remove or obscure personal information from the images or other media files you submit to me or from specific previously submitted ones. I may also elect to remove certain data on my own initiative and/or do so incidentally in the process of preparing the images and/or other media files for use (e.g., by creating a resized copy of an image that omits some or all of the original image file’s metadata). However, please note that this is not always feasible. Also, if the image is owned by someone else, I might need the rights holder’s advance permission to alter it.
If I remove or obscure information from an image or other media file that has already been published on this website, copies of the original version (with personally identifiable information intact) may remain for a time in cached pages and/or backup files created by me and/or my web host. Again, please keep in mind that any personal information contained in the earlier version of the image or other media file may already have been accessed and/or used by third parties during the time it was available to the public, which is outside of my control.
I typically retain indefinitely offline copies and archival backups of the photos, images, and other media files I create and/or collect for publication on this website and/or for use in connection with my content and/or other creative endeavors, including, where possible, the associated work files and editing stages, if any, for images or files I have modified. However, I may delete, destroy, or discard certain specific images and/or other media files if they are duplicates; if I deem them unusable (e.g., photos that are out of focus, badly cropped, or too dark to see clearly); if the files are damaged or corrupt; if I have agreed and/or have some contractual or legal reason to delete them (e.g., if I have agreed to delete all copies of a particular image); or if I elect to not use them (or to discontinue using them) for some other reason. If I have contact information and/or other relevant data pertaining to the creator(s) and/or subject(s) of a particular photograph, image, or other media file, I customarily retain that data for at least as long as I retain the file itself.
If you have questions about data related to images and/or other media, please contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.
Data Related to Administrative Users
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; metadata*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: other technical details (some of which might be potentially personally identifiable and/or constitute personal information in certain jurisdictions)*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and technical improvement; recruitment/hiring or business partnerships
- Data retention: Varies, but potentially indefinite.
In the (currently unlikely) event that I authorize some other person(s) to become an authorized administrative user of this website, I may collect a variety of personal information from such person(s), both as part of the user registration process and in connection with such users’ subsequent access to and/or use of the site’s administrative dashboard.
Registered administrative users select several usernames (which may include their real name and/or a pseudonym): a permanent username that is used for login purposes and cannot be changed; a nickname, which can be changed at any time after registration; and a public display name (which can be the permanent username, the nickname, or the user’s real first and/or last names). Each administrative user also receives a unique user ID number within the website’s database. Naturally, each administrative user must select, generate, or be assigned a suitable login password. I may also ask or require administrative users to use multi-factor authentication, which requires the user to enter an authentication code (usually sent via email and/or text, generated via an authenticator app, or selected from a pre-generated list of backup codes) in addition to a password and username or email address in order to log into the administrative dashboard. As noted in “Security Scans” above, the QR Code® that may be used to set up multi-factor authentication is generated via a remote API service operated by SolidWP or its parent company. Because SolidWP is now one of the StellarWP brands, part of the Liquid Web family of brands, communications with that API service are subject to the StellarWP Privacy Policy. (SolidWP, StellarWP, and Liquid Web are trademarks of Liquid Web, LLC. QR Code is a registered trademark of DENSO WAVE INCORPORATED; DENSO and DENSO WAVE are registered trademarks of DENSO Corporation.)
Each registered user has a user profile in which they may enter contact information, the URLs of a personal website and/or various social media profiles, and a short “About Yourself” biography. Only the contact email is required; it is not normally publicly visible (unless the user makes it so), although the external links, social media profiles, and/or biographical information may be. Additionally, I may require other administrative users to provide me with various other personal information, which is not necessarily recorded in their user profile. (It is extremely unlikely that I would authorize someone to become an administrative user if I did not have ample information about them, including (though not limited to) their real name and their contact information!) I may also collect administrative users’ ages and/or dates of birth to confirm that they are at least 18 years old; I do not knowingly permit any person under the age of 18 to access the site’s administrative dashboard.
This website uses a variety of cookies to manage logins and user credentials for administrative users; these cookies are described in the Cookie Notice. Additionally, the website and/or my web host may log certain information about each administrative login or login attempt, and about any actions a user performs on the site while logged in. For example (but without limitation), the website may record an administrative user’s username, user ID number, IP address, hostname, user agent information, and/or geolocation data each time the user logs into the administrative dashboard, edits a post, or installs or updates a plugin or other site component. The specific information collected in such ways naturally varies depending on the specific context, but is generally similar to the types of information described in the “Website Server, Error, and Security Logs” and “Security Scans” sections above.
Naturally, I may use an administrative user’s email address and/or other contact information to communicate with that user. Administrative users may also receive a variety of automated email notifications related to this website. For example (but without limitation), an administrative user might receive automated emails containing multi-factor authentication codes for login purposes; confirmation emails pertaining to new user registration; confirmations of password changes and/or changes in certain other settings; notifications of new comments submitted on posts or pages of which the administrative user is the author and/or that are awaiting moderation; notifications of certain site changes (e.g., a notification that a plugin or theme has automatically updated) and/or automated tasks or events (e.g., scheduled backups); error notifications (e.g., warnings that a scheduled event event has failed to complete or that an outgoing email message was rejected by the recipient’s mail server or otherwise failed to go through); and/or security alerts. (These are just a few representative examples, not an exhaustive list of all the automated emails an administrative user might receive, which may also vary depending on the user’s specific administrative role.) If an administrative user loses their password and requests a reset, they’ll also receive an automated confirmation email, which includes the IP address from which the reset request was made.
Some of the information administrative users provide and certain actions they perform may become publicly visible, generally in self-evident ways. (For example, but without limitation, most new published posts and/or comments will become publicly visible, as may user profile information.) Other information I collect from and/or about administrative users is always accessible to me, and in some cases may also be accessible to other administrative users, if any. (For example, but without limitation, administrative users may have access to the information contained in the user profiles of other users, and may have sufficient administrative permissions to access and/or change user login credentials and/or user settings, just as I do.)
As noted in “Embedded Content” and “Advertising” above, some portions of the administrative dashboard may contain advertising and/or embedded content placed there by third parties in connection with this website’s plugins, themes, and/or other components. Some of this advertising and/or embedded content may use cookies and other technologies, and/or otherwise collect personal information about users who access the administrative dashboard — potentially in ways that do not apply to and/or that I do not permit on the publicly facing portions of the website. The providers of such advertising and/or embedded content may also collect personal information about administrative users’ online activities over time and/or across different websites and/or online services, which is typically outside of my control.
Additionally, certain administrative email messages may contain embedded content provided by third parties, and/or may incorporate code and/or content (e.g., logo images) hosted on and remotely served by the web servers used by this website. (In general, the loading in an email message of code and/or content from this website causes the recipient’s IP address (and/or hostname), user agent information, and other device information to be recorded in the website logs in the manner described in “Website Server, Error, and Security Logs” above.) Administrative users are free to block the loading or downloading of embedded content or remotely served code and/or content in administrative email messages, which in most cases does not impair the messages’ functionality.
My retention of information I collect from and about administrative users varies depending on the context. Profile information and login credentials are normally retained for as long as the user uses those details (and may remain in backup files for a time after being changed or removed). If someone is a registered administrative user, I will retain their contact information for at least as long as they have continued access to the website’s administrative dashboard, and potentially indefinitely (especially if I have some ongoing personal or professional relationship with them independent of their role as an administrative user). The retention of log data is described in the “Website Server, Error, and Security Logs” and “Security Scans” sections above. Comments an administrative user posts will be treated like any other comments on the site; retention of other content posted or submitted by another administrative user may depend on what legal relationship, if any, I have with that user.
Excepting my own personal information — which of course I may use and/or disclose in any manner I deem appropriate — I may disclose information collected from and/or about administrative users as described in “Disclosure of Personally Identifying Information” below. Other administrative users must also accept and agree to abide by this Privacy Policy as well as any additional confidentiality, nondisclosure, and/or other legal agreements I may require, which shall be determined in my sole discretion.
(The additional information I may collect in connection with my professional relationships with independent contractors, employees, and/or business partners is beyond the scope of this section. The “Data Related to Recruitment/Hiring or Business Partnerships” section below describes the types of information I may collect in those contexts.)
Data Related to Recruitment/Hiring/Employment or Business Partnerships
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; other documents/materials (including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*; special: work authorization, payment, and/or tax-related information (e.g., Social Security numbers and/or other taxpayer identification numbers, tax documents, payment- and/or payroll-related information, and/or information pertaining to an individual’s authorization to work in my locale)*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)*
- Purpose(s): Providing services; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships
- Data retention: Potentially indefinite, although I may (except as otherwise required by law) delete or discard unsolicited offers or commercial solicitations, spam, applications or inquiries that were obviously submitted by bots rather than people, and/or information I have some legal or contractual obligation to delete or discard; see below for more details.
From time to time, I may seek to recruit and/or hire temporary or permanent employees, independent contractors, and/or interns to help me provide my services and/or perform specific tasks and/or functions for me. In some cases, I may enter into or contemplate entering into some other type of professional relationship with some other individual(s) or entity: for example (but without limitation), a professional collaboration, formal business partnership, or joint venture (JV).
Please note that the inclusion of this section DOES NOT necessarily mean that I am hiring, soliciting partnership or JV proposals, or likely to do so in the immediately foreseeable future. The purpose of this section is to describe my policy for handling information in such situations.
In such situations, I may collect (to the extent permitted by applicable law and/or regulations) a broad range of personal information about any individual(s) or entity I hire or contemplate hiring and/or with whom I enter into or contemplate entering into any professional relationship or business venture, such as (without limitation) contact information; resumes/CVs; education information; professional certifications and/or licensure information; employment histories; professional references and/or information about current and/or past clients, customers, and/or business ventures; professional portfolios and/or other samples; skill or aptitude test results; government-issued identification (e.g., driver’s license, state ID card, and/or passport); information about their authorization to work in my locale (e.g., Form I-9 and any documents used to establish identity and/or employment authorization); information about professional charges, rates, and/or fees; information about salaries, compensation, and/or benefits (e.g., salary histories and/or salary expectations); information required for employee or independent contractor reporting; payment- and/or payroll-related information; tax-related information (e.g., tax withholding documents and/or information necessary for employment tax reporting purposes); and/or the various types of information revealed in a typical background check or investigation. (This is not an exhaustive list; the types of information I collect may vary depending on the context, and applicable law and/or regulations may dictate what types of information I must or must not collect and/or consider.) Obviously, I may also make various inferences based on the information I collect, e.g., my judgment of a candidate or applicant’s suitability for a specific role or whether a proposed venture is in my interests.
The information I collect may come directly from the applicable individual(s) or entity — with whom I may of course communicate via email, phone, and/or various other means as I deem appropriate in the particular circumstances — and/or from third-party sources such as (again without limitation) staffing agencies/employment agencies, fingerprinting and/or background check services, current and/or past colleagues and/or coworkers, current and/or past clients and/or customers, current and/or past business partners, professional references, current and/or past instructors and/or students, subject matter experts, public records, news reports, and/or other information or records available to the public.
My retention of such data varies depending on the context in which I collect it. Except as otherwise required by law, I may promptly delete unsolicited offers or commercial solicitations as spam, although I typically retain inquiries to which I respond, even if I decline them. I may indefinitely retain applications for employment and/or employment referral records, although I may (except as otherwise required by law) discard applications or inquiries that were obviously generated by bots rather than people. My retention of applications or related information I receive through third parties such as (without limitation) staffing agencies/employment agencies, and/or information I collect in connection with an offer of partnership or other business proposal, may be subject to certain contractual requirements (e.g., an obligation to return or destroy certain information after a specific period of time). Applicable law and/or regulations may also govern whether and for how long I must retain application, hiring, employment, employment referral, membership, and/or personnel records, files, and related information. The retention of such information by third parties (such as, without limitation, staffing agencies/employment agencies and/or other vendors or service providers) is subject to the respective policies of such third parties, and in many cases is outside of my control.
I may disclose information pertaining to any individual(s) or entity I hire or contemplate hiring and/or with whom I enter into or contemplate entering into any professional relationship or business venture as I deem reasonable and appropriate (and to the extent permitted by applicable law and/or regulations and/or any relevant contractual obligations) for me to make informed hiring, employment, and/or business decisions. For example (but without limitation), I might disclose a job applicant’s information to a service that conducts background checks for me, discuss a prospective independent contractor’s work and professional reputation with their previous clients, or seek financial and/or legal advice regarding a possible partnership or other business venture. I may also disclose such information as otherwise described in “Disclosure of Personally Identifying Information” below.
Financial Transactions Policy
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (possibly including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*; special: transaction-specific details, other financial information, and/or tax-related information (e.g., transaction IDs, check information, payment history, account information, Social Security numbers and/or other taxpayer identification numbers, and/or relevant tax documents)*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)* (Please note that payment processors, banks, other financial institutions, and/or other applicable vendors and/or third-party services may also collect other types of information not listed here.)
- Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; advertising or other commercial purposes
- Data retention: Typically indefinite; see below.
The following policy applies to financial transactions with me that pertain to the aaronseverson.com website, such as (without limitation) the purchase of advertisements on this website.
Please note that this policy applies only to transactions pertaining directly to the aaronseverson.com website, and then only to transactions you enter into with me, NOT to your transactions with third-party vendors, retailers, or services that are outside of my direct control. For example (but without limitation), if you purchase a copy of some work I have written through an online bookseller, the bookseller’s policies will apply, NOT this Financial Transactions Policy. Transactions related to my professional writing/editing/writing consulting business, 6200 Productions, will be subject to its separate Financial Transactions Policy, while transactions related to my automotive website, Ate Up With Motor, will be subject to the Ate Up With Motor Financial Transactions Policy, not this one. (6200 Productions is a trademark of Aaron Severson dba 6200 Productions. Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor.) You should refer to those separate policies where applicable; while the policies are generally similar, they are not identical.
If your transaction is pursuant to a separate written agreement with me (e.g., a contract for professional services, an advertising or endorsement agreement, or a license agreement for the use of my content), the terms of that agreement shall, where applicable, take precedence over the terms of this Financial Transactions Policy. Similarly, if a transaction involves one or more third-party services (e.g., payment processors, marketplaces, auction services) that impose or otherwise require specific policies with respect to transactions conducted on and/or otherwise involving their services, those policies shall — to the extent such service(s) may require and where applicable — take precedence over the terms of this Financial Transactions Policy. For example (but without limitation), if a particular transaction is conducted through an online marketplace that requires such transactions to be returnable or refundable under certain conditions, such requirements shall take precedence over the policy described in “Refunds and Returns” below.
Nothing in this policy limits your rights and remedies under applicable law.
Transaction-Related Information Gathering
If you enter into a financial transaction with me that pertains directly to the aaronseverson.com website — whether to make a payment to me or for me to pay you for goods, services, or some other purpose — I may collect certain personal information from you, such as (without limitation) your name, company name (if applicable), email address, billing address and/or other contact information, transaction details, payment information, invoice numbers and/or other transaction identifiers, tax ID number(s), relevant tax documents, and/or other tax-related information.
If your transaction is via a third-party payment processing service or other service provider (e.g., an electronic funds transfer service), much of this information, including payment details such as bank account and/or credit card numbers, may be collected and processed by the payment processor or service provider rather than by me. For other types of transactions, that information may be collected and processed directly by me and/or the applicable bank(s) and/or other financial institution(s). (For example (but without limitation), if you make a payment to me by check, the check will necessarily include the routing and account numbers so that the applicable bank(s) and/or other financial institution(s) can process the deposit and the transfer of funds.)
Transactions conducted via PayPal® services are subject to the PayPal User Agreement, the PayPal Privacy Statement, the Statement on Cookies and Tracking Technologies (which is linked from within the applicable PayPal Privacy Statement), and any other applicable PayPal policies, terms, and/or conditions. (These may differ depending on where you are, so visit the “Legal Agreements for PayPal Services” page and select your location using the drop-down menu to see the versions of these agreements and documents that apply to you. I am located in the United States and thus am subject to the U.S. versions.) The PayPal services may use cookies and/or similar technologies in the payment button and/or the shopping cart to collect information about, track, and/or identify users, in addition to whatever information the services may collect to log you into your PayPal account (if any) and/or complete any applicable transaction(s). I do not have access to user data collected by PayPal services except for the information I receive in connection with a completed PayPal transaction, which is described in the following paragraph.
If a transaction is completed via PayPal services, I may receive a standard transaction report (which is sent to me via email as well as being stored in my PayPal account) that contains various personal information, typically including (though not necessarily limited to) a unique transaction ID number, your name, email address, mailing address, and shipping address (if different); the date and amount(s) of the payment(s) (and of course what each payment was for); whether or not you are a “Verified” PayPal user; and any notes or additional instructions that may have been specified. If the payment(s) were for a PayPal invoice, a copy of that invoice will be appended to the report. This transaction report does NOT include and I do not have access to any credit card, debit card, bank account, or other financial account information you use with your PayPal transactions or have associated with your PayPal account. The receipts, payment confirmations, and/or other transaction-related notices I receive when I make payments and/or purchases via those services may contain personal information similar to that found in the transaction reports for payments I receive via PayPal services (but may include my credit card, debit card, bank account, and/or other financial account information where applicable). (PayPal.com, PayPal, and all logos related to the PayPal services are either trademarks or registered trademarks of PayPal, Inc. or its licensors. In addition, all page headers, custom graphics, button icons, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal.)
In some cases, I may seek additional information about you in connection with your transaction, either from you directly and/or from third-party sources. Some examples might include (without limitation) looking up your address in a mapping or navigation service to clarify delivery instructions for a courier or other delivery service; checking with the applicable postal service to verify your postal code; inquiring whether payments made from a business account or business email address are for the business or for the individual; and/or investigating suspected fraud and/or other security issues. (These are just a few representative examples, not an exhaustive list.) Such additional information may come from a variety of sources (which may include sources available to the public and/or nonpublic sources) depending on the specific context and circumstances.
If I enter into and/or complete a transaction with you via and/or otherwise involving a third-party service, the applicable service may provide me with additional information about you and/or other individual(s) and/or entities involved with that transaction (e.g., your profile picture, if any, on that service), as further described in “Transaction-Related Information I Receive from Third Parties” below.
I may use the personal information I collect in connection with transactions for billing/invoicing; so that I can process and/or complete the applicable transaction(s); to respond to your transaction-related questions, inquiries, and/or comments; for my administrative, bookkeeping, accounting, tax reporting, and/or legal compliance purposes; to troubleshoot and/or resolve technical problems, and/or for service improvement purposes; for fraud prevention and/or other security purposes; and/or to fulfill my contractual obligations to the applicable payment processor(s), bank(s), other financial institution(s), and/or service provider(s), and/or to other relevant third parties (e.g., my agent(s) and/or manager(s), if any). (In particular, my service agreements with my payment processor(s), bank(s), and/or other financial institution(s) typically require me to cooperate with their investigations and to respond promptly to their requests for relevant information.) Naturally, transaction-related information may also help me to achieve various other business and/or commercial purposes, such as (without limitation) deciding whether to continue offering a particular product or service; measuring the effectiveness of my advertising and/or marketing efforts; setting prices; determining what products, services, and/or content to offer in the future; and/or making my own purchasing decisions. While such purposes typically involve aggregate transaction data (e.g., total sales, revenues, returns, and/or conversions) rather than personal information pertaining to individual transactions, I may also consider and/or otherwise use information related to specific transactions if I deem it relevant — for example (again without limitation), taking specific customer feedback and/or certain past client experiences into account when weighing a particular business or commercial decision, or describing my experience with a specific transaction as part of a review of the applicable vendor(s).
Consent to Electronic Communication Delivery
By entering into a financial transaction with me that pertains to this website, you affirm your consent to electronically receive any and all communications related to your transaction (including, without limitation, any related invoices, agreements, disclosures, notices, policies, transaction confirmations, and/or transaction reports).
Such communications currently have the following hardware and software requirements:
- A device with an Internet connection.
- A current web browser that supports 256-bit or stronger encryption.
- A valid email address.
- An email client capable of reading both plain text and HTML email.
- Software capable of opening files in DOC, DOCX, PDF, XLS, and XLSX formats.
- Storage space sufficient to store the communications electronically, and/or a printer on which you can print them.
I will notify you in the event of any material change to these requirements.
You are responsible for promptly notifying me of any change to your email address that may affect your ability to electronically receive communications related to your transaction. You acknowledge and agree that in the event I electronically send you a transaction-related communication that you do not receive because your email address is incorrect, invalid, or out of date, or because the communication is blocked by your Internet service provider or spam filters, I shall (except as otherwise required by law) be deemed to have provided you with the communication.
You have the right to withdraw your consent to electronically receive communications by notifying me via any of the methods described in the “Customer Service Information” subsection below. I will confirm your withdrawal in writing (either on paper or electronically) and indicate the date on which such withdrawal takes effect. Please note that a withdrawal of consent will not apply to any communication provided to you electronically before the date on which the withdrawal takes effect.
In the event you do not consent or withdraw your consent to electronically receive communications, I reserve the right (to the extent permitted by applicable law) to cancel your transaction, restrict or refuse future transactions with you, and/or limit your acceptable payment types.
After consenting to receive communications electronically, you may request to receive paper copies of any communications I previously sent you electronically by contacting me via any of the methods described in the “Customer Service Information” subsection below. Depending on the nature of the communications, I reserve the right (to the extent permitted by applicable law) to charge you a fee for such paper copies up to but not exceeding the actual cost of postage or shipping. No such fee will apply to paper copies of any tax document I am required by law to send you. Requesting paper copies of communications you previously received electronically will NOT be considered a withdrawal of consent to receive future communications electronically unless you specifically indicate that you wish to withdraw consent as indicated above.
Notwithstanding the foregoing:
- I may always, at my sole discretion, elect to send you any communications related to your transaction on paper in addition to or instead of furnishing those communications to you electronically, even if you consented to receive such communications electronically.
- I will furnish any required tax statements to you on paper unless you separately consent to receive such statements electronically. This does not apply to any tax forms or related documents I provide for you to complete and return to me (e.g., to request your taxpayer identification number), which I may send to you electronically as described above.
Acceptable Payment Types
I presently accept the following forms of payment:
- For the purchase of advertising on the aaronseverson.com website: PayPal payments, personal or company check, money order, bank draft/cashier’s check/teller’s check, or electronic funds transfer, payable to Aaron Severson.
- For payment(s) of license fees and/or royalties for the reuse of my content: PayPal payments, personal or company check, money order, bank draft/cashier’s check/teller’s check, or electronic funds transfer, payable to Aaron Severson.
- For my professional writing/editing/writing consulting services, or for other types of transactions: personal or company check, money order, bank draft/cashier’s check/teller’s check, or electronic funds transfer, payable to Aaron Severson. (I do not currently accept payment via PayPal services for my professional writing/editing/writing consulting services. PayPal is a registered trademark of PayPal, Inc.)
Depending on the nature of the transaction and my business relationship with you, I may accept certain other forms of payment by prior mutual agreement, assuming that I have the means to securely and appropriately receive such payments from you, and provided that the use of such payment method(s) is permitted by applicable law and/or regulations. However, I do not accept virtual currency or cryptocurrency of any kind.
Under certain circumstances, applicable law and/or regulations may affect or limit the types of payment I can accept or use. (For example, federal regulations expressly prohibit the use of remotely created payment orders, remotely created checks, cash-to-cash money transfers, and cash reload mechanisms in many transactions conducted by telephone.)
Please note that U.S. law requires me to promptly report to the appropriate federal agency or agencies certain large transactions (or related transactions whose total exceeds certain dollar amounts) paid with cash and/or, in some cases, certain other monetary instruments (e.g., money orders, bank drafts/cashier’s checks/teller’s checks, and/or traveler’s checks). Such reports must include a variety of personal information about the payer and (where applicable) each other person on whose behalf the payer conducted the transaction(s), including (though not limited to) the payer’s verified name and address, occupation, date of birth, and U.S. taxpayer identification number (if any). Failure to timely report such transactions where required, omitting required information, furnishing inaccurate information, and/or attempting to evade the reporting requirements may be subject to substantial civil and criminal penalties. (Where I am required to report a transaction or transactions in this way, I am also required to provide a written statement to each person named in the report.)
Currency
Payments to me should be in U.S. funds, with any exceptions to be discussed in advance and subject to my prior approval.
Some payment processors, including many PayPal services, will automatically convert payments or funds transfers to the recipient’s preferred currency, or at least give you the option to do so. If your transaction is via PayPal services, you may assume any non-U.S. funds will be appropriately converted unless the applicable PayPal service warns or notifies you otherwise. (PayPal is a registered trademark of PayPal, Inc.)
For other types of transactions drawn on non-U.S. funds, please contact me in advance so that we can discuss appropriate arrangements for currency conversion.
Please note that my above-noted legal obligation to promptly report certain large transactions (or related transactions) paid with cash and/or certain other monetary instruments also applies to payments involving non-U.S. currency or currencies.
Taxes, Duties, and Fees
Except as otherwise expressly indicated or as otherwise required by applicable law, my prices and the charges for my services do not include any applicable taxes, duties, or other government-imposed charges or fees.
For certain transactions, I may collect and/or withhold (and/or may be required to collect and/or withhold) certain applicable taxes, duties, and/or other government-imposed charges or fees from you and remit them to the applicable government agency or agencies, in accordance with applicable law. Additionally, I may be required to report certain information about you to one or more tax agencies and/or other government entities in connection with payments I make to or receive from you, whether or not any tax collection or withholding requirements apply. In some cases, I may need to collect additional information from you for those purposes (e.g., by asking you to complete tax forms or other documents to provide information such as (though not limited to) your name, address, telephone number, business name (if applicable), Social Security number and/or other taxpayer identification number, other tax-related details, and signature).
Please note that you may owe taxes (e.g., sales tax, use tax, VAT, GST, HST, and/or other taxes), duties, and/or other government-imposed charges or fees on your transactions with me, whether or not I collect and/or withhold such taxes, duties, charges, or fees from you. Except as otherwise required by law, any applicable government-imposed taxes, duties, charges, and/or fees you may owe that I do not collect or withhold from you are your sole responsibility, as are any tax returns and/or other documentation you may be required to submit to the applicable government agency or agencies in connection with your transactions with me.
(Please also note that if I make any payments to you, it is your responsibility, to the extent required by applicable law, to report such payments; file any applicable tax returns and/or other required documentation; and pay any and all applicable taxes and other government-imposed charges and fees, whether or not I withhold any taxes or other government-imposed charges or fees from the payments made to you, and regardless of whether such withholding, if any, equals or exceeds your actual liability. For more information, contact the applicable tax agency or agencies, or consult a tax professional.)
Returned Check Fees
Payments you make to me by check, bank draft, or other negotiable instrument that are rejected or returned by my bank(s) and/or other financial institution(s) for insufficient funds or for any other reason shall be subject to a returned check fee up to but not exceeding the actual amount of any fee(s) my bank(s) and/or other financial institution(s) charge me in such circumstance. I reserve the right to waive this returned check fee at my sole discretion.
Refunds and Returns
The following is my general refund and return policy for payments you make to me that pertain directly to the aaronseverson.com website. Please note that if I specify different refund and return terms for a particular purchase or transaction (for example, in the applicable product listing, order form, invoice, or written contract), those specified terms will take precedence over the general refund and return policy presented below.
To request a refund, or if you need assistance with a refund or return already in progress, you can contact me via any of the methods shown in the “Customer Service Information” subsection below, or via any other contact method I may reasonably designate or make available to you for that purpose — for example (but without limitation), the contact information listed on an invoice I submit to you or that is specified in an applicable written agreement or other business communication with me.
My general policy for refunds and returns depends on the nature of the transaction, as specified below:
- Advertising Purchases: You may cancel your ad on aaronseverson.com for a full refund within seven days of your payment. If you choose to cancel your ad after seven days, but prior to the expiration date of the ad commitment, I will credit the prorated remainder of the commitment period toward a future ad, but cannot provide a cash refund except where I am required to do so by the applicable payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s), or as otherwise required by law. Notwithstanding the foregoing, I reserve the right to refuse and/or to refund (in whole or in part) any individual advertising purchase or purchases at my sole discretion.
- Other Purchases: Purchases of goods or services other than advertising are fully refundable prior to the delivery by me of the applicable good(s) and/or the performance by me of the applicable service(s). In the event you purchase tangible good(s) (e.g., a printed book) from me, you may return the purchased good(s) for a full refund, less any applicable shipping costs, within 30 days of the date of purchase or the period allowed by the applicable payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s), whichever is greater. Except as otherwise required by the applicable payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s), or as otherwise required by law, purchases of digital goods and/or services other than advertising (e.g., the purchase of an ebook and/or payment(s) for my writing/editing/writing consulting services) are nonrefundable once the applicable good(s) and/or service(s) have been delivered and/or performed (as applicable) by me. I reserve the right to calculate refunds for services I have partly performed, but not yet wholly completed, on a pro rata basis, depending on the nature of the service and the percentage or proportion I have already performed or otherwise completed. Notwithstanding the foregoing, I reserve the right to refuse and/or to refund (in whole or in part) any individual purchase or purchases, and/or any applicable shipping costs, at my sole discretion.
- Other Types of Transactions: For transactions that do not fit into any of the above categories (including, though not limited to, payment(s) of license fees and/or royalties for the reuse of my content), eligibility for refunds or returns shall be determined on a case-by-case basis and shall be at my sole discretion, except as otherwise required by the applicable payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s), or as otherwise required by law. I reserve the right to refuse and/or to refund (in whole or in part) any individual transaction or transactions, at my sole discretion.
Notwithstanding the foregoing, payments you make to me that pertain directly to the aaronseverson.com website shall be eligible for refunds and/or returns to the extent required by the policies of the applicable payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s), or as otherwise required by law. For example (but without limitation), if payment for a transaction is made via a third-party payment processor, that payment processor’s policies may require me to offer refunds and/or returns for that transaction, even if I otherwise treat such transactions as nonrefundable.
In addition to the refund and returns terms above, if you are located in the European Economic Area, Switzerland, or the UK, you may also have the right to withdraw from the transaction; see the “Right of Withdrawal” subsection below.
Right of Withdrawal
(Note: This subsection was adapted from language in the Terms of Service for WordPress.com by Automattic, which are licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license. Therefore, this subsection, like the rest of the Privacy Policy, is also licensed under CC BY-SA 4.0. Automattic and WordPress.com are trademarks or registered trademarks of Automattic (or Automattic’s licensors). WordPress is a registered trademark of the WordPress Foundation in the United States and other countries. I am not affiliated with or endorsed by Automattic or the WordPress Foundation in any way.)
If you are located in a country in the European Economic Area, Switzerland, or the UK, you have the right to withdraw from the transaction or contract within fourteen (14) days from the date of delivery (for the purchase of goods) or the date of conclusion of the contract (for the provision of services or the supply of digital content) without giving any reason, as long as your purchase was not of a customized nature, the service has not been fully performed, or subject to other limitations as permitted by law. For digital content, you agree that any purchase of digital content will be made available to you immediately and as a result you waive any right of withdrawal to such content.
You may exercise your right to withdrawal by sending a clear, written request via postal mail to Aaron Severson, Attn: Customer Service, 11100 National Bl. #3, Los Angeles, CA 90064, USA; via email at admin (at) aaronseverson (dot) com; or via any other email address indicated in the applicable contract or invoice(s).
To make your request, you can copy and complete the following model form:
- I hereby give notice that I withdraw from my contract of sale for the following goods or services: [list the specific goods and/or services)
- I purchased the goods or services on: [list the date of purchase, the date of the contract, or the last contract renewal, as applicable]
- My full legal name and email address are: [specify your name and email, if possible using the same email address you used for the purchase]
- My address of legal residence is: [list your address]
- Today’s date is: [list the date]
If you submit your request by postal mail, please also include your signature. (Requests submitted via email need not be signed.)
Effects of Withdrawal/Cancellation: If you cancel your transaction or contract with me, I will reimburse you all payments I have received from you in connection with the transaction or contract (or, if you cancel only a portion of the transaction, in connection with the portion of the transaction from which you are withdrawing), including delivery charges (with the exception of additional charges resulting from the fact that you have chosen a type of delivery other than the most favorable standard delivery offered by me), without undue delay and no later than within fourteen (14) days from the day on which I received the notification of your cancellation of the transaction or contract. For this reimbursement, I will use the same means of payment that you used for the original transaction, unless expressly agreed otherwise with you; you will not be charged for this repayment.
If you withdraw from the purchase of tangible goods, I may withhold reimbursement until I have received the returned goods or you have supplied evidence that you have sent the goods back to me, whichever is earlier. You must return the goods without undue delay, and in any event within fourteen (14) days after notifying me of your withdrawal from the transaction or contract; the deadline will be met if you send back the goods before the expiration of the 14-day withdrawal period. Unless you and I expressly agree otherwise, you are responsible for paying any return shipping costs that may apply.
If you cancel a contract for the provision of services and you have requested that I begin my services during the withdrawal period, you will pay me a reasonable amount corresponding to the services already provided up to the time you notify me of the exercise of the withdrawal right compared to the total scope of the services provided for in the contract.
If you cancel your transaction or contract with me, you will refrain from using or making available to third parties any digital content or digital services you received as part of the canceled transaction or contract (or, for a partial cancellation, as part of the canceled portion of the transaction).
Disclosure of Transaction-Related Information
I may disclose information related to your transaction(s) with me that pertain directly to the aaronseverson.com website, including, where appropriate, copies of any applicable invoices, checks and/or receipts, transaction reports (if applicable), shipping and/or delivery information (if any), and/or relevant tax information and/or tax documents:
- To the applicable email, telephony, and/or other communications service provider(s), for purposes of transaction-related communications; and/or:
- To the applicable postal service(s), common carrier(s), shipping agency (or agencies), and/or delivery service(s), for purposes of sending, receiving, and/or tracking the status of transaction-related correspondence, shipments, and/or deliveries; and/or:
- To the applicable person(s) or entity, in the event the transaction is for or on behalf of some other person(s) or entity (e.g., a purchase you make as a gift for someone else); and/or:
- To my legal counsel, bookkeeper(s), accountant(s), tax preparer(s), tax filing service(s), and/or tax attorney(s), as I deem reasonably necessary to my routine business operations, for legal compliance and/or audit purposes, and/or for my legal protection; and/or:
- To my employees, independent contractors, interns, agents, business partners, vendors, and/or service providers (as applicable) that need to know the information in order to complete your transaction, support my routine business operations, and/or otherwise provide services for me and/or on my behalf; and/or:
- To the applicable payment processor(s), bank(s), other financial institution(s), and/or electronic funds transfer service(s); their respective legal counsel, auditors, and/or fraud protection services (for example, if I must provide information in connection with a dispute or fraud investigation); and/or as otherwise required by my contractual agreements (if any) with such payment processor(s), bank(s), financial institution(s), and/or service(s); and/or:
- To any applicable federal, state, local, or other tax agency (whether within or outside the United States), where I am legally required to do so and/or deem it reasonably necessary to ensure my compliance with applicable tax laws and/or regulations (e.g., to calculate or estimate applicable tax rates and/or in connection with tax returns, filings, withholding, and/or estimated tax payments), and/or in connection with audits or other official investigations; and/or:
- As otherwise legally required (e.g., to comply with applicable government reporting or disclosure requirements; as part of and/or in connection with a customs inspection; in connection with a civil or criminal trial or other official investigation or proceeding; and/or if I receive a subpoena, court order, or other official order requiring me to disclose certain information); and/or:
- As otherwise described in “Disclosure of Personally Identifying Information” below.
Where applicable, I may also disclose in any or all of the above-listed ways personal information related to payments I make to you (and/or transactions with which I am involved in some other way) that pertain directly to the aaronseverson.com website. If the information pertains to my purchase of site-related goods, products, services, and/or content (and/or some other, similar, comparable, and/or related transaction(s)), I may also use and/or disclose relevant portions of that information in connection with customer service, support, warranty, and/or insurance matters, and/or disclose relevant information as part of and/or in connection with reviews and/or other commentary regarding the applicable transaction(s). For example (but without limitation), if I post a review of a recent site-related purchase, I might mention my experience with the specific salesperson or customer service representative who assisted me, and filing a warranty claim or support ticket for a recent purchase might require submitting receipts or other proofs of purchase.
I may also use personal information related to your transaction(s) to communicate with you via email and/or postal mail regarding the transaction(s) (e.g., to acknowledge, complete, and/or address questions and/or issues related to your transaction), and/or, if you call or text me regarding your transaction and/or ask me to call or text you, to communicate with you regarding your transaction by telephone and/or via text message.
As explained in the “Security Scans” section of the Privacy Policy, messages and/or notifications that I send or receive, including transaction-related notifications and/or messages, may be scanned for suspected spam, malware, and/or other suspicious activity by me and/or (as applicable) my web host, Internet service provider(s), mobile carrier(s), and/or other applicable service provider(s).
Data Retention
I generally must indefinitely retain records of my business-related financial transactions — including ones I refuse and/or refund — for bookkeeping and compliance purposes. (Many types of business documents, particularly tax-related ones, are subject to mandatory retention periods; for example, some documents related to state tax withholding must be retained for at least five years after the payments to which they pertain.) See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The retention of transaction-related data by third parties (e.g., applicable tax agencies, bank(s) and/or other financial institution(s), and/or payment processor(s)) is subject to the respective policies of such third parties, and in many cases is outside of my control.
Customer Service Information
If you have questions about this Financial Transactions Policy, would like to receive further information regarding this website, need help with a transaction involving the aaronseverson.com website, or have a complaint, please contact me via email at admin (at) aaronseverson (dot) com or by telephone at (310) 909-7846. IMPORTANT NOTE: Calls or messages to this number — which is provided by the Google Voice communications service — may be transcribed and/or recorded, and transcriptions, recordings, call notifications (including notifications of missed calls), texts, and/or other messages may be transmitted via email. All communications made or received through this number are subject to any applicable Google terms and policies (including, but not limited to, the ones listed in the Google Voice “Additional Terms of Service” help page; the Google Privacy Policy; and, where applicable, the Google Telephony Services Privacy Disclosure) as well as to this Privacy Policy. (Google, Google Voice, Google Workspace, and other related marks and logos are trademarks of Google LLC. I am not affiliated with or endorsed by Google in any way.)
Alternatively, you can contact me via postal mail at:
Aaron Severson
Attn: Customer Service
11100 National Bl. #3
Los Angeles, CA 90064
USA
You may also submit questions or complaints via any other contact method I may reasonably designate or make available to you for that purpose — for example (but without limitation), the contact information listed on an invoice I submit to you or that is specified in an applicable written agreement or other business communication with me.
If you have a complaint, you can also contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by telephone at (800) 952-5210 (or TTY (800) 735-2929 for the hearing impaired) or in writing at 1625 North Market Bl., Suite N 112, Sacramento, CA 95834, USA.
Information I Receive from Other Sources
Transaction-Related Information I Receive from Third Parties
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (possibly including metadata)*; geolocation data*; URLs/websites*; other personal information*; special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*; special: transaction-specific details, other financial information, and/or tax-related information (e.g., transaction IDs, check information, payment history, account information, Social Security numbers and/or other taxpayer identification numbers, and/or relevant tax documents)*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; special: information collected via cookies and/or similar technologies*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)* (Please note that payment processors, banks, other financial institutions, and/or other applicable vendors and/or third-party services may also collect other types of information not listed here.)
- Purpose(s): Functionality; providing services; completing a transaction; fulfilling a contractual obligation; legal compliance or audit; research and publishing; security, troubleshooting, quality control, and service improvement; advertising or other commercial purposes
- Data retention: Typically indefinite; see below.
As noted in the “Financial Transactions Policy” section above, I may receive information about you from third parties in connection with your transactions with me (e.g., transaction reports). See that section for more details.
If I offer goods, products, services, and/or content through some third-party vendor or service (e.g., if I offer a book I’ve written through a third-party publisher, or offer goods and/or products through an online marketplace or auction service), that vendor or service may provide me with information about completed transactions, which in some cases may include personal information about individuals or households who purchase my goods, products, services, and/or content (rather than just aggregate statistics such as total sales). Similarly, such vendors and/or services may provide me with information about people who interact with my offered goods, products, services, and/or content (or the listings for them) in some other way: for example (but without limitation), by leaving comments, ratings, and/or reviews; adding my product to a wish list; preordering a product or service that is not yet available; bidding on an item offered at auction; and/or asking me a question. The type of information I may collect in such ways naturally varies depending on the specific vendor(s) and/or service(s) involved and the nature of the interaction, but could conceivably include any information about applicable person(s) and/or entities that is publicly visible (e.g., username/account name, profile picture, and/or public profile information) and/or that the person or entity makes visible or otherwise accessible to me.
In the same way, if I purchase goods, products, services, and/or content through a third-party vendor or service, conduct some other financial transaction(s) via such means, and/or am otherwise involved with such transaction(s) in connection with and/or otherwise involving the aaronseverson.com website, the applicable vendor(s) and/or service(s) may provide me with additional personal information about other individual(s) and/or entities involved in or otherwise connected with the transaction — for example (but without limitation), the seller’s profile picture and/or geographical location, and/or the name of the individual salesperson who processed my order.
Depending on the nature of the transaction, I might also receive additional transaction-related personal information from other third-party vendors and/or service providers. For example (but without limitation), applicable bank(s) and/or other financial institution(s) might inform me that a payment has been declined or disputed, a shipping service might provide me with status updates about the delivery of a package, or a fulfillment service might warn me that certain ordered items are back-ordered or no longer available. The types of information I may collect in such cases, and the vendors and/or service providers that might provide it, naturally depend on the context and the nature of the transaction.
Where I collect personal information in such contexts, I may use that information so that I can (if applicable) process and complete the relevant transaction(s) (and/or resolve transaction-related problems); to respond to transaction-related questions, inquiries, and/or comments; for my administrative, bookkeeping, accounting, tax reporting, and/or legal compliance purposes; to troubleshoot and/or resolve technical problems, and/or for service improvement purposes; for fraud prevention and/or other security purposes; and/or to fulfill my contractual obligations to the applicable third-party vendor(s) and/or service provider(s), and/or to other relevant third parties (e.g., my agent(s) and/or manager(s), if any). As noted in the “Financial Transactions Policy” section above, if the information pertains to my purchase of site-related goods, products, services, and/or content (and/or some other, similar, comparable, and/or related transaction(s)), I may also use and/or disclose relevant portions of that information in connection with customer service, support, warranty, and/or insurance matters, and/or disclose relevant information as part of and/or in connection with reviews and/or other commentary regarding the applicable transaction(s). For example (but without limitation), if I post a review of a recent site-related purchase, I might mention my experience with the specific salesperson or customer service representative who assisted me, and filing a warranty claim or support ticket for a recent purchase might require submitting receipts or other proofs of purchase.
As noted in the “Financial Transactions Policy” section above, transaction-related information may also help me to achieve various other business and/or commercial purposes. While such purposes typically involve aggregate transaction data (e.g., total sales, revenues, returns, and/or conversions) rather than personal information pertaining to individual transactions, I may also consider and/or otherwise use information related to specific transactions if I deem it relevant — for example (again without limitation), taking specific customer feedback and/or certain past client experiences into account when weighing a particular business or commercial decision.
I typically retain such information indefinitely; it isn’t necessarily separable from transaction records I must retain for bookkeeping and compliance purposes, and some services retain such information (and may continue to make it available to me) indefinitely, whether or not I separately retain it. (See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices.) I may otherwise disclose such information as indicated above and/or as otherwise described in “Disclosure of Personally Identifying Information” below. The retention of data by third-party vendors or service providers is subject to the respective policies of such third parties, and in many cases is outside of my control.
Information I Receive from Third Parties for Security Purposes
- Categories of information collected: IP addresses*; domain names and/or hostnames*; user agent information*; visitor activity*; errors and suspicious activity*; names*; email addresses*; email header information*; other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*; images and/or other media (including metadata)*; geolocation data (determined directly, estimated from IP addresses and/or hostnames, and/or inferred from other data)*; other personal information*; special: mobile device types/models (determined from user agent information)*; special: device identifiers*; metadata*; special: information collected via cookies and/or similar technologies*; special: usernames, user ID numbers, and/or other identifiers associated with administrative users*; special: other identifiers*; special: identifiers and/or other information specific to third-party services (as applicable)*; special: other technical details (some of which might be potentially personally identifiable and/or constitute personal information in certain jurisdictions)*
- Purpose(s): Functionality; providing services; fulfilling a contractual obligation [see below]; legal compliance or audit; security, troubleshooting, quality control, and service improvement; recruitment/hiring/employment or business partnerships
- Data retention: Varies, but potentially indefinite.
Some of the security measures I use to secure this website, its data, and/or my system(s) and/or device(s) may periodically supply me with ban lists/blacklists/block lists of IP addresses, domain names and/or hostnames, email addresses, user agents, and/or other such information that may be associated with malicious activity, e.g., spamming and/or attempts to transmit or otherwise propagate malicious code. I may also collect similar information and/or lists from a variety of sources (which may include sources available to the public and/or nonpublic sources). (A representative sampling of such sources is included among the examples of third-party vendors and/or service providers that appear in the “Disclosure of Personally Identifying Information” section below, although since security-related information and/or alerts may come from many different sources, those examples should not be regarded as an exhaustive list, and I don’t necessarily use all of those providers at any given time.)
Naturally, my security software and/or services also maintain regularly updated lists of virus signatures and other detection data to help identify and prevent malicious activity. I may also receive alerts and/or other security-related information from various sources regarding data breaches and/or suspected intrusion attempts that could potentially expose my online credentials and/or other personal information to unauthorized persons and/or malicious actors.
Such security-related information is not necessarily personally identifiable (for example, the IP addresses and/or hostnames included on spam block lists are typically for email servers rather than individual users), but certain information may be personally identifiable or potentially personally identifiable (e.g., email addresses associated with spamming, and/or telephone numbers used by telemarketers or as part of scams or other malicious activity).
In some cases, I may perform WHOIS, RDAP (Registration Data Access Protocol), and/or similar lookups on certain IP addresses, domain names, and/or hostnames, especially if they have been used for suspicious and/or malicious activity directed at and/or otherwise involving this website and/or me. Such lookups may enable me to determine information such as (though not limited to) the registered owner of a particular domain registration; the geographical location of a particular IP address or hostname; and/or the Internet service provider or other network operator with which a particular IP address, hostname, or range of IP addresses is associated. My firewalls and/or other security applications, software, and/or services may provide me with similar information about any online servers or resources to which my devices and/or systems connect or attempt to connect (and/or that connect or attempt to connect to my devices and/or systems). For example (but without limitation), the NetGuard firewall app can look up such information (via IPinfo API services and/or other WHOIS/RDAP lookup services) to help me understand and control the Internet connections my mobile apps make and/or attempt to make. (IPinfo is a trademark or registered trademark of IDB LLC in the United States and/or other countries.)
As noted in the “Data Related to Recruitment/Hiring/Employment or Professional Partnerships” section above, if I hire, contemplate hiring, or enter into or contemplate entering into a business partnership or other professional relationship with some individual(s) or entity, I may conduct and/or commission background checks on such individual(s) or entity to help me make informed decisions regarding any potential security risks a particular individual or entity might present.
My retention of such data varies. Much of the information I collect of this kind is managed automatically by my security tools, which regularly update the associated data, adding new information and sometimes changing or removing older data. Also, I periodically make manual changes to that information, e.g., when I whitelist an email address that was wrongly flagged for spam or blacklist an email address or domain that has sent me suspicious emails.
Special Note: The reason I include “fulfilling a contractual obligation” among the potential purposes listed above is that certain sources from which I collect security information may impose contractual limits on how I use that information (e.g., terms of service prohibiting me from altering security update data or interfering with the normal update process) and/or may not permit me to pick and choose which data I do or do not add.
In many cases, such data is already available to the public. I may also disclose such information if I need technical assistance and/or otherwise consider such disclosure appropriate for my security and/or the security of others. For example (but without limitation), I might submit to the maintainers of these lists or databases certain email addresses, domain names, IP addresses, and/or hostnames that have been used in malicious activity directed at me, post information on support forums in order to obtain help or advice in preventing and/or remediating certain malicious activity; or contact Internet service providers, web hosts, or email providers regarding malicious or fraudulent activity involving their systems.
I may also disclose such information in connection with legal action involving malicious activity, and/or as otherwise described in “Disclosure of Personally Identifying Information” below.
Other Information I Receive from Third-Party Sources
I may sometimes collect personal information related to this website and/or its visitors from other third-party sources. The following are some representative examples:
As noted in the “Comments”; “Contact Forms”; and “Other Inquiries, Messages, and Support Requests” sections above, I may sometimes gather additional information about individuals who contact me, in addition to any information those individuals provide to me.
As noted in the “Data in Submitted Images” section above, when I gather photographs, other images, and/or other media intended for use on this website or for some related purpose (whether those images were created by me or obtained from others), I typically look for additional information about the subjects of those images. This information, which may come from a variety of sources, may sometimes include personal information and/or potentially personally identifiable information, such as (without limitation) biographical details about the famous owners of a particular object shown in a photograph.
If I use an image or other content you have offered under a Creative Commons license or other, similar license, I may gather certain information about you, typically (though not necessarily only) from sources already available to the public, for the purposes of properly attributing that content and otherwise complying with the applicable license terms. (Where I deem it appropriate, I sometimes do the same with content that is in the public domain in my jurisdiction, e.g., works created by U.S. federal employees in the context of their official duties.) This may include any creator information listed on the hosting service, archive, or repository from which I obtained the content as well as other relevant information I may find in various print or online sources and/or obtain directly from you. (Creative Commons, CC, the CC in a circle logo, CCPlus, CC+, the CC+ in a circle logo, CC0, all other Creative Commons license and public domain dedication marks, and their associated buttons and icons are trademarks or registered trademarks of Creative Commons.)
As noted in the “Data Related to Recruitment/Hiring/Employment or Professional Partnerships” section above, if I hire, contemplate hiring, or enter into or contemplate entering into a business partnership or other professional relationship with some individual(s) or entity, I may collect a range of personal information about them so that I can make informed hiring, employment, and/or business decisions.
Similarly, I may collect a range of personal information about any individual(s) or entity (e.g., editors, publishers, prospective clients or employers, and/or other third parties) for whom I provide or contemplate providing (and/or to whom I offer or contemplate offering) my writing/editing/writing consulting services; to whom I license, sell, and/or otherwise offer (or contemplate licensing, selling, and/or otherwise offering) my content and/or other creative work; and/or for whom I otherwise work, provide services, and/or contemplate working and/or providing services, to help me make informed decisions about my professional engagement(s), business dealings, and/or work. Such information may come from a variety of sources (which may include sources available to the public and/or nonpublic sources) in addition to any information provided by the applicable individual(s) or entity.
If I have any employees, independent contractors, interns, agents, and/or business partners, their collaboration(s) with me and/or the services they provide for me and/or on my behalf may entail and/or include their providing me with personal information about relevant people. The types of personal information that I might collect in such ways will naturally vary depending on the nature of the collaboration and/or specific services involved. For example (again without limitation), a tax preparer is unlikely to provide me with photos of living individuals, but I might hire a researcher or photographer for that express purpose.
In some cases, third-party vendors and/or service providers also may provide me with personal information about specific individuals and/or households. For example (but without limitation), a messaging service might notify me that someone listed in my phone’s contacts has joined that service, is typing, and/or has seen a particular message; my mobile phone bill might reveal that a certain person I called uses the same carrier I do; or a hotel where I am staying might accept business-related messages and/or packages addressed to me while I am out, which would necessarily involve hotel staff collecting certain information from the sender(s) and communicating that information to me when I return. The precise nature and extent of the information that might be provided to me in such ways naturally depend on the specific circumstances and the nature of the service(s) involved.
In particular (again without limitation), social media platforms typically offer a variety of information and insights about the people who interact with me and/or the content I post on those platforms, and/or whose content I view and/or otherwise interact with on a particular platform or platforms — for example (but without limitation), sending notifications when someone “likes” or comments on my content, or providing insights such as (again without limitation) summaries of how many people have viewed or otherwise interacted with a specific post. Again, the precise nature and extent of such information and/or insights obviously vary depending on the specific platform and context, and at least some of the information may be in aggregate form (e.g., statistics and graphs showing trends in interactions over time), but it may include (or at least make readily available to me) any information about applicable person(s) and/or entities that is publicly visible (e.g., the username/account name, profile picture, and/or public profile information of someone who comments on one of my posts or marks it as a favorite) and/or that the person or entity makes visible or otherwise accessible to me. Such information may include, but is not necessarily limited to, details about an individual or entity’s connections with other users of that social media platform and/or about the individual or entity’s other activity on that platform (e.g., other posts on which they have just commented), and in some cases may also reveal a variety of other personal information. Obviously, it is the nature of social media that much of the information posted on such platforms may be visible or otherwise accessible to some or all of the other users of that platform, and in some cases also to the public, which is not necessarily within my control. For example (again without limitation), anyone who can see a particular social media post can typically also see who has “liked” and/or commented on that post.
Also, where I use vendors and/or service providers to purchase, access, and/or otherwise obtain published works and/or other information and/or resources available to the public that contain and/or otherwise incorporate personal information about individuals or households — for example (again without limitation), if I order a copy of a book or magazine from a bookseller; use a streaming service offered through one of my public libraries to watch a documentary; read a news report or historical article published on or offered through another website or an app or online service; that discusses the lives and/or work of notable people related to the class’s subject matter; and/or download a photo depicting identifiable people from a repository of images and other media files available under free licenses — the applicable vendor(s) and/or service provider(s) could also be said to be providing me with personal information.
I may also receive personal information about someone through their employees, independent contractors, interns, agents or other authorized representatives, business partners, vendors, and/or service providers. For example (but without limitation), if I call someone’s office, their assistant or secretary might disclose their employer’s current whereabouts and/or schedule so that we can arrange a call or meeting, or I might speak directly to someone’s bookkeeper(s), accountant(s), and/or tax preparer(s) regarding payment- and/or tax-related questions. Naturally, if someone elects to communicate with me through some agent or other authorized representative, that agent or representative may provide me with whatever personal information the person(s) for whom they are acting instruct and/or authorize them to disclose. Someone’s vendors and/or service providers (even ones I do not use myself) might also provide me with personal information about someone who uses their services. For example (again without limitation), if someone sends me a package via a shipping service or courier, the shipping label and/or waybill might indicate the sender’s account number as well as their name and return address, or the email service of someone to whom I have sent an email message might warn me that my message could not be delivered because the recipient’s mailbox is full. Furthermore, in some jurisdictions, the simple fact that someone uses a particular vendor or service may constitute personal information. Again, the details and extent of any personal information I might collect in such ways may vary considerably depending on the specific context and circumstances.
From time to time, site visitors and/or personal and/or professional acquaintances (which may include, but obviously are not limited to, other members of a given household and/or family) may provide me with personal information about some individual and/or household, whether directly or indirectly. For example (but without limitation), another site visitor might provide me with your contact information for some specific purpose, send me a clipping of a newspaper interview with you, or submit photographs and/or other media in which you are visible. If you own an interesting or unusual car, someone might provide me with pictures of and/or information about it, either for my general interest or for use on my Ate Up With Motor website and/or in connection with my other automotive writing. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor.)
Published works (e.g., books, magazines, newspapers, CDs, DVDs, broadcast radio and/or television programs, streaming media, other publicly accessible online content, and/or theatrical movies) I use and/or access in connection with this website, its content, and/or my other creative endeavors (and/or advertising and/or promotional materials related to such published works) often contain and/or otherwise incorporate an assortment of personal information, both about the subjects of the work and about the people who created, produced, and/or published it. I may also gather additional information about the people described, depicted, and/or involved with such published works, such as (without limitation) seeking to identify pictured individuals not named in a photo caption, determine the names of contributors not credited in the work itself, and/or seek out the contact information of the editor or publisher. Such information may come from a variety of sources (which may include sources available to the public and/or nonpublic sources).
Similarly, if I install or update any software (e.g., apps, fonts, plugins, themes, and/or add-ons) — particularly software offered under open source licenses — that software, the installation files and/or source code, and/or the associated documentation (and/or the website, repository, or other source from which I obtain them) may provide me with personal information about the developer/development team (e.g., names, contact information, digital signatures). If you’re a software developer, I may collect or have collected information about you in such contexts. Software licenses typically prohibit altering or deleting the credits, copyright notices, and/or other developer information contained in the software, even where the license otherwise permits modification.
I routinely gather a wide variety of information related to the content I create and/or edit (and/or on which I consult and/or otherwise collaborate), whether for this website or in connection with my business and/or my other creative endeavors (professional or otherwise), which often includes information about people involved with and/or otherwise relevant to such content and/or creative endeavors. The process of researching, creating, and/or editing such content and/or creative endeavors (and/or consulting on others’ content and/or creative endeavors) routinely involves discussing and/or sharing such information with third parties such as (without limitation) subject matter experts, other writers, historians, biographers, researchers, instructors and/or coaches, academics, scientists and/or engineers, journalists, critics, reviewers, enthusiasts, collectors, librarians and/or other library staff, archivists, translators, designers, artists, architects, photographers, filmmakers, videographers, podcasters, other media creators, playwrights, musicians and/or composers, actors and/or other performers, producers, developers, editors, publishers, publicists and/or promoters, public relations representatives and/or other press contacts, observers, eyewitnesses, and/or other knowledgeable parties (and/or, in the case of I perform, propose to perform, and/or consider performing for others, the applicable client(s), employer(s), and/or prospective client(s) or employer(s)), as well as looking up names and/or other relevant personal details in sources such as (as applicable, but without limitation) books; magazines and/or journals; reports, white papers, and/or other such documents; press releases and/or promotional materials; newspapers and/or other news reports; films and/or other videos; plays and/or theatrical productions; television programs; radio programs; broadcasts and/or streaming media of whatever type(s); podcasts; other audio recordings; scripts and/or screenplays; online or offline electronic resources such as (again without limitation) social media, search engines, websites, library catalogs, repositories, and/or databases; and/or public records. My research, writing, and/or editing process may sometimes also include inviting comment from and/or presenting questions to the public regarding related topics. If you are or were somehow involved with the subject(s) of my content and/or other creative endeavors, if you are or were otherwise relevant to such content and/or creative endeavors, and/or if you are a public figure, some of the information I gather may be about you, your work, and/or your career. In many cases, this information is drawn from sources that are or were already available to the public, but it may also include nonpublic information collected from a variety of sources. It may also include images, such as (without limitation) publicity photos or official portraits, and/or other media, such as (again without limitation) films and/or other videos, audio interviews, and/or podcasts. In some cases, I may look for your contact information so I can ask you questions related to my content, request an interview, and/or let you know about content in which you were mentioned. (Naturally, some of the information I gather in connection with content I write, edit, and/or otherwise research may also come from you, if I communicate with you in connection with my research and/or if you have disclosed the information publicly and/or in some other context known to me.)
Much, though not necessarily all, of the content I create and/or edit (and/or on which I consult and/or otherwise collaborate) for this website and/or in the course of my business and/or my other creative endeavors (professional or otherwise) is intended for eventual publication (and/or public performance, broadcast, and/or exhibition, as applicable). If that content is published, performed, broadcast, exhibited, and/or otherwise distributed by third parties — for example (but without limitation), if another website, a magazine, or some other publication runs one of my articles or stories, or if a publisher agrees to publish a book I’ve written — the applicable third party or parties may provide me with additional personal information pertaining to such content and/or the people who read, comment on, inquire about, and/or otherwise interact with that content. For example (again without limitation), a website that runs one or more of my articles might communicate to me comments or questions the website receives about the content, or otherwise provide me with details about the content’s readership and/or reception; a magazine interested in publishing a fictional story I’ve written might ask me to change certain character names that could be misconstrued as referring to specific real people; and a publisher who receives an inquiry from an overseas publisher about translating a book I’ve written into other languages will likely inform me of the particulars of that offer. For obvious reasons, what personal information (if any) I may collect in such contexts may vary considerably depending on the specific context and circumstances. Such information may be provided to me directly and/or through my agents, representatives, and/or other intermediaries.
(Again, the above scenarios are just some representative examples, not an exhaustive list. The disclosures in the “Categories of Personal Information Collected” subsection of the “CCPA Information Collection and Sharing Notice” section below will give you a sense of what kinds of personal information I may collect. Please note that the definitions and categories listed in that section are based on California law; other jurisdictions may have different definitions of what constitutes personal information, and/or may categorize it differently.)
My retention of such information varies depending on the nature of the information and the context in which I collect it. I normally retain indefinitely my research notes and other information relevant to my past, current, or possible future content and/or creative endeavors, including image-related information. (Obviously, I can’t and don’t retain or remember every fact I see, read, or hear, but I do typically retain my notes in some form or other, although I may delete or discard certain research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.) Since software licenses typically prohibit redacting or altering any of the developer credits or copyright information, I usually retain that information for at least as long as I continue using the applicable software. On some social media platforms, certain types of information, insights, and/or notifications can be muted or hidden, but cannot normally be deleted, and may still remain in the social media platform’s files even if the applicable content and/or users have been removed, whether or not I separately retain such information. See the “Additional Information About Data Retention” section below to learn more about my typical data retention practices. The retention of data by third parties (e.g., my vendors and/or service providers) is subject to the individual policies of the applicable third parties, and in most cases is outside of my control.
Obviously, information I collect for my content, writing/editing/writing consulting work, and/or other creative endeavors may be published and/or otherwise disclosed in that context; other information not already available to the public generally will not be except as otherwise described in “Disclosure of Personally Identifying Information” below.
Combining Information From Multiple Sources
To achieve the purposes described in “Categories of Information and Purposes for Collection” above, I may combine personal information I collect about you from multiple sources and/or over time. For example (but without limitation), if I communicate with you directly regarding an article or other content I create and/or edit in which you’re mentioned, I may combine the information you provide to me with information I have collected about you from third-party sources. In some cases, I may combine information about you from multiple devices you use (e.g., if you submit comments to this website from several different computers and/or mobile devices) and/or collect personal information about your online activities over time and/or across different websites and/or online services (e.g., by reading comments, social media posts, and/or articles you’ve published elsewhere on the Internet).
How You Can Correct or Update Your Personal Information
If you’d like me to correct or update personal information I’ve collected about you through and/or in connection with this website — for example, if you wish to update the contact information you previously provided to me, or if I misspelled your name in a post or an image credit — please let me know! You can request a change or correction by contacting me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. I will endeavor to promptly correct or update the information as I deem appropriate (and to the extent I reasonably can).
Please note that depending on the nature of the requested changes(s) or correction(s), I may need to first take steps to verify your identity, particularly if a change or correction you’ve requested involves any sensitive personal information; I may deny your request to correct or update personal information if I’m not reasonably certain that you are who you say you are. Also, please keep in mind that for certain types of sensitive personal information — e.g., your bank account number — I may not be able to tell you the specific information I currently have, other than to confirm whether or not I possess it.
Except as otherwise required by law, I may also deny your request to correct or update personal information if the requested change or correction is beyond my reasonable ability to make, would involve disproportionate effort and/or expense, and/or conflicts with a legal or contractual obligation, and/or if I believe in good faith that the information I currently possess is correct; that making the requested change or correction would adversely affect my rights, security, and/or safety and/or the rights, security, and/or safety of someone else; and/or that the request is otherwise unreasonable, inappropriate, and/or infeasible. In particular, I may deny requests that would infringe upon the rights of free speech, freedom of the press, and/or freedom of expression (mine and/or someone else’s) and/or that pertain to differences of opinion, perspective, and/or critical judgment rather than fact.
Additional Information About Data Retention
In addition to the data retention practices described in the various sections above, I typically retain indefinitely:
- Information pertaining to my content, my professional writing/editing/writing consulting work, and/or my other creative endeavors, including — except as otherwise stipulated by a specific client or employee agreement and/or other applicable legal requirement(s) — research notes, drafts, and/or other relevant data, which may sometimes include information about or in some way connected with visitors to this website. (I may delete or discard certain drafts and/or research notes, materials, and/or information that I deem unusable, elect not to use, and/or no longer need.) I generally also retain (again without limitation) calendar and/or journal entries and related notes (e.g., a calendar entry pertaining to a business meeting or phone call and/or my notes on what was discussed during that meeting or call).
- Information pertaining to any financial transactions and/or legal agreements involving this website, including (but not limited to) records of purchases or payments I make or receive in connection with the website or related matters. (Obviously, my financial and legal records often necessarily include some personal information.) I must also retain my tax records for bookkeeping and compliance purposes. (Vendors and/or service providers involved in a given transaction (e.g., the applicable payment processor(s), bank(s), and/or other financial institution(s)) may also retain certain information related to that transaction, which is generally outside of my control.)
- The contact information and other details of individuals with whom I repeatedly or regularly correspond and/or otherwise communicate regarding this website and/or related matters. (Naturally, if I regularly communicate with someone and/or have (or previously had) some type of business and/or personal relationship with them, I will likely add them to my contacts, potentially including other personal details — for example (but without limitation), their job title (if any), their birthday, the name of their spouse/partner, and/or the email address and phone number of their secretary or assistant — if I possess such information.)
- Names (including, though not limited to, business names, product names, and/or domain names) I’ve entered into my spell-checking dictionaries (which I retain for what I hope are obvious reasons!).
- Copies of published works (e.g., books, magazines, newspapers, CDs, DVDs, software) that I own or for which I have a perpetual license, along with (where applicable) associated documentation and/or notes and any inventories, catalogs, databases, lists, and/or other tools that I may create and/or utilize to manage my collection(s) of such works. (I may dispose of copies that are duplicates, that are damaged or otherwise unusable, and/or that I no longer need; naturally, copies that I have borrowed or rented are eventually returned as appropriate.)
- Information pertaining to my licenses/authorizations for the use of intellectual property owned by others, including any relevant contact information. (I may discard this information if I discontinue using that intellectual property, e.g., if I uninstall a particular app or other software.)
- Information pertaining to site-related technical and/or legal questions.
- Information pertaining to site-related disputes and/or legal issues.
Even where it is my customary practice to indefinitely retain certain information, my retention of individual communications/messages may vary based on the medium and/or format of those communications/messages:
- Email: The large majority of my site-related and/or business-related communications are conducted via email, and retaining offline copies of my email messages provides a convenient means of securing and organizing those communications in a readily accessible, searchable form. Therefore, I typically retain indefinitely most site-related emails, excepting obvious spam, mass mailings, messages and/or attachments that contain suspicious code, and/or certain automated notification/alert emails (which I may delete if they are no longer needed and/or relevant).
- Communications/messages via third-party services (including, without limitation, calls and/or texts made or received through the Google Voice communications service, social media platforms, and/or other communications services): Most site-related communications/messages that I send and/or receive via third-party services are retained indefinitely in some form, although in such cases, I may, to the extent possible, retain local and/or off-line copies in addition to (or instead of) leaving the original communication/message(s) on the applicable third-party service. For example (but without limitation), if I receive messages via the Google Voice communications service, I may remove the original messages from my account on that service, but retain the notification emails and/or other local copies of those messages. Recordings of calls (if any) made via the Google Voice service or other third-party services, and/or voicemail messages received through such services, may be retained for as long as I reasonably need those recordings, except as otherwise required by law and/or the applicable service’s terms of use/terms of service. Please note that in some cases, third-party services may retain records of messages sent via those services even if the users who sent and/or received those messages delete their copies and/or their accounts, which is outside of my control. (Google, Google Voice, and other related marks are trademarks of Google LLC.)
- Other activity history on third-party websites and/or services: Many third-party websites and/or online services (including, though not limited to, social media platforms, marketplace services, and payment services) compile and maintain fairly comprehensive histories of user actions and/or activity involving that service, which sometimes include certain personal information (e.g., records of comments made on a social media platform, or of recent payments made or received). Such third-party websites and/or online services don’t necessarily offer the option to selectively edit or delete such information; doing so may be a cumbersome and/or time-consuming task even where the option is available (e.g., requiring the user to scroll through years worth of activity to find specific items); and the site or service may retain the information even if the user’s copy of their history is partially or completely deleted. For that reason, my activity history on many of the third-party websites and/or services I use can normally be considered to be retained indefinitely, although I may sometimes delete or otherwise remove certain activity history if I have some compelling reason to do so and if the applicable site or service allows such deletion or removal.
- Text messages: My retention of site-related text messages and/or other, similar non-voice direct messages that I send and/or receive via my phone(s) is highly variable. (My older smartphone(s) could be set to automatically delete older messages after a certain period of time — I normally set that interval to 60 days — unless they were deliberately saved, but not all the devices and apps I currently use provide that functionality, at least not in the same global manner.) Depending on the nature and context of the specific message(s), I may delete them immediately, retain them indefinitely, or something in between; in some cases, I may set messages to automatically delete themselves after a certain period of time, and/or retain only a certain number of messages in any particular text “conversation.” In any event, even if I delete a text message or messages, any included information and/or attachments for which I have some ongoing need may be transferred to other records before the deletion of the original message(s). (For example, if you send me a text message asking me to contact you via postal mail, I typically will separately record your mailing address in order to comply with and retain records of your request.) Text messages may also be captured in periodic phone backups, which I may retain for a year or more. Please note that my mobile carrier(s) and/or other service providers may also retain records of text messages sent or received via my phone(s), which is outside of my control.
- Phone calls: Records of calls I make or receive via my phone(s) (i.e., NOT via the Google Voice communications service or some other third-party service) are typically included in my phone bills and/or other phone usage records, which I customarily retain indefinitely. (My phone service provider(s) and/or mobile carrier(s) may also retain such records, which is outside of my control.) My retention of call logs or records on my phone(s) is typically determined on a case-by-case basis and is highly variable. Recordings of phone calls (if any) and/or voicemail messages may be retained for as long as I reasonably need them, except as otherwise required by law (and/or, in the case of voicemail messages, the policies of the applicable phone company or mobile carrier). (Google, Google Voice, and other related marks are trademarks of Google LLC.)
- Postal mail and/or physical documents: I promptly discard most mass mailings and unsolicited business inquiries (“junk mail”) I receive via postal mail or other physical means. Where I receive legitimate business correspondence or business documents (e.g., copies of contracts or receipts) by mail or some other physical means, I typically retain them. (This includes, where applicable, data disks and/or other physical data storage media containing business documents and/or related materials.) However, where possible, I may scan, photograph, or photocopy them (and/or retain the electronic versions, if I have received both electronic and physical copies) in addition to (and in some cases instead of) retaining the original physical copies. Naturally, if I have agreed and/or have some contractual or legal obligation to return or destroy specific business documents, I will do so as appropriate.
Where this policy indicates that my retention of personal information is “indefinite” or that I retain information “indefinitely,” how long I actually retain such information is determined on a case-by-case basis depending on the nature of the information in question, how and why I collected it, and other relevant factors. In determining for how long to retain personal information, I may consider a variety of criteria, including (but not limited to) the following:
- In what form or format is the information? For example, is it contained in an email message or other written document (which I am likely to retain unless I take steps to delete it), or is it oral information received in a verbal conversation (which I may not retain or even remember for long unless I take steps to memorialize it)?
- To whom does the information pertain? For example, does it relate to a site visitor, a professional client, some other business contact, or a friend or family member with whom I interacted in some business context? (Over the years, my personal and professional lives have often overlapped in various ways and to varying degrees.)
- What was the context in which I received the information? For example, was it received in confidence (or subject to a nondisclosure agreement), or was it provided to me publicly, or with the expectation that the information would be disclosed or made public (e.g., a website comment or an interview intended for publication)?
- How personal is the information? Is it sensitive personal information, such as a Social Security number? (I generally try to avoid collecting or retaining Social Security numbers, driver’s license numbers, or other government-issued identification numbers in the course of my business unless I’m legally required to do so.) Is it private or confidential, or is some or all of the information available to the public?
- Does the person to whom the information relates, or from whom it was obtained, expect that I will retain it?
- How likely is it that I will need to refer back to the information in the future? For example, is it part of a message containing specific instructions, the answer to a question, a suggested reference or useful resource, a standing offer of assistance, or a memorandum of understanding?
- Do I need the information in connection with work or services I have contracted to perform or receive — especially ones that are current, pending, or ongoing — or in order to otherwise complete a transaction or fulfill a contractual obligation (e.g., in order to comply with the terms of a license agreement)? If the information is related to a transaction, do I need to retain the information for customer service, return, warranty, and/or insurance purposes?
- Does the information pertain to past work or services? If so, do I still have, or are I likely to have, an ongoing business relationship with the person or persons for whom I performed those services (or who performed them for me), and is retention of that information necessary or appropriate to that ongoing relationship? Do I have the right to use or reuse the information outside of that specific business relationship, or is the information proprietary, confidential, or contractually restricted?
- Do I need to retain the information for purposes such as security, troubleshooting, quality control, and/or service improvement, or to protect someone’s safety and/or property (including my own)?
- What are my legal obligations with regard to the information? For example, do I need the information for tax purposes or to comply with some other reporting or disclosure requirement? Is the information subject to legally mandated retention requirements, such as the ones that apply to tax, payroll, and other employment information, or the record-keeping requirements that apply to certain privacy requests? (For example, if you submit a request to exercise your rights under the California Consumer Privacy Act of 2018 (CCPA), the CCPA regulations require me to retain records of that request and how I responded to it for at least 24 months.) Do I have a contractual obligation to return or destroy the information after a specific period, or a statutory or regulatory obligation to dispose of the information within a particular timeframe?
- How might either retaining or disposing of the information affect my legal liability and/or my ability to establish, exercise, or defend legal claims? For example, as a sole proprietor, I may be personally liable in a business-related legal dispute — in which event much may depend on my being able to produce relevant correspondence, records, and other evidence — and I obviously have compelling reasons to indefinitely retain any contracts to which I am a party.
- Do I need to retain the information in order for me to be able to establish, exercise, and defend my rights, in particular (though not limited to) my rights of free speech, freedom of the press, and freedom of expression? I am a professional writer, which means that my articles, stories, and other creative endeavors are my livelihood and (in many cases) my intellectual property, which I do not relinquish or discard without good reason; the same is true of my associated photos and other images, drafts, notes, research, and reference materials.
- Is the information closely tied to or inextricable from other data I need to retain? For example, a business email, a bank statement, or a phone bill may each contain a combination of irrelevant details and crucial business information, but the former may not be reasonably separable from the latter (and I may be obligated to retain such records in unaltered form).
These examples are not an exhaustive list of criteria I may consider; depending on the particular circumstances, there may also be other relevant considerations. Other than legal obligation, no one factor is necessarily determinative. (For example, I don’t habitually delete the personal information of my friends or family members, but if a friend hired me to edit a confidential business document, I might shred the document and related work files within a reasonable period after completing the project, unless I needed to retain it for compliance purposes or to guard against potential liability.)
In all cases (even circumstances where I typically retain information indefinitely), I may, to the extent legally permitted, delete, discard, or destroy specific messages, communications, documents, files, records, and/or data (of any type, format, and/or medium) if:
- They are duplicates, and/or:
- I reasonably believe that they are substantially redundant of other data I still retain (e.g., an “order shipped” notification for an order for which I also have a delivery receipt), and/or:
- They are illegible, inaccessible, and/or otherwise unusable, and/or:
- They are corrupted, contaminated, or otherwise damaged, particularly if I reasonably believe that the corruption, contamination, or damage poses a danger to health, safety, security, and/or the integrity of other data and/or property, and/or:
- I have agreed and/or have some contractual or legal obligation to delete, discard, or destroy them, and/or:
- I have some other compelling reason to do so.
Even where it is my normal practice to retain personal information about site visitors, I periodically remove certain personal information from the website’s online database(s) and/or mail servers, transferring the data to local and/or offline storage for greater security and/or redacting portions of the data that I no longer need.
Special Note on Subpoenas, Court Orders, and Preservation Requests: In certain cases, I may be legally obligated to retain and preserve certain data, even data I would not otherwise retain, pursuant to a subpoena, a valid court order, or a preservation request from a government or law enforcement agency. In such event, I will preserve the specified information (and may disclose it to the requesting party) to the extent legally required; in some cases, I may also be required to keep the order or request confidential.
The retention of data by third parties (e.g., my vendors and/or service providers) is subject to the respective policies of such third parties, and in many cases is outside of my control.
Reports and Aggregate Statistics
From time to time, I may compile aggregate statistical information about users of this website. For example, I may create reports on trends in the usage of the website, e.g., total page views, the average number of unique visitors per month, the most popular pages on the site, and/or the average time visitors spend on the site. The data contained in such reports and/or statistics will be de-identified, anonymized, pseudonymized, redacted, and/or aggregated such that it could not reasonably be used to identify specific person(s) and/or household(s) (other than me, if I am somehow included in that information and elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate my own information).
I may also, to the extent permitted — and/or required — by applicable law and/or regulations, publish aggregate information about requests I receive pursuant to the California Consumer Privacy Act of 2018 (CCPA), (as described in “Additional California Privacy Rights (CCPA)” below) and/or other privacy laws (e.g., how many requests of a particular type I received in a given period).
I may publish such reports and/or aggregate statistics and/or otherwise disclose them third parties such as (as applicable, but without limitation) my current and/or prospective advertisers, clients, employers, and/or commercial partners (e.g., with prospective buyers in connection with the possible sale of this website); my employees, independent contractors, interns, agents, and/or business partners, if any; and/or my vendors and/or service providers.
Information Captured by Service/Software/App/Device Telemetry
Many modern electronic services, software programs, apps, and devices, from operating systems to office software and even printers/print drivers, now incorporate surveillance mechanisms (often called “telemetry”) that collect information about the use of that service/software/app/device and then transmit that data to the manufacturer/developer and/or other third parties. The information collected by these mechanisms can sometimes include personal information and/or potentially personally identifiable information about me and/or other individuals and/or households.
Here are some examples of how this might occur:
- If some service/app/software/device crashes while I am accessing a file or website containing personal information, details about that file or website and its contents might be captured and transmitted as part of a crash report.
- If any websites, online services, or apps I access use the familiar reCAPTCHA human verification service, which is provided by Google, the reCAPTCHA service may collect detailed information about my activity on those websites, services, or apps. Google provides no way to opt out of this data collection, which with recent versions of the reCAPTCHA service is not limited to interactions with the reCAPTCHA interface itself. (Google and other related marks and logos are trademarks of Google LLC.)
- Security features incorporated into my web browsers and/or devices might capture personal information contained in the filenames, metadata, and/or contents of files I download from or upload to the Internet and disclose that data to third parties to determine if those files are associated with known malware.
- My antivirus software and/or other security services/software/apps might capture personal information in scanned email messages and/or other electronic files and communicate that data to third parties for threat analysis purposes.
- The telemetry of my office software might capture text on which I use the software’s spelling and grammar checking features and transmit that information to the software manufacturer for service improvement purposes.
- Providers of mapping or navigation services/software/apps, particularly ones with access to my mobile phone’s location data, might build profiles of my movements and/or frequent destinations that include the geographical locations and/or addresses of people I meet or visit.
- Providers of services, apps, or software with access to device microphone(s) might overhear and/or record my calls and/or conversations, particularly if the service, app, or software has voice activation and/or voice command features.
- Certain services/apps/software/devices might record what I type while using that service/app/software/device and make that information available to the manufacturer and/or other third parties for various purposes.
Again, these examples are just a small sampling of the possible scenarios. The specifics of device and software telemetry vary widely, and manufacturers/developers are not always forthcoming about the details of their information-gathering.
Such surveillance can be difficult or impossible to escape. Certain services/software/apps/devices, like malware detection services, cannot adequately perform their intended functions without full access to device/system data. Some information-gathering features, like the telemetry incorporated into recent versions of the Microsoft® Windows® operating system (Microsoft and Windows are trademarks of the Microsoft group of companies) can’t be completely disabled without modifications that would violate the license agreement or terms of service. Even where it is theoretically possible to disable the telemetry features of a specific service/software/app/device, doing so may require advanced technical knowledge and/or special tools. Also, my work and research sometimes involves my using devices, software, and/or apps controlled by third parties — e.g., the computers offered to patrons of public libraries — that may incorporate telemetry or other surveillance mechanisms that I cannot disable or with which I am not familiar.
While I have made an effort to block and/or minimize such surveillance — for my privacy and security as well as yours — the bottom line is that some of the services/software/apps/devices I use retain at least the potential to collect and transmit personal information about me, the subjects of my writing/editing/writing consulting work, and/or the people with whom I interact in the course of operating this website.
The examples of third-party vendors and service providers listed in the “Disclosure of Personally Identifying Information” section below include a representative sampling of services, software, apps, and/or electronic devices I may use that could collect personal information related to this website and/or its visitors through telemetry and/or other integrated information-gathering/surveillance features. Please note that this is NOT an exhaustive list. I may sometimes use services, software, apps, and/or devices not listed (obviously, it’s not practical for me to list every service, device and/or piece of software I might conceivably use!); certain services/software/apps/devices that did not previously incorporate information-gathering/surveillance features might add them in subsequent updates; and certain services/software/apps/devices may incorporate surveillance features that are not readily apparent to me.
As noted in the “Security Scans” section above, the likelihood and possible extent of any disclosure of personal information in such ways is difficult to predict or quantify, but it cannot be completely avoided without greatly compromising my security, the functionality of the tools and devices I use, and my ability to operate this website and/or provide my services.
Disclosure of Personally Identifying Information
I may disclose personal information I collect through and/or in connection with this website:
- To publish and/or respond to your submitted comments (including, as applicable, any images, other media files, and/or links they may contain), as described in the “Comments” section above. As explained in that section, this may include emailing copies of your comment to other users who have requested email notifications of replies/follow-up comments, and/or emailing you directly (at the email address you provided with your comment) prior to or instead of publishing your comment(s).
- To respond (publicly and/or privately) to your messages, inquiries, and/or support requests, as described in the “Contact Forms” and “Other Inquiries, Messages, and Support Requests” sections above.
- To appropriately credit someone for the use of their images, other media, fonts, themes, plugins, and/or other content or intellectual property — particularly where such credit is required by the applicable license terms. As noted in “Data in Submitted Images” above, this may include (without limitation) adding copyright and license information to the applicable filename(s) and/or metadata to ensure that the attribution is clear. If you want to modify or remove your credit information, please contact me!
- To publicly acknowledge and/or thank someone for their assistance, whether with the management of this website, my content, my other creative endeavors, and/or some related matter(s), except where they have specifically asked me not to or where their communications with me reasonably suggest that they prefer not to be acknowledged or identified. Such acknowledgments will typically be limited to their name/pseudonym, the nature of their assistance, and (where applicable) the date(s), although in some cases, certain other personal information may be obvious or implicit in the nature of the assistance provided. (Please note that once such an acknowledgment has been published, I cannot control and take no responsibility for what third parties may do with any personal information the acknowledgment may contain.)
- As part of and/or in connection with my content and/or other creative endeavors; content I write and/or edit for others; and/or content and/or other creative endeavors on which I consult and/or otherwise collaborate — if the person(s) to whom the information pertains are the subject(s) of and/or otherwise pertinent to such content and/or creative endeavor(s). (This may include, without limitation, information contained in images, other media, bibliographies, annotations, and/or metadata.) For obvious reasons, journalistic, historical, and/or other nonfiction content, and many reviews and other critical accounts, routinely incorporate personal information about relevant people, as do some works of fiction and other types of art and/or creative work. As noted in “Other Information I Receive from Third-Party Sources” above, the process of researching, creating, and/or editing (and/or consulting and/or otherwise collaborating on) such content and/or creative endeavors routinely involves routinely involves discussing and/or sharing relevant information with various third parties and/or the public; the same is true of publishing, promoting, publicly performing, exhibiting, broadcasting, and/or otherwise disseminating and/or discussing such content and/or creative endeavors. (Please note that I cannot control and take no responsibility for what third parties may do with any personal information that may be contained, included, and/or referenced in any content or creative endeavor that has been published, publicly performed, exhibited, broadcast, and/or otherwise made available to the public!)
- In photographs, images, and/or other media in which someone (and/or information about them, e.g., their car’s license plate number) may be visible or otherwise included. The photographs, images, and/or other media (e.g., videos) I use and/or collect for use on this website, in connection with my other content and/or creative endeavors, and/or as part of and/or in connection with my professional writing/editing/writing consulting work — not all of which are necessarily created by me — may include recognizable people (and/or their voices) and/or personal information or potentially personally identifiable information about individuals and/or households, whether in the photos, images, and/or other media themselves and/or in the filenames, titles, and/or other metadata (see the “Data in Submitted Images” section above for more about what the metadata may include). Obviously, in certain cases, those people (and/or their information) may be the subject(s), or among the subjects, of the photo(s), image(s), and/or other media; even where they are not, it is not always practical or even feasible for me to completely remove or obscure visible bystanders or other personal information or potentially personally identifiable information such photos, images, and/or other media may contain. (For example (but without limitation), the license terms under which I use images owned by others may not permit me to modify those images in such a way.) In many cases, I have no reasonable way to identify such individuals or associate photos, images, and/or other media in which they appear with other information about them. In certain cases, I may show photos, images, and/or other media (and/or related information) to others and/or take other steps to find out more about the subjects, settings, and/or circumstances of those photos, images, and/or other media; identify visible and/or audible individuals; and/or determine to whom certain vehicles, other objects and/or property, and/or animals depicted in the photos, images, and/or other media may belong. For example (again without limitation), if I have photos of a particular car that were taken at a car show or other public event, I might send those photos and/or information about them — e.g., the pictured car’s description and/or license plate number — to the event organizers in hopes of identifying and/or getting in touch with the car’s owner(s); if I have a clip from a home movie or similar video, I might show the clip to someone who appears in the video in hopes of identifying other people visible and/or audible in that video. (These are just a few representative examples, not an exhaustive list of inquiries I might conceivably make.) Please note that it isn’t necessarily always practical, appropriate, or even feasible for me to make such inquiries, and any inquiries I do make are not necessarily always fruitful. If you have recognized yourself (and/or your information) in a photo, image, or other media I have published and/or otherwise released and would like me to obscure or remove it, please contact me!
- If that information is or was already otherwise available to the public (such as — without limitation — information that’s available on the website of the person(s) to whom the information pertains; that they’ve included in their published memoirs, books, articles, or other published works, or in public posts or public comments they’ve made on this or other websites; that appears in published interviews with and/or books, news reports, articles, press releases and/or promotional materials, and/or other published works about the person(s) to whom the information pertains and/or their work; and/or that is otherwise part of the public record, e.g., court records or transcripts of public hearings).
- If the information is contained in and/or otherwise incorporated into artwork, a copy of a published work, a useful article, or some other object (including, without limitation, information inscribed or imprinted upon and/or affixed or otherwise attached to such work, copy, useful article, or object, particularly where that information cannot reasonably be removed without damage and/or defacement — for example (again without limitation), an autograph signed on a trading card; an artist’s signature and/or watermark on a lithograph or original art piece; the original subscriber’s name and mailing address imprinted upon the cover of a magazine; a previous owner’s name stamped on the flyleaf of a book; and/or handwritten notes in the margins of some text). For obvious reasons, such information is typically (and often necessarily!) included in any loan, donation, sale, and/or other disposal of that work, copy, useful article, or object.
- To editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services; to whom I may license, sell, and/or otherwise offer my content and/or other creative work; for whom I may otherwise work, provide services, and/or offer to work and/or provide services; with whom I may collaborate and/or offer to collaborate in performing and/or offering my services and/or in researching, creating, editing, performing, and/or offering my content, other creative work, and/or other creative endeavors; and/or as I may reasonably elect and/or be requested or directed to do as part of and/or in connection with such services, content, creative endeavor(s), collaboration(s), and/or work (and/or the offer thereof), where the information is part of and/or otherwise pertains to such services, content, creative endeavor(s), collaboration(s), and/or work (and/or the offer thereof). For example (but without limitation), if I approach a publisher about turning one or more of my posts on this website into a book, or if I apply for some similar or related job or assignment, those activities might include discussions of this website and/or its content.
- To my employees, independent contractors, interns, agents, and/or business partners, if any, that need to know the information in order to collaborate with me and/or to provide services for me and/or on my behalf (e.g., bookkeeping, accounting, tax preparation, legal services, translation, transcription, technical troubleshooting, website development/improvement, malware recovery/removal, other types of repair/maintenance/installation/technical service, training, tutoring, and/or education) and that have agreed to follow this Privacy Policy (or that have their own, comparably strict or stricter confidentiality policies, agreements, and/or requirements) regarding any personal information that I disclose to them.
- To my third-party vendors and/or service providers that need to know that information in order to provide services available on this website, support my business operations, and/or otherwise provide services for me and/or on my behalf. (As noted in the “Information Captured by Service/Software/App/Device Telemetry” section above, this may include, but is not limited to, services, software, apps, and/or electronic devices I may use that could collect personal information related to this website, its content, the management of my business operations, and/or my other creative endeavors through telemetry and/or other integrated information-gathering and/or surveillance features, some of which cannot be disabled without simply ceasing to use that service, software, app, or device.) Please note that some or all of my vendors and/or service providers may use various subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners, not necessarily listed here, in order to provide their services for me. Representative examples of my third-party vendors and/or service providers may include (as applicable, but without limitation):
- Social media platforms and/or other social networking services (including, without limitation, chat rooms, online bulletin boards/message boards/discussion groups, wikis, and/or similar online forums) on which I have accounts and/or that I might use to research, promote, and/or discuss this website, its content, the management of my business operations, and/or my other creative endeavors, such as (without limitation) the Blogger (a.k.a. Blogspot) web publishing service, which is owned by Google and subject to the Google Privacy Policy — I don’t currently have a Blogspot blog, although in the past, I had a little-used (and long since deleted) Ate Up With Motor blog on that service, and I could theoretically create another blog on the Blogger service through my Google account(s) if I choose to do so in the future (Google, Blogger, Blogspot, and other related marks are trademarks of Google LLC; Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor); the Facebook social media platform (I initiated the deletion of my Facebook account on December 11, 2018, and have no intention of reactivating or recreating it, but Facebook likely retains at least some related data, and I retain an offline copy of my account data as of that date — Facebook is a trademark of Meta Platforms, Inc.; Meta is a trademark of Meta Platforms, Inc.); the Flickr photo-sharing platform (presently owned and operated by Flickr, Inc., which is owned in turn by SmugMug, Inc.), on which I have published some images related to this website and/or my content and which I use to communicate with some of the people who have allowed me to use their images; my use of Flickr services and/or products to publish, create, label, tag, comment on, describe, and/or categorize my images and/or videos in those services and/or products is subject, where applicable, to the Data Processing Addendum to the Flickr Terms & Conditions of Use (Flickr and SmugMug are trademarks of SmugMug); the IntenseDebate comment system (I requested the deletion of my IntenseDebate account on December 9, 2021; the IntenseDebate comment system is owned by Automattic and subject to the Automattic Privacy Policy; Automattic and IntenseDebate are trademarks or registered trademarks of Automattic (or Automattic’s licensors)); the Tumblr microblogging and social networking platform (Tumblr is a trademark of Tumblr, Inc. in the United States and other countries); the WordPress.com blogging platform (which is also owned by Automattic and subject to the Automattic Privacy Policy; Automattic and WordPress.com are trademarks or registered trademarks of Automattic (or Automattic’s licensors); WordPress is a registered trademark of the WordPress Foundation in the United States and other countries); and/or the X social media platform, formerly known as Twitter (X and Twitter are trademarks of X Corp. or its affiliates). I technically still have a personal blog on the LiveJournal community publishing platform (which I previously archived using a patched version of the ljArchive backup utility by Erik Frey), but I can no longer use or even delete that blog because I refuse to accept the current LiveJournal user agreement. (The LiveJournal platform, which does not appear to have a privacy policy, is now owned by Rambler Group LLC. LiveJournal is a registered trademark of the advertising agency Index 20 LLC (a Rambler Group company) in the United States.)
- Providers whose services I may use in operating this website, such as (without limitation) my web host, DreamHost, LLC, which provides — directly and/or through its applicable subcontractors, subprocessors, vendors, subsidiaries, affiliates, and/or partners — various services for me, including (without limitation) hosting this website and its associated files, database(s), and server logs; managing my domain name registration for the aaronseverson.com domain name; hosting the mail servers for all aaronseverson.com email addresses; and providing certain of my administrative and security tools, as well as technical support and troubleshooting, and which, as noted in the “Website Server, Error, and Security Logs” section above, has access to any data and/or files on any server or other system they control (except where I have specially encrypted such file(s) and/or data), all subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service (DreamHost is a registered trademark of DreamHost, LLC); the Let’s Encrypt® certificate authority (CA), a service provided by the nonprofit Internet Security Research Group™ that is described in the “Certificate Authority Checks” section above (Internet Security Research Group and Let’s Encrypt are trademarks of Internet Security Research Group; all rights reserved), and/or other certificate authorities I may use or access, such as, without limitation, the Sectigo® certificate authority, which provides the personal authentication certificate I use for digital signatures (which I purchased and manage through ComodoSSLstore.com, an authorized vendor) (Sectigo® is a federally registered trademark of Sectigo Limited; Comodo® is a registered trademark of Comodo Group, Inc. or its affiliates in the United States and other countries); SolidWP, whose Solid Security plugin and/or other plugins I may use on this website (SolidWP is now one of the StellarWP brands, part of the Liquid Web family of brands, and subject to the StellarWP Privacy Policy; Solid Security, SolidWP, StellarWP, and Liquid Web are trademarks of Liquid Web, LLC); GoDaddy Media Temple, Inc. d/b/a Sucuri, a subsidiary of Go Daddy Operating Company, LLC (Sucuri), which provides the Sucuri Security plugin described in the “Security Scans” section above, which is subject to the Sucuri Security Privacy Policy, the Sucuri Cookie Policy (“Our Use of Cookies, Web Beacons, and Similar Technologies”), and/or the Data Processing Addendum to their Terms of Service (which applies to personal data Sucuri services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), as applicable (Sucuri, Sucuri Security, Sucuri Security Inc., and Sucuri Inc. are trademarks of Sucuri Inc. and may be registered in certain jurisdictions; GoDaddy is a registered trademark of Go Daddy Operating Company, LLC); GoDaddy® (which I previously used for domain registration and certain related services, although I ceased to use their services (except for those provided by Sucuri, a subsidiary) several years ago and permanently closed my GoDaddy account on October 8, 2020; GoDaddy is a registered trademark of Go Daddy Operating Company, LLC); embedded content providers such as (though not necessarily limited to) those described in the “Embedded Content” section above; Font Awesome (which, in addition to any embedded content it may serve on this site, may also be used by some of my other vendors and/or service providers in connection with other services I use, such as (without limitation) my web host’s online control panel and webmail interfaces; Font Awesome is a trademark of Fonticons, Inc.); MailChannels Corporation, whose email filtering and/or delivery services my web host may use in connection with my hosted email addresses (MailChannels is a trademark of MailChannels Corporation); providers of the various web server software, apps, and frameworks my web host uses and/or offers for use on the servers on which this website runs; most of these open source software projects don’t have privacy policies of their own, but since my web host handles most of the actual deployment and administration of the software (and administers and controls the servers on which the software runs), my use of that software in connection with the operation of this website is generally subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service (DreamHost is a registered trademark of DreamHost, LLC); the phpMyAdmin® project (a member project of Software Freedom Conservancy®), whose open source database administration tool my web host provides for managing my website databases; the project doesn’t appear to have a privacy policy, but the tool’s source code is freely available for review — my use of this tool in connection with this website is subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service, since DreamHost actually administers the tool and controls the servers that store and run the databases I use the tool to access and manage (DreamHost is a registered trademark of DreamHost, LLC; phpMyAdmin and Software Freedom Conservancy are either registered trademarks or trademark of Software Freedom Conservancy, Inc. in the United States and/or other countries; PHP is a trademark of The PHP Group; all other trademarks are the property of their respective owners); the Roundcube project, whose open source webmail client software and associated resources my web host uses for my browser-based email access; the Roundcube project doesn’t appear to have a privacy policy, but the mail client’s source code is freely available for review — my use of the mail client through my web host is subject to the DreamHost Privacy Policy and, where applicable, the Customer Data Processing Addendum to their General Terms of Service, since DreamHost actually administers the client and controls the mail servers to which it connects (DreamHost is a registered trademark of DreamHost, LLC); the Unsplash photo platform and/or related services (which I don’t currently use on this website, but which my web host may use to display images on their webmail and online control panel login pages and/or other user interfaces; Unsplash is a trademark or registered trademark of Unsplash Inc.); Zendesk, Inc., whose knowledge base platform and/or other software and/or services my web host may use for certain support resources, use of which is subject to the DreamHost Privacy Policy and/or, where applicable, the Customer Data Processing Addendum to their General Terms of Service; Zendesk’s Privacy and Data Protection page describes Zendesk’s role and responsibilities as a processor and/or service provider (in this case of DreamHost) with respect to such resources (Zendesk is a trademark of Zendesk, Inc.); the WordPress.org websites and/or their respective developers, contributors, volunteers, and other users (as explained in “Embedded Content” above, this website uses the WordPress content management system, so the WordPress.org websites may collect certain information about users who access the website’s administrative dashboard in the course of managing the site and its various plugins, themes, and/or other add-ons, as well as about and/or related to my use of the WordPress.org websites and/or forums, which I regularly use to seek help in managing, troubleshooting, and/or improving this website as well as to report bugs, security flaws, and/or other issues with the WordPress content management system itself; WordPress is a registered trademark of the WordPress Foundation in the United States and other countries); the developers of the various plugins, themes, and/or other add-ons used on this website (who may collect information via telemetry features incorporated into those plugins, themes, and/or other add-ons, and/or through my communications with the developers regarding the management, troubleshooting, and/or security of their respective plugins, themes, and/or other add-ons — such communications are frequently, though not necessarily exclusively, via the aforementioned WordPress.org forums; WordPress is a registered trademark of the WordPress Foundation in the United States and other countries); other sources of informational and/or instructional resources related to web development, online security, and/or the various aspects of operating and/or maintaining online systems, including (without limitation) providers of tutorials, guides, wikis, help files, online documentation, knowledge bases, technical consulting services, articles, and/or white papers offering recommendations, warnings, suggestions, examples, and/or discussion of how to use, manage, maintain, develop, customize, troubleshoot, and/or secure the WordPress content management system; its various plugins, themes, and/or other add-ons; and/or other software, apps, tools, services, and/or code (WordPress is a registered trademark of the WordPress Foundation in the United States and other countries); PayPal® (which serves the payment buttons that appear on the site and may process certain payments I make or receive in connection with this website — PayPal.com, PayPal, and all logos related to the PayPal services are either trademarks or registered trademarks of PayPal, Inc. or its licensors; in addition, all page headers, custom graphics, button icons, and scripts related to the PayPal services are service marks, trademarks, and/or trade dress of PayPal); the Blacklight tool (click here for more about how Blacklight works) developed and offered by the nonprofit newsroom The Markup, which I may use to help me identify potential privacy and/or security issues with this website and/or other websites and online services I use in the course of my business (Blacklight and The Markup are trademarks owned by The Markup or its licensors); WebAIM (Web Accessibility in Mind) at Utah State University (whose WAVE Accessibility Tool and/or other tools I may use to improve the accessibility of this website and/or my content; Utah State University, WebAIM, and WebAIM Web Accessibility in Mind are trademarks of Utah State University); website speed testing services/tools (which examine the publicly visible/publicly accessible portions of the website to analyze how quickly they load and identify technical issues that may affect loading speed and/or other functionality); and/or WHOIS, RDAP (Registration Data Access Protocol), and/or similar lookup providers (if I need to look up IP addresses, hostnames, and/or domain registrations using tools such as (though not necessarily limited to) the ICANN Domain Name Registration Data Lookup tool; ICANN is a trademark or registered trademark of the Internet Corporation for Assigned Names and Numbers).
- Google, which provides (directly and/or through its various subsidiaries and/or affiliates) some of the software, apps, tools, and/or services I may use and/or offer, which are too numerous to fully enumerate here, but may include (without limitation) the Google Fonts API, Google Hosted Libraries, Google Maps, FeedBurner, Gmail, Google Safe Browsing API, Blogger, and Blogspot services mentioned and/or described elsewhere in this Privacy Policy; the Android platform and related apps, services, APIs, and infrastructure (e.g., the Google Location Service infrastructure); the Android SDK Platform-Tools; the Firebase platform mentioned elsewhere in this section of the Privacy Policy; the Google Play store and its related services; the well-known Google search engines (and/or related search tools and/or services); Google Search Console tools and reports (formerly known as Google Webmaster Tools reports), which help webmasters analyze and improve their site’s indexability and search performance; the Google Authenticator mobile app (which manages authentication codes for multi-factor authentication); the Google Ads platform (which I believe is formally called the Google Ad Network advertiser network, although many Google policies and documents refer to “Google Ads”) and various advertising services, e.g., the AdMob, AdSense, and/or DoubleClick advertising services (which I don’t currently use on this website, but may be used by some apps, websites, and/or online services I use and/or access, and/or may show advertising through certain embedded content, as noted in the “Embedded Content” section above); the reCAPTCHA human verification service (which I don’t currently use on this website, but which may be used by various websites and/or online services I use and/or access, and which can collect information about and/or related to my online activity in those contexts, as described in the “Information Captured by Service/Software/App/Device Telemetry” section above); the Google Voice communications service (a VoIP (Voice over Internet Protocol) service provided by Google Voice Inc., a subsidiary of Google LLC, which is subject to the Google Privacy Policy and, where applicable, the Google Telephony Services Privacy Disclosure); Google Workspace productivity and collaboration tools; the Widevine digital content manager (a digital rights management (DRM) technology many web browsers use to allow playback of encrypted media content protected by DRM); and, as noted in the “Embedded Content” section above, the YouTube video platform. All Google products and services are subject to the Google Privacy Policy and/or, where applicable, their Data Processing Addendum for Products where Google is a Data Processor, the CCPA Service Provider Addendum to Google Data Processing Addendum, and/or the LGPD Processor Addendum to the Google Data Processing Addendum. For additional information about how Google uses technologies that may collect and/or process personal information, see the “Technologies” section of their Google Privacy & Terms site. (Google, AdMob, AdSense, Android, Blogger, Blogspot, DoubleClick, FeedBurner, Firebase, Gmail, Google Ad Network, Google Ads, Google AdSense, Google Authenticator; Google Location Service, Google Maps, Google Play, Google Safe Browsing, Google Search Console, Google Voice, Google Webmaster Tools, Google Workspace, Widevine YouTube, and other related marks and logos are trademarks of Google LLC. I am not affiliated with or endorsed by Google in any way.)
- Microsoft, which provides (directly and/or through its various subsidiaries and/or affiliates) some of the software, apps, tools, and/or services I may use and/or offer — which are too numerous to fully enumerate here, but may include (without limitation) the operating systems and associated software and services for some of the devices I use; BitLocker® encryption and data protection features; Microsoft® Bing® search engine(s); the Microsoft Office suite of productivity software and services; and/or any other Microsoft software, apps, tools, and/or services mentioned and/or described elsewhere in this Privacy Policy — and may collect and use certain information through, about, and/or related to the use of such software, apps, tools, and/or services as described in the Microsoft Privacy Statement and/or, where applicable, the Microsoft Products and Services Data Protection Addendum (which applies to certain data Microsoft products and services process on customers’ behalf). (Microsoft, Bing, and BitLocker are trademarks of the Microsoft group of companies, as are the names of many other Microsoft products and services. I am not affiliated with or endorsed by Microsoft in any way.)
- Other providers whose services enable me to operate and/or secure my system(s), device(s), and/or data, such as (without limitation) TCL Communication Ltd. (a.k.a. TCT) and/or its subsidiaries and/or affiliates, which manufactured my BlackBerry® KEY2 LE smartphone, which may collect information about and/or related to the use of that smartphone and/or its associated software and services as described in the BlackBerry Mobile Privacy Policy (the current TCT Privacy Policy available online appears somewhat different from the Privacy Policy presented in the legal information on the smartphone itself, and the latter version is apparently no longer available on the TCT website now that TCT has ended its license to manufacture and sell BlackBerry® smartphones; BlackBerry, KEY2, and KEY2 LE are the trademarks or registered trademarks of BlackBerry Limited; TCL is a registered trademark of TCL Corporation); BlackBerry Limited (and/or, where applicable, its subsidiary companies and/or affiliates), which makes the suite of BlackBerry® apps and services used by and with my BlackBerry® smartphones; manufactured (under the previous corporate name of Research In Motion Limited) the older of those smartphones (and many of their associated accessories); owns much of the underlying intellectual property of both smartphones and their associated software; and may collect information related to the use of those smartphones, software, apps, and/or services as described in the BlackBerry Privacy Notice (BlackBerry and Research in Motion are the trademarks or registered trademarks of BlackBerry Limited, the exclusive rights to which are expressly reserved — I am not affiliated with, endorsed, sponsored, or otherwise authorized by BlackBerry Limited); Dell Technologies, Inc., and/or its subsidiaries and/or affiliates, which manufactured certain of my devices, displays, peripheral devices, and/or other components and may collect information about and/or related to the use their use and/or the use of their associated drivers and/or software as described in the Dell U.S. Privacy Statement (Dell and Dell Technologies are trademarks of Dell Inc. or its subsidiaries); HP Inc., which may collect certain information about and/or related to my use of HP printers, scanners, copiers, and/or other devices; their associated ink, toner, and/or other consumable supplies; and/or their associated drivers, software, and/or services as described in the HP Privacy Statement; HP is a trademark of HP Inc., as are the names of many of its products and services); Intel Corporation and/or its subsidiaries and/or affiliates, which manufactured certain of my devices and/or components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in the Intel Privacy Notice (Intel is a trademark of Intel Corporation or its subsidiaries); I.R.I.S. and/or its affiliates, whose optical character recognition software I may use in connection with my printer(s) and/or scanner(s) (I.R.I.S. is an I.R.I.S. trademark); The Khronos® Group, whose Vulkan® Runtime Libraries and/or other software, software development kits, and/or software components may be installed in conjunction with and/or incorporated into certain software and/or devices I may use, including, though not limited to, the drivers for certain of my display cards and/or other devices and/or components (Khronos and Vulkan are registered trademarks of The Khronos Group Inc.); LG Electronics and/or its subsidiaries and/or affiliates, which manufactured certain of my devices, displays, peripheral devices, and/or other components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in, as applicable, their website Privacy Policy and/or any applicable product privacy policies (LG is a registered trademark of LG Corp.); Logitech and/or its subsidiaries and/or affiliates, which manufactured certain of my devices, peripheral devices, and/or other components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in, as applicable, their Product Privacy Policy and/or their Website Privacy Statement (Logitech is a trademark or registered trademark of Logitech Europe S.A. and/or its affiliates in the United States and/or other countries); Nuance Communications, Inc., present owner of the VoiceSignal® VSuite® voice recognition software used by the older of my BlackBerry® smartphones, which may collect information through and/or about my use of that software (to the extent that software still works, which is unclear) as described in the Nuance Privacy Policy (VoiceSignal, VSuite, and Nuance are registered trademarks or trademarks of Nuance Communications, Inc. or its affiliates in the United States and/or other countries; BlackBerry is the trademark or registered trademark of BlackBerry Limited); Qualcomm Incorporated and/or its subsidiaries and/or affiliates, which manufactured some of the components and provides some of the services of my BlackBerry® KEY2 LE smartphone and/or my desktop computer and may collect information about and/or related to the use of such components and/or services, and/or any associated software and/or drivers, as described in the Qualcomm Incorporated Privacy Policy (Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries; BlackBerry, KEY2, and KEY2 LE are the trademarks or registered trademarks of BlackBerry Limited); Realtek Semiconductor Corp. and/or its subsidiaries and/or affiliates, which manufactured certain of my peripheral devices and/or other components as well as their associated drivers and/or software (the company’s official website does not appear to have any privacy policy; Realtek is a trademark of Realtek Semiconductor Corp.); Renesas Electronics Corporation and/or its affiliates, which manufactured certain of my peripheral devices and/or components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in the Renesas Privacy Policy (Renesas is a trademark or registered trademark of Renesas Electronics Corporation in Japan, the United States, and other countries); Rosewill, Inc. and/or its parent company, affiliates, and/or subsidiaries, which manufactured certain of my peripheral devices and/or other components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in the Rosewill Privacy Policy (Rosewill is a registered trademark of Rosewill Inc.); Sabrent (which manufactured certain of my peripheral devices and/or other components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in the Sabrent Privacy Policy; Sabrent is a trademark of Sabrent); Seagate Technology LLC and/or its subsidiaries and/or affiliates, which manufactured certain of my hard drive(s) and/or other memory storage device(s) and their associated drivers and/or software, whose use is subject to the Seagate Privacy Statement (Seagate and Seagate Technology are registered trademarks of Seagate Technology LLC in the United States and/or other countries); Staples, Inc. and/or its affiliates, which manufactured certain of my peripheral devices, other components, and/or other office equipment and may collect information about and/or related to the use of such devices, components, and/or equipment and/or their associated software and/or drivers as described in Staples’ U.S. Privacy Notice, which also applies to data they may collect in connection with my purchase(s) of supplies, equipment, and/or other office products from their retail stores and/or website (Staples is a registered trademark of Staples, Inc. or its subsidiaries in the United States and/or other countries); Toshiba Corporation and/or its affiliates, which manufactured certain of my hard drives, other memory storage devices, and/or other devices and/or components and may collect information about and/or related to their use and/or the use of their associated drivers and/or software as described in the applicable Toshiba privacy policy or privacy policies (Toshiba is a registered trademark of Toshiba Corporation in the United States and other countries); Waves Audio Ltd., which makes the Waves MaxxAudio® Pro audio processing software I use on some of my devices and may collect information about and/or related to the use of that software as described in the Maxx Privacy Policy (Maxx, MaxxAudio, and Waves are trademarks or registered trademarks of Waves Audio Ltd.); Western Digital® and/or its subsidiaries and/or affiliates, which manufactured certain of my hard drive(s) and/or other memory storage device(s) and their associated drivers and/or software, whose use is subject to the Western Digital Privacy Statement; Western Digital is a registered trademark or trademark of Western Digital Corporation or its affiliates in the U.S. and/or other countries); Avast Software s.r.o and/or their subsidiary Piriform Software Ltd., whose Avast® and/or CCleaner® security and/or maintenance software products I may use on some or all of my systems and/or devices — the Avast Products Policy describes what types of data Avast products may collect, while the CCleaner Data Factsheet explains what types of data CCleaner products may collect (Avast is a registered trademark of Avast Software s.r.o. in the U.S. and/or other countries; Piriform and CCleaner are trademarks or registered trademarks of Piriform Software Ltd. in the U.S. and/or other countries); Bitdefender, whose Bitdefender Mobile Security and/or Bitdefender Central apps and/or associated services I may use on some of my devices (Bitdefender is a trademark of Bitdefender); like many apps and services for the Android platform, the Bitdefender apps and/or services may incorporate and/or utilize various Google services (e.g., the Crashlytics crash reporter tool and/or other services of the Firebase platform, and/or the Google Safe Browsing API), all of which are subject to the Google Privacy Policy (Google, Android, Crashlytics, Firebase, Google Safe Browsing, and other related marks are trademarks of Google LLC), as well as various other subprocessors such as (without limitation) Akamai Technologies, Inc. and/or Amazon Web Services; Akamai is a registered trademark or service mark of Akamai Technologies, Inc. in the United States (Reg. U.S. Pat. & Tm. Off.); Amazon Web Services is a trademark of Amazon.com Inc. or its affiliates in the United States and/or other countries); Malwarebytes, whose security tools I may use on some or all of my systems and devices (Malwarebytes is a trademark of Malwarebytes); Safer-Networking Ltd., whose Spybot® security and privacy software and/or tools (such as, though not necessarily limited to, Spybot – Search & Destroy security software and/or its associated apps, tools, and/or services) I may use on some or all of my systems and devices (Spybot and Spybot – Search & Destroy are registered trademarks of Patrick Kolla-ten Venne in the EU and/or other jurisdictions; Spybot is a registered trademark of Safer-Networking Ltd. dba Spybot in the United States and/or other countries); developers of Internet firewall applications, software, and/or services, such as (without limitation) Károly Pados’ TinyWall firewall software and/or Marcel Bokhorst’s NetGuard mobile firewall and Internet traffic monitor app (see the NetGuard privacy statement; the NetGuard app may also connect to IPinfo API services and/or other WHOIS/RDAP lookup services to look up information about IP addresses, hostnames, and/or domains to which my mobile apps connect and/or attempt to connect; IPinfo is a trademark or registered trademark of IDB LLC in the United States and/or other countries); other providers of filter lists, block lists, and/or other security-related information, such as (without limitation) the AdGuard Team AdGuard Filters (AdGuard is a registered trademark of AdGuard Software Limited); Steven Black’s StevenBlack/hosts unified hosts file (which consolidates various other hosts lists); Disconnect, Inc. (whose Tracker Protection lists some web browsers may use to help prevent fingerprinting and/or certain other forms of tracking; Disconnect is a trademark of Disconnect, Inc.); HackRepair.com (HackRepair.com is a trademark of Jim Walker dba HackRepair.com; HackRepair is a registered trademark of Jim Walker); Peter Lowe’s ad and tracking server list; the MVPS HOSTS file; Perishable Press; The Spamhaus Project (Spamhaus is a registered trademark of The Spamhaus Project SLU in the EU and/or other jurisdictions); and/or the URLhaus Malicious URL Blocklist; developers and/or providers of password management software, apps, tools, and/or services; the Have I Been Pwned data breach notification service (which is a project of Troy Hunt and subject to the Have I Been Pwned Privacy Policy; Have I Been Pwned is a trademark and brand of Superlative Enterprises Pty. Ltd.) and/or other data breach notification and/or identity theft protection services; and/or encryption software and/or services such as (without limitation) the open source GNU Privacy Guard for Windows (Gpg4win) and the software included with it, which may include (again without limitation) GnuPG (the encryption backend) and the GNU Privacy Assistant (GPA), the GpgOL and GpgEX plugins, and the Kleopatra certificate management application, which was developed by members of the KDE® Community and may be subject to the KDE Software Privacy Policy (GNU is a trademark or registered trademark of Free Software Foundation, Inc.; Microsoft, Outlook, and Windows are trademarks of the Microsoft group of companies; KDE is a registered trademark of KDE e.V.; all other trademarks are the property of their respective owners); the OpenKeychain open source mobile encryption app; the OpenKeychain open source mobile encryption app; the Sectigo® certificate authority, which provides the personal authentication certificate I use for digital signatures (which I purchased and manage through ComodoSSLstore.com, an authorized vendor) (Sectigo® is a federally registered trademark of Sectigo Limited; Comodo® is a registered trademark of Comodo Group, Inc. or its affiliates in the United States and other countries); David Wittman’s open source csrgenerator.com app for generating certificate signing requests for encryption certificates (whose source code is freely available for review); cryptographic key servers and/or other encryption key management services and/or tools; the open source VeraCrypt disk encryption tool developed by IDRIX (portions of which were developed by various others, summarized in the VeraCrypt Copyright Information notice; IDRIX and VeraCrypt are trademarks of IDRIX); and/or online forums, message boards, discussion groups, chat rooms, mailing lists, technical consulting services, wikis, help files, online documentation, knowledge bases, and/or other online venues and/or resources for investigating, troubleshooting, resolving, and/or preventing technical problems and/or suspicious and/or malicious activity, and/or otherwise discussing and/or researching matters pertaining to the operation, function, technical improvement, and/or security of my system(s), device(s), and/or data.
- Other providers whose services I may use in accessing the Internet, such as (without limitation) my home Internet service provider (currently Spectrum Internet®, a service of Charter Communications, Inc.; Spectrum Internet and Charter Communications are trademarks or registered trademarks of Charter Communications), which processes and thus has information about and/or related to much of my online activity (in addition to any information I may disclose to them for security, support, and/or troubleshooting purposes); my mobile carrier(s) (currently T-Mobile®; T-Mobile, T-Mobile USA®, and Deutsche Telekom® are registered trademarks of Deutsche Telekom AG; this website is not sponsored, certified, endorsed or approved by, or affiliated with, Deutsche Telekom AG, T-Mobile USA, Inc., or their respective subsidiaries and affiliates), which provide my mobile voice, text, and data plan and may process certain emails sent to and from my phone(s), and thus have information about and/or related to voice calls, texts, and online activity made, received, and/or otherwise conducted on my mobile device(s) (in addition to any information I may disclose to them for security, support, and/or troubleshooting purposes); other Internet service providers, mobile carriers, phone service providers, and/or wireless network services I may use; ASUSTeK Computer Inc. and/or its affiliated entities, which manufactured my ASUS® wireless router and may collect information about and/or related to the use of that router and/or its associated software and/or services as described in the ASUS Privacy Policy (ASUS is either a U.S. registered trademark or trademark of ASUSTeK Computer Inc. in the United States and/or other countries. Reference to any ASUS products, services, processes, or other information and/or use of ASUS Trademarks does not constitute or imply endorsement, sponsorship, or recommendation thereof by ASUS.); NETGEAR, Inc. and/or its affiliates and subsidiaries, which manufactured my NETGEAR® wireless router and may collect information about and/or related to the use of that router and/or its associated software and/or services as described in the NETGEAR Privacy Policy (NETGEAR is a trademark and/or registered trademark of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries); the open source Simple DNSCrypt utility developed by Christian Hermann and other contributors (which doesn’t have a privacy policy, although its source code is freely available for review; it implements Frank Denis’s open source dnscrypt-proxy DNS proxy to allow me to encrypt my Domain Name System (DNS) queries on my desktop computer(s); DNSCrypt is a trademark of Frank Denis); Cloudflare, Inc., through and/or in connection with my use of their 1.1.1.1 Public DNS Resolver (which is a partnership between Cloudflare and APNIC Labs, subject to the Cloudflare Privacy Policy; Cloudflare and 1.1.1.1 are trademarks and/or registered trademarks of Cloudflare, Inc. in the United States and other jurisdictions); the 1.1.1.1 App and/or its associated WARP mobile security/encryption service (which are subject to the Cloudflare Application Privacy Policy; Cloudflare, 1.1.1.1, and WARP are trademarks and/or registered trademarks of Cloudflare, Inc. in the United States and other jurisdictions); the Cloudflare Resolver for the Mozilla Firefox browser (whose unique privacy practices are discussed in the “Frequently asked questions about the Cloudflare resolver for Firefox” page; Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions; Mozilla and Firefox are trademarks of the Mozilla Foundation in the U.S. and other countries); and/or other Cloudflare® services, such as (without limitation) the content delivery network (CDN) and distributed denial-of-service (DDoS) protection services used by some websites and/or online services I use and/or access; most Cloudflare services are subject to the Cloudflare Privacy Policy, the Cloudflare Data Processing Addendum (which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws), and/or the Cloudflare Cookie Policy, as applicable (Cloudflare is a trademark and/or registered trademark of Cloudflare, Inc. in the United States and other jurisdictions); any other DNS resolver service(s) I may use; other CAPTCHA and/or comparable human verification services, e.g., the hCaptcha® service (a service of Intuition Machines, Inc.; hCaptcha and Intuition Machines are registered trademarks of Intuition Machines, Inc.), which may be used by various websites and/or online services I use and/or access in the course of my online activity; the Akismet spam-filtering service (which is a service of Automattic Inc. and subject to the Automattic Privacy Notice for Visitors to Our Users’ Sites and the Automattic Privacy Policy; the Akismet and the GDPR page provides additional information about the service’s processing of personal data — Akismet and Automattic are trademarks or registered trademarks of Automattic (or Automattic’s licensors)) and/or similar spam filtering services (which I don’t currently use on this website, but may be used by various websites and/or online services I use and/or access in the course of my online activity); link shorteners and/or other hyperlink redirection services and/or tools; Cisco Systems, Inc., whose OpenH264 Video Codec many web browsers use for encoding and decoding certain types of audiovisual content; this open source codec library does not have its own privacy policy, since it is usually incorporated into web browsers as a binary module (Cisco and Cisco Systems are trademarks or registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries); the Guardian Project (through and/or in connection with my use of the Orbot app and/or Tor Browser for Android app, which are subject to the project’s Data Usage and Protection Policies — these apps connect to the Tor® network developed by The Tor Project (Tor is a registered trademark of The Tor Project, Inc.; Google, Android, and other related marks are trademarks of Google LLC); Hidden Reflex (through and/or in connection with my use of the Epic Privacy Browser (for desktop, mobile, or both); associated encrypted file vault and/or other browser features; associated encrypted proxy/VPN browser extension; associated Epic AdBlocker extension (which is based on the uBlock Origin browser extension developed by Raymond Hill and uses many of the same lists, which are developed and maintained by a variety of people); associated EpicSearch.in search extension (which submits anonymized queries to the Yandex Search search engine(s) (whose use is subject to the Yandex Privacy Policy; Yandex and Yandex Search are trademarks of Yandex LLC) as an alternative to the browser’s default search function, which uses Yahoo!® search services (whose use is subject to the Yahoo Search Services privacy practices and the Yahoo Privacy Policy; Yahoo, Yahoo!, and other Yahoo marks are trademarks and/or registered trademarks of Yahoo Inc. or its affiliates); and/or other associated browser extensions, themes, and/or other add-ons (Hidden Reflex, the Epic Privacy Browser, Epic Browser, EpicSearch, and the names of related products and services are trademarks of Hidden Reflex); Mozilla Corporation (which may collect certain information through and/or in connection with my use of the Firefox, Firefox Focus, and/or Fennec F-Droid web browsers (whether for desktop, mobile, or both) and/or associated browser extensions, themes, and/or other add-ons as described in the Mozilla Privacy Policy (Mozilla, Firefox, and Firefox Focus are trademarks of the Mozilla Foundation in the U.S. and other countries); the Phishing and Malware Protection features of these browsers may also use the Google Safe Browsing API, which is subject to the Google Privacy Policy (Google, Google Safe Browsing, and other related marks are trademarks of Google LLC); Opera Software AS (through and/or in connection with my use of the Opera web browser (for desktop, mobile, or both), its integral VPN/proxy service, and/or associated browser extensions, themes, and/or other add-ons; Opera is a trademark of Opera Software AS); providers of other web browsers I may use (whether for desktop, mobile, or both); and/or the providers and/or developers of browser extensions, themes, and/or other add-ons I may use, such as (without limitation) the Abine Blur browser extension (formerly known as DoNotTrackMe; Abine, Blur, and DoNotTrackMe are trademarks of Abine, Inc.) — I’ve also used their email masking tool in an effort to reduce the spam and mass mailings I tend to receive after filling out comment or petition forms; aka_StephanAS‘s browser themes and/or other add-ons; Chris Antanki’s Disable WebRTC extension (whose privacy policy indicates that the extension does not collect usage data); the Cookie AutoDelete browser extension developed by Kenny Do and CAD Team (which does not appear to collect usage data; its source code is freely available for review); damagnat‘s browser themes and/or other add-ons; Francesco De Stefano’s Opena11y Toolkit browser extension (which doesn’t appear to have a privacy policy, although its source code is freely available for review), which facilitates use of the open source tota11y accessibility visualization tool created by Khan Academy® developers to assess potential accessibility issues in online content (although “a11y” is a commonly used abbreviation for “accessibility”, A11Y is a trademark of the Bureau of Internet Accessibility in the United States — it’s not clear if the tota11y project is associated in any way with that organization; Khan Academy is a registered trademark of Khan Academy, Inc. in the United States and other jurisdictions; A11Y and Bureau of Internet Accessibility are registered trademarks of the Bureau of Internet Accessibility, Inc. in the United States); the various ad-blocking and other filter lists by the EasyList authors; the Adblock Plus® browser extension by eyeo GmbH and that extension’s related lists (Adblock Plus and eyeo are trademarks of Ad-IP GmbH & Co. KG, registered in the United States and other jurisdictions); browser add-ons and/or other privacy tools offered by the Electronic Frontier Foundation® (EFF®) (which are subject to the EFF Privacy Policy: Software and Technology Projects; Electronic Frontier Foundation and EFF are trademarks of the Electronic Frontier Foundation); the Ghostery® browser extension by Cliqz International GmbH (Ghostery and Cliqz are registered trademarks of Cliqz International GmbH); the NoScript extension developed by Giorgio Maone of InformAction (which, according to the developer, does not collect personal information); the Nodetics Cookiebro – Cookie Manager browser extension (which currently asserts that it does not collect personal information); Thomas Rientjes’s open source Decentraleyes browser extension (whose Privacy Policy says the extension does not collect user data); Hosh Sadiq’s adblock-nocoin-list); the uBlock Origin browser extension (which is developed by Raymond Hill) and its related lists (which are developed and maintained by a variety of people); and/or the Cookie Quick Manager extension developed by ysard; Jefferson Scher’s userChrome.org website, which offers an unofficial guide and style recipes for customizing the appearance of the Mozilla Firefox web browser (the userChrome.org website is not maintained by or affiliated with Mozilla, which makes the Firefox browser; Firefox and Mozilla are trademarks of the Mozilla Foundation in the U.S. and other countries); and/or Nir Sofer, whose various NirSoft freeware utilities (such as, though not necessarily limited to, cache viewers and/or other browser cache management tools) I may use to manage certain of my browser functions.
- Other providers of software, apps, tools, and/or services I may use in connection with this website, its content, the management of my business operations, and/or my other creative endeavors, such as (without limitation) Adobe Inc. and/or its subsidiaries and/or affiliates, which provide some of the software, apps, tools, and/or services I may use and/or offer and may collect and use certain information through, about, and/or related to the use of such software, apps, tools, and/or services as described in the applicable sections of the Adobe Privacy Center (Adobe is either a registered trademark or trademark of Adobe in the United States and/or other countries; I am not affiliated with or endorsed by Adobe in any way); Apple Inc. and/or its subsidiaries and/or affiliates, which may collect information about and/or related to my use of iTunes software, the iTunes Store online store, and/or other Apple products and/or services as described in the Apple Customer Privacy Policy (Apple and iTunes are trademarks of Apple Inc., registered in the U.S. and other countries and regions; iTunes Store is a service mark of Apple Inc., registered in the U.S. and other countries and regions; I am not endorsed or sponsored by or otherwise affiliated with Apple Inc.); Artifex Software Inc., which may collect certain information about and/or related to my use of their SmartOffice® mobile app as described in the SmartOffice Privacy Policy and/or the Artifex.com Privacy Policy, as applicable (Artifex and SmartOffice are registered trademarks of Artifex Software Inc.); Audacity® open source audio editing and recording software, whose new owners may collect personal information about and/or related to the use of the software — whose source code remains freely available for review — as described in the Desktop Privacy Notice, although this notice technically only applies to newer versions of the software than I currently use (the name Audacity® is a registered trademark of MuseCY SM Ltd.; all other trademarks are the property of their respective owners); Pete Batard’s open source Rufus utility (whose source code is freely available for review); Cannaverbe Limited (through and/or in connection with the use of their CDBurnerXP software); the CDex audio utility developed by Georgy Berdyshev, Ariane Paola Gomes, and Albert L. Faber; CompanionLink Software, Inc., whose CompanionLink® and/or DejaOffice® CRM products and/or services I may use to synchronize data and manage contacts, calendar entries, tasks, and notes on my device(s); the CompanionLink Data Processing Agreement applies to personal data CompanionLink services (and/or their associated subprocessors) process on my behalf that may be subject to European data protection laws (CompanionLink and DejaOffice are registered trademarks of CompanionLink Software, Inc.); Pavel Cvrček’s open source MozBackup utility, (whose source code is freely available for review); the ComicRack comics reader developed by cYo Soft; DataViz, Inc., which might collect information about and/or related to the use of the Documents To Go® app on the older of my BlackBerry® smartphones (DataViz and Documents To Go are registered trademarks of DataViz, Inc.; BlackBerry is the trademark or registered trademark of BlackBerry Limited); The Document Foundation, which may collect information about and/or related to my use of the open source LibreOffice® office productivity suite and/or its associated repository of extensions, themes, and other add-ons as described in the LibreOffice Privacy Policy (LibreOffice and The Document Foundation are registered trademarks of The Document Foundation or are in actual use as trademarks in one or more countries); the open source F-Droid repositories and client app (which may collect a limited amount of information about and/or in connection with my use of the repositories and/or app, as described in the “Terms, etc.” section of their About page); Shahin Gasanov’s ZoneIDTrimmer tool; The GIMP Team, which maintains the open source GNU Image Manipulation Program (aka GIMP, which doesn’t appear to have a privacy policy, although the source code is freely available from the “Downloads” page of The GIMP Website); The GIMP Help Team, which maintains the GIMP documentation; and/or the developers and/or maintainers of the software’s various associated plugins, scripts, brushes, filters, and/or other add-ons, such as (without limitation) Alessandro Francesconi’s open source Batch Image Manipulation Plugin (whose source code is also freely available) (GNU is a trademark or registered trademark of Free Software Foundation, Inc.); the open source gitg GNOME® GUI client for viewing Git® repositories (which doesn’t appear to have a privacy policy, although its source code is freely available for review; the GNOME name is a registered trademark or trademark of GNOME Foundation in the United States or other countries; Git is either a registered trademark or trademark of Software Freedom Conservancy, Inc., corporate home of the Git Project, in the United States and/or other countries; all other trademarks are the property of their respective owners); Kovid Goyal’s calibre ebook management software (which lacks a privacy policy, although its source code is freely available for review; calibre is a trademark or registered trademark of Kovid Goyal); the MakeMKV format converter utility developed by GuinpinSoft Inc. (which doesn’t appear to have a privacy policy); the open source HandBrake video transcoder (whose source code is freely available for review); Mark Harman’s open source Open Camera mobile app; Phil Harvey’s ExifTool utility and Bogdan Hrastnik’s related ExifToolGUI user interface for it; Florian Heidenreich’s Mp3tag utility (Mp3tag is a trademark of Florian Heidenreich); Don Ho’s Notepad++ open source editing tool (which doesn’t appear to have a privacy policy, although again its source code is freely available for review) and its various plugins (which may include, but are not necessarily limited to, the DSpell spell-checker plugin developed by Sergey Semushin as well as the NPP Converter, NPP Export, NPP mimetools and WinGup (Windows® Generic Updater) plugins that currently ship with Notepad++; Microsoft and Windows are trademarks of the Microsoft group of companies; all other trademarks are the property of their respective owners); Ivan Ivanenko’s open source Librera® ebook and comics reader app — the F-Droid version, which omits the Internet access features, ads, and analytics and to which I have granted no Internet access privileges; the F-Droid version does not appear to collect personal information except to the extent necessary to manage updates, but the technically inclined can always browse the source code to be sure (Librera is a registered trademark or trademark of Ivan Oleksandrovych Ivanenko in the U.S. and/or other countries); JoeJoe‘s Rename Master utility; Tibor Kaputa’s Simple SMS Messenger app (whose source code is freely available for review) and/or Simple Mobile Tools Voice Recorder app (whose source code is also freely available for review); Robert Kausch’s open source fre:ac audio converter (which doesn’t appear to have a privacy policy, although the software’s source code is freely available for review); Tim Kosse’s open source FileZilla® FTP client (whose source code is freely available from the project’s “Download FileZilla Client” page; FileZilla is a registered trademark of its respective owners); Petr Lastovicka’s open source Precise Calculator utility (which doesn’t have a privacy policy, although its source code is freely available for review); the open source HashCheck Shell Extension developed by Kai Liu, Christopher Gurnee, David B. Trout, and Tim Schlueter; the ImgBurn freeware disc-burning utility developed by LIGHTNING UK! (ImgBurn is a trademark of ImgBurn); the open source Media Player Classic – Black Edition (MPC-BE) (which doesn’t have a privacy policy, although its source code is freely available for review); Ruben Negendahl’s PicView picture viewer app (which doesn’t appear to have a privacy policy, although its source code is freely available for review); Igor Pavlov’s open source 7-Zip file archiver software (which doesn’t have a privacy policy, but whose source code is freely available for review); Dương Diệu Pháp’s open source ImageGlass image viewer app (which doesn’t have a privacy policy, but whose source code is freely available for review); the open source PuTTY SSH/Telnet client utility (whose source code is freely available for review); the open source SQLiteStudio SQL editing tool developed by SalSoft (whose source code is freely available for review; SQLite is a registered trademark of Hipp, Wyrick & Company, Inc.); JHM Schaars’ vDos MS-DOS® emulator, which doesn’t appear to have a privacy policy (Microsoft and MS-DOS are trademarks of the Microsoft group of companies; all other trademarks are the property of their respective owners); Ted Smith’s open source QuickHash GUI utility (whose current Privacy Policy applies only to the QuickHash GUI website, not the utility itself, although the source code is freely available for review); the suite of PDF creation and editing software and tools offered by Tracker Software Products (Canada) Ltd., a wholly owned subsidiary of PDF-XChange Co. Ltd., which includes an optical character recognition plugin powered by the ABBYY® FineReader® Engine software development kit (PDF-XChange is an internationally registered trademark of PDF-XChange Co. Ltd.; ABBYY, FineReader, and ABBYY FineReader are either registered trademarks or trademarks of ABBYY Development Inc. and/or its affiliates; all other trademarks are the property of their respective owners); and/or VLC media player® software and/or other open source multimedia software projects of the VideoLAN organization (which doesn’t appear to have a privacy policy, although the VLC media player source code is freely available for review, as is the source code of all VideoLAN open source projects; VideoLAN, VLC, and VLC media player are trademarks internationally registered by the VideoLAN nonprofit organization).
- Manufacturers of other electronic devices I may use, such as (without limitation) cameras, recorders, or memory storage devices, either through my direct interactions with those manufacturers (e.g., my use of their customer service and/or technical support resources) and/or through telemetry or other information-gathering mechanisms incorporated into the devices and/or their associated software and/or drivers. I don’t believe that my current Canon® or FUJIFILM® digital cameras; SanDisk® portable audio player(s) and/or memory storage devices; analog television; Sony® digital recorder or DVD player; various USB flash drives, memory cards, hubs, and/or drive enclosures (which are from an assortment of different manufacturers); headphones and/or headsets; webcams and/or microphones; speakers and/or sound systems; home appliances (e.g., refrigerator, air conditioner, dehumidifier, vacuum cleaner(s)); or other such devices, equipment, and/or accessories independently transmit personal information to third parties, and I generally seek to avoid or at least limit my use of these devices’ proprietary software and/or apps, if any (obviously excepting firmware necessary for a device to function), but any information they did collect would be subject to the manufacturers’ respective privacy policies (and/or any applicable product- and/or software-specific privacy policies), as is any information they may collect through my use of the manufacturers’ websites, customer service, and/or technical support resources. (Canon is a registered trademark of Canon Inc. in the United States and may also be a registered trademark or trademark in other countries. FUJIFILM is a registered trademark of FUJIFILM Corporation in various jurisdictions. SanDisk and Western Digital are registered trademarks or trademarks of Western Digital Corporation or its affiliates in the U.S. and/or other countries. Sony is a registered trademark of Sony Corporation.)
- Providers of other search engines and/or other research and/or reference tools, services, facilities, and/or resources I may use, such as (without limitation) the DuckDuckGo® search engine(s) and/or associated browser extension(s), whose use is subject to the DuckDuckGo Privacy Policy (DuckDuckGo is a registered trademark of Duck Duck Go, Inc. in the United States and other jurisdictions); the Startpage search engine(s) and/or associated browser extension(s), whose use is subject to the Startpage Privacy Policy, which also applies to use of the Startpage “Anonymous View” proxy service, Private Currency Converter feature, Private Language Translator feature, Private Shopping feature, and/or other associated features (Startpage and Startpage.com are trademarks or registered trademarks of Startpage BV); Yahoo!® search engines and/or search services, which are subject to the Yahoo Search Services privacy practices and the Yahoo Privacy Policy; I may also use various other Yahoo! and/or AOL® services, which are subject to the Yahoo Privacy Policy, the policies described in the legacy Yahoo Privacy Center, and/or the legacy Oath® Privacy Policy (for AOL), as applicable (AOL, Oath, Yahoo, Yahoo!, and other Yahoo marks are trademarks and/or registered trademarks of Yahoo Inc. or its affiliates); the Yandex Search search engine(s), whose use is subject to the Yandex Privacy Policy (Yandex and Yandex Search are trademarks of Yandex LLC); the providers of any other search engines I may use; the DOI® system proxy servers of the International DOI Foundation, which resolve the alphanumeric Digital Object Identifier strings (DOI names) used to identify certain scholarly papers and other online resources and redirect DOI requests to the appropriate online address(es) (DOI® and DOI.ORG® are trademarks of the International DOI Foundation); the Wikimedia Foundation®, through and/or in connection with my use of and/or contributions to Wikimedia Commons®, Wikipedia®, and/or their other collaborative projects (Wikimedia, Wikimedia Commons, Wikimedia Foundation, Wikipedia, and other Wikimedia project names and logos are registered trademarks of the Wikimedia Foundation, Inc., a nonprofit organization; I am not endorsed by or affiliated with the Wikimedia Foundation); press and/or public relations representatives; museums, libraries, archives, and/or databases, public and/or private, including, but not limited to, the Los Angeles Public Library and/or L.A. County Library, through my use of their collections, holdings, exhibits, galleries, catalogs, databases, computers, equipment, and/or other systems and/or services (some of which may be provided by, powered by, and/or otherwise supported by third parties, which may have their own privacy policies); through my attendance at and/or participation in their tours, presentations, classes, programs, and/or events; and/or through my communications with their librarians, archivists, docents, guides, other staff, employees, workers, and/or volunteers, as applicable; organizations, services, and/or resources (public and/or private) that publish, catalog, offer, and/or otherwise make available public records and/or public information of whatever type(s); other online information and/or reference services, encyclopedias and/or dictionaries, almanacs, calculators and/or unit conversion tools, catalogs, galleries, repositories, news services, newsletters, online publications, online publishing services and/or platforms, websites, wikis, help files, online documentation, knowledge bases, blogs, video blogs (“vlogs”), podcasts, educational and/or instructional resources and/or services, tutorials and/or other training resources and/or services, file-sharing services, photo-sharing services, stock photo services, other services and/or platforms for sharing images and/or other media, video stores and/or video rental services, online and/or satellite radio and/or television services, and/or streaming services and/or platforms (of whatever type(s)); bookstores; and/or other retailers, vendors, merchants, resellers, marketplaces, auction services, distributors, manufacturers, publishers, developers, and/or other types of providers through which I may search for, purchase, and/or otherwise obtain and/or access materials, equipment, software, and/or supplies related to this website, its content, the management of my business operations, and/or my other creative endeavors.
- Vendors, services, and/or service providers that help me promote, monetize, sell, and/or otherwise offer for commercial advantage and/or financial gain my content, writing/editing/writing consulting services, and/or other creative endeavors, such as (without limitation) talent and/or literary agents and/or agencies; publicists; promoters; public relations services; advertising agencies and/or services; brokers; distributors; publishers; print-on-demand publishing and/or distribution platforms (e.g., Lulu Press, Inc. (Lulu.com); Lulu.com and the names and logos of all Lulu products and/or services are trademarks and/or service marks or registered trademarks and/or service marks of Lulu); other types of platforms and/or services for publishing and/or distributing written content and/or images; platforms and/or services for publishing and/or distributing audiovisual content (e.g., videos and/or podcasts); vendors and/or service providers through which I may create and/or offer merchandise related to my services, content, and/or creative endeavors; wholesalers; resellers; booksellers; other retailers; marketplaces (of whatever kind); job search and/or professional networking sites and/or services; and/or staffing agencies/employment agencies.
- My landlord(s), if any (and/or their respective employees, contractors, and/or agents), who are not normally privy to the operation of this website or my business, but do obviously have access to any residence and/or other space(s) I may rent from them, to the extent permitted by applicable law and/or the terms of my applicable lease(s) and/or rental agreements(s), and/or may collect certain personal information from and/or about anyone who enters their premises (e.g., through the use of security cameras and/or other automated systems, and/or by requiring me to provide certain information about my guests, visitors, and/or roommates). Additionally, in the event I seek to rent, lease, and/or otherwise obtain different and/or additional residence(s), space(s), and/or facilities (for example, but without limitation, if I move, or seek to rent a separate office space), I may provide relevant information as part of and/or otherwise in connection with the application process (e.g., to provide proof of employment and/or income to a prospective landlord or applicable management company).
- Other types of vendors and/or service providers, such as (without limitation) the Proton Mail encrypted email service and/or the Proton Mail Bridge application, both of which are subject to the Proton Privacy Policy and/or, where applicable, the Proton Data processing agreement, which applies to certain personal data the Proton services process on customers’ behalf that may be subject to European data protection laws (Proton, Proton Mail, ProtonMail, and other related marks are trademarks or registered trademarks of Proton AG); other applicable telephony and/or email services (through my phone, text, and/or email communications with you and/or others, and/or as appropriate for security and/or troubleshooting purposes); Voice over Internet Protocol (VoIP), voice chat, teleconferencing, video conferencing, and/or video chat apps, clients, platforms, and/or services; other types of messaging and/or chat apps, clients, platforms, and/or services, such as (without limitation) the Discord services (Discord is a trademark of Discord Inc.) and/or the Signal services (which are offered by Signal Messenger LLC, and whose associated service providers and/or subprocessors may include, but are not necessarily limited to, services provided by Google and/or Amazon Web Services; Signal is a registered trademark of Signal Technology Foundation in the United States and other countries; Google and other related marks are trademarks of Google LLC; Amazon Web Services is a trademark of Amazon.com Inc. or its affiliates in the United States and/or other countries); telephone directory, business directory, and/or reverse telephone lookup services; bank(s), other financial institution(s), and/or payment processor(s); other money transfer and/or electronic funds transfer service(s); fraud prevention services; credit bureaus; credit monitoring and/or identity theft protection services; online time servers; online scheduling, calendar, task management, meeting, and/or collaboration platforms, tools, and/or services; electronic signature, agreement, and/or time stamping authority services; online file transfer, file sharing, and/or file storage services (which may include, but are not necessarily limited to, cloud storage services); storage facilities (including, though not limited to, providers of safe deposit boxes) and/or document/information management services; data recovery services; data and/or document destruction and/or shredding services; third-party printers and/or print services (including, though not limited to, services through which I order personal and/or business checks); copying and/or facsimile services; providers (public and/or private) of third-party telephones, telephony services, computers and/or mobile devices, other electronic devices, computer networks, wireless networks, and/or other Internet connections I may periodically use; photography, videography, and/or filming services and/or studios; processing, conversion, and/or duplication services for photos, film, video, audio recordings, other audiovisual materials, and/or other such content, such as (without limitation) film and/or photo development and/or processing, photo printing, video and/or audio conversion, and/or the production of optical discs and/or phonorecords of whatever type(s); sound and/or lighting technical and/or engineering services; icon generators; font and/or typeface providers and/or repositories; repair, maintenance, installation, and/or technical service providers and/or resources; transcription, captioning, subtitling, and/or translation services, automated or otherwise; notaries; insurers and/or warranty providers (and/or, where applicable, their respective administrators, affiliates, agents, brokers, claims adjusters, subcontractors, and/or subsidiaries); staffing agencies/employment agencies; fingerprinting, background check, and/or identity verification services; credit bureaus and/or credit reporting agencies; payroll services; bookkeeping, accounting, tax preparation, and/or tax filing services (which may include, but are not necessarily limited to, electronic filing services); services that file other types of official documents and/or publish legally required notices on my behalf (e.g., fictitious business name filing/registration services and/or motor vehicle registration services); auditing services; management consulting services; financial planning, financial management, and/or financial advisory services; brokerages; attorneys and/or law firms; legal aid and/or other legal consulting, legal counseling, and/or legal referral services; marketplaces, auction services, merchants, resellers, consignment sellers, second-hand shops, antiques dealers, pawn shops, and/or other vendors, service providers, charitable organizations, and/or other organizations and/or entities through which and/or to which I sell, otherwise offer for commercial advantage and/or financial gain, donate, and/or otherwise dispose of my copies of published works (e.g., books, magazines, newspapers, CDs, DVDs), other personal property and/or goods, and/or vehicles, and/or vendors and/or services through which I advertise and/or announce such sale(s), offer(s), donation(s), and/or disposal (e.g., classified advertising services, bulletin boards, and/or social media groups that allow posting items for sale); teachers, instructors, trainers, tutors, coaches and/or other educators; healthcare providers and/or their respective support staffs; convention centers, conference centers, meeting rooms, exhibit and/or exhibition halls, concert halls, stadiums, arenas, places of worship, and/or other such venues, and/or ticket brokers and/or other vendors who sell or otherwise provide tickets for and/or admission to such venues (for purposes of and/or in the course of attending, obtaining tickets for and/or admission to, arranging, organizing, and/or otherwise accessing and/or utilizing conventions, conferences, meetings, exhibitions, screenings, public performances, athletic events, ceremonies, services, and/or other such events, and/or the facilities therefor); event planning, management, and/or organization services; private security services; cleaning, janitorial, and/or laundry services; sanitation, waste disposal, trash disposal, waste reclamation, and/or recycling services; environmental remediation and/or inspection services; weather services and/or weather bureaus; mapping, navigation, and/or trip-planning services and/or apps such as (though not limited to) the OsmAnd mobile app by OsmAnd B.V. (OsmAnd is a trademark of OsmAnd B.V.); taxi, livery, shuttle, carpool, and/or rideshare services (if I use and/or arrange such transportation in some context related to this website and/or in the course of my business); travel agencies, travel bureaus, ticket brokers, and/or similar services (in connection with trips I take and/or arrange in some context related to this website and/or in the course of my business); airlines, bus services, and/or rail services (in connection with trips I take and/or arrange in some context related to this website and/or in the course of my business); hotels, motels, and/or other lodging providers (if I use, arrange, and/or communicate with people using such lodgings in some context related to this website and/or in the course of my business); rental services and/or rental agencies for vehicles such as (without limitation) cars, trucks, vans, bicycles, scooters, and/or boats (if I use and/or arrange such services in some context related to this website and/or in the course of my business); parking attendants, security guards, property managers, receptionists, and/or other such functionaries (if I must communicate with such functionaries in some context related to this website and/or in the course of my business — for example (but without limitation) when signing in at the front desk prior to attending a meeting); restaurants, caterers and/or other food preparation services, meal delivery services, and/or other food delivery and/or grocery delivery services (if I dine out, order and/or arrange meals, and/or otherwise use and/or arrange such services in the course of my business); towing and/or roadside assistance services (if I use and/or arrange such services in some context related to this website and/or in the course of my business); movers (professional or otherwise), moving companies, and/or relocation services (in the event I relocate and/or need to transfer some or all of my business assets to some other site); gift registries of whatever type(s); and/or postal services, common carriers, shipping agencies, delivery services, and/or mailbox rental services (for the purposes of sending, receiving, and/or tracking the status of correspondence, packages, and/or shipments).
- As I deem reasonable and appropriate (and as permitted by applicable law and/or regulations) to help me make informed hiring and/or employment decisions and/or other business decisions regarding current and/or prospective professional relationships, professional engagements, business proposals, business ventures, and/or work, as described in the “Data Related to Recruitment/Hiring/Employment or Business Partnerships”, “Information I Receive from Third Parties for Security Purposes”, and “Other Information I Receive from Third-Party Sources” sections above.
- If I am legally required to do so, such as (without limitation) pursuant to a subpoena, search warrant, court order, or other official order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; as part of and/or in connection with a customs inspection; and/or in connection with an audit, civil or criminal trial, or other official investigation or proceeding. In some cases, I may disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable laws, regulations, and/or orders, even if the specific disclosure is not expressly required. For example (again without limitation), if I enter into a financial transaction with you that is subject to sales tax or use tax, I might provide your address to the applicable tax agency in order to determine the correct tax rate.
- If I am contractually obligated to do so pursuant to my agreement(s) with my business partner(s), client(s), licensor(s), licensee(s), vendor(s), and/or service provider(s) (as applicable), such as (without limitation) in connection with a dispute, an investigation, an audit, and/or arbitration. For example (but without limitation), if a payment processor investigates a payment I made or received that they suspect of being fraudulent, the payment processor’s terms of service may require me to provide relevant information to their investigators. Similarly (again without limitation), third-party services such as (though not necessarily limited to) social media platforms may compel me to provide information related to suspected violations of their terms of service, and many service providers’ user agreements and/or terms of service now include “binding arbitration” clauses requiring all parties to cooperate with and submit to the judgment(s) of an arbiter in the event of a dispute. (These are just a few representative examples, not an exhaustive list of possible scenarios.)
- If I believe in good faith that such disclosure is reasonably necessary to protect my property, rights, security, and/or safety, and/or the property, rights, security, and/or safety of others and/or of the public at large. For example (but without limitation), if I were to learn that I had been exposed to (or contracted) an infectious disease, I might provide information regarding anyone with whom I had recently been in close contact to healthcare workers and/or public health officials for contact tracing purposes. Additionally (again without limitation), as noted in the Copyright/Intellectual Property Violations section of the Terms of Use, if you submit a notice asserting that material on or linked to by this website that was provided to me by a third party violates your copyright or other intellectual property right(s), I may forward a copy of your claim to that third party (since the claim may implicate their rights).
- If the person(s) to whom the information pertains (and/or, where applicable, their respective heirs, successors, and/or assigns) have asked or authorized me to do so, either directly or through their respective agent(s) or other authorized representative(s).
- If the information is de-identified, anonymized, pseudonymized, redacted, and/or aggregated such that it could not reasonably be used to identify the specific person(s) and/or household(s) to whom the information pertains (other than me, if I am somehow included in that information and elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate my own information).
- As part of a business transfer (e.g., if I sell or otherwise transfer ownership of this website; enter bankruptcy; or pass my assets to my heirs and/or successors through my death or incapacity), in which case personal information I have gathered would likely be among the assets sold or otherwise transferred to the new owner(s), who could continue to use that information only as set forth in this policy.
Additionally, if I have roommates, cohabitants, guests, and/or visitors in my home, they may, from time to time, become incidentally aware of certain personal information pertaining to this website and/or my business operations — for example (but without limitation), noticing the sender and/or recipient information on letters or packages I send or receive via postal mail or common carrier, and/or overhearing some portion of voice calls or video conferences in which I participate. The likelihood and potential extent of any such incidental disclosures is difficult to quantify, but the possibility is hard to avoid with any business activity conducted at home.
In general, I do not sell or rent the information I collect about individual visitors to the aaronseverson.com website, at least not in the sense most people understand the terms “sell” and “rent.” (Some jurisdictions’ privacy laws, e.g., the California Consumer Privacy Act of 2018 (CCPA), have greatly complicated this question by expanding their definitions of “sale” to include almost any disclosure for which any of the parties involved receives any “valuable consideration” whatsoever; see the “Disclosure or Sale of Personal Information” subsection of the “CCPA Information Collection and Sharing Notice” section below for more information about this issue as it relates to California law.)
There are a number of potential exceptions:
First, as noted above, if I sell or transfer control of this website, personal information I have collected through and/or in connection with the site would likely be among the assets involved in such sale or transfer (which, surprisingly, the CCPA does not necessarily regard as a “sale” of personal information for the purposes of that law).
Second, if I possess artwork, copies of published work(s), useful article(s), and/or other object(s) that contain and/or otherwise incorporate personal information about certain individual(s) or household(s) who have visited this website (e.g., a book by or about you; a magazine you once owned that still bears your name and address on the subscription mailing label; a DVD of a movie in which you appeared; or some item you once autographed), I might sell, lend, donate, or otherwise dispose of such artwork, my copy or copies of such published work(s), and/or such useful article(s) and/or object(s).
Third, it is conceivable that from time to time, personal information about one or more site visitors may be included in content that I research, write, adapt, edit, release, publish, and/or otherwise disseminate (and/or on which I consult and/or otherwise collaborate) as part of and/or in connection with my profession writing/editing/writing consulting services, and/or in connection with my automotive website, Ate Up With Motor. For example (but without limitation), if you are a public figure and/or were involved in some newsworthy event, it is possible that a client may hire me (or has previously hired me) to research and write a profile about you for a magazine or other publication; if you own an interesting old car, I might include a photo I took of it at a car show in an article I license to some website or publication. (There are many possible scenarios — these are just a few representative examples.) Therefore, in the event that I incorporate your name, other relevant personal information, and/or potentially personally identifiable information about you into my written content and/or bibliographies, annotations, and/or metadata; if your name and/or information is incorporated into content I research, write, adapt, edit, release, publish, perform, and/or otherwise disseminate (and/or on which I consult and/or otherwise collaborate) in or for some other some other format(s) and/or medium(s), and/or the metadata of such content; and/or if you and/or your information are somehow visible, audible, and/or otherwise included in certain of my images and/or other media, and/or present in their metadata, I may license, sell, and/or otherwise offer it for commercial advantage and/or financial gain in that context. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor.)
Please note that in many cases, I have no practical way to associate information collected through this website with information I may have collected about you in other contexts, or of associating different types of personal information and/or potentially personally identifiable information I may have collected about a given individual or household. For example (again without limitation), your IP address being recorded in my server logs doesn’t necessarily mean that I know your name or can recognize your face in the background of a photo! (If you have questions about this, please contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.)
Fourth, as noted in “Advertising” above, I don’t permit the site’s advertisers or sponsors to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of this website portions of the aaronseverson.com website. However, if you click on ad links to visit the websites of my advertisers or otherwise patronize their businesses, they may collect and use information about you — and may collect personal information about your online activities over time and/or across different websites and/or online services — as described in their respective privacy policies, cookie policies, and/or terms of service/terms of use, which is outside of my control. Such advertisers may also be able to tell that you clicked on an ad on this website, even if I do not directly provide them with any information about you (and even though I obviously can’t control whether or not you click on an ad link). (Also, in some cases, the advertisements, banners, and/or donation boxes that certain plugins, themes, and/or other add-ons place on the site’s administrative dashboard may collect personal information about logged-in administrative users — and may collect personal information about administrative users’ online activities over time and/or across different websites and/or online services — which the providers of such advertising and/or embedded content may sell and/or use for various other commercial purposes; this is typically outside of my control.)
Fifth, some of my service providers and/or vendors (including, though not limited to, providers of embedded content used on this website, as described in “Embedded Content” above) may use and/or disclose — potentially for advertising, marketing, and/or other commercial purposes — personal information they collect through my use of their content, products, and/or services in ways that are outside of my control. (For example, again without limitation, I have no control over how video hosting platforms use information they collect about visitors who watch embedded videos I post, or how search engines, social media platforms, or other such service providers use data they collect through their respective services.)
As previously noted, while no online website, Internet-accessible device, or data storage system can be 100 percent secure, I take reasonable measures to protect personal information I collect through and/or in connection with this website from unauthorized or illegal access, destruction, use, modification, or disclosure, including, but not limited to, the use of encryption and encrypted connections, online and offline malware scans, appropriate password protection, and (where available and appropriate) multi-factor authentication.
Your Rights (GDPR and Other National or State Privacy Laws)
If you are located in certain parts of the world, including those that fall under the scope of the European General Data Protection Regulation (GDPR, now sometimes called the EU GDPR to distinguish it from the similarly named regulations of other regions), the UK GDPR, or Brazil’s Lei Geral de Proteção de Dados Pessoais (LGDP), or in certain U.S. states, e.g., Nevada (see “Nevada Consumer Opt-Out Rights” below) or California (see “Your California Privacy Rights” below), applicable data protection laws may give you certain rights with respect to your personal information (which some jurisdictions call “personal data”), subject to any exemptions and restrictions provided by the law and/or associated regulations.
For example, if you are located in a region that falls under the scope of the EU GDPR or the UK GDPR, your rights with respect to your personal data include, subject to any exemptions and restrictions provided by applicable law and/or associated regulations, the rights to:
- Request access to your personal data
- Request rectification (correction) of your personal data
- Request erasure (deletion) of your personal data
- Request that I restrict my use and processing of your personal data
- Request portability of your personal data (that is, request to receive your personal data in a portable, structured, commonly used, machine-readable format that you can transfer to another controller, or request that I transfer that data directly to another controller, where technically feasible)
- Object to my use and processing of your personal data (and to object at any time to the use and processing of your personal data for purposes of direct marketing, including automated profiling to the extent it relates to such direct marketing)
- Where my use and processing of your personal data is based on your consent, withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
- Make a complaint to an appropriate data protection supervisory authority.
In the UK, the data protection authority is the Information Commissioner’s Office (ICO); for information about European data protection authorities by country, see the “Our Members” page of the European Data Protection Board website.
If you have questions or would like to exercise your privacy rights under applicable national and/or state law, you can contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.
To safeguard your privacy and the privacy of others, I may (to the extent permitted — and/or required — by applicable law and/or regulations) take steps to verify your identity and/or residency before processing certain requests pertaining to your personal information.
Nevada Consumer Opt-Out Rights
If you are a consumer residing in Nevada, Nevada law gives you the right to request that I not sell certain types of personally identifiable information (“covered information”) about you to third parties for monetary consideration.
If you are a Nevada consumer and submit a request directing me not to make any sale of covered information I have collected or will collect about you — which you may do at any time — I must respond within 60 days of receipt (which I may extend by up to 30 days if I determine that it is reasonably necessary and notify you of the extension) and may take reasonable steps to verify your identity and the authenticity of your request. The law requires me to comply with a verified request.
(Please note that this right does not apply to personally identifiable information that is publicly available; to the disclosure of covered information to my affiliates (if any), to persons who process the covered information on my behalf, or for purposes which are consistent with your reasonable expectations considering the context in which you provided the covered information to me; or to the disclosure or transfer of covered information as part of a merger, acquisition, bankruptcy, or other transfer of control of all or part of my assets, and may be subject to certain other exemptions and restrictions provided by the law and/or associated regulations.)
To submit a request to opt out of the sale of your covered information, you can email me at admin (at) aaronseverson (dot) com or contact me via any of the other methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.
Your California Privacy Rights
The following sections present certain privacy-related disclosures required by California law along with information about the privacy rights of California residents as they may pertain to the aaronseverson.com website and/or my business.
California Do Not Track Disclosure (CalOPPA)
Many modern web browsers (and some other user agents) offer a privacy setting that automatically sends a “Do Not Track” signal to the websites and online services you visit. This website does not currently respond to Do Not Track signals. However, some of my embedded content providers (as described in the “Embedded Content” section above) may respond to Do Not Track browser signals, which is outside of my control; you should consult the privacy policies of the applicable content providers for further information about their respective Do Not Track policies. (This disclosure is required by the California Online Privacy Protection Act (CalOPPA) (California Business and Professions Code Section 22575 et seq.).)
“Shine the Light” Law Disclosures
California’s “Shine the Light” law (California Civil Code Section 1798.83) gives California residents who have established business relationships with certain businesses the right to request information about the businesses’ disclosure of personal information to third parties for those third parties’ direct marketing purposes.
The law defines “direct marketing purposes” as “the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes.” Selling, renting, exchanging, or leasing personal information “for consideration to businesses” is also considered a direct marketing purpose of the business “that sells, rents, exchanges, or obtains consideration for the personal information.” An “established business relationship” is defined as “a relationship formed by a voluntary, two-way communication between a business and a customer, with or without an exchange of consideration, for the purpose of purchasing, renting, or leasing real or personal property, or any interest therein, or obtaining a product or service from the business” that is either ongoing or was established by a purchase or other transaction within the preceding 18 months.
Under the “Shine the Light” law, if you are a California resident and have an established business relationship with a business that is subject to the law’s disclosure requirements, you may request, once per calendar year, an information-sharing disclosure that lists (subject to any applicable exemptions or exceptions provided by the law):
- The categories of personal information, as defined in the applicable statute, that the business disclosed to third parties for those third parties’ direct marketing purposes during the immediately preceding calendar year and
- The names and addresses of all such third parties and sufficient information to give “a reasonable indication of the nature of the third parties’ business.”
(The law does not require the business to reveal which specific pieces of information were disclosed, only the categories of information, and the business may provide the required information “in standardized format.”)
I believe I am exempt from the requirements of this law, since I have fewer than 20 full-time or part-time employees.
Additional California Privacy Rights (CCPA)
Starting January 1, 2020, California privacy laws, including the California Consumer Privacy Act of 2018 (CCPA) (California Civil Code Section 1798.100 et seq.), give California residents additional rights with respect to their personal information. If you are a California resident, your rights under the CCPA include:
- The Right to Know About Personal Information Collected, Disclosed, or Sold: You have the right to request to know (free of charge, in a portable and (to the extent technically feasible) “readily useable format,” and not more than twice in a 12-month period) what personal information I collect, use, disclose, and sell, including:
- The categories and/or specific pieces of personal information I have collected about you (or your household, as the law and its associated regulations define that term), and
- The categories of sources from which I collected the personal information, and
- The business or commercial purpose(s) for which that personal information was collected and/or sold, and
- The categories of third parties with whom I share personal information, and
- The categories of personal information that I sold in the preceding 12 months, and for each of those categories, the categories of third parties to whom I sold that particular category of personal information, and
- The categories of personal information I disclosed for a business purpose in the preceding 12 months, and for each of those categories, the categories of third parties to whom I disclosed that particular category of personal information.
- The Right to Request Deletion of Personal Information: You have the right to request the deletion of personal information about you (or your household) that I have collected in the course of my business.
- The Right to Opt-Out of the Sale of Personal Information: You have the right to request to opt-out of the sale of your personal information (or personal information about your household).
- The Right to Non-Discrimination for Exercise of Privacy Rights: You have the right not to receive discriminatory treatment from me for exercising your privacy rights under the CCPA.
- The right to make a complaint to the applicable state government authority.
- The right to take private legal action in the event of a data breach that results in unauthorized access to and exfiltration, theft, or disclosure of certain types of sensitive personal information due to my failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information.
These rights are subject to certain exemptions, exceptions, and restrictions provided by the law and/or its associated regulations. You may designate an authorized agent to act on your behalf in exercising these rights.
While I believe I do not meet any of the applicability thresholds specified by this California law, I am committed to providing visitors with as many privacy choices as I reasonably can.
You (or your authorized agent) can submit a request to know, a request to delete, and/or a request to opt-out via any of the methods specified on the Do Not Sell My Personal Information page. Once I have reviewed your submission, I will contact you to discuss the next steps involved in processing your request. Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to requests.
There is no charge for for making a request.
In order to better safeguard your privacy and the privacy of others, I may be required to verify your identity before processing certain requests pertaining to your personal information. I may be unable to fulfill your request if I cannot verify your identity to the degree of certainty applicable law and/or regulations require. The identity verification process typically involves checking information you provide to me against information I already possess. This begins with my checking the information I receive when you submit your request (including both the information you provide and any information I collect automatically in connection with the request). I may also need to ask you some additional questions and/or request additional information in order to verify your identity and/or process your request. In some cases, I may ask you to sign and return a declaration form. If your authorized agent submits a request on your behalf, I may also require (to the extent permitted — and/or required — by applicable law and/or regulations) the agent to provide proof that you gave them signed permission to submit the request, and/or require you to either verify your own identity directly with me or directly confirm with me that you authorized the agent to submit the request on your behalf. (You can find more information about the verification requirements in the “Identity Verification Requirements” section of the Do Not Sell My Personal Information page.)
Please note that even if I verify your identity, the regulations prohibit me from disclosing certain pieces of sensitive personal information (e.g., Social Security numbers, financial account numbers) in response to a request to know. (In the event that I possessed such sensitive personal information about you, the regulations would only permit me to disclose the fact that I possessed the information, not tell you the actual information I possessed.)
Except as otherwise required by law, privacy-related requests pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.
CCPA Information Collection and Sharing Notice
The California Consumer Privacy Act of 2018 (CCPA) requires certain businesses to provide California residents with a “notice at collection” that discloses the categories of personal information the business collects (which must be described by reference to specific categories of personal information defined in the applicable statutes); the categories of sources from which the business collects personal information; how long that personal information may be retained; and how and why the business uses and/or discloses personal information. These disclosures must be updated at least once a year.
As noted in “Additional California Privacy Rights (CCPA)” above, I believe I do not meet any of the CCPA applicability thresholds, but for the avoidance of doubt, I present the following disclosures.
Categories of Personal Information Collected
The following list summarizes the categories of personal information I collect, have collected, and/or may collect about individuals and/or households, both through and/or in connection with this website and in the context of my business, which for the purposes of this notice includes both my work as a professional writer/editor and writing consultant, which is subject to the separate 6200 Productions Privacy Policy, and my automotive website, Ate Up With Motor, which also has its own privacy policy. (6200 Productions is a trademark of Aaron Severson dba 6200 Productions. Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor.)
Please note that I do not necessarily collect all of these categories of personal information about every individual, or even most individuals. While I collect certain information from all site visitors (e.g., IP addresses and/or hostnames, user agent information), the categories listed below also encompass the range of information I gather in connection with the content I create and/or edit (and/or on which I consult and/or otherwise collaborate) and/or my other creative endeavors, which is far more extensive than I customarily collect about site visitors. (Simply reading a single magazine article or encyclopedia entry about some public figure as part of my research can sometimes provide me with most if not all of the categories of personal information listed here!) These categories also include information (a) that certain people volunteer to me, whether about themselves or someone else; (b) that I only collect from/about certain people for some specific reason(s); and/or (c) that I infer or surmise from other data (e.g., inferring an approximate geographical location based on an area code or email domain).
The statutory definitions of some of these categories overlap, with certain types of information (e.g., real names, employment information) technically falling into multiple categories; I have tried to limit repetition in the interests of space and comprehensibility. This list also includes some types of information that the law would probably regard as personal information, but that are not specifically described in the applicable statutes and/or regulations.
The examples listed for each category are intended to be a representative sampling, NOT an exhaustive list of all the specific pieces of information I may collect and/or have collected within a particular category. Also, this list describes the categories of information I collect, have collected, and/or may collect about individuals and/or households from ANY locale, NOT only from California residents. (In many cases, I have no reasonable way to know whether the individuals and/or households to whom certain personal information pertains are California residents or not.)
I have collected in the last 12 months and/or may collect the following categories of personal information through and/or in connection with this website and/or in the course of my business:
- Identifiers, such as (without limitation):
- Real names, pseudonyms, aliases, nicknames, usernames, and/or account names
- Postal mailing addresses and/or street addresses
- Telephone numbers (and/or fax numbers)
- Unique personal identifiers, device identifiers, and/or online identifiers (including, but not limited to, information collected via cookies and/or similar technologies)
- IP addresses
- Email addresses
- Social Security numbers, taxpayer identification numbers, driver’s license numbers, state ID card numbers, passport numbers, and/or other government-issued identification numbers
- Other similar identifiers
- Categories of personal information described in California Civil Code Section 1798.80(e), such as (without limitation):
- Signatures, physical and/or digital (the above-referenced statute does not specifically mention digital signatures, but they would seem to be reasonably encompassed by the category of signatures)
- Physical characteristics and/or descriptions (e.g., an individual’s height, weight, hair color, eye color, distinguishing marks, and/or distinguishing features)
- Education
- Employment and/or employment history
- Financial information pertaining to transactions with and/or otherwise involving me (e.g., invoices, transaction receipts, transaction ID numbers, payment history, balances, tax-related information, billing addresses, full and/or partial credit card and/or debit card information, check information, bank account and/or other financial account information, and/or other account details)
- Other financial information (e.g., credit ratings; whether someone has (or had) loans, past foreclosures, and/or declared bankruptcy; other information pertaining to creditworthiness, assets, benefits, income, liabilities, payments, balances, and/or taxes; the net worths of public figures)
- Medical information (e.g., information about medical conditions, diagnoses, and/or history; tests and/or treatments received; drugs, therapies, and/or medical products and/or equipment used; healthcare providers and/or organizations visited, consulted, and/or otherwise seen or used)
- Health insurance information (e.g., whether or not individuals or households are insured and if so, with which insurance provider(s) — I do NOT collect policy numbers, application or claims records, or other such data (other than my own), and much of what health-insurance-related data I do collect is in aggregate form)
- Information about other types of insurance and/or insurance coverage (the above-referenced statute only specifically mentions insurance policy numbers, but other types of information about insurance policies and/or coverage would also seem to be reasonably encompassed by this category)
- Characteristics of protected classifications under California or federal law, such as (without limitation):
- Age and/or date of birth
- Race, color, ethnicity, ancestry, national origin, citizenship, and/or immigration status
- Language and/or accent
- Religion, creed, religious belief, religious observance, and/or religious practice
- Marital/relationship status and/or information about spouses/partners
- Medical condition and/or physical or mental disability
- Sex, gender, gender identity, and/or gender expression
- Pregnancy, childbirth, breastfeeding, and/or related medical conditions
- Sexual orientation
- Reproductive health decisionmaking
- Veteran or military status
- Genetic characteristics, genetic data, and/or genetic information (and/or familial genetic information, such as (without limitation) family medical history)
- Information about familial status and/or children (e.g., the number of children and/or their names, ages, and/or genders)
- Commercial information, such as (without limitation):
- Records of financial transactions with and/or otherwise involving me
- Information about cars and/or other vehicles an individual or household drives or otherwise operates and/or has driven or otherwise operated; owns, purchases, leases, rents, borrows, otherwise obtains, and/or uses; has owned, purchased, leased, rented, borrowed, otherwise obtained, and/or used; desires to drive or otherwise operate; desires and/or intends to own, purchase, lease, rent, borrow, otherwise obtain, and/or use; and/or is considering or has considered
- Information about art, books, other publications, films and/or other videos, performances and/or exhibitions, music, and/or other media an individual or household has read, watched, viewed, listened to, and/or otherwise consumed; desires and/or intends to read, watch, view, listen to, and/or otherwise consume; and/or is considering or has considered reading, watching, viewing, listening to, and/or otherwise consuming
- Information about personal property, products, goods, and/or services an individual or household owns, purchases, leases, rents, otherwise obtains, and/or uses; has owned, purchased, leased, rented, otherwise obtained, and/or used; desires and/or intends to own, purchase, lease, rent, otherwise obtain, and/or use; and/or is considering or has considered
- Information about food, beverages, groceries, meals, recipes, drinks, and/or cuisine(s) an individual or household purchases, otherwise receives and/or obtains, prepares, consumes, is considering or has considered, prefers, and/or disdains
- Information about retailers, vendors, marketplaces, and/or service providers an individual or household patronizes, has patronized, desires and/or intends to patronize, is considering or has considered patronizing, prefers, and/or disdains
- Information about lodgings, residence(s), office space(s), and/or real property an individual or household owns, purchases, leases, rents, and/or otherwise uses; has owned, purchased, leased, rented, and/or otherwise used; desires and/or intends to purchase, lease, rent, and/or otherwise use; and/or is considering or has considered; and/or information about who owns, manages, administers, sells, leases, rents, and/or otherwise offers for commercial advantage and/or financial gain particular lodgings; a particular residence; and/or a particular building, lot, office space, industrial facility, or real property
- Information about stock and/or securities ownership, purchases, sales, and/or transfers (e.g., whether an individual or household owns, purchases, sells, and/or has purchased and/or sold shares in a particular corporation or other business entity, and/or what broker(s) and/or other intermediaries, if any, conducted and/or administered such transaction(s))
- Information about an individual or household’s employees, independent contractors, interns, agents and/or other authorized representatives, and/or service providers (e.g., household staff, assistant(s), secretary or secretaries, attorney(s) and/or other legal counsel, talent and/or literary agent(s), manager(s), broker(s), real estate agent(s) and/or estate agent(s), bookkeeper(s), accountant(s), auditor(s), and/or other authorized representatives and/or professional service providers of whatever type(s))
- Information about an individual or household’s permit(s) and/or license(s) other than professional and/or business permits and/or licenses (e.g., parking permits; licenses or permits to own certain animals; hunting and/or fishing permits; amateur radio licenses; permits to use certain public spaces or facilities; and/or licenses or permits to own and/or carry firearms or other weapons)
- Information about gifts, donations, charitable contributions, and/or political contributions made and/or received
- Information about other types of purchases, transactions, and/or investments
- Information about an individual or household’s interest, participation, scores, and/or achievements in sports, games, hobbies, and/or other pastimes
- Information about an individual or household’s participation, achievements, winnings, losses, and/or prizes in sweepstakes, lotteries, raffles, contests, wagers, other forms of gambling, and/or games of chance or skill
- Information about an individual or household’s critical judgments, tastes, opinions, and/or preferences
- Other information about an individual or household’s purchasing and/or consuming histories and/or tendencies
- Information about products, goods, services, and/or property an individual or household sells, leases, rents, and/or otherwise offers for commercial advantage and/or financial gain
- Biometric information (physiological, biological, and/or behavioral characteristics that can be used to establish individual identity, and/or activity patterns that contain identifying information), such as (without limitation) if I configure my smartphone(s) and/or other device(s) to be unlocked using a fingerprint, and/or if an individual provides me with examples of their handwriting and/or information about their health, sleep, and/or exercise habits
- Internet or other electronic network activity information, such as (without limitation):
- Browsing activity and/or history
- Search history
- User agent information
- Email header information
- Encryption public keys and/or certificates, cryptographic signatures, and/or similar security data
- Online avatars, profile images, and/or icons
- Domain names and/or URLs of personal blogs, social media pages/feeds, and/or other online profiles
- Information about domain name registration(s)
- Network, shared device, online service, and/or online access information (e.g., names, domain names and/or hostnames, URLs, IP addresses, passwords and/or passcodes, other login credentials, other authentication and/or security information, technical details, and/or other information pertaining to wireless networks; local area networks; shared printers and/or other devices; databases; websites; online accounts; and/or other means of networking, connecting, sharing, and/or otherwise accessing electronic devices, files, messages, communications, and/or data)
- Other information about an individual or household’s use of and/or interactions with networks, websites, applications, software, devices, electronic systems and/or services, advertisements, and/or messages, including, but not limited to, information about errors and/or suspicious activity
- Geolocation data, such as (without limitation) an individual or household’s physical location and/or movements, whether directly observed; stated and/or described to me (directly or indirectly); and/or determined, estimated, and/or inferred from other data (e.g., an IP address, a hostname, a telephone area code, and/or GPS coordinates)
- Audio, electronic, visual, thermal, olfactory, or similar information, such as (without limitation) photographs, illustrations and/or other images, films and/or other videos, audio recordings, broadcasts, live streams, voice and/or video calls or chats, and/or other media in which identifiable individuals and/or their recognizable likenesses are visible and/or their voices audible, and/or the sensory information normally received in the course of interacting with people in person (and thus seeing their faces, hearing their voices, etc.)
- Professional or employment-related information, such as (without limitation):
- Resumes/CVs
- Current and/or past employer(s)
- Current and/or past occupation(s), job(s), job title(s), position(s), role(s), duties, and/or responsibilities
- Current and/or past work schedule(s), location(s), and/or assignment(s)
- Current and/or past salary, compensation, and/or benefits
- Business or organization ownership, directorship, officership, management, and/or registration information (e.g., whether an individual has some ownership interest in and/or is an officer or director of a corporation, some other business entity, or a nonprofit organization)
- Fictitious business name(s) and/or trade name(s)
- Professional charges, rates, and/or fees
- Information about professional clients, clientele, customers, users, advertisers and/or sponsors, affiliates, subsidiaries, vendors, service providers, contractors, subcontractors, employees, independent contractors, interns, agents, business partners, directors, officers, and/or shareholders
- Information about other professional relationships (e.g., publishing and/or licensing deals; management and/or representation; advertising, endorsement, sponsorship, and/or affiliate relationships; professional relationships with colleagues and/or coworkers; mentor/mentee relationships; preceptor/preceptee relationships; relationships with patients; relationships with students, interns, trainees, and/or apprentices; and/or professional collaborations, partnerships, and/or joint ventures)
- Military service information
- Membership in and/or affiliation with guilds, trade unions, labor unions, and/or other professional organizations and/or groups
- Business and/or professional license(s), permit(s), certification(s), registration(s), and/or other credential(s)
- Professional qualifications, skills, training, continuing education and/or professional development, professional aspirations, and/or career goals
- Professional achievements and/or honors
- Publishing histories/bibliographies/discographies/filmographies/performance histories/broadcast histories/portfolios/development credits/patent records and/or other, similar and/or comparable information about writers, designers, artists, architects, photographers, filmmakers, videographers, podcasters, other media creators, playwrights, musicians and/or composers, actors and/or other performers, translators, producers, developers, editors, publishers, researchers, scientists, engineers, inventors, and/or other such professionals
- Authorship, other credits, and/or rights holder information for creative works, literary works, journalistic works, scientific works, designs, inventions, and/or performances (e.g., books, articles, scientific and/or engineering studies, essays, blog posts, photographs, illustrations and/or other images, plays and/or theatrical productions, scripts and/or screenplays, songs and/or musical compositions, choreography, audio recordings, films and/or other videos, television and/or radio programs, other media, software, architectural plans, mechanical inventions and/or blueprints, designs of whatever type(s), and/or other types of artwork and/or creative endeavors), and/or other types of intellectual property, such as (but not necessarily limited to) trademarks, service marks, and/or patents
- Professional references, performance evaluations, and/or information about an individual’s professional reputation and/or conduct
- Other information about an individual’s current, past, and/or prospective employment, occupation, job(s), work, vocation, profession, career, trade, business, professional services, products, and/or commercial endeavors (including, but not limited to, information about job search activity and/or marketing, advertising, and/or promotional efforts related to such employment, occupation, job(s), work, vocation, profession, career, trade, business, professional services, products, and/or commercial endeavors)
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S. Code Section 1232g and 34 C.F.R. Part 99), such as (without limitation) grades, transcripts, and/or other nonpublic information directly related to a current or former student that is contained in education records maintained by an educational agency or institution (or by a party acting for the agency or institution)
- Other types of personal information not specifically described in the applicable statutes, such as (without limitation):
- Information about other members of an individual’s family (other than spouse/partner or children), other members of a given household (e.g., roommates), and/or pets
- Information about friendships, personal relationships, and/or social interactions (including observations and/or inferences regarding individuals’ tendencies and/or preferences therein)
- Information about individuals’ places of birth and/or upbringing
- Information about social class, rank, position, title, and/or investiture, of whatever type(s) and/or source(s)
- Information about membership in and/or affiliation with clubs, societies, fraternal orders, and/or other types of groups
- Information about an individual or household’s experience of, involvement in, and/or connection with with accident(s), natural disaster(s), and/or other catastrophic event(s) or hardship(s) (of whatever type(s) and/or cause(s))
- Legal information (e.g., information regarding an individual having been accused of, charged with, and/or convicted of crime(s), infraction(s), and/or misconduct; having been a victim (or an alleged victim) of crime(s) and/or misconduct; and/or being involved in a civil lawsuit)
- Information about wills, estates, executorship, inheritance, trusts, trusteeship, conservatorship, and/or guardianship
- Information about community service, volunteer work, civic activity (e.g., jury duty), and/or charitable activity
- Information about an individual or household’s interactions with government agencies, departments, organizations, and/or entities of whatever type(s) and/or level(s), whether within the U.S., in other countries, or both (e.g., information regarding an individual or household’s involvement in and/or connection with official hearings, proceedings, inspections, audits, investigations, reports, and/or complaints, of whatever type(s) and/or nature(s))
- Information about political affiliations, opinions, and/or activity
- Information about other types of opinions, feelings, predispositions, attitudes, ideas, and/or viewpoints
- Information about awards, honors, prizes, and/or other recognition
- Information about individuals’ public and/or personal reputations
- Information about individuals’ dreams (literal and/or figurative), hopes, aspirations, fears, and/or worries (of whatever type(s) and/or nature)
- Information about an individual’s style(s), themes, influences, inspirations, tendencies, techniques, development, and/or achievements in writing, art (in whatever medium(s)), photography, filmmaking, music, fashion, design, architecture, and/or other creative endeavors (professional or otherwise)
- Examples of individuals’ artwork (in whatever medium or mediums)
- Information about an individual being featured, portrayed, depicted, represented, and/or mentioned in and/or otherwise incorporated into one or more creative works, literary works, and/or performances (of whatever type(s) and/or medium(s)), and/or having been the basis of and/or inspiration for such work(s) and/or performance(s) and/or elements thereof
- Information about specific vehicles (irrespective of their actual ownership), such as (without limitation) license plate numbers, vehicle identification numbers, and/or related information (e.g., vehicle registration numbers and/or registration dates); vehicle position(s) and/or location(s); and/or other identifying characteristics and/or details (e.g., year, make, model, body style, color(s), equipment, features, distinguishing markings, modifications, customization, damage, repairs, and/or maintenance)
- Inferences drawn from any of the information identified in this section, such as (without limitation) my estimation of an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitudes, deficiencies, motives, motivations, personality, and/or character, and/or their suitability for a particular job, assignment, project, or professional role.
- Categories of sensitive personal information, such as (without limitation):
- Personal information that reveals:
- Someone’s Social Security number, driver’s license or state identification card number, and/or passport number
- Someone’s account login, financial account number, debit card number, and/or credit card number in combination with any required security or access code, password, and/or credentials allowing access to an account
- Someone’s precise geolocation
- Someone’s racial and/or ethnic origin, citizenship and/or immigration status, religious and/or philosophical beliefs, and/or union membership
- The contents of someone’s mail, email, and/or text messages (unless I am the intended recipient of the communication(s))
- Someone’s genetic data
- Biometric information processed for the purpose of uniquely identifying someone
- Personal information concerning someone’s health
- Personal information concerning someone’s sex life and/or sexual orientation
Although I do not knowingly collect personal information from children under 18 through this website, I may sometimes collect such information as part of my professional writing/editing/writing consulting work. (For example (but without limitation), I might write or edit a news article about a minor child’s notable achievements or involvement in some matter of public interest, which could include personal information collected through an interview with that child and/or from other sources.) If you are a parent or legal guardian and believe that I may have collected personal information about your minor child, or if you wish to exercise your right to remove or delete such information, please contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below. (Parents or legal guardians can also submit privacy requests on behalf of their minor children via any of the methods specified on the Do Not Sell My Personal Information page.)
The fact that I collected and/or inferred certain information about a given individual or household does not necessarily mean that I still retain that information, or that I have any practical way to associate the different categories and/or specific pieces of information I may have collected about a given individual or household (e.g., to connect a visitor’s name with an IP address and/or hostname in the server logs and/or a face visible in the background of a photograph).
Keep in mind that if you have interacted with me via some third-party service, that service may have collected and/or disclosed — potentially for commercial purposes — personal information about you that is not reflected in the above list. The collection, use, and/or retention of personal information by third-party services is subject to such services’ respective privacy policies, cookie policies, and/or terms of service/terms of use, and in most cases is outside of my control. (The above categories DO include personal information that third-party services have provided to me.)
Collection Sources
Personal information I collect about you and/or your household comes from one or more of the following categories of sources, whether directly or indirectly:
- You, whether through your interactions with me; through your access to and/or use of this website; through public disclosures you make (e.g., blog and/or social media posts); through your participation in public events and/or activities taking place in public spaces; incidentally by virtue of your physical proximity to me (e.g., where you appear in the background of a photo or video I take); and/or in some other manner
- Your employees, independent contractors, interns, agents or other authorized representatives, business partners, vendors, and/or service providers (as applicable)
- My employees, independent contractors, interns, agents, and/or business partners, if any (and as applicable)
- My vendors and/or service providers
- My devices and/or automated systems (e.g., certain security features of my smartphone(s), and/or other autonomous or semi-autonomous sensors and/or security systems)
- Other visitors/users
- Published works and/or other sources available to the public (e.g., news reports, books, articles, reports and/or white papers, press releases and/or promotional materials, films and/or other videos, plays and/or theatrical productions, television programs, radio programs, podcasts, other audio recordings, social media, search engines, websites, online databases and/or repositories, public records)
- Nonpublic documents, records, collections, and/or archives (e.g., unpublished correspondence, manuscripts, and/or interviews; unreleased versions, outtakes, scripts, and/or other materials from film, theatrical, television, radio, music, and/or other media projects; internal business and/or organizational records, reports, memoranda, documents, and/or other materials; school transcripts and/or other school records)
- Subject matter experts, other writers, historians, biographers, researchers, instructors and/or coaches, academics, scientists and/or engineers, journalists, critics, reviewers, enthusiasts, collectors, librarians and/or other library staff, archivists, translators, designers, artists, architects, photographers, filmmakers, videographers, podcasters, other media creators, playwrights, musicians and/or composers, actors and/or other performers, producers, developers, editors, publishers, publicists and/or promoters, public relations representatives and/or other press contacts, observers, eyewitnesses, and/or other knowledgeable parties (which in some cases may include (without limitation) personal and/or professional acquaintances (whether yours, mine, and/or someone else’s), such as (again without limitation) friends, current and/or past employers and/or supervisors, current and/or past colleagues and/or coworkers, current and/or past clients and/or customers, current and/or past business partners, professional references, current and/or past instructors and/or students, and/or other members of a given household and/or family)
- Clients and/or employers for whom I provide (or have provided) writing/editing/writing consulting services, and/or publishers and/or other third parties through which I publish, perform, broadcast, exhibit, and/or otherwise distribute, and/or to whom I license and/or offer, my content and/or other creative endeavors (professional or otherwise).
Each of the above-listed categories of sources may provide me with information that falls into several or all of the categories of personal information listed in “Categories of Personal Information Collected” above.
Collection Purposes
Personal information I collect through and/or in connection with this website and/or in the course of my business is collected for one or more of the following categories of purposes:
- Functionality
- Providing services
- Completing a transaction
- Fulfilling a contractual obligation
- Legal compliance or audit
- Research and publishing
- Security, troubleshooting, quality control, and service improvement
- Recruitment/hiring/employment or business partnerships
- Advertising or other commercial purposes
These categories of purposes are described in the “Categories of Information and Purposes for Collection” section above and have the same meanings here as in other sections of this Privacy Policy.
CCPA Information Collection and Sharing Notice
To learn more about how long I typically retain personal information, consult the applicable sections of this Privacy Policy, including the “Additional Information About Data Retention” section above.
Disclosure or Sale of Personal Information
The CCPA definitions are so expansive that almost any disclosure by a business of virtually any piece of information about any individual or household residing in California could potentially be considered sharing personal information for business or commercial purposes (or a “sale” of personal information).
Under the CCPA, sharing personal information “for a business purpose” means directing a “service provider” (as the CCPA and its associated regulations define that term) to collect, process, and/or maintain the information for certain specified purposes, which may include the following:
- Auditing related to interactions with consumers
- Security
- Debugging/repair of existing intended functionality
- Certain short-term, transient uses
- Performing services (e.g., customer service, order fulfillment, payment processing, analytic services)
- Internal research for tech development
- Verifying or maintaining the quality or safety of and/or improving, upgrading, or enhancing a service or device the business owns, controls, or manufactures (or that is manufactured for the business)
- Collection of employment-related information (as defined in Section 7001(k) of the CCPA regulations [formerly numbered as Section 999.301(f) and subsequently 7001(i)]), including for the purpose of administering employment benefits.
The CCPA requires that any sharing of personal information “for a business purpose” be pursuant to a written contract that specifies the services the “service provider” is to perform while restricting their further retention, use, or disclosure of the information. Without a suitable written service provider agreement, an entity that provides services may not necessarily be considered a “service provider” as the CCPA and its associated regulations define that term, and sharing personal information with that entity may not necessarily be considered “for a business purpose,” even if it’s clearly for one or more of the above-listed purposes.
Collecting, using, and/or sharing personal information is considered to be for “commercial purposes” if it serves to “advance a person’s commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.”
Under the CCPA, a disclosure of personal information for which any of the parties involved receives any “valuable consideration” may be deemed a “sale” of personal information even if it does not constitute a sale as most people understand that term (and even if no money changes hands). Sharing personal information “for a business purpose” as described above is generally not considered a “sale” under the CCPA so long as the “service provider” only uses the information as necessary for the contractually specified business purpose(s) and does not “sell” the information.
To achieve the purposes listed in “Collection Purposes” above, I may disclose personal information I collect through and/or in connection with this website as described in the “Disclosure of Personally Identifying Information” section above. As noted in that section and elsewhere in this Privacy Policy, my work as a professional writer/editor and writing consultant and my other creative endeavors routinely involve collecting and sharing personal information, often for eventual publication (and/or public performance, exhibition, and/or broadcast, as applicable). Such information routinely encompasses most or all of the categories of personal information listed in “Categories of Personal Information Collected” above, although I don’t necessarily disclose every type of information that may fall within a particular category, nor do I necessarily disclose every piece of information I collect within a given category.
Therefore, by the law’s definitions, I may disclose any or all of the categories of personal information I collect through and/or in connection with this website and/or in the course of my business to any or all of the following:
- My employees, independent contractors, interns, agents, and/or business partners, if any; and/or:
- My vendors and/or service providers; and/or:
- Any individual or entity with whom I communicate and/or consult in the process of researching, creating, and/or editing my content, writing/editing/writing consulting work, and/or other creative endeavors, and/or who communicates and/or consults with me in the course of researching, creating, and/or editing their content, work, and/or creative endeavors; and/or:
- Editors, publishers, clients, employers, and/or other third parties for whom I provide (and/or to whom I offer) my writing/editing/writing consulting services; to whom I may license, sell, and/or otherwise offer my content and/or other creative work; for whom I may otherwise work, provide services, and/or offer to work and/or provide services; with whom I may collaborate and/or offer to collaborate in performing and/or offering my services and/or in researching, creating, editing, performing, and/or offering my content, other creative work, and/or other creative endeavors; and/or as I may reasonably elect and/or be requested or directed to do as part of and/or in connection with such services, content, creative endeavor(s), collaboration(s), and/or work (and/or the offer thereof); and/or:
- Individuals and/or entities who help me promote, monetize, sell, and/or otherwise offer for commercial advantage and/or financial gain my content, writing/editing/writing consulting services, and/or other creative endeavors; and/or:
- The public, through the publication, performance, broadcast, exhibition, other dissemination, and/or public discussion of my content and/or other creative endeavors, content I write and/or edit for others, and/or content and/or other creative endeavors on which I consult and/or otherwise collaborate (and/or public discussion of the process of researching, creating, and/or editing such content and/or creative endeavors); my sharing, discussing, and/or otherwise disseminating information that is or was already otherwise available to the public (e.g., in news reports, published works, and/or public records); my disposal of my personal property (e.g., lending, donating, or selling my copies of books, magazines, newspapers, CDs, DVDs, and/or other published works); and/or, as applicable, my publication of your comments, any images and/or other media you submit to me for publication and/or for use in or with work(s) intended for publication and/or other public dissemination, and/or your other communications with me.
As indicated in the “Disclosure of Personally Identifying Information” section above, I may also disclose personal information:
- If that information is or was already otherwise available to the public (which is also noted in the list above, but bears repeating for emphasis — I strenuously reject and regard as unconstitutional any attempt to use the CCPA, its associated regulations, and/or similar privacy laws to restrict or limit my right to discuss and/or otherwise disseminate information that is or was already published and/or otherwise available to the public; and/or:
- If the information is contained in and/or otherwise incorporated into artwork, a copy of a published work, a useful article, or some other object (including, without limitation, information inscribed or imprinted upon and/or affixed or otherwise attached to such work, copy, useful article, or object, particularly where that information cannot reasonably be removed without damage and/or defacement); and/or:
- To appropriately credit someone for the use of their images, other media, fonts, themes/plugins, and/or other content or intellectual property, particularly where such credit is required by the applicable license terms; and/or:
- As I deem reasonable and appropriate (and as permitted by applicable law and/or regulations) to help me make informed hiring and/or employment decisions and/or other business decisions regarding current and/or prospective professional relationships, professional engagements, business proposals, business ventures, and/or work; and/or:
- If I am legally required to do so (which would typically be pursuant to a subpoena, search warrant, court order, or other official order; in connection with tax returns or other legally required filings, reports, registrations, or disclosures; as part of and/or in connection with a customs inspection; and/or in connection with an audit, civil or criminal trial, or other official investigation or proceeding, but could also be in other circumstances that I cannot reasonably anticipate or enumerate here; I may also disclose certain information if I deem it reasonably necessary to ensure my compliance with applicable laws, regulations, and/or orders, even if the specific disclosure is not expressly required, such as (without limitation) if I need to contact a tax agency to determine the correct sales tax or use tax rate for a particular address); and/or:
- If I am contractually obligated to do so pursuant to my agreement(s) with my business partner(s), client(s), licensor(s), licensee(s), vendor(s), and/or service provider(s) (as applicable), such as (without limitation) in connection with a dispute, an investigation, an audit, and/or arbitration; and/or:
- If I believe in good faith that such disclosure is reasonably necessary to protect property, rights, security, and/or safety, and/or to forward copyright or other intellectual property rights claims pertaining to material provided to me by a third party to that third party (since such claims may implicate their rights); and/or:
- If the person(s) to whom the information pertains (and/or, where applicable, their respective heirs, successors, and/or assigns) have asked or authorized me to do so, either directly or through their respective agent(s) or other authorized representative(s); and/or:
- If the information is de-identified, anonymized, pseudonymized, redacted, and/or aggregated such that it could not reasonably be used to identify the specific person(s) and/or household(s) to whom the information pertains (other than me, if I am somehow included in that information and elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate my own information); and/or:
- As part of a business transfer (e.g., if I sell or otherwise transfer ownership of this website; enter bankruptcy; or pass my assets to my heirs and/or successors through my death or incapacity).
Additionally, as also noted in the “Disclosure of Personally Identifying Information” section above, if I have roommates, cohabitants, guests, and/or visitors in my home, they may, from time to time, become incidentally aware of certain personal information pertaining to this website and/or my business operations, in ways that are hard to avoid with any activity conducted at home.
For what I hope are obvious reasons, it is not feasible for me to enumerate every possible entity or even category of entities to whom I might disclose personal information in the above contexts, but any such disclosures could also involve any or all of the categories of personal information I collect through and/or in connection with this website and/or in the course of my business.
Much if not all of the personal information I collect or access may be processed by one or more third parties. For example (but without limitation):
- For obvious reasons, it is impossible for me to call, text, email, or mail any individual or household without disclosing a certain amount of the recipient’s personal information to third parties. For example, making a phone call or sending a text message requires communicating the recipient’s telephone number to the applicable telephone companies and/or mobile carriers.
- My web host, DreamHost®, controls the web servers on which this website runs as well as the mail servers for my associated email addresses. Therefore, DreamHost has full administrative access to most files, data, and/or messages processed by and/or stored on those servers. This is in addition to any information I disclose to DreamHost for purposes such as troubleshooting and/or security. (DreamHost is a registered trademark of DreamHost, LLC.)
- Most files and data on my systems and devices are routinely scanned by one or more malware detection and/or other security tools, some of which may incorporate cloud-based scanning or analysis features and/or otherwise communicate with third parties, as explained in the “Security Scans” section of this Privacy Policy.
- Most payments I receive are processed by the applicable bank(s) and/or other financial institution(s), and in some cases also by other applicable third-party service providers (e.g., payment processors and/or electronic funds transfer services). Those payments and related tax documents must also be disclosed to several different tax agencies, and may be discussed with my tax preparer(s) and/or other financial and/or legal professionals (e.g., my legal counsel).
- Internet connections I make in the course of my business are processed by the applicable Internet service provider or mobile carrier (as applicable) and typically also by certain other third parties (e.g., DNS (Domain Name System) resolver services). Even if a website or online resource I access is fully encrypted, the applicable Internet service provider or mobile carrier can usually tell that I have connected to that site or resource and how much data is transmitted through that connection; if the website or resource is not fully encrypted, the Internet service provider or mobile carrier can also see any unencrypted data I may access or transmit. If I connect to a website or online resource using a proxy or VPN, my Internet service provider or mobile carrier generally cannot see that connection or any unencrypted data accessed or transmitted through it, but the proxy or VPN provider can.
- Some information about my activities and/or some portions of the data I access in connection with my business may be captured by the telemetry and/or other surveillance features of the software, apps, services, and/or devices I use, as explained in the “Information Captured by Service/Software/App/Device Telemetry” section of this Privacy Policy.
Although the above examples might reasonably be considered sharing information “for a business purpose,” they may not always qualify as such by the CCPA definitions, since I do not necessarily always have (or even have any reasonable way to arrange) written contracts with those third parties that meet the CCPA requirements for service provider agreements.
The same conundrum applies to actions like the following:
- Looking up someone’s name in a search engine, library catalog, or other database.
- Entering someone’s address into a mapping or navigation service to look up driving directions, or meeting with someone face-to-face while my phone’s location services are turned on.
- Using an automated translation service to translate text containing any names and/or other types of personal information.
- Printing a document containing names and/or other types of personal information using a commercial print service or a printer controlled by a third party (e.g., printing a copy of a news article I read at the public library).
- Performing a WHOIS lookup on an IP address or hostname, or allowing my firewalls and/or other security applications, software, and/or services to perform such lookups.
- Storing or transmitting any electronic file containing personal information using any cloud storage service or other online storage system.
(These are just a few examples, not an exhaustive list.)
As noted in the “Disclosure of Personally Identifying Information” section above, the CCPA does not necessarily regard transfers of personal information as part of the sale or transfer of a business (that is, where the information is among the assets of the business being sold or transferred) to be “sales” for the purposes of that law.
Because I am a professional writer/editor and writing consultant and much (though not all) of the information I collect in connection with that work is intended for publication (and/or public performance, exhibition, and/or broadcast, as applicable), a variety of activities I routinely undertake in connection with my work could potentially be deemed “commercial” as defined by the CCPA, even if my actual content is legally regarded as noncommercial speech. (For writers, photographers, and other creative professionals, the distinction between “commercial” activity and engaging in “noncommercial speech” as an integral part of one’s business is a complicated, muddy legal question mark.) Some representative examples could include:
- Licensing, selling, and/or otherwise offering my content or writing/editing/writing consulting services for money and/or other valuable consideration (potentially including publishing content on this website, which may be supported by advertising, and which I may use to advertise and/or otherwise promote my work and/or professional services) if that content or those services incorporate or involve any names and/or other types of personal information about individuals or households.
- Advertising, promoting, and/or marketing my content, or published works incorporating my content, if that content contains any names and/or other types of personal information, and/or if such information is referenced in the promotion or marketing.
- Proposing or pitching any article, book, and/or other content containing names and/or other types of personal information to editors, literary agents, and/or publishers.
- Presenting and/or discussing examples of my content and/or my past or current writing/editing/writing consulting services in the course of proposing, pitching, and/or otherwise offering in a professional capacity and/or for commercial advantage and/or financial gain my content and/or professional services (e.g., submitting some of my content as writing samples and/or describing some of my previous work as part of my application or pitch for a job or freelance assignment), if such examples incorporate or involve any personal information.
- Sharing, exchanging, or discussing with clients, coauthors, and/or collaborators any personal information pertaining to articles, books, and/or other content I am creating and/or editing (and/or on which I am consulting) in a professional capacity.
- Arranging for people featured and/or quoted in my content to receive complimentary copies of my published work or be notified of its publication or commercial availability.
Even if disclosures like these are NOT deemed to be “for commercial purposes” (or “sales”) by the CCPA definitions, they are certainly for business purposes, whether the CCPA would define them as such or not. (In certain cases, such disclosures might reasonably be regarded as part of my acting as a service provider for someone else, particularly where the personal information involved is supplied mainly by the client rather than by me (e.g., in a manuscript I’ve been hired to edit). However, as explained above, it’s possible to provide services without necessarily being considered a “service provider” as the CCPA and its associated regulations define that term.)
From time to time, I may also facilitate other types of commercial transactions, whether directly or indirectly, such as:
- By putting into contact (with their mutual consent) parties who have expressed interest in some transaction with one another. For example, if a visitor asks about licensing a photo or other content I have used that is owned by someone else, I might ask the applicable rights holder if they’re comfortable with my putting them in touch with the interested party.
- By recommending that a professional contact or acquaintance be hired for a job, assignment, or commission, or chosen as a vendor or service provider.
- By endorsing (explicitly or by implication) some author, artist, service provider, or vendor, and/or their products and/or services.
By the CCPA definitions, disclosing any personal information in such circumstances might be deemed sharing information “for commercial purposes,” whether or not any transaction is actually completed, whether or not I am a party to that transaction, and whether or not I receive any monetary or other valuable consideration in connection with it.
As noted in “Advertising” above, I do not allow my advertisers (if any) to use scripts, cookies, web beacons, or other such technologies to collect information about you through the publicly visible/publicly accessible portions of this website. However, if you click on advertising links or otherwise patronize my advertisers’ businesses, they may collect and use information about you — potentially for various commercial purposes — as described in their respective privacy policies, cookie policies, and/or terms of service/terms of use, which is outside of my control. Such advertisers may also be able to tell that you clicked on an ad on this website, even if I do not directly provide them with any information about you (and even though I obviously can’t control whether or not you click on an ad link). (Also, in some cases, the advertisements, banners, and/or donation boxes that certain plugins, themes, and/or other add-ons place on the site’s administrative dashboard may collect personal information about logged-in administrative users — and may collect personal information about administrative users’ online activities over time and/or across different websites and/or online services — which the providers of such advertising and/or embedded content may sell and/or use for various other commercial purposes; this is typically outside of my control.)
Additionally, some of my embedded content providers (described in the “Embedded Content” section above) and/or other vendors and/or service providers might use information collected about my visitors for commercial purposes. For example (but without limitation), if you watched a video I posted via an embedded YouTube video player, the embedded video player probably collected information about you that the CCPA would consider personal information (e.g., your IP address and/or hostname, device identifiers and/or other identifiers, information collected via cookies and/or similar technologies, commercial information (e.g., which web browser you use and/or which provider you’re using to connect to the Internet), information about your Internet activity, and/or geolocation data) and may have used that information for what the CCPA would probably regard as commercial purposes (e.g., showing you personalized advertising). The CCPA generally regards allowing advertisers to collect personal information about website visitors as a “sale” of personal information; whether the state and the courts will take the same attitude toward embedded YouTube video players and/or other such embedded content remains unclear. Except as otherwise expressly indicated, I receive no monetary consideration for using and/or sharing such content, but the state may take the position that the simple privilege of displaying the content constitutes “valuable consideration” and thus could be considered a “sale” as defined by the CCPA. (The YouTube platform is owned by Google LLC. Google, YouTube, and other related marks and logos are trademarks of Google LLC.)
Put simply, by the law’s extremely broad definitions, any or all of the categories of personal information I collect through and/or in connection with this website and/or in the course of my business could be deemed to be disclosed for business and/or commercial purposes, whether or not I “sell” personal information in the way most people understand that term.
You can learn more about the circumstances under which I may disclose personal information I collect through and/or in connection with this website in the “Disclosure of Personally Identifying Information” section above.
If you have general questions about my data-sharing practices (i.e., questions about my typical practices rather than about the personal information of any specific individual or household), or if you have any concerns about those practices, feel free to contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.
Opting-Out or Submitting Other California Privacy Requests (Do Not Sell My Personal Information Page)
If you are a California resident and would like to opt-out of the sale of your personal information, and/or to exercise any of the other privacy rights provided by California law — e.g., to request to know about personal information collected, disclosed, or sold, and/or request deletion of your personal information — you (or your authorized agent) can submit a request via any of the methods specified on the Do Not Sell My Personal Information page.
California Privacy Request Metrics Disclosures
Under Section 7102(a) of the CCPA regulations [formerly numbered as Section 999.317(g)], businesses that buy, receive for the business’s commercial purposes, sell, or share for commercial purposes the personal information of 10,000,000 or more consumers in a calendar year must timely disclose in their privacy policy the following metrics for the previous calendar year:
- The number of requests to know that the business received, complied with in whole or in part, and denied;
- The number of requests to delete that the business received, complied with in whole or in part, and denied;
- The number of requests to opt-out that the business received, complied with in whole or in part, and denied; and
- The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.
Although the total number of consumers whose personal information I collect (much less “buy” and/or “sell” as the CCPA defines those terms) in a calendar year doesn’t even APPROACH 10,000,000 by any remotely reasonable interpretation of the CCPA definitions, I make the following voluntary disclosures, which, for the avoidance of doubt, include all requests I received, whether through this website, through my Ate Up With Motor website, through my 6200 Productions professional writing/editing/consulting website, or by any other means. (Ate Up With Motor is a trademark of Aaron Severson dba Ate Up With Motor. 6200 Productions is a trademark of Aaron Severson dba 6200 Productions.)
Section 7102(b) of the regulations [formerly numbered as Section 999.317(h)] draws (and requires businesses to draw in making these disclosures) a distinction between requests received from consumers (which I presume means California residents, which is how the CCPA defines that term) and requests received from all individuals. For the avoidance of doubt, the following disclosures present the total number of requests I received from all individuals during each specified period. (These disclosures DO NOT include request forms I submitted for internal testing and/or troubleshooting purposes that were not actual requests!)
California Privacy Requests Received in 2020
Type | Requests Received | Complied With (In Whole or in Part) | Denied | Mean Response Time | Median Response Time |
---|---|---|---|---|---|
Requests to know | 1 (one) | 1 (one) | 0 (zero) | 17.0 days | 17.0 days |
Requests to delete | 8 (eight)* | 6 (six) | 2 (two) | 8.5 days | 3.5 days |
Requests to opt-out | 8 (eight)* | 8 (eight) | 0 (zero) | 1.0 days | 1.0 days |
* Totals include several duplicative requests.
California Privacy Requests Received in 2021
Type | Requests Received | Complied With (In Whole or in Part) | Denied | Mean Response Time | Median Response Time |
---|---|---|---|---|---|
Requests to know | 0 (zero) | 0 (zero) | 0 (zero) | N/A | N/A |
Requests to delete | 0 (zero) | 0 (zero) | 0 (zero) | N/A | N/A |
Requests to opt-out | 0 (zero) | 0 (zero) | 0 (zero) | N/A | N/A |
(I didn’t receive any requests to know, requests to delete, or requests to opt-out during the 2021 calendar year, from California residents or otherwise.)
California Privacy Requests Received in 2022
Type | Requests Received | Complied With (In Whole or in Part) | Denied | Mean Response Time | Median Response Time |
---|---|---|---|---|---|
Requests to know | 1 (one) | 0 (zero) | 1 (one) | 12.0 days | 12.0 days |
Requests to delete | 1 (one) | 0 (zero) | 1 (one) | 12.0 days | 12.0 days |
Requests to opt-out | 1 (one) | 1 (one) | 0 (zero) | 3.0 days | 3.0 days |
California Privacy Requests Received in 2023
Type | Requests Received | Complied With (In Whole or in Part) | Denied | Mean Response Time | Median Response Time |
---|---|---|---|---|---|
Requests to know | 1 (one) | 0 (zero) | 1 (one) | 14.0 days | 14.0 days |
Requests to delete | 2 (two) | 0 (zero) | 2 (two) | 14.0 days | 14.0 days |
Requests to opt-out | 3 (three) | 3 (three) | 0 (zero) | 1.0 days | 1.0 days |
California Privacy Request Metrics Methodology
The CCPA regulations leave some ambiguity about what should be considered the date of “substantive response” to requests that require identity verification, a process which may take some time to complete and may require additional action on the part of the requestor. For purposes of these disclosures, my calculations reflect the date I either complied with (in whole or in part) or denied a given request.
For 2020, if I initially denied a request because I was unable to verify the requestor’s identity to the degree of certainty the regulations require, but subsequently verified the requestor’s identity to a degree of certainty sufficient to enable me to comply with the request (whether I did so or not), the disclosures reflect the final decision — and the final decision date — rather than the initial denial. For 2021, I did not receive any requests to know or requests to delete, so response time calculations were not applicable. To the extent it was applicable, I followed the 2020 methodology for 2022 and 2023. I may revise this methodology for later years depending on my subsequent experience.
Under California law, a consumer’s request to opt-out of the sale of their personal information remains in force indefinitely unless the consumer subsequently decides to opt-in, so I respond to duplicative or repeated requests to opt-out from a requestor who has already opted-out by affirming that the requestor’s original opt-out request remains in effect. I treated all such duplicative or repeated opt-out requests as “complied with” for purposes of these disclosures.
Where I substantively responded to a request on the same day it was received, I treated the response time as 1.0 days for purposes of calculating the mean and median response times.
Where I received no requests of a given type during the specified period, I listed the mean and median response times as “N/A” (not applicable).
If you have any questions about these disclosures, feel free to contact me via any of the methods described in “Controller/Responsible Party, Questions, and How to Reach Me” below.
Controller/Responsible Party, Questions, and How to Reach Me
The controller responsible for processing personal information I collect through and/or in connection with the aaronseverson.com website (the “responsible party,” for jurisdictions that use that term) is Aaron Severson, 11100 National Bl. #3, Los Angeles, CA 90064, USA.
If you have questions or concerns about this policy or my use of personal information, if you’d like to request a change or correction to personal information I’ve collected about you, or if you would like to contact me regarding any of the rights described in “Your Rights (GDPR and Other National or State Privacy Laws)” or “Nevada Consumer Opt-Out Rights” above (and/or any other privacy rights you may have under applicable national and/or state law), you can reach me via postal mail at that address or via email at admin (at) aaronseverson (dot) com.
If you are a California resident and would like to exercise your rights under the California Consumer Privacy Act of 2018 (CCPA) or other California privacy laws — e.g., the right to know about personal information collected, disclosed, or sold; the right to request deletion of your personal information; and/or the right to opt-out of the sale of your personal information — you (or your authorized agent) can submit a request via any of the methods specified on the Do Not Sell My Personal Information page.
Except as otherwise required by law, privacy-related requests or inquiries pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative.
Privacy Policy Changes
I may revise this Privacy Policy from time to time, at my sole discretion. I recommend that you regularly review this page for changes, which will be summarized in “Recent Revisions” below; I may also provide additional notice in other ways (e.g., by updating the “Most Recent Policy Updates” box and/or by sending out email notifications). If the policy has changed since your last visit to the aaronseverson.com website, the website may also prompt you to review and accept the changes. Your further access to and/or use of the aaronseverson.com website after any changes to this Privacy Policy, which are effective once published on this page and whose effective date(s) will be indicated in the “Recent Revisions” section below, will be subject to the updated policy.
Recent Revisions
Here is a list of recent changes to this Privacy Policy, in reverse order by date:
- January 12, 2024: In Security Scans, revised the paragraph on the Solid Security plugin to change “a remote API service associated with the WordPress.org websites” to “remote API services associated with the WordPress.org websites and/or operated by SolidWP or its parent company”. Later in that paragraph, changed, “a remote iThemes API service” to “a remote API service operated by SolidWP or its parent company”. In Data Related to Administrative Users, changed “a remote SolidWP API service” to “a remote API service operated by SolidWP or its parent company” to better reflect their current business structure. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the examples of categories of sensitive personal information to change “Someone’s racial and/or ethnic origin, religious and/or philosophical beliefs, and/or union membership” to “Someone’s racial and/or ethnic origin, citizenship and/or immigration status, religious and/or philosophical beliefs, and/or union membership” to reflect recent changes in the CCPA definition of sensitive personal information. Updated the California Privacy Request Metrics Disclosures section to add a subsection for 2023. In California Privacy Request Metrics Methodology , revised the second paragraph to change “for 2022” to “for 2022 and 2023.”
- October 17, 2023: Updated references to iThemes throughout this document (except in older entries in this revisions list) to reflect the rebranding of that business and its products, also updating the relevant external links and associated trademark notices. In the Taxes, Duties, and Fees subsection of the Financial Transactions Policy, revised the second paragraph to add the phrase “in accordance with applicable law” at the end of the first sentence, separated with a comma. Made a clarification to this entry after initial publication.
- September 12, 2023: In the CCPA Information Collection and Sharing Notice, revised the first sentence of the preamble to change “requires certain businesses to provide California residents with information about the categories …” to “requires certain businesses to provide California residents with a ‘notice at collection’ that discloses the categories …” and added the phrase “how long that personal information may be retained;” to the same sentence. In the Categories of Personal Information Collected subsection, moved the sentence beginning “To learn more about how long …” to a new “Retention of Personal Information” subsection later in the section (following the existing Collection Purposes subsection). In the Disclosure or Sale of Personal Information subsection, revised the first sentence to strike the phrase “even information that is readily available to the general public” and delete its em dashes. Later in that subsection, deleted the phrase “with the exception of ‘engaging in speech that state or federal courts have recognized as noncommercial speech, including political speech and journalism'” (as that exception has been removed from the CCPA). Later in that subsection, deleted the phrase “whether or not such information is from official government records (the only type of “publicly available information” the CCPA acknowledges)” for the same reason. Later in that subsection, revised the paragraph beginning “As noted in the ‘Disclosure of Personally Identifying Information’ section …” to delete the sentences beginning, “However, it remains unclear how the CCPA …” In the subsequent paragraph, removed the quotation marks around the first instance of “noncommercial speech” and changed the word “deemed” to “legally regarded as”. Inevitably tinkered with these revisions after initial publication.
- August 25, 2023: In Embedded Content, deleted the Twitter bullet point (since it is now very unlikely that I will share any embedded content from that service, which is in the process of changing its name). In Disclosure of Personally Identifying Information, revised the Twitter reference (in the examples of social media platforms) to reflect that the service is now called “X,” update the trademark notice, and remove the statement about Ate Up With Motor (since I intend to shortly delete the Ate Up With Motor account on that service). Also rearranged that item so that it’s listed alphabetically under its new name.
- July 9, 2023: In Disclosure of Personally Identifying Information, added Nir Sofer’s NirSoft freeware utilities to the examples of third-party vendors and/or service providers (in the “Other providers whose services I may use in accessing the Internet” bullet point). Inevitably tinkered with these revisions after initial publication.
- June 17, 2023: In Categories of Information and Purposes for Collection, revised the wording of the Recruitment/hiring/employment or business partnerships bullet point to also refer to administering employment benefits and/or otherwise administering and/or conducting employment relationships, business partnerships, and/or other professional relationships. (This is not a substantive change in the intent of the disclosed purpose, but rather an attempt to better describe and explain the intended scope.) In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, revised the last numbered point in the first list to update the reference to the cited regulation, whose numbering has changed.
- June 12, 2023: In Disclosure of Personally Identifying Information, updated the reference to the Comodo certificate authority (in the examples of third-party vendors and/or service providers) to refer instead to Sectigo (which is the current brand name of that CA) and updated the associated trademark notice accordingly.
- April 16, 2023: As a global change, changed references to the “Customer EU Data Processing Addendum” to the DreamHost Terms of Service to refer instead to the “Customer Data Processing Addendum” (as that addendum is now called) and updated the hyperlink to the current version of the addendum.
- April 11, 2023: Fixed a typographical error in Certificate Authority Checks.
- April 10, 2023: In the Taxes, Duties, and Fees subsection of the Financial Transactions Policy, revised the first sentence to change “Except as otherwise indicated, …” to “Except as otherwise expressly indicated or as otherwise required by applicable law, …” In the third paragraph, changed “any applicable government-imposed taxes, duties, charges, and/or fees you may owe that I do not collect from you are your sole responsibility” to “any applicable government-imposed taxes, duties, charges, and/or fees you may owe that I do not collect or withhold from you are your sole responsibility” for internal consistency. In Disclosure of Personally Identifying Information, added the PicView app to the examples of third-party vendors and/or service providers (in the “Other providers of software, apps, tools, and/or services” bullet point).
- February 17, 2023: In the Refunds and Returns subsection of the Financial Transactions Policy, fixed a typographical error in the “Advertising Purchases” bullet point (“except where I are required” was supposed to be “except where I am required”).
- January 17, 2023: As a global change on this page and the Cookie Notice, updated the links to the Legal Agreements for PayPal Services hub, whose URL has changed.
- January 7, 2023: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Information about philosophical or other beliefs, opinions, feelings, predispositions, attitudes, ideas, and/or viewpoints” (under “Other types of personal information not specifically described in the applicable statutes”) to read “Information about other types of opinions, feelings, predispositions, attitudes, ideas, and/or viewpoints” (since philosophical beliefs are now separately categorized as a type of sensitive personal information). Also restored the bullet point regarding inferences (which had been inadvertently deleted in a previous revision) and changed “Inferences drawn from any of the information identified above” to “Inferences drawn from any of the information identified in this section”. Amended the California Privacy Requests Received in 2022 table in California Privacy Request Metrics Disclosures to add the word “days” in the mean and median response time columns. Inevitably tinkered with these revisions after initial publication.
- January 1, 2023: Updated California Privacy Request Metrics Disclosures to include 2022 data. (I actually prepared these changes on December 31, but didn’t post them until after midnight.)
- December 24, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice (on this page and the Your California Privacy Rights page), revised the wording of several of the items under “Categories of sensitive personal information” to change various instances of “or” to “and/or” for greater consistency. Also changed “(where I am not the intended recipient of the communication)” to “(unless I am the intended recipient of the communication(s))” to more closely align with the statutory wording.
- December 21, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the description of biometric information under “Categories of sensitive personal information” to change “… for the purposes of uniquely identifying sometime” to “… for the purpose of uniquely identifying someone”.
- December 18, 2022: In Embedded Content, revised the first bullet point to update some of the information regarding the Google Fonts API, including clarifying that the service does record the website or URL from which you accessed the fonts, updating the link to their privacy FAQ, removing the reference to it explaining how long data remains stored on a user’s device (since the FAQ no longer contains that information), and making some minor punctuation adjustments.
- December 17, 2022: As a global change throughout this page (except in older entries in this Recent Revisions list), changed most instances of the phrase “unless otherwise” to “except as otherwise” (maintaining the existing capitalization).
- December 16, 2022: In the preamble, changed “may use, share, release, and/or otherwise disclose that information” to “may use and/or disclose that information.” In Definitions, revised the “IP address” definition” to change both instances of “collect, use, and/or share” to “collect and/or use”. In Website Server, Error, and Security Logs, changed “I may also share additional data with them …” to “I may disclose additional data to them …” and changed “I may also share, release, and/or otherwise disclose …” to “I may also disclose …” In Security Scans, changed “I may share information from security scans and/or other security measures with third parties …” to “I may disclose information from security scans and/or other security measures to third parties …” and changed “I may also share, release, and/or otherwise disclose …” to “I may also disclose …” In Embedded Content, updated the bullet points on YouTube and Vimeo videos to change “posted, shared, and/or otherwise displayed” to “posted and/or otherwise displayed” and updated the bullet point on Twitter content to change “post, share, and/or otherwise display” to post and/or otherwise display”. In Information You Provide to Me, changed, “you’re under no obligation to share personal information with me …” to “you’re under no obligation to provide me with personal information …” In the last paragraph of Consents and Agreements, changed “share, release, and/or otherwise disclose” to “disclose” and changed “the ways I use, share, release, and/or otherwise disclose …” to “the ways I use and/or disclose …” In Contact Forms, changed “may share or otherwise disclose information related to California privacy requests …” to “may disclose information related to California privacy requests …” and changed “may share, release, and/or otherwise disclose …” to “may disclose …” In the last paragraph of Comments, changed “share, release, and/or otherwise disclose” to “disclose” for consistency. In Other Inquiries, Messages, and Support Requests, changed “is shared and/or accessible” to “is visible and/or accessible”; changed “when sharing sensitive information in such ways” to “when disclosing sensitive information in such contexts”; and changed “may share, release, and/or otherwise disclose …” to “may disclose …” In Other Information You Provide to Me, changed “only share, release, and/or otherwise disclose …” to “only disclose …” In Data Related to Recruitment/Hiring/Employment or Business Partnerships, updated the last paragraph to change several instances of “share” to “disclose” (also changing “with” to “to” as applicable) and changed “may also share, release, and/or otherwise disclose …” to “may also disclose …” for consistency. In the Disclosure of Transaction-Related Information subsection of the Financial Transactions Policy, changed “and/or share, release, and/or otherwise disclose …” to “and/or disclose …” In Transaction-Related Information I Receive from Third Parties, changed two instances of “share, release, and/or otherwise disclose …” to “disclose …” In Information I Receive from Third Parties for Security Purposes, changed two instances of “share, release, and/or otherwise disclose …” to “disclose …” In Other Information I Receive from Third-Party Sources, changed “much of the information posted and/or shared on …” to “much of the information posted on …” Later in that section, revised the paragraph about information received from someone’s employees, independent contractors, etc., to change “authorize them to share” to “authorize them to disclose”; revised the paragraph beginning “Much, though not necessarily all, …” to changed “otherwise share with me …” to “otherwise provide me with …” In Reports and Aggregate Statistics, changed “otherwise share them with …” to “otherwise disclose them to …” In Information Captured by Service/Software/App/Device Telemetry, changed “share that data with third parties” to “disclose that data to third parties”. In the first paragraph of Disclosure of Personally Identifying Information, changed “share, release, and/or otherwise disclose …” to “disclose …” In the bullet point beginning “In photos, images, and/or other media …” changed “may share photos, images, and/or other media (and/or related information) with others” to “may show photos, images, and/or other media (and/or related information) to others” and changed “published and/or shared” to “published and/or otherwise released”. In the bullet point regarding employees, independent contractors, etc., changed “share with them” to “disclose to them.” Updated the reference to Flickr to change “on which I have shared” to “on which I have published” and change “to share” to “to publish”. Updated the reference to my mobile carrier to change “in addition to any information I may share with them for …” to “in addition to any information I may disclose to them for …” Updated the reference to my landlords to change “I may share relevant information …” to “I may provide relevant information …” In the paragraph beginning “Third, …” replaced both instances of the word “share” with “release”. In the paragraph beginning “Fifth, …” changed an instance of the word “share” to “post”. In “‘Shine the Light’ Law Disclosures, changed “which specific pieces of information were shared” to “which specific pieces of information were disclosed”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a new set of bullet points (“Categories of sensitive personal information”) and made some punctuation adjustments accordingly. In the final paragraph of that subsection, changed “collected and/or shared” to “collected and/or disclosed”. In the Disclosure or Sale of Personal Information subsection, updated the paragraph beginning “To achieve the purposes …” to change “may share, release, and/or otherwise disclose” to “may disclose”; two instances of “share, release, or disclose” to “disclose”. In the subsequent paragraph, changed “may share any or all of the categories …” to “may disclose any or all of the categories …” In the subsequent paragraph beginning “As indicated in the …” changed “may also share, release, and/or otherwise disclose …” to “may also disclose …” In the first bullet point of the list following, changed “to share, discuss, and/or otherwise disseminate” to “to discuss and/or disseminate”. In the list following that one, changed “share with DreamHost” to “disclose to DreamHost” for consistency. In the subsequent paragraph regarding embedded content, changed “shared via an embedded YouTube video player, …” to “posted via an embedded YouTube video player, …” In the paragraph beginning, “Put simply, …” changed “shared for …” to “disclosed for …” In the paragraph after that, changed “may share, release, and/or otherwise disclose …” to “may disclose …” and changed “with any or all …” to “to any or all …” Corrected the December 12, 2022 entry below to fix an inadvertent use of “we” rather than “I.”
- December 12, 2022: In the first section of the Financial Transactions Policy, changed “(e.g., a money transfer or electronic funds transfer service)” to “(e.g., an electronic funds transfer service).” In the Acceptable Payment Types subsection of the Financial Transactions Policy, deleted the phrase “wire transfer” from each of the bullet points. Amended the paragraph beginning “Depending on the nature …” to add the phrase “and provided that the use of such payment method(s) is permitted by applicable law and/or regulations” to the end of the first sentence, separated by a comma. Added a paragraph after that one, explaining that under certain circumstances, applicable law and/or regulations may affect or limit the types of payment I can accept or use. In the Currency subsection, deleted the phrase “e.g., international wire transfers,” for consistency. In the Disclosure of Transaction-Related Information subsection, deleted the reference to money transfer services in the sixth numbered item. In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, changed “Section 7001 (i)” to “Section 7001(i)” for usage consistency. Inevitably tinkered with these revisions after initial publication.
- December 3, 2022: In the Acceptable Payment Types subsection of the Financial Transactions Policy, changed “do not accept cryptocurrency payments of any kind” to “do not accept virtual currency or cryptocurrency of any kind.” Fixed a typographical error in the references to the Financial Transactions Policy in the entries below for August 15, 2021; April 25, 2021; and January 20, 2021 (which had inadvertently referred to “Transaction” in the singular), for internal consistency. Similarly adjusted the entry for May 16, 2020 on the Older Privacy Policy Revisions page, for the same reason.
- November 24, 2022: In the Taxes, Duties, and Fees subsection of the Financial Transactions Policy, changed “certain taxes, duties, and/or other government-imposed charges or fees from you” to “certain applicable taxes, duties, and/or other government-imposed charges or fees from you”. Later in that paragraph, also changed “I may also be required …” to “Additionally, I may be required …” and changed “even where no tax collection or withholding requirements apply” to “whether or not any tax collection or withholding requirements apply” for greater clarity. Inevitably tinkered with these revisions after initial publication.
- November 21, 2022: In the Taxes, Duties, and Fees subsection of the Financial Transactions Policy, changed “For certain transactions, I may be required to collect and/or withhold certain taxes, duties, and/or other government-imposed charges or fees from you and remit them directly to …” to “For certain transactions, I may collect and/or withhold (and/or may be required to collect and/or withhold) certain taxes, duties, and/or other government-imposed charges or fees from you and remit them to …” In Disclosure of Personally Identifying Information, updated the bullet point beginning “If I am legally required to do so, …” to change “that is subject to sales/use tax” to “that is subject to sales tax or use tax”. In the equivalent bullet point in the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, changed “correct sales/use tax rate” to “correct sales tax or use tax rate” for consistency.
- November 17, 2022: In Credits and License for This Policy, the preamble of the Cookie Notice, and the preamble of the Older Privacy Policy Revisions page, updated the Automattic trademark notices to also add an express disclaimer of affiliation or endorsement. In the Right of Withdrawal subsection of the Financial Transactions Policy, added a trademark notice along with the aforementioned disclaimer of affiliation or endorsement to the beginning of the subsection. Inevitably tinkered with these revisions after initial publication.
- November 13, 2022: Renamed the California Privacy Request Metrics (Record-Keeping Disclosures) section “California Privacy Request Metrics Disclosures” and updated the Table of Contents accordingly.
- November 10, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added “Reproductive health decisionmaking” to the examples under “Characteristics of protected classifications under California or federal law” (in its own bullet point).
- November 8, 2022: In Security Scans, revised the QR Code reference to add a registered trademark symbol; change “the QR Codes this website’s administrative users may use to set up multi-factor authentication …” to “a QR Code® (which this website’s administrative users may use to set up multi-factor authentication) …”; and adjust the trademark notice. Made the same trademark changes to the references in Data Related to Administrative Users, also changing “the QR Codes that may be used to set up multi-factor authentication are generated …” to “the QR Code® that may be used to set up multi-factor authentication is generated …” for grammatical reasons. In Disclosure of Personally Identifying Information, updated the reference to Tibor Kaputa’s Simple Mobile Tools to also refer to the Simple SMS Messenger app by the same developer, making a minor wording adjustment to the existing reference for text flow.
- November 5, 2022: In Other Information I Receive from Third-Party Sources, changed “typically from sources already available to the public” to “typically (though not necessarily only) from sources already available to the public” and changed “in various print or online sources” to “in various print or online sources and/or obtain directly from you.” Later in that section, deleted the last sentence of the paragraph beginning “Data Related to Recruitment/Hiring/Employment or Professional Partnerships” section above …” (since that sentence was redundant with the earlier section referenced). In Nevada Consumer Opt-Out Rights, changed “(which may be extended to 90 days if I deem it reasonably necessary and notify you of the extension)” to “(which I may extend by up to 30 days if I determine that it is reasonably necessary and notify you of the extension)” to more closely reflect the statutory wording. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, adjusted the wording of three of the bullet points under “Characteristics of protected classifications under California or federal law” to more closely reflect the statutory wording: Changed “Language(s) spoken and/or preferred” to “Language and/or accent”; changed “Religion and/or creed” to “Religion, creed, religious belief, religious observance, and/or religious practice” and changed “Pregnancy, childbirth, and/or related medical conditions”to “Pregnancy, childbirth, breastfeeding, and/or related medical conditions”. Inevitably tinkered with these revisions after initial publication.
- October 24, 2022: In Disclosure of Personally Identifying Information, revised the bullet point beginning “As part of and/or in connection with my content and/or other creative endeavors …” to change “broadcast, and/or otherwise disseminated and/or made available to the public” to “broadcast, and/or otherwise made available to the public” for clarity. Later in that section, updated the reference to the ImageGlass app to add the words “image viewer app” after the name. In Your Rights (GDPR and Other National or State Privacy Laws), revised the bullet point reading “Request portability of your personal data” to add a parenthetical explanation of what that right entails. Inevitably tinkered with these revisions after initial publication.
- October 17, 2022: In the Financial Transactions Policy, added a final paragraph to the preamble: “Nothing in this policy limits your rights and remedies under applicable law.” Renamed the Taxes subsection “Taxes, Duties, and Fees” and revised the wording of the text to better reflect that scope and make a number of clarifications, including clarifying that unless otherwise indicated, my prices and the charges for my services do not include any applicable taxes, duties, or other government-imposed charges or fees, and that you are obligated to file any required tax returns and other documentation and pay any applicable taxes on any payments I make to you. In the Returned Check Fees subsection, changed “by check or bank draft” to “by check, bank draft, or other negotiable instrument” for completeness. In Refunds and Returns, added clearer instructions for how to request a refund or ask for assistance with a refund or return, making some adjustments to the surrounding text for clarity with the additions. Also renamed the Information Sharing subsection “Disclosure of Transaction-Related Information” to better describe the scope of that subsection. Added ID attributes to the headings of each of the subsections to facilitate linking directly to them. Added internal links to the references to other subsections in the preamble, Consent to Electronic Communication Delivery, and Refunds and Returns subsections. Inevitably tinkered with these revisions after initial publication.
- October 9, 2022: In Definitions, fixed a typo in the “IP address” definition (there was supposed to be a comma between the first instance of “Internet service provider” and the first instance of “mobile carrier”).
- October 8, 2022: In Embedded Content, fixed a typo in the jsDelivr bullet point (“… projects uses may change periodically” was supposed to read “… project uses may change periodically”). In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “other delivery provider” to “other delivery service.” In the Information Sharing subsection, changed “and/or shipping agency (or agencies)” to “shipping agency (or agencies), and/or delivery service(s)” to avoid any definitional ambiguity, and for internal consistency. Inevitably tinkered with these revisions after initial publication.
- October 6, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Military or veteran status” (under “Characteristics of protected classifications under California or federal law”) back to “Veteran or military status” to more closely reflect the statutory wording.
- October 5, 2022: In Data Related to Administrative Users, changed the phrase “determined at my sole discretion” to “determined in my sole discretion.” In The Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, revised the text to specify that required tax statements (but not tax forms or documents we provide for you to complete and return to us, such as to request your taxpayer identification number) will be furnished on paper unless you separately consent to receive them electronically, and that I may always elect to send you paper copies of communications in addition to or instead of sending them electronically, even if you consented to receive them electronically. Made a number of clarifications to the procedures for withdrawing consent to electronically receive communications, including clarifying that I will confirm your withdrawal of consent (and its effective date) in writing, that withdrawal of consent will not affect the delivery of any communication provided electronically prior to the effective date of the withdrawal, and that a request for paper copies of communications previously delivered electronically will not be considered a withdrawal of consent to electronically receive future communications unless you specifically indicate that you wish to withdraw consent. Rearranged the order of some text for greater clarity and readability. Also in that section, changed “No such fee will apply to paper copies of tax documents …” to “No such fee will apply to paper copies of any tax document …”
- October 1, 2022: In Legal Bases for Collecting and Using Information, revised the first numbered item to read “The use is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and/or;” to more closely reflect the regulatory wording. Also revised the wording of the first portion of the fourth numbered item to read “The use is necessary for the purposes of my legitimate interests and/or those of a third party” for the same reason (leaving the parenthetical examples unchanged). In Disclosure of Personally Identifying Information, updated the examples of third-party vendors and/or service providers to add several more examples of providers of filter lists, block lists, and/or other security-related information: the AdGuard Team AdGuard Filters, Peter Lowe’s ad and tracking server list, and the URLhaus Malicious URL Blocklist. Inevitably tinkered with these revisions after initial publication.
- September 29, 2022: In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “I may promptly delete unsolicited offers or commercial solicitations as spam, …” to “Unless otherwise required by law, I may promptly delete unsolicited offers or commercial solicitations as spam, …” Later in that same paragraph, changed “retain applications I receive” to “retain applications for employment and/or employment referral records” and removed the references in that sentence to job openings; changed “retain employment, hiring, application, and/or related information” to “must retain application, hiring, employment, employment referral, membership, and/or personnel records, files, and related information”; and changed “retention of related data …” to “retention of such information …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the wording of several bullet points under “Characteristics of protected classifications under California or federal law”: changed “Veteran or military status” to “Military or veteran status” and changed “Genetic data and/or characteristics” to “Genetic characteristics, genetic data, and/or genetic information” (to try to cover all the variations in statutory language).
- September 28, 2022: In Disclosure of Personally Identifying Information, updated the reference to the SQLiteStudio tool to add a trademark notice for SQLite. In the first paragraph of Security Scans and the last paragraph of Disclosure of Personally Identifying Information, changed “against unauthorized access, destruction, use, modification, or disclosure” to “from unauthorized or illegal access, destruction, use, modification, or disclosure”. In Additional California Privacy Rights (CCPA), amended the last item in the first numbered list to change “… appropriate to the nature of the information” to “… appropriate to the nature of the information to protect the personal information” to more closely reflect the statutory language. Inevitably tinkered with these revisions after initial publication.
- September 27, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point regarding genetic data (under “Characteristics of protected classifications under California or federal law”) to read “Genetic data and/or characteristics (and/or familial genetic information, such as (without limitation) family medical history)”. (This is not a change but a clarification, to better reflect the variations in statutory wording and make clearer that federal law considers family medical history to be a type of genetic information.)
- September 25, 2022: In the Taxes subsection of the Financial Transactions Policy, changed “and pay those taxes directly …” to “and remit those taxes directly …”
- September 22, 2022: In the Acceptable Payment Types subsection of the Financial Transactions Policy, changed each instance of “or electronic funds transfer” to “wire transfer, or electronic funds transfer”. (This is intended as a clarification rather than a change of policy; I had previously assumed that a wire transfer could be considered a type of electronic funds transfer, but I recently learned that U.S. banking regulations actually exclude wire transfers from the definition of electronic funds transfer, so they are apparently regarded as a different type of transfer.)
- September 15, 2022: In the Acceptable Payment Types subsection of the Financial Transactions Policy, changed “their verified name …” to “the payer’s verified name …” for clarity.
- September 11, 2022: In Disclosure of Personally Identifying Information, updated the ABBYY trademark notice.
- September 7, 2022: In Disclosure of Personally Identifying Information, fixed a typographical error in the trademark symbol in the reference to the Internet Security Research Group nonprofit organization and added the phrase “that is” immediately after that reference. Also fixed a typographical error in the GoDaddy reference (changing “permanent closed” to “permanently closed”). Inevitably tinkered with these revisions after initial publication.
- September 6, 2022: In Embedded Content and Disclosure of Personally Identifying Information, updated the Twitter trademark notices.
- September 1, 2022: As a global change throughout this page, adjusted the formatting of certain bullet-pointed lists for greater stylistic consistency. In Definitions, updated the Cookies and similar technologies definition to add an additional informational link for Canada. Made the same change in the Cookies and Similar Technologies section of the Cookie Notice for consistency. In How You Can Correct or Update Your Personal Information and Additional Information About Data Retention on this page, changed several instances of the phrase “sensitive information” to “sensitive personal information” for greater consistency. Inevitably tinkered with these revisions after initial publication.
- August 28, 2022: Updated the Acceptable Payment Types subsection of the Financial Transactions Policy to note that in some circumstances, I may accept certain other payment types by prior mutual agreement.
- August 23, 2022: In Embedded Content, updated the Yoast SEO bullet point to indicate that the Ryte integration has been removed, revising the wording of that language accordingly. In the Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, changed the phrase “(including, without limitation, any related agreements, disclosures, …” to “(including, without limitation, any related invoices, agreements, disclosures, …” for the avoidance of doubt. Inevitably tinkered with these revisions after initial publication.
- August 21, 2022: In Disclosure of Personally Identifying Information, revised the reference to Dell Technologies, Inc., to change “Dell Technologies, Inc. and/or its affiliates, …” to “Dell Technologies, Inc., and/or its subsidiaries and/or affiliates, …” and update the trademark notice.
- August 20, 2022: In Legal Bases for Collecting and Using Information, revised the first numbered provision to change “to enter into a contractual agreement with you and/or fulfill …” to “to perform and/or fulfill …” In Your Rights (GDPR and Other National or State Privacy Laws), revised the bullet point on the right to object to processing of your personal data to change the phrase “including profiling” to “including automated profiling” for greater clarity. Inevitably tinkered with these revisions after initial publication.
- August 18, 2022: In Embedded Content, revised the PayPal bullet point to note that PayPal may also use automated technologies to assess this website (which may include collecting publicly available personal information published on the site) to ensure compliance with its user agreement and to combat malicious or fraudulent activity, reflecting an upcoming update to the PayPal User Agreement. Also changed the phrase “may different” to “may differ” to fix a grammatical error. In the paragraph following the bullet-pointed list, fixed another editorial error by changing “… and/or terms of service/terms” to “… and/or terms of service/terms of use.” Inevitably tinkered with these revisions after initial publication.
- August 13, 2022: In the Acceptable Payment Types subsection of the Financial Transactions Policy, changed “Failure to promptly report …” to “Failure to timely report …” and changed “(Where I am required to report a payer’s transaction(s) in this way, I am also required to notify the payer in writing that I have done so.)” to “(Where I am required to report a transaction or transactions in this way, I am also required to provide a written statement to each person named in the report.)”
- August 7, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about other professional relationships …” (under “Professional or employment-related information”) to delete “contractor and/or subcontractor relationships” (since those are included in the preceding bullet point).
- August 4, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Training, continuing education, professional development, career goals, and/or professional aspirations” (under “Professional or employment-related information”) to “Professional qualifications, skills, training, continuing education and/or professional development, professional aspirations, and/or career goals”.
- July 29, 2022: In Additional Information About Data Retention, changed the phrase “to protect someone’s health, safety, or property” to “to protect someone’s safety and/or property” (mostly for internal consistency). In Information Captured by Service/Software/App/Device Telemetry, removed some inadvertently duplicated items in the bullet-pointed list (which was also not supposed to break in the middle). Inevitably tinkered with these revisions after initial publication.
- July 28, 2022: In “Shine the Light” Law Disclosures, made some wording changes to more closely align with the statutory wording: Changed “is also considered a direct marketing purpose” to “is also considered a direct marketing purpose of the business ‘that sells, rents, exchanges, or obtains consideration for the personal information'”; changed “is defined as ‘a relationship formed by a voluntary, two-way communication between a business and a customer’ that is either ongoing or was established with a purchase or other transaction within the past 18 months” to “is defined as ‘a relationship formed by a voluntary, two-way communication between a business and a customer, with or without an exchange of consideration, for the purpose of purchasing, renting, or leasing real or personal property, or any interest therein, or obtaining a product or service from the business’ that is either ongoing or was established by a purchase or other transaction within the preceding 18 months”; changed “What categories of personal information, if any, that business shared with third parties …” to “The categories of personal information, as defined in the applicable statute, that the business disclosed to third parties …”; changed “in the preceding calendar year” to “during the immediately preceding calendar year”; and changed “(The law does not require the business to reveal which specific pieces of information were shared, only the categories of information, as defined in the applicable statutes.)” to “(The law does not require the business to reveal which specific pieces of information were shared, only the categories of information, and the business may provide the required information ‘in standardized format.’)”
- July 24, 2022: In Disclosure of Personally Identifying Information, updated the bullet point regarding my landlord(s) to change “by requesting information about the identities of my guests, …” to “by requiring me to provide certain information about my guests, …”
- July 23, 2022: In Disclosure of Personally Identifying Information, updated the hyperlink to the HP Privacy Statement. Amended the reference to Intel Corporation to correct the reference to their privacy notice (the anchor text for the hyperlink had said “Privacy Statement” rather than “Privacy Notice”) and update the trademark notice.
- July 22, 2022: In Credits and License for This Policy, changed “Therefore, this policy is also licensed …” to “Therefore, this Privacy Policy is also licensed …” In Embedded Content, changed “Embedded content providers may combine some or all of this information with other information they collect about you over time and/or across different websites and/or online services you use” to “Embedded content providers may collect personal information about your online activities over time and/or across different websites and/or online services”. Also revised the paragraph beginning “Embedded content providers may use various third-party service providers …” to add a sentence: “They may also collect personal information about your online activities over time and/or across different websites and/or online services.” In the Creative Commons bullet point, fixed an inadvertent repetition of the word “about”. In Advertising, revised the first paragraph to change “they may collect and use” to “those advertisers may collect and use” and change “potentially for commercial purposes” to “and may collect personal information about your online activities over time and/or across different websites and/or online services”. In the paragraph about advertising on the administrative dashboard, changed “may combine some or all of that information with information they collect about the user over time and/or across different websites and/or online services” to “may also collect personal information about administrative users’ online activities over time and/or across different websites and/or online services” and changed “The collection, use, and retention of such data …” to “The collection, use, and retention of such personal information …” In Data Related to Administrative Users, revised the paragraph regarding advertising and/or embedded content on the administrative dashboard to fix an inadvertent duplication of the word “about” and change “may combine some or all of that information with information they collect about the user over time and/or across different websites and/or online services” to “may also collect personal information about administrative users’ online activities over time and/or across different websites and/or online services” for consistency. In Combining Information From Multiple Sources, changed “that relates to your online activities over time …” to “about your online activities over time …” In Disclosure of Personally Identifying Information, revised the bullet point beginning “To publicly acknowledge and/or thank someone for their assistance” to add a disclaimer responsibility for what third parties may do with personal information contained in a published acknowledgment, and revised the bullet point regarding our content and/or other creative endeavors to add a note that I can’t control what third parties may do with personal information included, contained, and/or referenced in any content or creative endeavor that has been published, publicly performed, exhibited, broadcast, and/or otherwise disseminated and/or made available to the public. Updated the paragraph beginning “Fourth, …” to change “potentially for various commercial purposes” to “and may collect personal information about your online activities over time and/or across different websites and/or online services” and change “may collect personal information about logged-in administrative users, which the providers of such advertising and/or embedded content may sell and/or combine with information they collect about the user over time and/or across different websites and/or online services for various commercial purposes” to “may collect personal information about logged-in administrative users — and may collect personal information about administrative users’ online activities over time and/or across different websites and/or online services — which the providers of such advertising and/or embedded content may sell and/or use for various other commercial purposes”. In California Do Not Track Disclosure (CalOPPA), changed “(California residents are entitled to this disclosure under the …” to “(This disclosure is required by the …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the examples of “Medical information” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change “information about medical conditions” to “information about medical conditions, diagnoses, and/or history” for completeness, and revised the bullet point beginning “Information about community service …” (under “Other types of personal information not specifically described in the applicable statutes”) to read “Information about community service, volunteer work, civic activity (e.g., jury duty), and/or charitable activity”. In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, changed “may collect personal information about logged-in administrative users, which the providers of such advertising and/or embedded content may sell and/or combine with information they collect about the user over time and/or across different websites and/or online services for various commercial purposes” to “may collect personal information about logged-in administrative users — and may collect personal information about administrative users’ online activities over time and/or across different websites and/or online services — which the providers of such advertising and/or embedded content may sell and/or use for various other commercial purposes for consistency. Also attempted to fix some spacing issues on this page. Inevitably tinkered with these revisions after initial publication.
- July 21, 2022: As a global change throughout this Privacy Policy, changed all instances of “personal information collected, disclosed or sold” to “personal information collected, disclosed, or sold” for punctuation consistency. In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, revised the first numbered item in the list of business purposes under the CCPA to change “Auditing interactions with consumers” to “Auditing related to interactions with consumers” for greater consistency with the statutory wording.
- July 19, 2022: In Definitions, revised the “Identifiers” definition to change “real names” to “a real name or unique pseudonym” and change the rest of the examples from plural to singular, also changing “Social Security number, taxpayer identification number” to “Social Security number or other taxpayer identification number” and adding indefinite articles to the examples for better grammar. Revised the “Names” definition to change “real, legal names” to “real names (first and/or last name(s), and in some cases middle name or middle initial)”; change “legal name” to “full legal name” for clarity; and change “(e.g., financial transactions or legal agreements)” to “(e.g., for contracts and/or other legal matters)”. In Information You Provide to Me, changed “your legal name” to “your real name” and change “contracts or legal agreements” to just “legal agreements”. In Contact Forms, changed “Special Note on Legal Names vs. Pseudonyms/Aliases” to “Special Note on Real Names vs. Pseudonyms/Aliases” and changed “I need your legal name …” to “I generally need your real name …” In Other Inquiries, Messages, and Support Requests, revised the paragraph beginning “Special Note:” to change “may need your legal name” to “may need your real name” for consistency. In Data Related to Administrative Users, changed “their legal name and contact information” to “their real name and their contact information” (also for consistency). Updated the preamble of the Cookie Notice to add a disclaimer about variations in text style having no legal significance or effect. Also made a formatting adjustment to the note about the credits and license and fixed a formatting error. Amended the July 16, 2022 entry below to fix an erroneous reference to a separate Your California Privacy Rights page (which this website doesn’t currently have). Inevitably tinkered with these revisions after initial publication.
- July 16, 2022: In Other Information I Receive from Third-Party Sources, revised the paragraph beginning “I routinely gather a wide variety of information related …” to add “scripts and/or screenplays” to the examples of sources in which I may look up names and/or other relevant personal details. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the wording of three of the bullet points under “Categories of personal information described in California Civil Code Section 1798.80(e),” changing “Physical characteristics and/or descriptions of individuals (e.g., height, weight, &hellip” to “Physical characteristics and/or descriptions (e.g., an individual’s height, weight, …”; changing “Education information” to “Education”; and revising the final bullet point (about other types of insurance) to add a parenthetical aside: “(the above-referenced statute only specifically mentions insurance policy numbers, but other types of information about insurance policies and/or coverage would also seem to be reasonably encompassed by this category)”. Also added a bullet point after “Education”: “Employment and/or employment history” (although this is redundant to the separate enumerated category of “Professional or employment-related information”). Under “Professional or employment-related information,” changed “Professional and/or business certification(s), license(s), permit(s), and/or other credential(s)” to “Business and/or professional license(s), permit(s), certification(s), registration(s), and/or other credential(s)” and added “scripts and/or screenplays” to the parenthetical examples of “creative works, literary works, journalistic works, scientific works, designs, inventions, and/or performances” in the bullet point beginning “Authorship, other credits, …” Inevitably tinkered with these revisions after initial publication, including fixing an editorial error in this entry.
- July 14, 2022: In Comments and Contact Forms, changed references to “emojis, and/or special characters” to just “and/or special characters” (since the former are a subset of the latter). In Additional California Privacy Rights (CCPA), changed “collected that information” to “collected the personal information” and rearranged the list items about information sold or disclosed for a business purpose to more closely align with the regulatory wording. Inevitably tinkered with these revisions after initial publication, including fixing a typo in this entry.
- July 12, 2022: In Embedded Content, updated the Yoast SEO bullet point to add language about the recently added WordProof integration; updated the trademark notice accordingly. In Consents and Agreements, changed “Other consents, preferences, and/or agreements …” to “Other consents, agreements, and/or preferences …” for wording consistency. Updated the paragraph beginning “Consents, agreements, and/or privacy preferences stored …” added language clarifying that in some cases, if a logged-in administrative user indicates their consent(s), agreement(s), and/or preferences via cookies and/or similar technologies, such consent(s), agreement(s), and/or preferences may also be stored in the website database as part of the user’s profile. Split the existing language about separate agreements into a separate sentence reading “Additionally, if in addition to indicating your consent(s), agreement(s), and/or preferences via cookies and/or similar technologies, you ALSO enter into an agreement with me and/or indicate your specific consent(s) and/or preferences in some other way, such separate consent(s), agreement(s), and/or preferences may be retained as described above.” Also changed “as that Notice explains” to “as the Cookie Notice explains” for clarity. Inevitably tinkered with these revisions after initial publication.
- July 11, 2022: In Consents and Agreements, amended the “Data retention” bullet point to change “Typically indefinite” to “Depends on context, but potentially indefinite; see below” for consistency with the main text. In Comments, revised the “Data retention” bullet point to change “comments the submitter asks me to delete” to “comments the submitter asks me to delete or that I otherwise elect to delete” for internal consistency. In the body of that section, changed “I may email you at that address in addition …” to “I may respond to your comment by emailing you at that address in addition …” for clarity and greater consistency with the Terms of Use. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point beginning “Signatures, physical and/or digital …” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change the phrase “the statute does not actually mention” to “the above-referenced statute does not specifically mention” for clarity.
- July 10, 2022: As a global change throughout this page, changed various references to “fulfilling” legal obligations to “complying with” legal obligations (keeping the original tense and conjugation; this is a nitpicking wording adjustment). In Additional Information About Data Retention, also changed “or to fulfill some other reporting or disclosure requirement” to “or to comply with some other reporting or disclosure requirement” for consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point beginning “Information about professional clients, …” (under “Professional or employment-related information”) to change “employees, interns, business partners” to “employees, independent contractors, interns, agents, business partners” for completeness and consistency.
- July 9, 2022: In Credits and License for This Policy, Embedded Content, and the Right of Withdrawal subsection of the Financial Transactions Policy, updated the source link to the WordPress.com Terms of Service. In Notice Regarding Children Under 18; Not for Children, changed “by children under 18” to “by children under 18 years of age.” In Data Related to Recruitment/Hiring/Employment or Business Partnerships and the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, fixed some inadvertent uses of “we” rather than “I”. In the Right of Withdrawal subsection of the Financial Transactions Policy, amended the second paragraph to change “withdraw from the transaction” to “withdraw from the transaction or contract”; change “(for the provision of services)” to “(for the provision of services or the supply of digital content)”; change “within fourteen (14) days from …” to “within fourteen (14) days, starting from …”; added a comma after “without giving any reason”; changed “clear, written request” to “clear written request via postal mail”; changed “For your request, …” to “To make your request, …”; changed “delivery costs” to “delivery charges” and “additional costs” to “additional charges”; changed the phrase “For this repayment, …” to “For this reimbursement, …”; and changed “If you have requested …” to “If you cancel a contract for the provision of services and you have requested …” Rearranged the text of the subsection to put the address and model form before the language about the effects of withdrawal, split the latter into multiple paragraphs, and made various wording changes (including adding a boldface subheading, “Effects of Withdrawal/Cancellation” to the first of the paragraphs describing those effects). Also added language clarifying that if you are withdrawing from the purchase of tangible goods, you must send them back before the end of the 14-day withdrawal period; that I may delay reimbursement until the goods are returned; and that you are responsible for paying any return shipping costs that may apply unless you and I expressly agree otherwise. (I did a lot of tinkering with this subsection after initial publication.) In Disclosure of Personally Identifying Information, revised the bullet point regarding hiring and/or employment history to correct the references to the Information I Receive from Third Parties for Security Purposes and Other Information I Receive from Third-Party Sources sections (I had inadvertently used “We” rather than “I” in those references). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Professional and/or business certification(s), license(s), and/or permit(s)” (under “Professional or employment-related information”) to “Professional and/or business certification(s), license(s), permit(s), and/or other credential(s)” for completeness. Fixed a punctuation error in this entry in Recent Revisions. Revised the June 5, 2022 entry below to correct some inadvertent uses of “we” and “our” rather than “I” and “my”. Revised the March 30, 2022; February 7, 2022; December 28, 2021; November 26, 2021; October 9, 2021; and March 26, 2021 entries below to correct inadvertent uses of “us” rather than “me”. Revised the October 30, 2021 entry to fix an erroneous use of “We” rather than “I”. In the October 3, 2021 entry, fixed a reference to the Controller/Responsible Party, Questions, and How to Reach Me (which had inadvertently used the plural). Updated the preamble of the Older Privacy Policy Revisions page to reflect the updated credits and license information as well as the updated trademark notice. Inevitably tinkered with these revisions after initial publication.
- July 7, 2022: In Embedded Content and Disclosure of Personally Identifying Information, updated the links to certain Google policy and terms documents. In the Taxes subsection of the Financial Transactions Policy, changed “(e.g., sales/use tax, VAT, GST, and/or other taxes)” to “(e.g., sales tax, use tax, VAT, GST, HST, and/or other taxes)”. Renamed the Right to Withdrawal subsection “Right of Withdrawal” and adjusted the preceding reference accordingly. In Refunds and Returns and Right of Withdrawal, changed the instances of the word “section” to “subsection” for clarity and wording consistency. Also changed both instances of “United Kingdom” to “UK” for stylistic consistency. In the latter subsection, changed “from the date of purchase” to “from the date of delivery (for the purchase of goods) or the date of conclusion of the contract (for the provision of services)”. Made a number of clarifications to the second paragraph of the subsection, including changing some instances of “contract” to “transaction or contract”; adding parenthetical language about partial withdrawals; clarifying that the stipulation about refraining from using purchased digital content or digital services applies specifically to ones purchased in the canceled transaction; and making some minor wording adjustments. Also revised the information about what a request should include (toward the end of that subsection) to format it as a model form. In Nevada Consumer Opt-Out Rights, amended the paragraph beginning “(Please note that this right does not apply …” to change two instances of “information” to “covered information” and change “other transfer of my assets” to “other transfer of control of all or part of my assets” to more closely align with the statutory wording. Inevitably tinkered with these revisions after initial publication.
- July 5, 2022: Updated Credits and License for This Policy to note that some portions of this policy are also adapted from the Terms of Service for WordPress.com (also by Automattic) and updated the trademark notice accordingly. In Financial Transactions Policy, added a subsection called “Right to Withdrawal,” which applies to certain European and UK users. (This language is adapted from the Terms of Service for WordPress.com, also by Automattic, which is licensed under CC BY-SA 4.0, like the rest of this policy.) Updated the Refunds and Returns section to reference it. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added boldface to the names of the categories. Inevitably tinkered with these revisions after initial publication.
- July 1, 2022: In Disclosure of Personally Identifying Information, amended the reference to Apple Inc. to updated the trademark notice and add a disclaimer of affiliation or sponsorship. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the last bullet point under “Professional or employment-related information” (beginning “Other information about an individual’s current, past, and/or prospective employment, …”) to change both instances of “vocation, profession, trade, …” to “vocation, profession, career, trade, …” In the final bullet point under “Other types of personal information not specifically described in the applicable statutes” (regarding information about vehicles), changed “color” to “color(s)”.
- June 28, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Genetic information (and/or familial genetic information)” (under “Characteristics of protected classifications under California or federal law”) to “Genetic data (and/or familial genetic data)”. (“Information” and “data” are reasonably synonymous in this context, but the various statutory and regulatory language generally says “genetic data.”)
- June 25, 2022: In Certificate Authority Checks, changed “a service of the nonprofit …” to “a service provided by the nonprofit …” Made the same change in the reference to the CA in Disclosure of Personally Identifying Information for consistency. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised the “Data retention” bullet point to add the phrase “(unless otherwise required by law)” before “delete or discard”; change “unsolicited offers or inquiries” to “unsolicited offers or commercial solicitations”; and change “inquiries or applications that I believe to be fraudulent or submitted by bots” to “applications or inquiries that were obviously submitted by bots rather than people” for greater consistency with the main text of that section. In the main text, updated the paragraph on retention periods to change “discard applications that were obviously generated …” to “discard applications or inquiries that were obviously generated …” again for consistency. Inevitably tinkered with these revisions after initial publication.
- June 24, 2022: In the Refunds and Returns subsection of the Financial Transactions Policy, revised the first paragraph to clarify that the refund and return policy presented is a general policy, and that if different terms are specified for a particular purchase or transaction, those specified terms shall take precedence over the general policy. In the Advertising Purchases bullet point, also changed “but prior to the expiration date” to “but prior to the expiration date of the ad commitment” for clarity and added a comma before that phrase.
- June 23, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the description of the “Biometric information” category to change “provides me with information about their health, sleep, and/or exercise habits” to “provides me with examples of their handwriting and/or information about their health, sleep, and/or exercise habits”. In the examples under “Other types of personal information …” changed “Handwritten notes and/or documents; illustrations; paintings; sketches; and/or other examples of individuals’ handwriting, calligraphy, and/or artwork (in whatever medium)” to “Examples of individuals’ artwork (in whatever medium or mediums)”. In the June 22, 2022 entry in this Recent Revisions list, changed “listing details of the cookies used with Google advertising …” to “containing a detailed list of cookies associated with Google advertising …” for internal consistency. Inevitably tinkered with these revisions after initial publication.
- June 22, 2022: In the preamble of this page and the Cookie Notice and in Cookies and Similar Technologies, changed the phrase “that explicitly require such a policy” to “that specifically require such a policy”. In Embedded Content, updated the YouTube and FeedBurner bullet points to add links to a Google page containing a detailed list of cookies associated with Google advertising and measurement products. In the Cookie Notice, updated the YouTube Videos and Vimeo Videos sections to add some additional cookies, correct the names of certain cookies (some of whose names actually start with a double underscore rather than a single underscore as previously listed), rearrange some of those cookies, and update the descriptions with some clarifications and additional relevant Google links. Also rearranged and slightly condensed the Vimeo Videos description (which was becoming unwieldy) and updated its trademark notice. Made some adjustments to the “last updated” date on the Cookie Notice (removing the day of the week and adding the word “on” after “updated”). Inevitably tinkered with these revisions after initial publication.
- June 21, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the description of the “Education information” category to more closely reflect the statutory and regulatory definitions. Inevitably tinkered with these revisions after initial publication.
- June 18, 2022: In the Refunds and Returns subsection of the Financial Transactions Policy, revised the Advertising Purchases bullet point to change the refund period for those transactions from five days to seven days. In the Other Purchase bullet point, changed the refund period for tangible goods from 21 days to 30 days and changed “from the date of your payment” to “from the date of purchase.” Also split the sentence about purchases of digital goods and/or services at “and I reserve the right …” making the latter portion a separate sentence beginning “I reserve the right …” Throughout that subsection, changed the phrase “reserve the right to refuse and/or refund” to “reserve the right to refuse and/or to refund” for greater clarity. Added a comma before the phrase “or as otherwise required by law” and changed “or otherwise required by law” to “or as otherwise required by law” (also set off with a comma) for consistency. In the Customer Service Information subsection of the Financial Transactions Policy, amended the sentence beginning “All communications made or received …” to change em dashes to parentheses. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Financial information pertaining to transactions with and/or otherwise involving …” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to set the examples in parentheses and change “such as (without limitation)” to “e.g.” (set off with a comma) for formatting consistency. Under “Internet or other electronic network activity information,” also changed “Encryption public keys, access codes, and/or similar security data” to “Encryption public keys and/or certificates, cryptographic signatures, and/or similar security data” to better express the intended scope. In the June 5, 2022; May 28, 2022; April 12, 2022, and April 1, 2022 entries in this Recent Revisions list, removed erroneous references to a separate Your California Privacy Rights page (which this website doesn’t currently have). Further updated the Cookie Notice to add some additional YouTube cookies to the applicable section. Inevitably tinkered with these revisions after initial publication.
- June 17, 2022: In Additional Information About Data Retention, revised the paragraph beginning “Where this policy indicates that …” to change “relevant criteria” to “relevant factors” and change “a variety of factors” to “a variety of criteria”. In the subsequent bullet-pointed list, changed “Does the information pertains” to “Does the information pertain” to fix a grammatical error. Updated the Cookie Notice to add the pm_sess and DV cookies to the list of YouTube cookies. Inevitably tinkered with these revisions after initial publication (including reordering the added cookies in the Cookie Notice).
- June 16, 2022: In Disclosure of Personally Identifying Information, made a formatting adjustment to the bullet point regarding disclosures to protect property, rights, security, and/or safety for stylistic consistency. (The text of that bullet point didn’t change, just which portion is boldface.)
- June 14, 2022: In Definitions, made a number of clarifications to the definitions of “user agent information” and “metadata.” In the “Other contact information” definition, changed “specific person” to “specific individual” (mostly for consistency). In the “Other documents/materials” definition, changed “document or material” to “document and/or material” and changed “newsletters” to “press releases” (as a more representative example). In Certificate Authority Checks, revised the “Categories of information collected” bullet point to change “visitor activity (referring site)” to just “visitor activity” (which is more technically accurate). In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “individual(s) or entities” to “individuals and/or entities”. In Transaction-Related Information I Receive from Third Parties, revised the paragraph beginning “In the same way, …” to change “individuals or entities” to “individuals and/or entities” for consistency. Inevitably tinkered with these revisions after initial publication.
- June 13, 2022: In the Customer Service Information subsection of the Financial Transactions Policy, made some minor wording adjustments to the first sentence of the first paragraph. Also rearranged the California Department of Consumer Affairs information to put the telephone numbers before the address and added “USA” to their postal address for stylistic consistency.
- June 12, 2022: In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised the paragraph on retention to change “unsolicited offers or solicitations” to “unsolicited offers or commercial solicitations” for clarity and change “… may discard applications that appear to be fraudulent or that were obviously generated by bots rather than people” to “… may (unless otherwise required by law) discard applications that were obviously generated by bots rather than people.”
- June 9, 2022: In Disclosure of Personally Identifying Information, updated the reference to Proton Mail to reflect the latest stylization (e.g., to style “Proton Mail” as two words rather than one), company name, policy links, trademark information, and other incidental details.
- June 8, 2022: In Definitions, updated the “Referring site” definition to change “take steps to remove …” to “claim to take steps to remove …” In Nevada Consumer Opt-Out Rights, set the paragraph beginning “Please note that …” in parentheses and changed “To request to opt out of the sale of your covered information in this way, …” to “To submit a request to opt out of the sale of your covered information, …” for clarity.
- June 5, 2022: In Additional Information About Data Retention, amended the bullet point beginning “How personal is the information?” to add “Is it sensitive information, such as a Social Security number? (I generally try to avoid collecting or retaining Social Security numbers, driver’s license numbers, or other government-issued identification numbers in the course of my business unless I’m legally required to do so.)” before “Is it private or confidential, …” and delete the word “otherwise.” Moved the Opting-Out or Submitting Other California Privacy Requests (Do Not Sell My Personal Information Page) section to make it a subsection of the CCPA Information Collection and Sharing Notice, immediately following the Disclosure or Sale of Personal Information subsection, and updated the Table of Contents accordingly. In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, deleted the second half of the final paragraph (which began “If you are a California resident …”), since that same text (verbatim) now appears in the subsection immediately following that one. Made some wording adjustments to the preamble of the CCPA Information Collection and Sharing Notice for clarity, including adding an internal link to the Additional California Privacy Rights (CCPA) section. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, adjusted the text style of the first sentence of the paragraph beginning “Please note that I do not necessarily collect …” Later in that subsection, updated the paragraph beginning “The fact that I collected and/or inferred …” to explain that my typical retention periods for personal information are discussed throughout the Privacy Policy and in Additional Information About Data Retention, adding links to the latter section and to the Table of Contents. Inevitably tinkered with these revisions after initial publication.
- June 3, 2022: In the Table of Contents, added some code labels for the benefit of screen readers and other assistive technologies. Throughout this page, updated the specific references to sections of the CCPA regulations to reflect the recent renumbering/reorganization of those regulations, retaining the previous section numbers in brackets for reference. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, amended the “Categories of information collected” bullet point to change “our locale” to “my locale”. In Additional Information About Data Retention, revised the bullet point regarding email to add language explaining WHY I typically retain email indefinitely. Also replaced the paragraph that began “Personal information I may collect in connection with …” with a new paragraph describing the criteria I may consider in determining the actual retention period of information retained indefinitely, including a list of representative examples of such criteria. In the subsequent list of conditions in which I may delete, discard, or destroy data, added the words “to the extent legally permitted,” separated by commas, after “I may,” and changed “unreadable” to “illegible.” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point beginning “Financial information pertaining to transactions …” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change “transaction ID numbers” to “invoices, transaction receipts, transaction ID numbers” (mostly for the avoidance of doubt, since the information already described in that bullet point consists largely of information found on or derived from invoices and receipts). In California Privacy Request Metrics (Record-Keeping Disclosures), made some code adjustments to the tables for better accessibility and added table captions. Inevitably tinkered with these revisions after initial publication.
- May 29, 2022: In Credits and License for This Policy, the preamble of the Cookie Notice, and the preamble of the Older Privacy Policy Revisions, clarified the wording of the license language. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised the “Categories of information collected” bullet point to change “related tax documents, other payroll-related information” to “tax documents, payment- and/or payroll-related information”. Made some further adjustments to the examples presented in the paragraph beginning “In such situations, …” mostly for wording consistency. In Nevada Consumer Opt-Out Rights, revised and updated the text for clarity and to more closely align with the wording of the law. (These changes went through several iterations.) Inevitably tinkered with these revisions after initial publication.
- May 28, 2022: In Definitions, made some revisions to the wording of the “Personal information/personal data/personally identifying information/personally identifiable information” definition (shifting from the second person to the third and making some clarifications). Also revised the definition of “Identifiers” to change “driver’s license numbers, Social Security numbers, …” to “Social Security numbers, taxpayer identification numbers, driver’s license or state ID card numbers, passport numbers, …” and revised the definition of “Other contact information” to clarify that it can also include any other identifier that allows a specific person to be contacted either physically or online. As a global change throughout the various “Categories of information collected” bullet points, changed “other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*” to “other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses, and/or other online contact info)*”. In Data in Submitted Images, revised the “Categories of information collected” bullet point to change “geolocation data (provided by the creator/rights holder/repository, determined from metadata, and/or inferred from other data)*” to just “geolocation data*”. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised “Categories of information collected” to add “special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*” for consistency with the text of that section and change “taxpayer identification numbers” to “Social Security numbers and/or other taxpayer identification numbers”. In the paragraph beginning “In such situations, …” made some clarifications about the types of information that may be collected in those circumstances. In Financial Transactions Policy, revised “Categories of information collected” to add “special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*” and change “taxpayer identification numbers” to “Social Security numbers and/or other taxpayer identification numbers”. In the Taxes subsection, made some clarifications to the text (including explaining reporting requirements may involve other government entities besides tax agencies, and that I may need to collect additional information from you for the purposes described) and split it into multiple paragraphs. In the Data Retention subsection, added a parenthetical sentence about legal retention requirements. In Transaction-Related Information I Receive from Third Parties, revised “Categories of information collected” to add “special: government-issued identification (e.g., driver’s license, state ID card, and/or passport)*” and change “taxpayer identification numbers” to “Social Security numbers and/or other taxpayer identification numbers”. In Other Information I Receive from Third-Party Sources, revised the “Categories of information collected” bullet point to change “geolocation data (provided by sources and/or inferred from other data)*” to just “geolocation data*” and added “special: other visible and/or audible information that may be personally identifiable and/or potentially personally identifiable (e.g., a pictured car’s license plate and/or vehicle identification numbers)*” for consistency with Data in Submitted Images. In Additional Information About Data Retention, changed “(e.g., a contractual obligation to return or destroy certain information after a specific period of time)” to “(e.g., statutory retention requirements, or a contractual obligation to return or destroy certain information after a specific period of time)”. In “Shine the Light” Law Disclosures, changed “as defined by …” to “as defined in …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “driver’s license numbers” to “driver’s license numbers, state ID card numbers” (in the examples of “Identifiers”) for consistency. In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice, changed “as defined by …” to “as defined in …” In California Privacy Request Metrics (Record-Keeping Disclosures), changed “as defined by the CCPA” to “which is how the CCPA defines that term” for clarity. Inevitably tinkered with these revisions after initial publication.
- May 24, 2022: In Information You Provide to Me, updated the language about information I need to collect, mostly for greater consistency with other sections of this policy (e.g., to mention that in some circumstances, I may be legally obligated to collect certain information) and to add a reference and internal link to the Data Related to Recruitment/Hiring or Business Partnerships section. In Additional California Privacy Rights (CCPA), fixed the punctuation of “et seq.”
- May 23, 2022: As a global change (except in Definitions and earlier entries in this Recent Revisions list), changed “potentially personally identifying” to “potentially personally identifiable” throughout. (For the purposes of this policy, those terms have the same intended meaning, which is explained in Definitions.) Also changed some but not all instances of the phrase “personally identifying” to “personally identifiable” throughout (again excepting this Recent Revisions list). In Definitions, changed the definition of “Personal information/personally identifying information/personal data” to “Personal information/personal data/personally identifying information/personally identifiable information”; clarified that this policy uses all of those terms interchangeably, made some wording revisions, and added a note that earlier versions of this policy used the term “potentially personally identifying information,” which meant the same thing as “potentially personally identifiable information” in the current version. In Data Related to Administrative Users, changed “any persons younger than 18” to “any person under the age of 18” for grammar and internal consistency. In Information Captured by Service/Software/App/Device Telemetry, changed “The information collected by these mechanisms can sometimes include personal information or …” to “The information collected by these mechanisms can sometimes include personal information and/or …” In the PayPal Buttons section of the Cookie Notice, changed “no personally identifying information” to “no personally identifiable information” for consistency. Amended the September 18, 2021 entry below to fix a capitalization error in a prior reference to the Disclosure of Personally Identifying Information section.
- May 22, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the examples of “Audio, electronic, visual, thermal, olfactory, or similar information” to note that this category may also encompass the sensory information normally received in the course of interacting with people in person (and thus seeing their faces, hearing their voices, etc.). (This is a clarification, not a change in the types of information collected.)
- May 14, 2022: Renamed the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice “Disclosure or Sale of Personal Information” and updated the Table of Contents and other internal references accordingly. In Disclosure of Personally Identifying Information, made some punctuation adjustments to the reference to Epic Browser and its associated features (changing commas to semicolons). In Additional California Privacy Rights (CCPA), revised the descriptions of the CCPA rights to more closely reflect the regulatory wording. In Opting-Out or Submitting Other California Privacy Requests (Do Not Sell My Personal Information Page), changed “If you are a California resident and would like to exercise your Right to Opt-Out of the sale of your personal information, or any of your other rights under the California Consumer Privacy Act of 2018 (CCPA) or other California privacy laws — e.g., the Right to Know (a.k.a. the right to access) and/or the Right to Delete your personal information …” to “If you are a California resident and would like to opt-out of the sale of your personal information, and/or to exercise any of the other privacy rights provided by California law — e.g., to request to know about personal information collected, disclosed or sold, and/or request deletion of your personal information …” In the Disclosure or Sale of Personal Information subsection of the CCPA Information Collection and Sharing Notice and Controller/Responsible Party, Questions, and How to Reach Me, changed “the Right to Know (a.k.a. the right to access), the Right to Delete your personal information, and/or the Right to Opt-Out of the sale of your personal information” to “to request to know about personal information collected, disclosed, or sold; request deletion of your personal information; and/or request to opt-out of the sale of your personal information” (again for internal consistency). Inevitably tinkered with these revisions after initial publication.
- May 12, 2022: In Contact Forms, revised the bullet-pointed provision beginning “If your message contains questions, …” to change “I will endeavor to do so at my earliest opportunity” to “I will endeavor to do so (to the extent I reasonably can) at my earliest opportunity” for consistency with the current wording of the Terms of Use. In Disclosure of Personally Identifying Information, updated the Facebook trademark notice. In Disclosure of Personally Identifying Information, updated the Facebook trademark notice and made a minor punctuation adjustment to that reference for clarity. Also added the Akismet spam-filtering service (and/or similar spam filtering services) to the examples of third-party vendors and/or service providers in that section. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the wording of two bullet points under “Professional or employment-related information”: Changed “Current and/or past occupation(s), job title(s), position(s), role(s), duties, and/or responsibilities” to “Current and/or past occupation(s), job(s), job title(s), position(s), role(s), duties, and/or responsibilities” and revised the final bullet point in that category to change both instances of “employment, occupation, work, vocation, …” to “employment, occupation, job(s), work, vocation, …”
- April 30, 2022: In Disclosure of Personally Identifying Information, updated the bullet point regarding my landlord(s) to note that they may also collect personal information from and/or about anyone who enters their premises (including, but not limited to, through the use of security cameras and/or other automated systems). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the “Biometric information” category description to better reflect the statutory definition and rearrange the order of the examples.
- April 26, 2022: In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised the examples in the paragraph beginning “in such situations, …” to change “employment history” to “employment histories” for grammatical consistency and change “salary or compensation information and/or history” to “information about professional charges, rates, and/or fees; information about salaries, compensation, and/or benefits (e.g., salary histories and/or salary expectations)” to better represent the range of possibilities. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Current and/or past compensation and/or benefits” (under “Professional or employment-related information”) to “Current and/or past salary, compensation, and/or benefits” for internal consistency and added an additional example to that category: “Professional charges, rates, and/or fees” (mostly for internal consistency and the avoidance of doubt, since such information would be reasonably encompassed by the final “Other information about …” bullet point under that category). In the last bullet point under that category, changed both instances of “occupation, work, vocation” to “employment, occupation, work, vocation” for completeness. Inevitably tinkered with these revisions after initial publication, including fixing an erroneous reference in an earlier version of this entry to the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice.
- April 23, 2022: In Contact Forms, added a paragraph after the list of circumstances in which messages may be published noting that I can’t control and take no responsibility for what third parties may do with personal information a published message may contain. In Data in Submitted Images, also deleted the separate reference to “metadata” in “Categories of information collected” (since it’s redundant and already reflected earlier in that list). (I had marked this change on April 22, 2022, but belatedly realized afterward that I hadn’t actually executed it. I did so early on April 23, 2022, updating the April 22, 2022 entry accordingly.) Also in Data in Submitted Images, added boldface to the statement about not being able to control and taking no responsibility for what third parties may do with personal information contained in published images and/or other media files or their metadata, and removed boldface from the following paragraph about adding metadata to images and/or other media. In Data Related to Administrative Users, updated the paragraph about embedded content in administrative emails to change “free to block the loading or download …” to “free to block the loading or downloading …” in the interests of better grammar. In Combining Information From Multiple Sources, changed “that relates to your online activities across different websites and/or online services” to “that relates to your online activities over time and/or across different websites and/or online services”. In Disclosure of Personally Identifying Information and in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed the phrase “other cohabitants” to just “cohabitants” (which in this context is meant in the broad sense of “other people living in the same home”). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Race, color, ethnicity, …” (under “Characteristics of protected classifications”) to change “residency status” to “immigration status” (which better expresses the intended scope in the context of federal and state nondiscrimination laws). In the “Professional or employment-related information” category later in that same subsection, changed “Business or organization ownership, officership, and/or registration information …” to “Business or organization ownership, directorship, officership, management, and/or registration information” and changed “an officer or trustee” to “and officer or director”; changed “Information about professional clients, clientele, customers, users, advertisers and/or sponsors, vendors, service providers, and/or subcontractors” to “Information about professional clients, clientele, customers, users, advertisers and/or sponsors, affiliates, subsidiaries, vendors, service providers, contractors, subcontractors, employees, interns, business partners, directors, officers, and/or shareholders”; and changed “endorsement, sponsorship, and/or affiliate relationships” to “advertising, endorsement, sponsorship, and/or affiliate relationships”. Inevitably tinkered with these revisions after initial publication.
- April 22, 2022: Revised some of the “Categories of information collected” bullet points throughout this page to make some adjustments to the use of asterisks (to indicate types of information that may be collected in some instances and not in others) for greater logical consistency. (This is mostly for consistency of presentation; the types of information that may be collected haven’t changed in any substantive way.) In Data Related to Administrative Users, added “fulfilling a contractual obligation” to the “Purpose(s)” bullet point (since it’s possible an administrative user might be an independent contractor or outside service provider doing administrative tasks under contract). Also added a paragraph to the text about embedded content and other remotely served code and/or content that may be incorporated into administrative email messages (e.g., logo images hosted on the web servers for this website, which some plugins may automatically add to administrative emails). In the Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, revised the paragraph beginning “You are responsible for promptly …” to change “I shall be deemed to have provided you with the communication” to “I shall (except as otherwise required by law) be deemed to have provided you with the communication.” Made a minor adjustment to the April 21, 2022 entry below (adding quotation marks around both instances of “Categories of information collected”) for stylistic consistency. Inevitably tinkered with these revisions after initial publication.
- April 21, 2022: In Data in Submitted Images, amended the “Categories of information” collected bullet point to change “other contact information*” to “other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)*” for internal consistency. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, amended the “Categories of information collected” bullet point to add asterisks after “other contact information (e.g., phone numbers, postal mailing addresses, and/or other street addresses)” and “other personal information” (again for internal consistency). In Disclosure of Personally Identifying Information, added Zendesk, Inc. to the examples of third-party vendors and/or service providers (in the “Providers whose services I may use in operating this website” bullet point). Also fixed a punctuation error (a missing semicolon) in that section. Inevitably tinkered with these revisions after initial publication.
- April 18, 2022: In the first paragraph of Security Scans and the final paragraph of Disclosure of Personally Identifying Information, changed “protect against unauthorized access, use, alteration, or destruction of personal information I collect through and/or in connection with this website” to “protect personal information I collect through and/or in connection with this website against unauthorized access, destruction, use, modification, or disclosure” (in the interests of better grammar and to more closely align with the wording of related state statutes). Later in Security Scans, also revised the paragraph regarding email servers to change “may use a variety of means” to “may use various measures” (mostly for wording consistency). In the preceding paragraph in Security Scans and the first paragraph of Information I Receive from Third Parties for Security Purposes, also changed the phrase “those examples should not be regarded as an exhaustive list” to “those examples should not be regarded as an exhaustive list, and I don’t necessarily use all of those providers at any given time.” In Other Information I Receive from Third-Party Sources, revised the paragraph beginning “(Again, the above scenarios …” to change the reference to the CCPA Information Collection and Sharing Notice to specifically reference the “Categories of Personal Information Collected” subsection of that notice (and add a link to it) for clarity. In Additional California Privacy Rights (CCPA), changed “The rights the CCPA provides California residents include:” to “If you are a California resident, your rights under the CCPA include:” for clarity. In the numbered list, changed “no more than twice in any 12-month period” to “not more than twice in a 12-month period” and changed “for exercising any of your rights under the CCPA” to “for exercising your privacy rights under the CCPA.” Adjusted the heading levels of the CCPA Information Collection and Sharing Notice and its various subsections and updated the Table of Contents accordingly. (This is mostly a stylistic change.) Renamed the yearly subsections of the California Privacy Request Metrics (Record-Keeping Disclosures) section from “California Privacy Request Metrics for the …” to “California Privacy Requests Received in …” and deleted the words “Calendar Year” in the interests of clarity. Also fixed a related technical error in the Table of Contents. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made a stylistic adjustment to the paragraph beginning “Put simply, by the law’s extremely broad definitions, …” (changing the font color), mostly for consistency. (As noted in the preamble, variations in text style have no legal significance or effect.) Inevitably tinkered with these revisions after initial publication.
- April 15, 2022: In Disclosure of Personally Identifying Information, added MailChannels Corporation to the examples of third-party vendors and/or service providers (in the “Providers whose services I may use in operating this website” bullet point).
- April 14, 2022: In the Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, added the parenthetical phrase “(to the extent permitted by applicable law)” after both instances of the phrase “I reserve the right”.
- April 12, 2022: In Notice Regarding Children Under 18; Not for Children, revised the first paragraph to change “Except as otherwise required by law …” to “Unless otherwise require by law …” and change “know to be from a child …” to “know or subsequently discover to be from a child …” In Categories of Information and Purposes for Collection, revised the parenthetical examples of information that is considered sensitive personal information in some jurisdictions to change “(e.g., political opinions, religious or philosophical beliefs, sexual orientation)” to “(e.g., political opinions, religious or philosophical beliefs, union membership, sexual orientation).” Removed the Age Verification section (as I no longer use and have removed that system) and updated the Table of Contents. Updated the Cookie Notice accordingly. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point on “Health insurance information” (under “Categories of personal information described in California Civil Code Section 1798.80(e)” to change “application or claims histories” to “application or claims records” in the interests of clarity. Inevitably tinkered with these revisions after initial publication.
- April 11, 2022: In Notice Regarding Children Under 18; Not for Children and Controller/Responsible Party, Questions, and How to Reach Me, added a paragraph reiterating the statement that except as otherwise required by law, privacy-related request or inquiries pertaining to children under 18 should be submitted by a parent, legal guardian, or other authorized adult representative. In Additional Information About Data Retention, updated the first bullet point to deleted the phrase “which may sometimes include information about or in some way connected with visitors to this website” (which is redundant). In Disclosure of Personally Identifying Information, changed “if I have roommates, houseguests, other cohabitants, and/or visitors” to “if I have roommates, other cohabitants, guests, and/or visitors in my home” for greater clarity. Made the same change in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice for consistency. Later in Disclosure of Personally Identifying Information, changed “collect from individual visitors …” to “collect about individual visitors …” (I initially made this “collect from or about,” but subsequently settled on “collect about” for the sake of internal consistency.) Inevitably tinkered with these revisions after initial publication.
- April 10, 2022: As a global change throughout this page (except in older entries in this Recent Revisions list), adjusted the capitalization of “Social Security numbers” (to make “numbers” lowercase). In Notice to Parents Regarding Children Under 18; Not for Children, added additional information about requesting removal or deletion of information, including a (legally required) disclaimer that it doesn’t ensure complete or comprehensive removal. Also renamed that section “Notice Regarding Children Under 18; Not for Children” and updated the Table of Contents accordingly. In Legal Bases for Collecting and Using Information, amended the bullet point regarding consent to add a sentence: “(You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.)” In Disclosure of Personally Identifying Information, added “weather services and/or weather bureaus” to the examples of third-party vendors and/or service providers (in the “Other types of vendors and/or service providers” bullet point). In Your Rights (GDPR and Other National or State Privacy Laws), updated the list of GDPR rights to delete the semicolon and the word “and” from the end of the bullet point on the right to object and add a bullet point regarding the right to withdraw consent. Inevitably tinkered with these revisions after initial publication.
- April 7, 2022: In Disclosure of Personally Identifying Information, made a minor stylistic adjustment to the DOI trademark symbols; revised the references to Wikimedia Foundation projects to remove the hyperlink from “Wikipedia®” (a privacy policy link that is now duplicative); and changed “museums, libraries, archives, and/or databases, public or otherwise” to “museums, libraries, archives, and/or databases, public and/or private” for internal consistency.
- April 4, 2022: In Categories of Information and Purposes for Collection, revised the paragraph beginning “Please also note that while the listed categories are intended to encompass …” to explain that the “other personal information*” catch-all category may encompass various different types or categories of personal information, including some representative examples. In the final paragraph of that section, deleted the sentence “California law now defines a series of specific categories of personal information, which are not necessarily intuitive or easy for the average person to grasp without actually reading the applicable statutes or referring to a list of examples.”
- April 3, 2022: In the Effective Date section of the preamble, changed “This version of the Privacy Policy is effective …” to “This version of the Privacy Policy was last updated on and is effective …” In Comments; Contact Forms; and Other Inquiries, Messages, and Support Requests, changed “which may from a variety of sources” to “which may come from a variety of sources” (since I somehow managed to omit the word “come” all three times).
- April 1, 2022: As a global change throughout this page (except in the earlier entries in this Recent Revisions list), changed the phrase “Advertising and other commercial purposes” (referring to purposes for collecting and using information” to “Advertising or other commercial purposes”. (This is a nitpicky semantic adjustment that doesn’t reflect any change in my actual practices.) In Categories of Information and Purposes for Collection, amended the “Legal compliance or audit” bullet point to change “to respond to subpoenas and/or other court orders” to “to respond to subpoenas, court orders, and/or other official orders”. (This is another semantic adjustment that doesn’t reflect any change in practices.) In the Information Sharing subsection of the Financial Transactions Policy, changed “As otherwise required by law” to “As otherwise legally required” and changed “subpoena or other court order” to “subpoena, court order, or other official order”. In Additional Information About Data Retention, revised the paragraph beginning “Special Note on Subpoenas, Court Orders, and Preservation Requests” to change “to the extent required by applicable law, which in some cases may also require me …” to “to the extent legally required; in some cases, I may also be required …”. In Disclosure of Personally Identifying Information, changed “If I am required by law to do so” to “If I am legally required to do so”; changed “other court order or administrative order” to “court order, or official order”; and changed “with applicable laws and/or regulations” to “with applicable laws, regulations, and/or orders”; made the same changes to the equivalent item in the the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice for consistency. (These also are fussy semantic changes.) In the preamble of the CCPA Information Collection and Sharing Notice, changed both instances of the word “notices” to “disclosures”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point beginning “Information about food, beverages, …” (under “Commercial information”) to change “consumes, prefers, and/or disdains” to “consumes, is considering or has considered, prefers, and/or disdains” (mostly for wording consistency).
- March 30, 2022: In Additional California Privacy Rights (CCPA), revised the list of CCPA rights to change “The right to not receive discriminatory treatment for exercising these rights” to “The right not to receive discriminatory treatment for exercising any of your rights under the CCPA.” Changed “You (or your authorized agent) can exercise your California privacy rights via …” to “You (or your authorized agent) can submit a request to know, a request to delete, and/or a request to opt-out via …” Updated the paragraph beginning “In order to better safeguard …” to add some general information about the identity verification process. Subsequently updated that paragraph further to add information about verification for requests submitted by an authorized agent. In Opting-Out or Submitting Other California Privacy Requests (Do Not Sell My Personal Information Page) and the final paragraph of the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “you (or your authorized agent) should visit …” to “you (or your authorized agent) can submit a request via any of the methods specified on …” Also in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the numbered list of business purposes to add an additional item: “Collection of employment-related information (as defined by Section 999.301(f) of the CCPA regulations), including for the purpose of administering employment benefits.” Adjusted the punctuation of the list accordingly. In the final paragraph of that subsection, also changed “feel free to contact me …” to “or if you have any concerns about those practices, feel free to contact me …” In Controller/Responsible Party, Questions, and How to Reach Me, changed “If you have questions about …” to “If you have questions or concerns about …” Inevitably tinkered with these revisions after initial publication. In the preamble of the Cookie Notice, changed “was last revised …” to “was last updated …”
- March 29, 2022: As a global change in the various “Categories of information collected” bullet points throughout this page, changed “special: mobile phone types/models (determined from user agent information)*” to “special: mobile device types/models (determined from user agent information)*” (since user agent information can sometimes indicate the types/models of tablets or other mobile devices as well as smartphones). In Contact Forms, revised the paragraph beginning “If you use the California Privacy Request Form on …” to change “on behalf of someone else for whom you are acting as an authorized agent” to just “on behalf of someone else” and add a final sentence: “(You can find more information about the verification requirements in the “Identity Verification Requirements” section of the Do Not Sell My Personal Information page.)”
- March 28, 2022: In the Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, amended the listed hardware and software requirements to change the phrase “to store the communications” to “to store the communications electronically” for clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed several instances of the phrase “though not” to “but not” and changed “information collected through cookies and/or similar technologies” (under “Identifiers”) to “information collected via cookies and/or similar technologies” for wording consistency. In the second-to-last bullet point under “Commercial information,” changed “consuming history and/or tendencies” to “consuming histories and/or tendencies”. Under “Professional or employment-related information,” combined the bullet points “Professional references” and “Performance evaluations and/or information about an individual’s professional reputation and/or conduct” into a single bullet point. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph about embedded content providers to change “information collected through cookies and/or similar technologies” to “information collected via cookies and/or similar technologies” (again for wording consistency). Inevitably tinkered with these revisions after initial publication.
- March 27, 2022: In Information I Receive From Third Parties for Security Purposes, updated the paragraph beginning “In many cases, …” to add “IP addresses” to the examples of information I might submit to list or database maintainers. (This is mainly for the avoidance of doubt, since hostnames, already listed among those non-exhaustive examples, typically incorporate IP addresses, as explained in Definitions.) Also changed “or post information on support forums in order to obtain help or advice in preventing and/or remediating certain malicious activity” to “post information on support forums in order to obtain help or advice in preventing and/or remediating certain malicious activity; or contact Internet service providers, web hosts, or email providers regarding malicious or fraudulent activity involving their systems” (separated with a semicolon) as an additional illustrative example. (The latter has long been part of my customary practice and is clearly encompassed by the category of disclosures I believe in good faith are reasonably necessary for my security and/or the security of others.) In Other Information I Receive from Third-Party Sources, changed “plays and/or theatrical productions; audio recordings; broadcasts of whatever type; public records; and/or online or offline electronic resources such as (again without limitation) websites, search engines, library catalogs, repositories, and/or databases” to “plays and/or theatrical productions; television programs; radio programs; broadcasts and/or streaming media of whatever type(s); podcasts; other audio recordings; online or offline electronic resources such as (again without limitation) social media, search engines, websites, library catalogs, repositories, and/or databases; and/or public records” (mostly for greater consistency with the Collection Sources subsection of the CCPA Information Collection and Sharing Notice). In Disclosure of Personally Identifying Information and the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed several instances of the phrase “whatever type” to “whatever type(s)” for internal consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, fixed a typographical error in the paragraph about embedded content providers (I misspelled “monetary” in the revision made on March 26, 2022, and then inadvertently said “we” instead of “I” in the initial version of this entry, which I fixed after initial publication). Inevitably tinkered with these revisions after initial publication.
- March 26, 2022: In Legal Bases for Collecting and Using Information, added some additional examples of legitimate interests and made some wording adjustments to the examples already listed. In How You Can Correct or Update Your Personal Information, changed “free expression” to “freedom of expression” for consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph beginning “By the CCPA definitions, …” to change “monetary compensation or other valuable consideration” to “monetary or other valuable consideration”. In the subsequent paragraph about embedded content providers (beginning “Additionally, …”), changed “monetary compensation” to “monetary consideration” for consistency.
- March 22, 2022: In Online Tracking, made a minor adjustment to the Google trademark notice. In Disclosure of Personally Identifying Information, made a minor punctuation adjustment to the Renesas trademark notice.
- March 20, 2022: In Data Related to Recruitment/Hiring/Employment or Business Partnerships, revised the paragraph beginning “In such situations, …” to change “must and/or must not collect or consider” to “must or must not collect and/or consider” (which makes more sense in context). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about other beliefs, …” (under “Other types of personal information”) to read “Information about philosophical or other beliefs, opinions, feelings, predispositions, attitudes, ideas, and/or viewpoints” to better describe the intended scope.
- March 19, 2022: In Disclosure of Personally Identifying Information, revised the references to Yahoo and AOL services to update the trademark notices.
- March 15, 2022: As a global change, changed the phrase “universally unique” to “unique” throughout. In Disclosure of Personally Identifying Information, amended the reference to WebAIM to clarify that WebAIM is at Utah State University and update the trademark notice. Inevitably tinkered with these revisions after initial publication.
- March 12, 2022: In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, revised the paragraph beginning “If a transaction is completed via PayPal services, …” to change “This transaction report does NOT include bank account or credit card numbers — the PayPal services do not provide and I do not have access to any credit card, bank account, or other financial institution account information you use …” to “This transaction report does NOT include and I do not have access to any credit card, debit card, bank account, or other financial account information you use …” for clarity and internal consistency. Later in that same paragraph, changed “via that service” to “via those services” for consistency and added the parenthetical phrase “(but may include my credit card, debit card, bank account, and/or other financial account information where applicable)” to the end of that sentence. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised two of the bullet points under “Categories of personal information described in California Civil Code Section 1798.80(e)”: In the bullet point beginning “Financial information pertaining to transactions with and/or otherwise involving …” changed “other financial institution account” to “other financial account” and deleted the parenthetical aside regarding PayPal services (which was of marginal relevance and potentially confusing in that context); in the bullet point beginning “Health insurance information …” changed “do NOT collect policy numbers or similar data” to “do NOT collect policy numbers, application or claims histories, or other such data (other than my own)” for clarity and the avoidance of doubt.
- March 10, 2022: As a global change, changed the phrase “related tax documents” to “relevant tax documents” throughout (except in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, where I left the phrase as it was). In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “your applicable taxpayer identification number, and/or relevant tax documents” to “tax ID number(s), relevant tax documents, and/or other tax-related information.”
- March 8, 2022: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the “Audio, electronic, visual, thermal, olfactory, or similar information” bullet point to change “voice(s)” to “voices” for grammatical consistency.
- March 6, 2022: In Legal Bases for Collecting and Using Information, added a final paragraph (adapted from the current Automattic language) explaining how to contact me for more information regarding international transfers of personal information. In Categories of Information and Purposes for Collection, updated the “Security, troubleshooting, quality control, and service improvement” bullet point to change “protect this website” to “safeguard this website”; change “from malicious activity” to “against malicious activity”; and change “safeguard my property” to “protect my property”. (This is strictly a nitpicking wording adjustment that doesn’t reflect any substantive change in the purposes described.) In the Consent to Electronic Communication Delivery subsection of the Financial Transactions Policy, revised the hardware and software requirements to change “that supports 128-bit or stronger encryption” to “that supports 256-bit or stronger encryption” (since the latter is the actual strength of this website’s current encryption setup). Inevitably tinkered with these revisions after initial publication.
- March 5, 2022: In Legal Bases for Collecting and Using Information, changed “third-party data processors” to “third-party data processors (including, though not limited to, my web host, which also hosts the mail servers for my aaronseverson.com email addresses).” In Disclosure of Personally Identifying Information, updated the last paragraph to change “and appropriate password protection” to “appropriate password protection, and (where available and appropriate) multi-factor authentication.”
- March 3, 2022: In Definitions, revised the definition of “Special” to read “This policy uses this term as a prefix in referring to certain types of information that call for special explanation because they aren’t easily categorized, overlap several different categories of personal information, and/or may or may not necessarily constitute personal information in all cases.” In Security Scans, updated the paragraph regarding the Sucuri Security plugin to change “and/or information in comments or …” to “the website domain name, username, and email address of an administrative user who generates an API key for communication with the remote service; and/or information contained in published comments and/or …” In Disclosure of Personally Identifying Information, revised the item about services that file other types of official documents and/or publish legally required notices on my behalf (under “Other types of vendors and/or service providers”) to change “(such as, without limitation, fictitious business name filing/registration services)” to “(e.g., fictitious business name filing/registration services and/or motor vehicle registration services)”. Inevitably tinkered with these revisions after initial publication.
- March 2, 2022: In the preamble, changed “in connection with this website (https://aaronseverson.com, including,” to “in connection with the aaronseverson.com website (including,”; changed “Please read this policy before using the site” to “Please read this policy carefully”; changed “in addition to or instead of this policy” to “in addition to or instead of this Privacy Policy”; and changed “of this website” to “for the aaronseverson.com website.” In Who I Am, changed “the terms “I,” “me,” and “my” shall be deemed to refer to …” to “the words “I,” “me,” and “my” refer to …” in the interests of reducing legal jargon; changed “the owner of this website” to “the owner and operator of the aaronseverson.com website”; deleted the text regarding DreamHost policies (instead making the first instance of “DreamHost®” the anchor text for a hyperlink to the DreamHost Privacy Policy); and changed “this website” to “the aaronseverson.com website”. In Security Scans, changed “that visitor’s IP address” to “that visitor’s IP address and/or hostname” and updated the paragraph regarding the iThemes Security plugin to also mention the QR Code generation API service used for multi-factor authentication setup. Also updated that paragraph’s trademark notices accordingly. In Data in Submitted Images, revised the paragraph beginning “Naturally, if you submit …” to change three instances of “or media file” to “image or other media file” and change “a published image/other media file or its metadata may contain” to “a published image or other media file or its metadata may contain.” In the subsequent paragraph about gathering additional information, changed “the images and/or media files” to “the images and/or other media files” In the subsequent paragraph about removing or redacting information, changed “image or media” to “image or other media”. In the paragraph beginning “In some cases, …” changed “specifically” to “specific” and changed “images/media files” to “images and/or other media files”. In the paragraph following that one, changed “the earlier version of the image or media file” to “the earlier version of the image or other media file”. In the final paragraph of that section, changed “If you have questions about image-related data, …” to “If you have questions about data related to images and/or other media, …” In Data Related to Administrative Users, added information about the QR Code API service and updated the paragraph regarding email notifications to note that if an administrative user requests a password reset, the confirmation email will include the IP address from which the reset request was made. In the Customer Service Information subsection of the Financial Transactions Policy, changed “would like further information” to “would like to receive further information”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about other professional relationships …” (under “Professional or employment-related information”) to change “such as, without limitation” to “e.g.” for greater stylistic consistency. In the California Privacy Request Metrics Methodology subsection, changed “a consumer’s request to opt-out of the sale of their personal information remains in force until the consumer opts-in” to “a consumer’s request to opt-out of the sale of their personal information remains in force indefinitely unless the consumer subsequently decides to opt-in” for clarity. In Controller/Responsible Party, Questions, and How to Reach Me, changed “personal data” to “personal information” (for greater internal consistency, although this policy uses the terms “personal information” and “personal data” synonymously). In Privacy Policy Changes, changed both instances of “this website” to “the aaronseverson.com website”. Inevitably tinkered with these revisions after initial publication.
- March 1, 2022: As a global change throughout this page, replaced many (though not all) instances of the word “gather” (however conjugated) with “collect” (conjugated the same way — e.g., changing “gathered” to “collected”). (This change is mostly for the sake of greater internal consistency; as noted in Definitions, this policy uses the terms “gather” and “collect” synonymously.) Also changed certain instances of the word “receive” and “obtain” (however conjugated) to “collect” (conjugated the same way), again for wording consistency. Also as a global change, replaced curved apostrophes with straight ones for stylistic consistency. In the preamble, added the site URL. Renamed the Information I Collect section “Ways I Collect Information” for clarity and rearranged that section and the Categories of Information and Purposes for Collection section so that they come after Cookies and Similar Technologies (with Categories of Information and Purposes for Collection first), updating the Table of Contents accordingly. In Definitions, changed two instances of the word “treats” to “uses”. In Categories of Information and Purposes for Collection, changed “the categories of purposes for which I may collect that information” to “the categories of purposes for which I collect and use that information”; changed “Those possible purposes include:” to “Those purposes may include:”; changed “information I collect may have several purposes or possible purposes” to “I may collect information for several purposes or potential purposes”; changed “multiple purposes or possible purposes” to “multiple purposes or potential purposes”; and deleted the sentence beginning “There may be circumstances …” In the final paragraph of that section, changed “the categories listed in the “Categories of information gathered” bullet points …” to “the categories listed in the “Categories of information collected” bullet points …” In the subsequent sections (except this Recent Revisions list), renamed the “Categories of information gathered” bullet points “Categories of information collected” and changed the phrase “possible purposes” to “potential purposes” for internal consistency. In Ways I Collect Information, changed the phrase “will be further explained below” to “will be further explained in the sections below.” In Consents and Agreements, changed “gathering” to “collection” and changed “and/or that you submit …” to “and/or that you provide …” In Comments, changed “Although the website automatically collects the IP address and user agent information of …” to “Although the website automatically collects the IP address (and/or hostname) and user agent information of …” for internal consistency. In Other Information You Provide to Me, Data Related to Recruitment/Hiring/Employment or Business Partnerships, and Other Information I Receive from Third-Party Sources, changed “the context in which I received it” to “the context in which I collect it.” In Data in Submitted Images, changed “the context in which I obtained them” to “the context in which I obtain them.” In the Information Sharing subsection of the Financial Transactions Policy, changed “have received a subpoena or other court order” to “receive a subpoena or other court order” to match the tense used in the rest of that list. In Information I Receive from Third Parties for Security Purposes, changed “collect and handle that information” to “use that information”. In Other Information I Receive from Third-Party Sources, also changed “and/or obtain the contact information of an editor or publisher” to “and/or seek out the contact information of the editor or publisher”; changed “I we may …” (which was a typographical error) to “I may …”; and revised the parenthetical sentence that began “Naturally, certain information …” to change “certain information” to “some of the information” and add a comma after “come from you”. In Additional Information About Data Retention, changed “how and why I received it” to “how and why I collect it” and changed “may be legally compelled …” to “may be legally obligated …” In Disclosure of Personal Information and the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed several instances of “we” to “I”. In Disclosure of Personally Identifying Information, also added fraud prevention services to the examples in the “Other types of vendors and/or service providers” bullet point and changed “online scheduling, task management, meeting, and/or collaboration platforms, tools, and/or services” to “online scheduling, calendar, task management, meeting, and/or collaboration platforms, tools, and/or services” for completeness. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph beginning “Additionally, some of my embedded content providers …” to delete the phrase “(and/or otherwise obtained from me)”. In Controller/Responsible Party, Questions, and How to Reach Me, changed “this website” to “the aaronseverson.com website”. In the Cookie Notice, changed the phrase “was last updated …” in the preamble to “was last revised …” Moved the reference to the article about how to manage or delete web storage data from the Categories of Cookies Used section to the How This Website Uses Cookies and Similar Technologies section, consolidating that information with the existing last paragraph (about disabling data storage not being recommended), making a number of clarifications, and changing both instances of the phrase “the company” to “the business”. In the Categories of Cookies Used section, changed “As noted above, you can also review this information …” to “As noted above, you can also review these cookie categories …” Amended the February 27, 2022 entry in this Recent Revisions list to fix an inadvertent use of “our” rather than “my”. Inevitably tinkered with these revisions after initial publication.
- February 28, 2022: In How You Can Correct or Update Your Personal Information, changed “as appropriate” to “as I deem appropriate”. In the second paragraph, changed “particularly if a change or correction involves …” to “particularly if a change or correction you’ve requested involves …” and added a clause to the end of the first sentence, separated with a semicolon: “I may deny your request to correct or update personal information if I’m not reasonably certain that you are who you say you are.” Added a new paragraph about other reasons I may deny a request to change or correct personal information. In Disclosure of Personally Identifying Information changed “third-party printers and/or print services” (in the “Other types of vendors and/or service providers” bullet point) to “third-party printers and/or print services (including, though not limited to, services through which I order personal and/or business checks)”. In California Do Not Track Disclosure (CalOPPA), added a new first sentence: “Many modern web browsers (and some other user agents) offer a privacy setting that automatically sends a “Do Not Track” signal to the websites and online services you visit.” Changed “does not currently respond to Do Not Track browser settings” to “does not currently respond to Do Not Track signals” and added a sentence about embedded content providers. Also changed “(California residents are entitled to this disclosure under California Business and Professions Code Section 22575(b)(5).)” to “(California residents are entitled to this disclosure under the California Online Privacy Protection Act (CalOPPA) (California Business and Professions Code Section 22575 et seq.).)” (I had intended to make this change back on November 28, 2021, but somehow didn’t implement it; I updated the November 28, 2021 entry in this Recent Revisions list accordingly, to avoid confusion.) In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the examples in the “Biometric information” category to change “if you provide me with information about your health, sleep, and/or exercise habits” to “if an individual provides me with information about their health, sleep, and/or exercise habits” to be more consistent with the wording of the listed examples in the other categories. Removed an extra space.
- February 27, 2022: In Embedded Content, split the paragraph beginning “You should generally assume that …” at the sentence beginning “Embedded content providers may combine …” and changed “over time and/or across other websites and/or online services …” to “over time and/or across different websites and/or online services …” In Advertising, deleted the parenthetical sentence beginning “(Advertisements, banners, …” (since that issue is discussed later in the section). In the subsequent paragraph about advertisements and donation boxes on the administrative dashboard, added the phrase “the providers of such advertising and/or embedded content may combine some or all of that information with information they gather about the user over time and/or across different websites and/or online services” after “in the manner described in the “Embedded Content” section above,” separated by a semicolon. In the following sentence, changed “is controlled by the applicable developers and/or their respective service providers” to “is controlled by the applicable developers and/or their respective service providers and/or advertising partners”. In Data Related to Administrative Users, added a final sentence to the paragraph beginning “As noted in “Embedded Content” and …”: “The providers of such advertising and/or embedded content may combine some or all of that information with information they gather about the user over time and/or across different websites and/or online services, which is typically outside of my control.” In Combining Information From Multiple Sources, changed “may combine information” to “may combine personal information”; deleted the phrase “and/or that you’ve shared in other public forums”; and changed “and/or from across the Internet (e.g., if I observe that you use the same username or nickname across multiple websites and/or online services I visit and/or otherwise use)” to “and/or collect personal information that relates to your online activities across different websites and/or online services (e.g., by reading comments, social media posts, and/or articles you’ve published elsewhere on the Internet)” for greater clarity. Added a new section after Combining Information From Multiple Sources: How You Can Correct or Update Your Personal Information. Updated the Table of Contents accordingly. In Disclosure of Personally Identifying Information, updated the paragraph beginning “Fourth, …” to delete the parenthetical sentence beginning “Advertisements, banners, …” and replace it with a new final sentence: “(Also, in some cases, the advertisements, banners, and/or donation boxes that certain plugins, themes, and/or other add-ons place on the site’s administrative dashboard may collect personal information about logged-in administrative users, which the providers of such advertising and/or embedded content may sell and/or combine with information they gather about the user over time and/or across different websites and/or online services for various commercial purposes; this is typically outside of my control.)” In the preamble of the CCPA Information Collection and Sharing Notice, changed “the sources from which the business gets that personal information, and how and why the business uses and/or shares that personal information” to “the categories of sources from which the business collects such personal information, and how and why the business uses and/or discloses that personal information.” Also changed “These disclosures” to “These notices” and changed “make the disclosures listed below” to “present the following notices” for greater consistency with the wording of the statutes and regulations. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “collect and/or have collected” to “collect, have collected, and/or may collect” for the avoidance of doubt. Later in that paragraph, changed “these disclosures also include …” to “this notice also includes …” In the paragraph beginning “The examples listed …” changed “may gather and/or have gathered” to “may collect and/or have collected” and changed “collect and/or have collected on …” to “collect, have collected, and/or may collect about …” for consistency. In the final sentence of the subsection, changed “The disclosures above DO include categories of personal information that …” to “The above categories DO include personal information that …” for clarity. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph about advertising (beginning “As noted in …”) to delete the parenthetical sentence about administrative dashboard advertising and replace it with a new final sentence for consistency: “(Also, in some cases, the advertisements, banners, and/or donation boxes that certain plugins, themes, and/or other add-ons place on the site’s administrative dashboard may collect personal information about logged-in administrative users, which the providers of such advertising and/or embedded content may sell and/or combine with information they gather about the over time and/or across different websites and/or online services for various commercial purposes; this is typically outside of my control.)” In Controller/Responsible Party, Questions, and How to Reach Me, changed “If you have questions about this policy or my use of personal information, or if you would like to contact me regarding …” to “If you have questions about this policy or my use of personal information, if you’d like to request a change or correction to personal information I’ve collected about you, or if you would like to contact me regarding …”
- February 26, 2022: In the preamble, adjusted the link to this Recent Revisions list so that the word “section” is outside of rather than part of the link’s anchor text (for stylistic consistency) and changed “If this policy has changed since you last reviewed it, or if …” to “If the last time you reviewed this policy was prior to that date, or if …” for clarity. In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, revised the examples in the bullet point on “Published works and/or other sources available to the public” to change “social media, websites, online databases and/or repositories” to “social media, search engines, websites, online databases and/or repositories” for greater consistency with Other Information I Receive from Third-Party Sources. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “might be deemed sharing information “for commercial purposes” whether or not any transaction …” to “might be deemed sharing information “for commercial purposes,” whether or not any transaction …” In the California Privacy Request Metrics Methodology subsection of the CCPA Information Collection and Sharing Notice, changed “Under California law, an opt-out request must remain in force until the consumer opts-in, so I respond to duplicative or repeated opt-out requests from a requestor who has already opted-out by affirming that the requestor’s original opt-out remains in effect” to “Under California law, a consumer’s request to opt-out of the sale of their personal information remains in force until the consumer opts-in, so I respond to duplicative or repeated requests to opt-out from a requestor who has already opted-out by affirming that the requestor’s original opt-out request remains in effect” for clarity. Inevitably tinkered with these revisions after initial publication.
- February 25, 2022: As a global change, changed “voice mail” to “voicemail” throughout this page. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the examples in the bullet point beginning “Other financial information” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change “liabilities, payments, and/or balances” to “liabilities, payments, balances, and/or taxes” for completeness. Also revised a bullet point under “Professional or employment-related information” to change “Training, professional development, career goals, and/or professional aspirations” to “Training, continuing education, professional development, career goals, and/or professional aspirations” for the same reason.
- February 23, 2022: Updated the Acceptable Payment Types subsection of the Financial Transactions Policy to reorganize the first two paragraphs as a bullet-pointed list and make a number of clarifications. (The two substantive changes are to clarify that advertising purchases can also be paid by check, money order, or electronic funds transfer — I didn’t mean to imply that advertising could only be purchased via PayPal payments — and to note that I will now accept PayPal payment(s) of license fees and/or royalties for the reuse of my content, though not for my professional writing/editing/writing consulting services.) In Disclosure of Personally Identifying Information, added “services that file other types of official documents and/or publish legally required notices on my behalf (such as, without limitation, fictitious business name filing/registration services)” to the examples listed in the “Other types of vendors and/or service providers” bullet point. Inevitably tinkered with these revisions after initial publication.
- February 15, 2022: In the Information Sharing subsection of the Financial Transactions Policy, changed “accountant(s), tax preparer(s), and/or tax attorney(s)” to “accountant(s), tax preparer(s), tax filing service(s), and/or tax attorney(s)” for completeness. In Disclosure of Personally Identifying Information, updated the examples of third-party vendors and/or service providers to add a reference to the web server software, apps, and frameworks used and/or offered for use on this website’s web servers and change “bookkeeping, accounting, and/or tax preparation services” to “bookkeeping, accounting, tax preparation, and/or tax filing services (which may include, but are not necessarily limited to, electronic filing services)” for completeness and consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised two of the bullet points under “Other types of personal information not specifically described in the applicable statutes”: In the bullet point beginning “Information about an individual or household’s interactions with government agencies, …” revised the parenthetical examples to read “(e.g., information regarding an individual or household’s involvement in and/or connection with official hearings, proceedings, inspections, audits, investigations, reports, and/or complaints, of whatever type(s) and/or nature(s))” (mostly to eliminate some redundancies), and in the bullet point beginning “Information about an individual’s style(s), themes, …” changed “influences, inspirations, tendencies, development, …” to “influences, inspirations, tendencies, techniques, development, …”
- February 12, 2022: In Disclosure of Personally Identifying Information, updated the bullet points regarding employees, independent contractors, interns, agents, and/or business partners and third-party vendors and/or service providers to remove the sentence beginning “Some or all of …” regarding ones that may be located outside your home country and/or the European Economic Area, a point that is addressed in Legal Bases for Collecting and Using Information. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, renamed the “Protected classification information (characteristics of protected classifications under California or federal law)” category “Characteristics of protected classifications under California or federal law”; renamed the “Sensory data (audio, electronic, visual, thermal, olfactory, and/or similar information)” category “Audio, electronic, visual, thermal, olfactory, or similar information”; and changed “Inferences I draw from …” to “Inferences drawn from …” to more closely align with the wording of the statutory categories. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, amended the bullet point beginning “If the information is de-identified” to change “such that it could not reasonably be used to identify specific person(s)” to “such that it could not reasonably be used to identify the specific person(s) and/or household(s) to whom the information pertains” for greater consistency with the wording of the related bullet point in Disclosure of Personally Identifying Information. In the California Privacy Request Metrics (Record-Keeping Disclosures) subsection of the CCPA Information Collection and Sharing Notice, changed “through my 6200 Productions professional writing website” to “through my 6200 Productions professional writing/editing/consulting website” for wording consistency. In the California Privacy Request Metrics for the 2020 Calendar Year subsection, changed “Totals include several duplicate deletion requests and opt-out requests” to “Totals include several duplicative requests.” In the California Privacy Request Metrics Methodology subsection, changed “duplicate or repeated” and “duplicated or repeated” to “duplicative or repeated”. Inevitably tinkered with these revisions after initial publication.
- February 8, 2022: In Comments, changed “may email you at that address prior to or instead of publishing the comment” to “may email you at that address in addition to or instead of publishing the comment” for consistency with the current wording of the Terms of Use. Later in the section, also changed “and to distinguish human users …” to “and to help distinguish human users …”
- February 7, 2022: In Comments, changed “By submitting a comment, you are expressly authorizing me to publish and use the comment as described …” to “I may publish and/or use your submitted comment(s) as described …” In the Information Sharing subsection of the Financial Transactions Policy, changed “By making a payment (by whatever means), you grant me express permission to disclose information associated with your transaction(s) …” to “I may disclose information related to your transaction(s) with me that pertain directly to the aaronseverson.com website …” Later in that same subsection, changed “By making a payment, you also grant me express permission to communicate with you regarding your transaction via email and/or postal mail …” to “I may also use personal information related to your transaction(s) to communicate with you via email and/or postal mail regarding the transaction(s) …” In Disclosure of Personally Identifying Information, revised the reference to the F-Droid repository and app to change both instances of “repository” to “repositories” (since there are technically several F-Droid repositories). Later in that section, updated the bullet point beginning “If I believe in good faith …” to change “I may forward (and you expressly authorize me to forward) your claim to that third party (since such claims may implicate their rights)” to “I may forward a copy of your claim to that third party (since the claim may implicate their rights)” for consistency with the related language in the Terms of Use. Also made a correction to the September 6, 2021 entry below (which had identified a paragraph as beginning with “By making a payment or contribution …” where that paragraph actually began “By making a payment …”).
- February 5, 2022: In Comments, removed the parenthetical reference in the first paragraph to the tools on the Privacy Tools page (as the data request tools aren’t working and have been removed from that page). In Disclosure of Personally Identifying Information, amended the reference to Apple products and/or services to change “use of iTunes, the iTunes Store, …” to “use of iTunes software, the iTunes Store online store, …” In Your Rights (GDPR and Other National or State Privacy Laws), removed the reference to the tools on the Privacy Tools page (as the data request tools aren’t working and have been removed from that page). Also deleted the final sentence of that section (that began “Also, please note …”). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Other financial information …” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change “the net worth of public figures” to “the net worths of public figures” (which is more grammatically correct). In Controller/Responsible Party, Questions, and How to Reach Me, removed the reference to the data request tools on the Privacy Tools page. (The data request tools previously used on that page are no longer working, so I removed them while I seek a suitable replacement.) Inevitably tinkered with these revisions after initial publication.
- February 3, 2022: In Definitions, clarified the “Email header information” definition by changing “also the names and IP addresses of the mail servers that sent and received the message, routing information, encryption and security protocols, and other technical details” to “also the IP addresses and/or hostnames of the mail servers that transmitted the message, routing information, security protocols, encryption information (if any), the mail client(s) used, and/or other technical details; in some cases, the headers may also include your IP address and/or hostname.” Also changed “(The precise details vary depending on your email client and provider.)” to “(The precise details may vary depending on your email client and provider and how you’re connecting to the Internet.)” In Additional California Privacy Rights (CCPA), made some further wording adjustments to the description of the Right to Know to more closely reflect the wording of the applicable statutes and regulations: added “The categories of third parties with whom I share personal information, and” as a separate item after “The business or commercial purpose(s) …”; changed “shared with third parties for business purposes and/or sold to third parties in the preceding 12 months” to “sold and/or disclosed for a business purpose in the preceding 12 months”; and changed “the categories of third parties with whom that category of personal information was shared and/or to whom that category of personal information was sold” to “the categories of third parties to whom I sold and/or to whom I disclosed for a business purpose that particular category of personal information.” Inevitably tinkered with these revisions after initial publication.
- February 2, 2022: In Disclosure of Personally Identifying Information, revised the examples of “Other types of vendors and/or service providers” to change “fingerprinting and/or background check services” to “fingerprinting, background check, and/or identity verification services” and change “legal aid and/or other legal consulting or legal counseling services” to “legal aid and/or other legal consulting, legal counseling, and/or legal referral services” for completeness. In the Collection Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the last bullet point in the list to change “otherwise distribute my content …” to “otherwise distribute, and/or to whom I license and/or offer, my content …” for completeness.
- February 1, 2022: In Who I Am, changed “U.S.A.” to “USA” for internal consistency. In Legal Bases for Collecting and Using Information, changed “below and throughout this Privacy Policy” to “below” for clarity and internal consistency. In Your Rights (GDPR and Other National or State Privacy Laws), changed “If you are located in certain countries, …” to “If you are located in certain parts of the world, …” Updated the bullet point about objecting to the use and processing of personal data, added the parenthetical phrase “(and to object at any time to the use and processing of your personal data for purposes of direct marketing, including profiling to the extent it relates to such direct marketing)” after “of your personal data”. Changed “allow residents of countries outside the U.S. to request …” to “allow people located in countries outside of the U.S. to request …” Also changed “under the privacy and/or data protection laws of their home state …” to “under the privacy and/or data protection laws of a U.S. state …” In Additional California Privacy Rights (CCPA), changed “The business or commercial purpose(s) for which such personal information was collected or sold …” to “The business or commercial purpose(s) for which that personal information was collected and/or sold …”; changed “have shared with third parties …” to “shared with third parties …” and changed “The categories of third parties with whom each of those categories of personal information was shared and/or to whom personal information was sold” to “For each of those categories of personal information, the categories of third parties with whom that category of personal information was shared and/or to whom that category of personal information was sold” to better reflect the wording of the applicable statutes and regulations. In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, changed “Clients or employers” to “Clients and/or employers” for wording consistency within that list. In the Collection Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the wording of the reference to the Categories of Information and Purposes for Collection section to change “defined in …” to “described in …” for wording consistency. In Controller/Responsible Party, Questions, and How to Reach Me, split the first paragraph into two (at the sentence beginning “If you have questions …”) and added a reference in the second of those paragraphs to the request tools on the Privacy Tools page, along with a link to that page. In the Cookie Notice, revised the paragraph beginning “Some websites and/or online services may also use similar technologies, …” to change “about you and your user agent (as defined in …” to “about you and your user agent (a term explained in …” for internal consistency. Made a minor clarification to the January 31, 2022 entry below. Inevitably tinkered with these revisions after initial publication.
- January 31, 2022: In Additional California Privacy Rights (CCPA), changed “The categories of business and/or commercial purposes for collecting and using that information, and” to “The business or commercial purpose(s) for which such personal information was collected or sold, and” and changed “The categories of third parties with whom personal information was shared …” to “The categories of third parties with whom each of those categories of personal information was shared …” to better reflect the wording of the applicable statutes and regulations. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the numbered list about business purposes to change “analytics services” to “analytic services” to reflect the statutory wording.
- January 30, 2022: In Legal Bases for Collecting and Using Information, changed “legal grounds for collecting and using your information are that:” to “legal bases for collecting and processing your information are that:”; deleted the parenthetical example in the item on legal obligations; and revised the “legitimate interest” item to add “to comply with the laws and regulations that apply to me and my business” to the listed examples. In Contact Forms, updated the paragraph regarding sharing or disclosing information related to California Privacy Request Form submissions to change “for administrative and/or compliance purposes” to “for compliance purposes”. In the Returned Check Fees subsection of the Financial Transactions Policy, changed “our bank(s)” to “my bank(s)”. In Additional California Privacy Rights (CCPA), rearranged the items on the first numbered list so that “The categories of sources …” precedes rather than follows “The categories of business and/or commercial purposes …” In a subsequent item in that list, changed “The categories of personal information about you (and/or your household) that I have shared with third parties for business purposes or sold to third parties in the preceding 12 months” to “The categories of personal information that I have shared with third parties for business purposes and/or sold to third parties in the preceding 12 months” to better reflect the wording of the applicable statutes and regulations. In the subsequent item, changed “with whom personal information was shared or to whom personal information was sold” to “The categories of third parties with whom personal information was shared and/or to whom personal information was sold” to fix the inadvertent deletion of the first part of that sentence and for wording consistency. Later in that section, changed “Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to your request” to “Applicable law and/or regulations stipulate the maximum time allowed for acknowledging and/or responding to requests.” Later in that section, changed “disclosing certain types of extremely sensitive personal information (e.g., Social Security Numbers or financial account numbers)” to “disclosing certain pieces of sensitive personal information (e.g., Social Security Numbers, financial account numbers)” for clarity. Inevitably tinkered with these revisions after initial publication.
- January 29, 2022: In Comments, changed “to better understand who you are and the context of your comment” to “to help me better understand who you are and the context of your comment, and/or, where applicable, verify your identity.” In Contact Forms, changed “to verify your identity and/or help me better understand the context of your inquiry” to “to help me better understand who you are and the context of your message, and/or, where applicable, verify your identity.” In Other Inquiries, Messages, and Support Requests, changed “As noted in the “Comments” section above …” to “As noted in the “Comments” and “Contact Forms” sections above …” and changed “to help me better understand who you are and the context of your message” to “to help me better understand who you are and the context of your message, and/or, where applicable, verify your identity.” (These changes are for the sake of wording consistency across these sections; verifying your identity would reasonably fall into the broader category of helping me better understand who you are!) In Disclosure of Personally Identifying Information, changed “have no reasonable way of associating data …” to “have no practical way to associate information …” and changed “obtained” to “collected” for internal consistency. In Additional California Privacy Rights (CCPA), changed “request to know — free of charge, and (where possible) in “a readily usable format”:” to “request to know (free of charge, in a portable and (to the extent technically feasible) “readily useable format,” and no more than twice in any 12-month period):”; changed “for business or commercial purposes in the preceding 12 months” to “for business purposes or sold to third parties in the preceding 12 months”; and changed “with whom personal information was shared” to “with whom personal information was shared or to whom personal information was sold” to better reflect the wording of the applicable statutes and regulations. Later in that section, amended the paragraph beginning “In order to better safeguard your privacy …” to change “(You can find more information in …” to “(You can find more information about the verification requirements in …” and delete the final sentence after the parenthetical reference to the Do Not Sell My Personal Information page (which discusses the verification requirements in more detail it doesn’t make sense to repeat here). In the subsequent paragraph, changed “Even if I verify …” to “Please note that even if I verify …” Deleted the subsequent paragraph beginning “Please note that in addition to any exceptions and exemptions …” In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the paragraph beginning “Although the above examples …” to delete the parenthetical example about text messages. Inevitably tinkered with these revisions after initial publication.
- January 28, 2022: In the Taxes subsection of the Financial Transactions Policy, changed “may also be required to report certain payments made to or received from you to one or more applicable tax agencies, …” to “may also be required to report certain information about you to one or more applicable tax agencies in connection with payments I make to or receive from you, …” for greater clarity and set that sentence in parentheses.
- January 26, 2022: In Online Tracking, updated the trademark notice to add Google Search Console. In Contact Forms, updated the paragraph beginning “Special Note on Legal Names vs. Pseudonyms/Aliases” to add “financial transactions”; change “that pertain to other legal matters” to “that pertain to financial and/or legal matters”; and change “for certain privacy-related requests” to “certain privacy-related requests” for internal consistency. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, updated the “Categories of information gathered” bullet point to add “special: work authorization, payment, and/or tax-related information (e.g., taxpayer identification numbers, related tax documents, other payroll-related information, and/or information pertaining to an individual’s authorization to work in my locale)*” for completeness. In the “Categories of information gathered” bullet point of the Financial Transactions Policy, changed “special: amounts and other transaction-specific details and/or other financial information, e.g., transaction IDs, checks, and/or tax forms*” to “special: transaction-specific details, other financial information, and/or tax-related information (e.g., transaction IDs, check information, payment history, account information, taxpayer identification numbers, and/or related tax documents)*” for greater clarity. In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “(where applicable) relevant tax documents such as (again without limitation) Form 1099-MISC and/or Form W-9” to just “relevant tax documents.” (The tax documents that may be relevant in a given situation may vary, and there are too many possibilities to attempt to enumerate here.) In the Taxes subsection, changed “collect and/or withhold tax (e.g., sales or use tax) from you and pay it directly to the applicable tax agency or agencies” to “collect and/or withhold certain taxes from you and pay those taxes directly to the applicable tax agency or agencies. I may also be required to report certain payments made to or received from you to one or more applicable tax agencies, even where no tax collection or withholding requirements apply.” In the Returned Check Fees subsection, replaced the dollar amount with a statement that the returned check fee may be up to but not exceeding the actual amount(s) of any fees my bank(s) and/or other financial institution(s) charge me in such circumstance. In the Information Sharing subsection, revised the bullet point regarding tax agencies to change “where I deem it reasonably necessary …” to “where I am legally required to do so and/or deem it reasonably necessary …” In the “Categories of information” gathered bullet point of Transaction-Related Information I Receive from Third Parties, changed “special: amounts and other transaction-specific details and/or other financial information, e.g., transaction IDs and/or payment amounts*” to “special: transaction-specific details, other financial information, and/or tax-related information (e.g., transaction IDs, check information, payment history, account information, taxpayer identification numbers, and/or related tax documents)*” for consistency. In Disclosure of Personally Identifying Information, updated the Google bullet point to add Google Search Console to the trademark notice. In the “Other providers whose services enable me to operate and/or secure my system(s), device(s), and/or data” bullet point, added the Sectigo certificate authority (which provides my personal authentication certificate for digital signatures) and David Wittman’s csrgenerator.com app. Inevitably tinkered with these revisions after initial publication.
- January 25, 2022: In Disclosure of Personally Identifying Information, revised the paragraph beginning “Fifth, …” (about third-party vendors and/or service providers) to change “including, though not necessarily limited to, …” to “including, though not limited to, …”; change “use of their content and/or services” to “use of their content, products, and/or services” for completeness; change “but without limitation” to “again without limitation”; change “how video hosting platforms use the information they may collect” to “how video hosting platforms use information they collect”; and change “use data they may gather through their services” to “use data they gather through their respective services.”
- January 24, 2022: In Definitions, revised the “Cookies and similar technologies” definition to fix an incorrectly formatted link; change “(for the EU and UK)” to “(for the EU, Switzerland, and the UK)”; and change “may be (or may incorporate) …” to “may be (and/or may incorporate) …” In Other Information I Receive from Third-Party Sources, amended the paragraph regarding third-party vendors and/or service providers to change “download a photo containing recognizable people” to “download a photo depicting identifiable people” for wording consistency. In the subsequent paragraph regarding software, changed “and/or the website or other source …” to “and/or the website, repository, or other source …” and changed “obtained them” to “obtain them”. In the Cookie Notice, revised the paragraph beginning “You can learn more about how cookies work …” to fix an incorrectly formatted link; change “(for the EU and UK)” to “(for the EU, Switzerland, and the UK)”; and change “may be (or may incorporate) …” to “may be (and/or may incorporate) …” for consistency. Also revised the Age Verification category to change “Viewing certain site content …” to “Accessing certain site content …”; fix a formatting error; and change “when you close your browser” to “when you close your browser (or other user agent)” for internal consistency. (There was some confusion earlier in the day about the Cookie Notice preamble and license language, which I belatedly realized was a result of my having inadvertently updated an outdated version of the Cookie Notice; I subsequently fixed those issues and removed the incorrect summary here to avoid confusion.) Inevitably tinkered with these revisions (and this summary of them) after initial publication.
- January 23, 2022: In the preamble, adjusted the wording of the reference to the Cookie Notice to change “is incorporated by reference herein” to “is incorporated herein by reference”. In Online Tracking, changed “how many Google search engine users saw and clicked on links to this website from search results and which search queries led those users to the site” to “how many Google search engine users saw and clicked on links to this website from search results and/or which search queries led those users to the site.” Fixed a formatting error with this Recent Revisions list. Made some minor textual adjustments to the older revisions now archived on the Older Privacy Policy Revisions page in hopes of keeping them reasonably comprehensible outside of the context of this page. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, under “Categories of personal information described in California Civil Code Section 1798.80(e),” revised the bullet point on physical characteristics and/or descriptions of individuals to add “eye color” to the parenthetical examples. Also revised the bullet point on medical information (under the came category) to change “otherwise used or seen” to “otherwise seen or used” (which I had intended to change yesterday, but somehow missed). Corrected the reference to the latter change in the January 22, 2022 entry below to avoid confusion. Also changed the bullet point beginning “Race, color, ancestry, …” (under “Protected classification information”) to read “Race, color, ethnicity, ancestry, national origin, citizenship, and/or residency status”. Inevitably tinkered with these revisions (and this summary of them) after initial publication.
- January 22, 2022: In Categories of Information and Purposes for Collection, changed “In some cases, I may collect certain types of information in certain circumstances and not in others. In those cases, the information category shown below will be followed by a single asterisk (*).” to “In the sections below, certain categories of information are followed by a single asterisk (*), which indicates that I may collect such information in some circumstances and not in others.” In the parenthetical example, changed “except in connection with certain financial transactions or if you ask …” to “except for certain financial transactions and/or legal matters, or if you ask …” and changed “parcel” to “package” for wording consistency. In the paragraph beginning “Keep in mind that …” changed “the specific context described in that section” to “the specific context(s) described in that section, which may or may not apply to you” and deleted the second sentence. In the subsequent paragraph beginning “Please also note …” added the phrase “again without limitation” after “For example,” set off with commas. In Online Tracking, amended the first paragraph to add information about Google Search Console tools and reports. In the second paragraph, updated the references to the Ate Up With Motor and 6200 Productions privacy policies with hyperlinks to those policies, removing the reference to the links near the top of this page. In Disclosure of Personally Identifying Information, updated the Unsplash trademark notice; updated the Google Search Console reference to remove the definite article, change “tool” to “tools and reports,” and change “which lets webmasters identify issues that may affect their site’s indexability, search visibility, and/or performance …” to “which help webmasters analyze and improve their site’s indexability and search performance …”; and changed “password management software, services, and/or tools” to “password management software, apps, tools, and/or services” for wording consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, under “Categories of personal information described in California Civil Code Section 1798.80(e),” revised the bullet point on financial information pertaining to transactions with and/or otherwise involving me to add “payment history, balances” to the listed examples. Revised the subsequent bullet point regarding other financial information to change “other information pertaining to creditworthiness, assets, benefits, income, and/or liabilities” to “other information pertaining to creditworthiness, assets, benefits, income, liabilities, payments, and/or balances”. Revised the subsequent bullet point on medical information to change “health conditions” to “medical conditions”. Under “Internet or other electronic network activity information,” changed “Encryption public keys and/or similar security data” to “Encryption public keys, access codes, and/or similar security data” and amended the bullet point beginning “Network, shared device, online service, and/or online access information” to change “passwords and/or other login credentials” to “passwords and/or passcodes, other login credentials”. Under “Professional or employment-related information,” changed “Current and/or past job title(s), position(s), role(s), duties, and/or responsibilities” to “Current and/or past occupation(s), job title(s), position(s), role(s), duties, and/or responsibilities” for completeness. In the last bullet point under “Professional or employment-related information,” changed both instances of “work, vocation, profession, trade, business, professional services, products, and/or other commercial endeavors” to “occupation, work, vocation, profession, trade, business, professional services, products, and/or commercial endeavors” for the same reason. In the “Inferences” category, changed “a particular job, assignment, or professional role” to “a particular job, assignment, project, or professional role” and added a period at the end.
- January 21, 2022: In Embedded Content, added a sentence to the end of the paragraph beginning “You should generally assume …”: “Embedded content providers may combine some or all of this information with other information they gather about you over time and/or across other websites and/or online services you use; for example (but without limitation), an online video platform may add information about the embedded videos you watch on this website to information that platform has collected about videos you’ve watched on other websites and/or on the platform’s own website. In Combining Information From Multiple Sources, changed “from multiple sources” to “from multiple sources and/or over time” (mostly for the avoidance of doubt, since the latter point was hopefully already adequately clear from the preexisting text of this policy) and changed “from across multiple devices you may use” to “from multiple devices you use” for greater clarity. In Disclosure of Personally Identifying Information, added “developers and/or providers of password management software, services, and/or tools” to the examples of third-party vendors and/or service providers (in the bullet point regarding providers whose services enable me to operate and/or secure my system(s), device(s), and/or data).
- January 20, 2022: In Disclosure of Personally Identifying Information, amended the reference to Renesas Electronics Corporation to change “devices” to “peripheral devices” for clarity and consistency.
- January 18, 2022: In Security Scans, deleted the first sentence paragraph beginning “The examples of third-party vendors and/or service providers …” (since an earlier paragraph in the same section says almost exactly the same thing in the same way). In the remaining sentence of that paragraph, changed “use and/or add other security measures from different providers, and/or that have other features not specified here” to “use and/or add other security measures that have other features not specified here.” In Data Related to Recruitment/Hiring/Employment or Business Partnerships, amended the last paragraph to change “and/or other business decisions” to “and/or business decisions” for wording consistency with the related language in Other Information I Receive from Third-Party Sources. In Disclosure of Personally Identifying Information, in the bullet point regarding providers whose services enable me to operate and/or secure my system(s), device(s), and/or data, changed “researching matters pertaining to the operation, function, and/or security” to “researching matters pertaining to the operation, function, technical improvement, and/or security” (mostly for the avoidance of doubt, since technical improvement typically pertains to operation, function, and/or security). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about an individual’s style(s), …” (under “Other types of personal information”), changed “themes, influences, tendencies, …” to “themes, influences, inspirations, tendencies, …”
- January 17, 2022: In Legal Bases for Collecting and Using Information and Your Rights (GDPR and Other National or State Privacy Laws), changed “Lei Geral de Proteção de Dados” to “Lei Geral de Proteção de Dados Pessoais” (which is the correct full name of the law, although it’s often reported as “Lei Geral de Proteção de Dados”).
- January 16, 2022: In the Financial Transactions Policy, added a new subsection: Consent to Electronic Communication Delivery. In the Customer Service Information subsection of the Financial Transactions Policy, added “USA” to the customer service postal mailing address. In Additional California Privacy Rights (CCPA), changed “The right to take private legal action in the event of a data breach that exposes your personal information (and/or your household’s personal information) to theft or unauthorized access” to “The right to take private legal action in the event of a data breach that results in unauthorized access to and exfiltration, theft, or disclosure of certain types of sensitive personal information due to my failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.” In Controller/Responsible Party, Questions, and How to Reach Me, added “USA” to the postal mailing address.
- January 15, 2022: In Reports and Aggregate Statistics, changed “de-identified, anonymized, redacted, and/or aggregated” to “de-identified, anonymized, pseudonymized, redacted, and/or aggregated” and changed “elect not to de-identify, anonymize, redact, and/or aggregate …” to “elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate …” In Disclosure of Personally Identifying Information, updated the reference to the ImgBurn utility to correct the developer pseudonym (which they apparently style in all caps followed by an exclamation point). Also changed “If the information is de-identified, anonymized, redacted, and/or aggregated …” to “If the information is de-identified, anonymized, pseudonymized, redacted, and/or aggregated …” and changed “elect not to de-identify, anonymize, redact, and/or aggregate …” to “elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point beginning “Physical characteristics and/or descriptions of individuals …” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to add a comma after “distinguishing marks”. In the examples under “Commercial information,” made a number of wording changes in the interests of internal consistency: Updated the bullet point on cars and/or other vehicles to change “wants and/or intends to own, purchase, lease, rent, borrow, otherwise obtain, and/or use” to “desires and/or intends to own, purchase, lease, rent, borrow, otherwise obtain, and/or use”; fixed a formatting error in the bullet point about art, books, etc.; updated the bullet point on personal property, products, goods, and/or services to change “desires to purchase, lease, rent, otherwise obtain, and/or use; and/or is considering or has considered purchasing, renting, leasing, otherwise obtaining, and/or using” to “desires and/or intends to own, purchase, lease, rent, otherwise obtain, and/or use; and/or is considering or has considered”; updated the bullet point on retailers, vendors, marketplaces, and/or service providers to change “is considering or has considered patronizing, plans to patronize, prefers, and/or disdains” to “desires and/or intends to patronize, is considering or has considered patronizing, prefers, and/or disdains”; and updated the bullet point on lodgings, residence(s), office space(s), and/or real property to change ” (and/or is considering or has considered purchasing, leasing, renting, and/or otherwise using)” to “has owned, purchased, leased, rented, and/or otherwise used; desires and/or intends to purchase, lease, rent, and/or otherwise use; and/or is considering or has considered” set off with semicolons rather than commas. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made two minor wording changes to the paragraph beginning “Under the CCPA, a disclosure of personal information for which …”: changed “generally is not considered …” to “is generally not considered …” and changed “so long as the “service provider” only uses the information for the contractually specified purpose(s) and does not otherwise “sell” the information” to “so long as the “service provider” only uses the information as necessary for the contractually specified business purpose(s) and does not “sell” the information.” Later in that section, changed “If the information is de-identified, anonymized, redacted, and/or aggregated …” to “If the information is de-identified, anonymized, pseudonymized, redacted, and/or aggregated …” and changed “elect not to de-identify, anonymize, redact, and/or aggregate …” to “elect not to de-identify, anonymize, pseudonymize, redact, and/or aggregate …” for internal consistency.
- January 13, 2022: In Disclosure of Personally Identifying Information, amended the reference to LG Electronics to change “and any applicable product privacy policies” to “and/or any applicable product privacy policies” for internal consistency and revised the reference to the Rufus utility to correct the developer’s name.
- January 12, 2022: In “Shine the Light” Law Disclosures, corrected the reference to the applicable statute by removing “et seq.” from the parenthetical citation. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, further updated the language about sharing information for a business purpose, changing “for certain specified purposes, which the law divides into the following categories:” to “for certain specified purposes, which may include the following:” and changing “even if it’s for purposes that clearly fall into one or more of the categories listed above” to “even if it’s clearly for one or more of the above-listed purposes.” Inevitably tinkered with these revisions after initial publication.
- January 11, 2022: In Embedded Content, updated the Yoast SEO bullet point to add information about the plugin’s new Wincher integration (mostly for the record, since I’ve disabled the integration and don’t currently have any plans to use it). Inevitably tinkered with these revisions after initial publication.
- January 10, 2022: In Disclosure of Personally Identifying Information, revised the Google bullet point to change “are subject to the the Google Privacy Policy and, where applicable, …” to “are subject to the Google Privacy Policy and/or, where applicable, …” Also fixed some instances of “of of” in that section. Corrected a number of instances of “the the” and “and and” in older entries in this Recent Revisions list and the Older Privacy Policy Revisions page (which were also obviously typographical errors). Inevitably tinkered with these revisions after initial publication.
- January 8, 2022: In Security Scans, made a minor clarification to the description of the features of the Sucuri Security plugin. In Information You Provide to Me, changed “copyright inquiries” to “copyright notices” for consistency with the Terms of Use and fixed an incorrectly closed tag for the hyperlink. Also changed “and for communications …” to “for communications …” separated with a comma, and added “and for certain privacy-related requests” to the end of that sentence. In the last sentence of that section, changed “beyond what the site collects automatically” to “beyond what I collect automatically.” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, made various minor wording adjustments to the examples under the “Commercial information” category (mostly for internal consistency). Revised the bullet point beginning “Authorship, other credits, and/or rights holder information …” (under “Professional or employment-related information”) to fix a duplication in the listed examples.
- January 5, 2021: Renamed the Information-Sharing Disclosures (Shine the Light Law) section the “Shine the Light” Law Disclosures section and updated the Table of Contents accordingly. In the first paragraph of that section, changed “about those businesses’ disclosure of the customer’s personal information to third parties for direct marketing purposes” to “about the businesses’ disclosure of personal information to third parties for those third parties’ direct marketing purposes” for clarity. Updated the second paragraph of that section to clarify that a third party selling, renting, exchanging, or leasing personal information “for consideration to businesses” is also considered a direct marketing purpose under the “Shine the Light” law. In the third paragraph, set the second instance of “Shine the Light” in quotation marks for consistency; changed “with a business subject to the law’s requirements” to “with a business that is subject to the law’s disclosure requirements”; made the phrase “information-sharing disclosure” lower case; and changed “that details:” to “that lists (subject to any applicable exemptions or exceptions provided by the law):” In the first numbered item, deleted the phrase “about you” and changed “for direct marketing purposes” to “for those third parties’ direct marketing purposes”. In the second numbered item, changed “The names/identities and addresses of such third parties” to “The names and addresses of all such third parties and sufficient information to give “a reasonable indication of the nature of the third parties’ business.”” Subsequently replaced the final two paragraphs of that section with the statement that I believe I am exempt from the requirements of this law, since I have fewer than 20 full-time or part-time employees. Inevitably tinkered with these revisions after initial publication (including fixing some inadvertent discrepancies that crept into this summary with the multiple rounds of changes).
- January 4, 2022: In Embedded Content, amended the data retention bullet point to change “I do not have access to most such data and so its retention is normally outside of my control” to “in most cases, I do not have access to the data collected by embedded content providers, and its retention is generally outside of my control.” In Data in Submitted Images, changed “the recognizable image and/or identifiable likeness” to “the identifiable image and/or recognizable likeness”. Later in the day, also changed “allow me to infer …” to “make it possible to infer …” In Other Information I Receive from Third-Party Sources, changed “developers, editors, publishers” to “producers, developers, editors, publishers” to further illustrate the intended scope. (The examples listed in that paragraph are still not intended to be an exhaustive list!) In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on “Sensory data” to change “recognizable individuals and/or their identifiable likenesses” to “identifiable individuals and/or their recognizable likenesses” for consistency. In the bullet point beginning “Publishing histories/ …” (under “Professional or employment-related information”), added “publishers” to the listed examples and reordered the enumerated examples in that bullet point for greater internal consistency. In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point beginning “Subject matter experts …” to change “developers, editors, publishers” to “producers, developers, editors, publishers” for internal consistency. Fixed a typographical error in the January 2, 2022 entry below (“Under in …” was supposed to read “Under …”). As a global change throughout this page, changed various instances of the phrase “beyond my control” to “outside of my control” for wording consistency. Inevitably tinkered with these revisions after initial publication.
- January 3, 2022: In Who I Am, changed “shall be deemed to signify …” to “shall be deemed to refer to …” (for consistency with the Terms of Use, which I similarly changed).
- January 2, 2022: In the Information Sharing subsection of the Financial Transactions Policy, changed “by phone” to “by telephone” for wording consistency. In the Customer Service Information subsection of the Financial Transactions Policy, changed “If you have questions about this Financial Transactions Policy, …” to “If you have questions about this Financial Transactions Policy, would like further information, …” and changed “or by calling or texting …” to “or by telephone at …” Also changed “You may also submit questions about this Financial Transactions Policy and/or inquiries regarding specific purchases or other transactions …” to “You may also submit questions or complaints …” In the final paragraph of that subsection, changed “Under California Civil Code Section 1789.3, California residents are entitled to the following additional notice: California consumers can report complaints to …” to just “If you have a complaint, you can also contact …” and added the department’s TTY number in addition to their regular toll-free number. In the California Privacy Request Metrics Methodology subsection of the CCPA Information Collection and Sharing Notice, changed “listed the average response time” to “listed the mean and median response times” for internal consistency.
- January 1, 2022: In Definitions, made some minor wording changes to the definitions of “Personal information/personally identifying information/personal data”; “Identifiers”; and “Protected classifications”. In Disclosure of Personally Identifying Information, updated the trademark notice for Abine Blur. In Additional California Privacy Rights (CCPA), deleted the sentence about not needing to be physically present in California (which is a topic with some complicated and potentially confusing jurisdictional nuances beyond the scope of that section). Under the California Privacy Request Metrics (Record-Keeping Disclosures) subsection of the CCPA Information Collection and Sharing Notice, added a California Privacy Request Metrics for the 2021 Calendar Year subsection. In the California Privacy Request Metrics Methodology subsection, fixed an error with the section ID and updated the text to reflect 2021 as well as 2020. In Recent Revisions, moved all entries from prior to January 1, 2021 to the separate Older Privacy Policy Revisions page for space reasons. Made a few minor wording changes to the preamble of that page for clarity and consistency. Inevitably tinkered with these revisions after initial publication.
- December 29, 2021: In Legal Bases for Collecting and Using Information, deleted the first item in the numbered list, making “to provide the functions of the website” one of the examples in the “legitimate interest” item. Moved the “contractual obligation” item so that it precedes rather than follows the “legal obligation” item and changed it to read “The use is necessary in order for me to enter into a contractual agreement with you and/or fulfill my commitments and/or contractual obligations to you (e.g., to comply with the terms of a license for the use of your intellectual property, or to process and/or complete a purchase you have made), and/or:” In the “legal obligation” item, changed “maintain reasonable records of financial transactions and image usage rights” to “maintain reasonable records of financial transactions for tax purposes”. Added a colon after each other instance of “and/or” in the numbered list for stylistic consistency. In Disclosure of Personally Identifying Information, added a link to and language about the Flickr Data Processing Addendum and added the Unsplash photo platform and/or related services to the examples of third-party vendors and/or service providers. Fixed a typo in this summary. Updated past entries in this Recent Revisions list to capitalize all instances of “Recent Revisions” for consistency. Inevitably tinkered with these revisions after initial publication.
- December 28, 2021: In Certificate Authority Checks, revised the last paragraph to remove the language about public repository log data (which gets into technical areas I’m not confident I fully understand); change “does obviously have administrative access …” to “also has administrative access …”; and add a reference and link to the DreamHost General Terms of Service as well as their privacy policy. In Contact Forms, changed the first three instances of “your inquiry” to “your message” for consistency. Also changed “If you ask a general question or report some functional or technical issue with the site” to “If your message includes questions and/or comments about me, my content, and/or this website, or pertains to a technical problem with the site”; changed “I may (unless you ask me not to) …” to “and unless you specifically request otherwise, I may …”; changed “to respond to your inquiry and/or support other users with similar concerns” to “to publicly respond to your question(s) and/or comment(s), and/or to support other users with similar concerns”; changed “(unless you authorize me to include other personally identifying information)” to “(unless you ask or authorize me to include other personally identifying information); changed “your inquiry in this manner” to “your message (or an excerpt of it) in this manner”; changed “I will make all reasonable efforts to accommodate your request” to “I will make a reasonable effort to accommodate your request”; and added a final sentence to the same bullet point: “If you wish me to completely unpublish a message you submitted that I have published or excerpted in this way, please let me know and I will endeavor to do so at my earliest opportunity.” (These changes are for greater consistency with the current language in the Terms of Use.) In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “and/or describing my experience …” to “or describing my experience …” for greater clarity. (That phrase is intended as a second example, not a continuation of the first.) In Other Information I Receive from Third-Party Sources, changed “software (e.g., apps, plugins, themes, and/or add-ons)” to “software (e.g., apps, fonts, plugins, themes, and/or add-ons)”. In Disclosure of Personally Identifying Information, updated the reference to the fre:ac audio converter to add the name of the its author/developer, also relocating that reference within the same bullet point to maintain a more-or-less consistently alphabetical order. In Your Rights (GDPR and Other National or State Privacy Laws), changed “Request deletion …” to “Request erasure (deletion) …”; changed “Request that I limit …” to “Request that I restrict …”; moved the bullet point beginning “Object to …” to after “Request portability …”; moved the “and” appropriately; and changed “to the applicable government data protection authority” to “to an appropriate data protection supervisory authority.” Immediately below that bullet-pointed list, changed “In the UK, the applicable data protection authority …” to “In the UK, the data protection authority …”; and changed “for a current list of European national data protection authorities, …” to “for information about European data protection authorities by country, …” In the subsequent paragraph beginning “If you have questions …” changed “delete” to “delete (erase)” for consistency. In the Cookie Notice, updated the preamble to revise the language about changes to the Cookie Notice being summarized in this Recent Revisions list, moved that sentence to just before the “last updated” date, and changed “This version was last updated …” to “The current version of this notice was last updated …” Also revised the license language to change “including this notice” to “including this Cookie Notice” for clarity. In the Categories of Cookies Used section to change “most commonly use on this website” to “may use on this website”. Inevitably tinkered with these revisions after initial publication.
- December 26, 2021: In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “enter or contemplate entering” and “enter or contemplate entering into” to “enter into or contemplate entering into” for wording consistency. Also changed “any person or entity” to “any individual(s) or entity” for the same reason. Toward the end of that section, changed “I may share information pertaining to current and/or prospective employees, independent contractors, interns, business partners, business proposals, and/or business ventures …” to “I may share information pertaining to any individual(s) or entity I hire or contemplate hiring and/or with whom I enter into or contemplate entering into any professional relationship or business venture …” In Disclosure of Personally Identifying Information, revised the bullet point that previously began “As I deem reasonable and appropriate (and as permitted by applicable law and/or regulations) to enable me to make informed hiring, employment, and/or business decisions regarding current and/or prospective employees, independent contractors, interns, business partners, business proposals, and/or business ventures, as described in …” to read “As I deem reasonable and appropriate (and as permitted by applicable law and/or regulations) to help me make informed hiring and/or employment decisions and/or other business decisions regarding current and/or prospective professional relationships, professional engagements, business proposals, business ventures, and/or work, as described in …” and added links to the Information I Receive from Third Parties for Security Purposes and Other Information I Receive from Third-Party Sources as well as Data Related to Recruitment/Hiring/Employment or Business Partnerships. (This is a clarification, intended to better summarize this policy’s existing language related to these topics, and doesn’t represent any substantive change in my practices.) In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point about accident(s), natural disaster(s), and/or other catastrophic event(s) or hardship(s) to change “involvement in and/or connection with” to “experience of, involvement in, and/or connection with” to better express the intended scope of that example. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “As I deem reasonable and appropriate …” to match the updated text of the equivalent bullet point in Disclosure of Personally Identifying Information. Inevitably tinkered with these revisions after initial publication.
- December 25, 2021: In Comments, changed “By submitting a comment, I will assume that you are expressly authorizing me to publish and use the contents of that comment (including any images, other media files, and/or links the comment may contain) …” to “By submitting a comment, you are expressly authorizing me to publish and use the comment as described in the …” In the subsequent paragraph beginning “If you submit a valid email address …” changed “before approving it” to “before approving the comment” for clarity. In Contact Forms, amended the sentence beginning “I will redact …” to add the parenthetical phrase “(unless you authorize me to include other personally identifying information)”. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “about any current and/or prospective employees, independent contractors, interns, and/or business partners” to “about any person or entity I hire or contemplate hiring and/or with whom I enter or contemplate entering into any professional relationship or business venture” In Disclosure of Personally Identifying Information, revised the bullet point on business transfers to change “sell or transfer control” to “sell or otherwise transfer ownership” and change “heirs, successors, and/or assigns” to “heirs and/or successors”. In Your Rights (GDPR and Other National or State Privacy Laws), changed “subject to any exemptions” to “subject to any exemptions and restrictions” and changed “subject to any exemptions provided by applicable law” to “subject to any exemptions and restrictions provided by applicable law and/or associated regulations” for wording consistency. In Nevada Consumer Opt-Out Rights, changed “restrictions and exemptions provided by applicable law” to “exemptions and restrictions provided by applicable law and/or associated regulations”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed all instances of the phrase “the CCPA and its implementing regulations” to “the CCPA and its associated regulations” for wording consistency. (In this context, “associated regulations” and “implementing regulations” are synonymous.) Also updated the bullet point regarding business transfers to match the revised wording in Disclosure of Personally Identifying Information. In the California Privacy Request Metrics (Record-Keeping Disclosures) subsection of the CCPA Information Collection and Sharing Notice, changed “of the implementing regulations for the California Consumer Privacy Act of 2018 (CCPA)” to “of the CCPA regulations” in the interests of brevity and consistency. Corrected the entry for February 20, 2020 below to change “Contact and Image Authorization Forms” to “Contact Forms” (the correct name of the applicable section).
- December 23, 2021: In Contact Forms and Reports and Aggregate Statistics, fixed a typographical error (inadvertent repetition of the words “about requests”). In Other Information I Receive from Third-Party Sources, updated the paragraph beginning “If I have any employees, independent contractors, interns, agents, and/or business partners …” to delete the second sentence (whose examples were redundant) and change “Again, the types …” to “The types …” In the subsequent paragraph about software, changed whenever I install software (e.g., apps, plugins, themes, and/or add-ons) — particularly software/apps/services/themes/add-ons I use under open source licenses — the software and/or installation files …” to “if I install or update any software (e.g., apps, plugins, themes, and/or add-ons) — particularly software offered under open source licenses — that software, the installation files and/or source code, and/or the associated documentation …” and changed “If you’re a developer …” to “If you’re a software developer …” for clarity. In Disclosure of Personally Identifying Information, revised the bullet point on employees, independent contractors, interns, agents, and/or business partners to change “confidentiality policies and/or confidentiality agreements” to “confidentiality policies, agreements, and/or requirements” (since some professions are subject to certain legal confidentiality requirements in addition to any other policies or agreements that may apply). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about personal property, products, goods, and/or services” (under “Commercial information”) to change “owns, rents” to “owns, purchases, rents” for wording consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made some further clarifications to the paragraphs regarding how the CCPA (and its implementing regulations, which add their own interpretive nuances) define sharing personal information “for a business purpose.” Later in that same subsection, changed “Sharing information “for a business purpose” as described above generally is not considered a “sale” of personal information under the CCPA” to “Sharing personal information “for a business purpose” as described above generally is not considered a “sale” under the CCPA so long as the “service provider” only uses the information for the contractually specified purpose(s) and does not otherwise “sell” the information.” Later in that same section, changed “contractual relationships with those third parties” to “written contracts with those third parties” for wording consistency. Later in that same subsection, revised the paragraph beginning “Even if disclosures like these are NOT deemed …” to change “without necessarily being considered a “service provider” as the CCPA defines that term” to “without necessarily being considered a “service provider” as the CCPA and its implementing regulations define that term.” In the California Privacy Request Metrics (Record-Keeping Disclosures) subsection of the CCPA Information Collection and Sharing Notice, changed “presume means California residents and/or households” to “presume means California residents”. Inevitably tinkered with these revisions after initial publication.
- December 17, 2021: In Information Captured by Service/Software/App/Device Telemetry, revised the listed examples for clarity and relevancy. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, further revised the first paragraph on sharing information for a business purpose to change “disclosing the personal information of “consumers” (i.e., California residents and/or households) to another party for certain operational purposes” to “disclosing personal information to a “service provider” (as the CCPA defines that term) that processes information on the business’s behalf for certain specified purposes”. Revised the paragraph following the numbered list to read “The CCPA requires that a disclosure of personal information “for a business purpose” be subject to a suitable written service provider agreement between the business that discloses the information and the entity that receives the information, specifying the services that entity is to perform for the business and the business purpose(s) for which that entity may use the information while prohibiting that entity from retaining, using, or disclosing the information for any other purpose. Without a suitable written service provider agreement, an entity that provides services to a business may not necessarily be considered a “service provider” as the CCPA defines that term, and sharing personal information with that entity may not necessarily be considered “for a business purpose,” even if it’s for purposes that clearly fall into one or more of the categories listed above.” Later in that same subsection, changed “might reasonably be considered sharing information with third parties “for a business purpose,” …” to “might reasonably be considered sharing information “for a business purpose,”…” In the later paragraph beginning “Even if disclosures like these …” changed “However, as explained above, being a “service provider” under the CCPA requires a written agreement that directs the service provider to collect and/or process personal information on the client or customer’s behalf for certain specific business purposes while restricting the service provider’s further use and/or disclosure of that information; it’s possible to provide services, even to other businesses, without necessarily being considered a “service provider” as the CCPA and its associated regulations define that term” to “However, as explained above, it’s possible to provide services without necessarily being considered a “service provider” as the CCPA defines that term” in the interests of brevity. In the paragraph following the list of examples of facilitating other types of commercial transactions later in that subsection, changed changed “any compensation or other valuable consideration” to “any monetary compensation or other valuable consideration”. Inevitably tinkered with these revisions after initial publication.
- December 16, 2021: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “Internet or similar network activity information” to “Internet or other electronic network activity information” (which is how the applicable statute words it) and change “electronic systems and/or services (online and/or otherwise)” (in the last bullet point under that category) to “electronic systems and/or services”. Also deleted the “Other types of information and/or data that could potentially be deemed personal information …” category (since it’s really redundant). In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph on disclosing information for a business purpose to change “means a business disclosing …” to “means disclosing …” and change “to third parties for any of the following categories of purposes:” to “to another party for certain operational purposes, which the law divides into the following categories:” In the list of categories, changed “Debugging/repair” to “Debugging/repair of existing intended functionality”; changed “Certain short-term uses” to “Certain short-term, transient uses”; changed “Performing services” to “Performing services (e.g., customer service, order fulfillment, payment processing, analytics services)”; and changed “Quality and safety maintenance and verification” to “Verifying or maintaining the quality or safety of and/or improving, upgrading, or enhancing a service or device the business owns, controls, or manufactures (or that is manufactured for the business).” In the subsequent paragraph, deleted “The law imposes additional conditions on such disclosures:” in the interests of brevity; changed “third party” to “party” throughout; and changed “specifying the services the third party is to perform using the information …” to “specifying how that party is to use the information …” Later in that subsection, revised the bullet point beginning “Most files and data on …” to delete the reference to Sucuri in the interests of brevity (since that information is presented in greater detail in Security Scans) and change “some of which may incorporate cloud-based scanning or analysis features” to “some of which may incorporate cloud-based scanning or analysis features and/or otherwise communicate with third parties”. Reworded the bullet point about Internet service providers and unencrypted websites or online resources for greater clarity and moved it to after the bullet point about banks and/or other financial institutions. In the Cookie Notice, made a minor correction to the Privacy and Cookie Preferences category (there isn’t a separate “gdpr” cookie; that’s the prefix shared by the other cookies in this category).
- December 15, 2021: In Definitions, revised the “Cookies and similar technologies” bullet point to change “that your browser (or other user agent) or device” to “that your browser, other user agent, or device” for readability, change references to storing cookies “on” your browser to storing them “in” your browser, and make some clarifications to the language about similar technologies. In Cookies and Similar Technologies, changed “(e.g., storing local shared objects and/or other data in your browser’s web storage)” to “(e.g., storing data in your browser’s web storage)” and changed “Some are placed automatically while others are only set when you perform certain actions.” to “Some cookies and stored data may be placed automatically while others are only set when you perform certain actions or use certain site functions” (mostly to avoid an unclear antecedent). In Browser Tests, condensed and rearranged the text and clarified that the results of such tests (which generally don’t contain any personally identifying information) may be stored in your device’s memory for the duration of your visit and/or stored in your browser. In Embedded Content, changed “your browser or user agent settings” to “certain of your settings” and revised the Google Fonts/Google Hosted Libraries, YouTube Videos, and FeedBurner bullet points to clarify that the Google “Technologies” pages do not currently discuss the storage of data in your browser (or other user agent) using technologies other than cookies. In Comments, changed “places a set of cookies on your browser” to “places a set of cookies in your browser” for wording consistency. In Financial Transactions Policy, changed “payment processor(s), bank(s), other financial institution(s), and/or other applicable third-party service(s)” to “payment processors, banks, other financial institutions, and/or other applicable vendors and/or third-party services”. In the Information Sharing subsection, changed “payment processor transaction reports” to just “transaction reports”. In Transaction-Related Information I Receive from Third Parties, changed “the applicable vendor(s), service(s), and/or payment processor(s)” to “payment processors, banks, other financial institutions, and/or other applicable vendors and/or third-party services” for greater internal consistency. In Disclosure of Personally Identifying Information, revised the bullet point regarding contractual obligations to change “if my payment processor investigates a payment I received” to “if a payment processor investigates a payment I made or received”. In the Cookie Notice, revised the paragraph regarding the license to change “will also note” to “will also summarize”. Revised the Cookies and Similar Technologies section to match the updated language in Definitions above. In the How This Website Uses Cookies and Similar Technologies section, changed “The use of cookies also allows …” to “The use of cookies and/or similar technologies may also allow …” Added a new final paragraph: “While it is sometimes possible to block technologies other than cookies from storing data on your browser (or other user agent), doing so may cause many functional problems and is not recommended.” In Categories of Cookies Used, changed “descriptions of the cookies” to “descriptions of the categories of cookies”; condensed and clarified some of the text (particularly about cookie durations); added language about data stored using technologies other than cookies; added a link to an article explaining how to remove such data from many modern browsers; and added a note that if your browser (or other user agent) crashes rather than being closed properly, session cookies may not be deleted as they ordinarily would be. Throughout the Cookie Notice, also changed references to placing cookies “on” your browser to “in” your browser for wording consistency. Revised the PayPal Buttons category to mention that the buttons may also incorporate a tracking pixel called “pixel.gif.” Revised the YouTube Videos category to update the cookies used, separate cookies from data items stored using other technologies, and update and clarify the “How they are used” text. Updated the Browser Tests section at the bottom of the Cookie Notice to reflect the revised text of Browser Tests above. On the Older Privacy Policy Revisions page, amended the entry for August 24, 2015 (regarding the license update) to spell out the names of the licenses to avoid any future confusion. Inevitably tinkered with these revisions after initial publication.
- December 14, 2021: As a global change (except in older entries in this Recent Revisions list), changed “commercial advantage” to “commercial advantage and/or financial gain” to better express the intended meaning. (It’s intended as a catch-all term.) In Website Server, Error, and Security Logs; Security Scans; and Embedded Content, changed “(e.g., advertising identifiers and/or …” to “(e.g., the advertising identifier(s) and/or …” Also in Website Server, Error, and Security Logs, changed “no more than 30 days” to “no more than about 30 days”. Also in Security Scans, changed “for 30 days or less” to “for no more than about 30 days” for consistency. In Advertising, changed “are served by me” to “are locally served” for clarity. In Disclosure of Personally Identifying Information, updated the references to Yahoo! search service privacy practices to change “and/or, where applicable, the …” to “and the …” (as the privacy practices document is intended to supplement rather than supplant the Yahoo Privacy Policy). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point beginning “Information about lodgings …” (under “Commercial information”) to change both instances of “other real property” to “real property”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph beginning “To achieve the purposes …” to change “and/or other my other creative endeavors” to “and my other creative endeavors (professional or otherwise)” and change “often for publication” to “often for eventual publication”. In the bullet-pointed list below that paragraph, deleted the bullet point beginning “Any government agency …” (since legal and contractual obligations are covered in bullet points in the subsequent list).
- December 13, 2021: In Categories of Information and Purposes for Collection, revised the “Recruitment/hiring/employment or business partnerships” bullet point to change “business partnerships or other professional relationships with someone” to “business partnerships and/or other professional relationships” (mostly in the interests of better grammar). In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “for example (but without limitation), a formal business partnership or joint venture (JV)” to “for example (but without limitation), a professional collaboration, formal business partnership, or joint venture (JV).” In Other Information I Receive From Third-Party Sources, updated the paragraph on social media platforms to add language about the promulgation of information and/or content on social media. In Disclosure of Personally Identifying Information, changed “other providers of filter lists, block lists, and/or other security information” to “other providers of filter lists, block lists, and/or other security-related information” and updated the reference to The Spamhaus Project to point the hyperlink to their Privacy Policy rather than their homepage. Also updated the T-Mobile trademark information. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, made some adjustments to the list of categories and examples to eliminate any discrepancies that may have cropped up in Recent Revisions. (This hopefully didn’t actually change anything except perhaps to fix a few unintentional errors and make sure the list is reasonably consistent with the versions that appear in the Ate Up With Motor and 6200 Productions privacy policies.) Reordered the examples under “Identifiers” to put “Postal mailing address and/or street addresses” and “Unique personal identifiers, device identifiers, and/or online identifiers” before IP addresses and email addresses; added “Telephone numbers (and/or fax numbers)” as its own bullet point after “Postal mailing addresses”; added “passport numbers” to the examples of government-issued identification numbers; deleted the separate bullet point on information collected through cookies and/or similar technologies and made that a parenthetical part of the “Unique personal identifiers, device identifiers, and/or online identifiers” bullet point; and split “Other similar identifiers” into a separate bullet point under that category, last in the list (mostly to make the examples somewhat more consistent with the statutory description of this category). Under “Categories of personal information described in California Civil Code Section 1798.80(e),” removed the “Telephone numbers (and/or fax numbers)” bullet point (since those are now listed under “Identifiers”) and deleted the “Account numbers” bullet point (which is redundant in the present list). Renamed the “Characteristics of classifications protected by law” category “Protected classification information (characteristics of protected classifications under California or federal law)” for greater consistency with the statutory language. Moved the “Inferences” category to put it last and change “Inferences I make” to “Inferences I draw from any of the information identified above” and rearranged the order of the listed examples, again for greater consistency with the statutory definition of that category. (This revision initially had an embarrassing typo I fixed later in the day.) In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, added “(or a “sale” of personal information)” to the end of the first paragraph (after “for business or commercial purposes) and changed “A disclosure of personal information is considered to be for “commercial purposes” if it …” to “Collecting, using, and/or sharing personal information is considered to be for “commercial purposes” if it …” In California Privacy Request Metrics (Record-Keeping Disclosures), changed “(much less purchase and/or “sell” as the CCPA defines those terms)” to “(much less “buy” and/or “sell” as the CCPA defines those terms)” for wording consistency. Inevitably tinkered with these revisions after initial publication.
- December 12, 2021: In Other Inquiries, Messages, and Support Requests, changed “or Contact Form submissions” to “or the contact or feedback forms on this website” for wording consistency. In Disclosure of Personally Identifying Information, amended the bullet point on appropriately crediting someone to change “this may include adding …” to “this may include (without limitation) adding …” and change “filename” to “filename(s)” for internal consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “I have collected and/or may collect the following categories of personal information …” to “I have collected in the last 12 months and/or may collect the following categories of personal information …” Under “Professional or employment-related information,” changed “Current and/or past employer(s) and/or client(s)” to “Current and/or past employer(s)” (since clients are mentioned in a subsequent bullet point) and added the words “Current and/or past” to the beginnings of the bullet points on job titles, work schedule, and compensation for completeness. Rearranged the bullet points to put the bullet point about fictitious business names after rather than before the one about business or organization ownership. Added “relationships with patients” to the examples in the “Information about professional relationships” bullet point.
- December 11, 2021: In Definitions, revised the “User agent information” definition’s reference to browser fingerprinting to change “specific combination of user agent characteristics” to “specific combination of user agent and device characteristics” (which is a bit more precise). In Comments, fixed a typographical error: “comment me using only a pseudonym” was supposed to read “comment using only a pseudonym.” Also changed “I may not be able to associate that comment with any other personal information about you” to “I may not be able to associate that comment with other personal information I possess about you” and changed “it won’t be included …” to “the comment won’t be included …” Inevitably tinkered with these revisions after initial publication.
- December 9, 2021: In the preamble, changed, “By using the …” to “By accessing and/or using the …” In Notice to Parents Regarding Children Under 18; Not for Children, changed “should not be used or accessed” to “should not be accessed or used” for wording consistency. In Definitions, updated the “User(s) and visitor(s) definition to change “who accesses this website” to “who accesses and/or uses this website” for wording consistency. Also revised the “IP address” definition to change “by using a virtual private network (VPN) or proxy service; with these services, you first connect to a computer server provided by the VPN/proxy service and that proxy server then connects to other Internet sites and resources” to “by using a virtual private network (VPN) or proxy service; with such services, you first connect to a remote server provided by the VPN or proxy service and that server then connects to other Internet sites and/or resources” for greater clarity. In Information You Provide to Me, changed “Through your use of this website” to “Through your access to and/or use of this website” for wording consistency. In Comments, changed “as well as the specific article you commented on” to “as well as the specific post or page you commented on” for consistency with the Comment Policy. In Data Related to Administrative Users, updated the language about administrative user ID numbers to change “Each administrative user also has a unique user ID number within the website’s database, which the database uses to associate that user with other actions they perform and/or content they post, edit, or submit on the website” to just “Each administrative user also receives a unique user ID number within the website’s database.” In the paragraph beginning “This website uses …” changed “may record an administrative user’s IP address, hostname, user agent information, and/or geolocation data” to “may record an administrative user’s username, user ID number, IP address, hostname, user agent information, and/or geolocation data”. In the paragraph beginning “Some of the information administrative users provide …” changed “to access and/or reset user login credentials” to “to access and/or change user login credentials and/or user settings”. In Disclosure of Personally Identifying Information, updated the reference to the IntenseDebate comment system to note that I requested the deletion of my IntenseDebate account on December 9, 2021, making some minor wording adjustments to accommodate this addition. In Additional California Privacy Rights (CCPA), changed “current California resident” to “California resident.” In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, changed “through your use of this website” to “through your access to and/or use of this website” for wording consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “use a proxy server or VPN, the VPN or proxy server …” to “use a proxy or VPN, that proxy or VPN …” In Privacy Policy Changes, changed “Your further use of …” to “Your further access to and/or use of …” Inevitably tinkered with these revisions after initial publication.
- December 8, 2021: As a global change throughout this page, changed all instances of “applicable law/regulations” to “applicable law and/or regulations” (except in older entries in this Recent Revisions list). In Legal Bases for Collecting and Using Information, changed “is necessary to provide …” to “is necessary in order to provide …”; changed “is necessary to fulfill …” to “is necessary in order to fulfill …” for wording consistency. In Contact Forms, changed “Information from California Privacy Request Form submissions must be retained for at least 24 months for compliance purposes” to “I must retain privacy requests submitted via the California Privacy Request Form to the extent necessary to comply with applicable law and/or regulations.” In Additional Information About Data Retention, revised the bullet point on information pertaining to disputes and/or legal issues to change “Any information …” to “Information …” Also removed the language in that bullet point about privacy request retention, moving that language to the paragraph after the second bullet-pointed list in that section (beginning “Personal information I may collect …”); changing the phrase “Similarly, for compliance purposes, …” to “In particular (but without limitation), …”; changing “to the extent required by applicable law and/or regulations” to “to the extent necessary to comply with applicable law and/or regulations”; and changing “retain records of that request …” to “retain records of that request and how I responded to it …” In Disclosure of Personally Identifying Information, revised the bullet point on photos, images, and/or other media to change “Photographs, images, and/or other media (e.g., videos) I use and/or collect for use on and/or in connection with this website …” to “The photographs, images, and/or other media (e.g., videos) I use and/or collect for use on this website, in connection with my other content and/or creative endeavors, and/or as part of and/or in connection with my professional writing/editing/writing consulting work …” Also changed “for example, the license terms …” to “For example (but without limitation), the license terms …” and made that parenthetical aside a separate sentence (still set in parentheses). In the subsequent instance of “For example …” in that same bullet point, changed “(but without limitation)” to “(again without limitation)”. In Additional California Privacy Rights (CCPA), changed “to the degree of certainty applicable law and/or regulations require” to “to the degree of certainty required by applicable law and/or regulations” (mostly to eliminate an aesthetically troublesome issue of subject/verb agreement).
- December 7, 2021: In Contact Forms, changed “through any contact or feedback forms” to “via any contact or feedback forms” and changed “including, but not limited to, California Privacy Request Forms submitted through the …” to “including, though not limited to, privacy requests submitted via the California Privacy Request Form on the …” (for wording consistency). Added a new second paragraph about legal names vs. pseudonyms and the need to enter a valid email address or other contact information if you want a reply (and/or an email receipt). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point on “Financial information pertaining to transactions with and/or otherwise involving me” (under “Categories of personal information described in California Civil Code Section 1798.80(e)”) to change “credit card information” to “credit card and/or debit card information” (since the statute refers to both). Added a bullet point under “Characteristics of classifications protected by law”: “Genetic information (and/or familial genetic information)”. Amended the “Biometric information” category to change “Biometric information, such as …” to “Biometric information (genetic, physiological, behavioral, and/or biological characteristics, and/or activity patterns), such as …” for clarity. Under “Internet or similar network activity information,” changed “Web browsing activity and/or history” to just “Browsing activity and/or history” (mostly for greater consistency with the statutory wording). Amended the “Sensory data” category to change “(audio, electronic, visual, thermal, olfactory, or similar information)” to “(audio, electronic, visual, thermal, olfactory, and/or similar information)” for internal consistency. In the California Privacy Request Metrics (Record-Keeping Disclosures) subsection of the CCPA Information Collection and Sharing Notice, changed “(which I presume means California consumers as defined by the CCPA)” to “(which I presume means California residents and/or households, as defined by the CCPA)”. In the California Privacy Request Metrics Methodology subsection of the CCPA Information Collection and Sharing Notice, changed “I may revise this methodology for subsequent years depending on my subsequent experience” to “I may revise this methodology for later years depending on my subsequent experience.”
- December 6, 2021: In the preamble, changed “which summarizes recent modifications …” to “which summarizes recent changes …” In Comments, changed “either by being automatically “stripped” prior to publication or manually deleted by me” to “whether automatically “stripped” prior to publication or manually deleted by me” in the interests of grammar and revised the paragraph beginning “From time to time, …” to add an additional sentence: “Naturally, if you offer corrections and/or clarifications of my content, I will also take steps to verify that information and, if I deem it appropriate, incorporate the factual substance of such correction(s) and/or clarification(s) into the applicable content (and/or make a note for my future reference).” In Disclosure of Personally Identifying Information, updated the bullet point beginning “To appropriately credit someone” to change “themes/plugins” to “themes, plugins” and revised the bullet point on photos, images, and/or other media to change “may share photos, images, and/or other media and/or information about them …” to “may share photos, images, and/or other media (and/or related information) …” for greater clarity. In the February 10, 2020 entry below, fixed an erroneous reference to the “Comments and Personal Information” section (the correct name of that section is “Comments”). In Additional California Privacy Rights (CCPA), changed “The current CCPA regulations issued by California’s Office of the Attorney General stipulate …” to “The current CCPA regulations stipulate …” Inevitably tinkered with these revisions after initial publication.
- December 5, 2021: Throughout this page, removed the target=”_blank” property from certain hyperlinks and restored the rel=”noopener” attribute to the hyperlinks that still have that property. Also changed links with the rel=”noreferrer” attribute to rel=”noopener noreferrer” where they weren’t already set that way. (These adjustments pertain to certain technical matters that shouldn’t affect the functionality of those links.) In Definitions, revised the “Domain name and/or hostname” definition to change “publicly available” to “available to the public” and updated the “Administrative dashboard/backend” definition to change “public-facing” to “publicly visible/publicly accessible”. In Legal Bases for Collecting and Using Information, revised the “legitimate interest” bullet point to change “for example” to “e.g.” and set the examples in parentheses for stylistic consistency. In Categories of Information and Purposes for Collection, amended the “Advertising and other commercial purposes” bullet point to change “other writing/editing/writing consulting work” to “writing/editing/writing consulting work” for internal consistency. In Security Scans, changed “for malware and/or signs of other malicious activity” to “for malware and blocking suspicious and/or malicious activity”; changed “Some of these scans …” to “Some of these measures …” and changed “I may initiate additional manual scans and/or request that my web host’s technical support staff conduct a more thorough active scan to help me root out a possible security threat or troubleshoot a technical problem” to “I may manually initiate additional security measures and/or request that my web host’s technical support staff take additional steps to investigate and/or block security threats and/or suspicious activity.” Also changed several instances of the phrase “suspicious or malicious activity” to “suspicious and/or malicious activity” for internal consistency. In Embedded Content, updated the Font Awesome bullet point to change “public-facing” to “publicly visible/publicly accessible” and updated the WordPress.org bullet point to change “publicly accessible” to “publicly visible/publicly accessible” (for internal consistency). In Comments; Contact Forms; and Other Inquiries, Messages, and Support Requests, changed “comes from publicly available sources” to “comes from sources available to the public”. Also in Comments, changed “or because it contains information pertaining to my content or research” to “or because it contains information pertaining to my content and/or research”. Also in Contact Forms, changed “Contact Forms” to “contact or feedback form submissions”; changed “pertaining to my content” to “pertaining to my content, my writing/editing/writing consulting work, and/or my other creative endeavors”; changed “into the applicable content” to “into the applicable content, work, or creative endeavor(s)”; and changed “my content, and/or some related matter(s)” to “my content, my other creative endeavors, and/or some related matter(s)”. Also in Other Inquiries, Messages, and Support Requests, changed “information that pertains to my articles or other content” to “information that pertains to my content, writing/editing/writing/consulting work, and/or other creative endeavors” and changed “in connection with an article” to “in connection with an article I’m writing”. In Data in Submitted Images, changed “for use on this website (or for some related purpose)” to “for use on this website, in connection with my content and/or other creative endeavors, and/or for some related purpose(s)”; changed “making it publicly available” to “making it available to the public”; changed “Such information may come from a variety of publicly available and/or nonpublic sources” to “Such information may come from a variety of sources (which may include sources available to the public and/or nonpublic sources)”; changed “during the time it was publicly available” to “during the time it was available to the public”; changed “I publish on this website” to “I create and/or collect for publication on this website and/or for use in connection with my content and/or other creative endeavors”. In Data Related to Administrative Users, changed “it is not publicly visible” to “it is not normally publicly visible (unless the user makes it so)”. In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “other publicly available information or records” to “other information or records available to the public.” In the Information Gathering subsection of the Financial Transactions Policy, changed “may come from a variety of publicly available and/or nonpublic sources” to “may come from a variety of sources (which may include sources available to the public and/or nonpublic sources)”. In the Customer Service Information section of the Financial Transactions Policy, removed a reference to the Contact Form (since there currently isn’t one). In Information I Receive From Third Parties for Security Purposes, changed “from a variety of publicly available and/or nonpublic sources” to “from a variety of sources (which may include sources available to the public and/or nonpublic sources)”; changed “to identify and prevent malicious activity” to “to help identify and prevent malicious activity”; changed an instance of the phrase “suspicious or malicious activity” to “suspicious and/or malicious activity” for internal consistency; changed an instance of the phrase “suspicious or malicious activity” to “suspicious and/or malicious activity” for internal consistency; and changed “In many cases, such data is already publicly available” to “In many cases, such data is already available to the public.” In Other Information I Receive from Third-Party Sources, updated the second paragraph to replace everything after “about individuals who contact me” with the phrase “in addition to any information those individuals provide to me” (set off with a comma) to limit repetition; updated the paragraph regarding gathering additional information about images and/or other media to change “which may come from a variety of public and/or nonpublic sources” to “which may come from a variety of sources”; updated the subsequent paragraph about attribution information for license content to change “typically gather certain publicly available information about you …” to “may gather certain information about you, typically from sources already available to the public, …”; updated the paragraphs regarding hiring and/or professional partnerships and individuals or entities to which I contemplate providing services and/or licensing my content to change “from a variety of public and/or nonpublic third-party sources” to “from a variety of sources (which may include sources available to the public and/or nonpublic sources)”; updated the paragraph regarding vendors and/or service providers to change “obtain published works and/or other publicly available information and/or resources” to “obtain published works and/or other information and/or resources available to the public”; updated the paragraph beginning “Published works …” to change “other publicly available online content” to “other publicly accessible online content”; changed “may come from a variety of public and/or nonpublic third-party sources” (later in the same paragraph) to “may come from a variety of sources (which may include sources available to the public and/or nonpublic sources)”; and updated the paragraph regarding information related to my content to change “and/or other creative endeavors” to “and/or my other creative endeavors” and change “drawn from sources that were already publicly available” to “drawn from sources that are or were already available to the public”. Updated the paragraph regarding retention to change “possible future article or content” to “possible future content and/or creative endeavors”. Updated the final paragraph of that section to change “Obviously, information I gather for my articles and/or other content may be published and/or otherwise disclosed in that context; other, nonpublic information generally will not be except as otherwise described in …” to “Obviously, information I gather for my content, writing/editing/writing consulting work, and/or other creative endeavors may be published and/or otherwise disclosed in that context; other information not already available to the public generally will not be except as otherwise described in …” In Additional Information About Data Retention, changed “technical or legal questions” to “technical and/or legal questions”; changed “a site-related dispute or legal issue” to “site-related disputes and/or legal issues”; and changed “applicable law and/or regulation” to “applicable law and/or regulations” (the latter for internal consistency). In Information Captured by Service/Software/App/Device Telemetry, changed “If a service/app/software/device crashes …” to “If some service/app/software/device crashes …”; changed “including (but not limited to) taking snapshots …” to “which may include (without limitation) taking snapshots … In Disclosure of Personally Identifying Information, revised the bullet point regarding public acknowledgments of assistance, revised the bullet point regarding public acknowledgments of assistance to change “whether with the management of this website, my content, and/or some related matter(s)” to “whether with the management of this website, my content, my other creative endeavors, and/or some related matter(s)” for internal consistency. the bullet “If that information is or was already publicly available …” to “If that information is or was already otherwise available to the public …” Updated references throughout that section to useful articles to consistently say “useful article” rather than just “article” to avoid confusion. (“Useful article” is a legal term referring to utilitarian objects like articles of clothing, and thus is something quite different from, e.g., a news article.) Also changed “which examine the publicly accessible/visible portions of the website” to “which examine the publicly visible/publicly accessible portions of the website” (again for internal consistency) and updated the reference to calibre ebook management software to change “its code is open source and publicly available” to “its source is freely available for review” and adjusted which portions of that text are part of the anchor text for the link to the source code. Updated the paragraph beginning “Fourth …” to change “the publicly visible portions …” to “the publicly visible/publicly accessible portions …” for internal consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the paragraph beginning “Please note that …” to change “in connection with the articles and other content” to “in connection with the content” for wording consistency. In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, changed “Published and/or publicly available sources” to “Published works and/or other sources available to the public”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “information that otherwise is or was already publicly available” to “information that is or was already otherwise available to the public” and changed “If that information otherwise is or was already publicly available” to “If that information is or was already otherwise available to the public” and changed “share, discuss, and/or otherwise disseminate publicly available information, whether or not that information is offered through official government sources” to “share, discuss, and/or otherwise disseminate information that is or was already published and/or otherwise available to the public, whether or not such information is from official government records (the only type of “publicly available information” the CCPA acknowledges)”. Updated the subsequent bullet point regarding artwork, copies of published works, or other objects to change “such work, copy, article, or object” to “such work, copy, useful article, or object” for consistency with the related language in Disclosure of Personally Identifying Information. Later in that subsection, changed “Some information about my activities and/or data accessed on my systems and devices may be captured by the telemetry and/or other surveillance features of the software, apps, services, and devices I use” to “Some information about my activities and/or some portions of the data I access in connection with my business may be captured by the telemetry and/or other surveillance features of the software, apps, services, and/or devices I use” and changed “Although any of the above examples …” to “Although the above examples …” Inevitably tinkered with these revisions after initial publication.
- December 4, 2021: In Additional Information About Data Retention, changed “Information pertaining to my professional writing/editing/writing consulting work and/or other creative endeavors” to “Information pertaining to my content, my professional writing/editing/writing consulting work, and/or my other creative endeavors” (for the avoidance of doubt). Updated the bullet point on postal mail and/or physical documents to add language about data disks and/or other physical data storage media, splitting the second sentence into multiple sentences for clarity with this addition. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made some additional clarifications (most of them quite minor) to the language regarding business service providers. Inevitably tinkered with these revisions after initial publication.
- December 2, 2021: As a global change through this page and the Cookie Notice, updated certain hyperlinks to remove the rel=”noopener” attribute and replace the attribute rel=”noopener noreferrer” with rel=”noreferrer” (a purely technical change that shouldn’t affect the functionality of those links). In Definitions, revised the “Identifiers” definition to better integrate the recently added example about advertising IDs into the previous list. Updated the “Cookies and similar technologies” definition to adjust the wording of the trademark disclaimer for the informational links. In Cookies and Similar Technologies, changed “about the cookies the site may use” to “about the categories of cookies that may be used on this website”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “with certain types of information (e.g., real names, information about education and/or employment) technically falling into multiple categories” to “with certain types of information (e.g., real names, employment information) technically falling into multiple categories”. Revised the “Education information” category description to add a comma before “such as” and change “other personally identifiable information …” to “other nonpublic personally identifiable information …” In Additional California Privacy Rights (CCPA), fixed a hyperlink that was incorrectly pointing to a page on my Ate Up With Motor website rather than this one. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made a variety of clarifications and corrections, and rearranged certain portions of the text for more logical flow with the revisions. In the Cookie Notice, adjusted the wording of the trademark disclaimer for the informational links at the end of the Cookies and Similar Technologies section. Also revised the Categories of Cookies used section to clarify that it shouldn’t be regarded as an exhaustive list of specific cookies and better explain some of the reasons the cookies used may vary. Revised the paragraph beginning “The durations described below …” to further clarify why the listed cookie durations are approximate. Revised the December 1, 2021 entry below to change “the statutory definition of the latter category is actually referring …” to “the statutory definition of the latter category is probably referring …” (I’m still not entirely sure if I’m correctly understanding the intent of the CCPA’s statutory language about education information, whose wording is confusing.) Inevitably tinkered with these revisions after initial publication.
- December 1, 2021: In Definitions, updated the Identifiers definition to include language about advertising identifiers. Updated the Cookies and Similar Technologies definition to move the KnowCookies.com link to the end of the definition, add two additional informational links, and add a trademark disclaimer. In Cookies and Similar Technologies, changed “the Cookie Notice version(s)” to “the Cookie Notice version”. In Advertising, changed “such information-gathering and disclosure normally only involves my information, not that of other site visitors” to “such information-gathering normally only affects site administrators, not other site visitors.” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “In the last 12 months, I have collected …” to “I have collected and/or may collect …” (The listed categories include some types of information that I haven’t actually collected in the past 12 months, but have collected in the past and may collect in the future, and therefore will continue to list.) Moved the bullet point on information gathered through cookies and/or similar technologies from “Internet or similar network activity” to “Identifiers” and changed “gathered” to collected” (for purely aesthetic reasons, since this policy treats those terms synonymously). In “Categories of personal information described in California Civil Code Section 1798.80(e),” changed “Telephone numbers, FAX numbers, and/or other contact information” to “Telephone numbers (and/or fax numbers, which are not actually mentioned in the statute, but would seem to be reasonably encompassed by the category of telephone numbers)”. Added a similar parenthetical clarification to the bullet point regarding signatures (since the statute doesn’t actually mention digital signatures either). Also added “Education information” to the examples under that category. Under “Internet or similar network activity information,” deleted “Other potentially personally identifying information in electronic files and/or associated metadata” (which would really fall into one or more of the other listed categories) and revised the “Other information about …” bullet point to change “messages, and/or advertisements” to “advertisements, and/or messages”. Rearranged several of the examples under that category to put the bullet point on encryption public keys and/or similar security data immediately below “Email header information”. (I’m still not really sure how encryption public keys should be properly categorized, to the extent they could be considered personal information.) Replaced the previous “Nonpublic education information” category description with the following: “Education information such as (without limitation) transcripts, class lists, grades, and/or other personally identifiable information directly related to current and/or former students that is contained in education records maintained by an educational institution (and/or parties acting on its behalf)”. (I belatedly realized that the statutory definition of the latter category is probably referring specifically to education records maintained by schools and other educational institutions rather than to all education information.) Updated the Cookie Notice to move the KnowCookies.com link to the end of the Cookies and Similar Technologies section, add two additional informational links, and add a trademark disclaimer. Also removed an extra space. In the Categories of Cookies Used section, changed “the Cookie Notice version(s)” to “the Cookie Notice version”. Inevitably tinkered with these revisions after initial publication.
- November 30, 2021: In Information I Collect, changed “if and when you supply information …” to “if and when you provide information …” for wording consistency. In Definitions, replaced the link to AboutCookies.org with a link to KnowCookies.com (which has more up-to-date information on managing or deleting cookies in newer browsers). In Cookies and Similar Technologies, changed the phrase “shall govern” to “shall govern and control.” In Embedded Content, changed the reference to the WordPress.org Privacy Policy and Cookie Policy to read “To learn more about how the WordPress.org websites use the information they gather, see the WordPress.org Privacy Policy; for more information about their use of cookies, see their Cookie Policy.” (The actual policy links remain unchanged.) In Disclosure of Personally Identifying Information, changed “catalogs, repositories” (in the “Providers of other search engines and/or other research and/or reference tools, services, facilities, and/or resources” bullet point) to “catalogs, galleries, repositories” and changed “and/or bookstores and/or other retailers, vendors, merchants, resellers, marketplaces, auction services, distributors, and/or providers …” (later in the same bullet point) to “bookstores; and/or other retailers, vendors, merchants, resellers, marketplaces, auction services, distributors, manufacturers, publishers, developers, and/or other types of providers …” In Privacy Policy Changes, changed “Your continued use …” to “Your further use …” (This change reflects the current language in the Automattic Privacy Policy described in Credits and License for This Policy.) Corrected the November 26, 2021 entry below to remove an erroneous reference to the Your California Privacy Rights page (which this website doesn’t currently have). Inevitably tinkered with these revisions after initial publication. Updated the Cookie Notice to replace the link to AboutCookies.org with a link to KnowCookies.com; changed the phrase “shall govern” to “shall govern and control”; fixed a typo in Administrative and Login Cookies; and added another WordPress trademark notice to Browser Tests.
- November 29, 2021: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “with certain types of information (e.g., real names) technically falling into multiple categories” to “with certain types of information (e.g., real names, information about education and/or employment) technically falling into multiple categories”. Changed “Additional categories of personal information described in the California Customer Records statute (California Civil Code Section 1798.80(e))” to “Categories of personal information described in California Civil Code Section 1798.80(e)”. Corrected the reference to that category in the November 28, 2021 entry below (I went back and forth on the exact wording several times that day, and apparently forgot to update the Recent Revisions description to reflect what it eventually ended up as).
- November 28, 2021: Added a new section immediately before Additional Information About Data Retention: Combining Information From Multiple Sources. Renamed the California Do Not Track Disclosure section “California Do Not Track Disclosure (CalOPPA)” and updated the Table of Contents accordingly. In Information-Sharing Disclosures (Shine the Light Law), changed “California Civil Code Section 1798.83 et seq. (the “Shine the Light” law) …” to “California’s “Shine the Light” law (California Civil Code Section 1798.83 et seq.) …” (again for clarity). In Additional California Privacy Rights (CCPA), added the parenthetical phrase “(California Civil Codec Section 1798.100 et. seq.)” after the phrase “the California Consumer Privacy Act of 2018 (CCPA)” (mostly for consistency). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “described in the California Customer Records statute, California Civil Code Section 1798.80(e)” to “described in the California Customer Records statute (California Civil Code Section 1798.80(e))” (mostly for consistency). Moved the bullet point on “Telephone numbers, FAX numbers, and/or other contact information” to “Additional categories of personal information”. Split the “Records of financial transactions” bullet point, which had been listed under “Commercial information,” between that category and “Additional categories of personal information” (moving the portion about financial account information to the latter). Renamed the “Financial information” bullet point in the latter category “Other financial information” for clarity. Revised the “Geolocation data” bullet point to fix an errant use of “us” rather than “me” (another error introduced during the revisions of November 26, 2021). Fixed a formatting issue and reordered the categories to put them back in the order they were in prior to the changes made on November 26, 2021. (If anyone is wondering the reasons for this shuffling, it’s that while the categories are defined by law, it’s not entirely clear if they have to be listed in that specific order, which isn’t necessarily the most logical one for my purposes; on further reflection, I decided not to chance it.) Made some wording changes to Privacy Policy Changes, adding a recommendation that you regularly review this page for changes and rearranging and revising some text for clarity. Inevitably tinkered with these revisions after initial publication.
- November 27, 2021: In Notice to Parents Regarding Children Under 18; Not for Children, changed “If you have questions, if you are a parent …” to just “If you are a parent …” for greater clarity. In Financial Transactions Policy, updated the second paragraph to add “(but without limitation) after “For example”. In Other Information I Receive From Third Parties, updated the paragraph regarding social media platforms to change “such as (without limitation) summaries of how many people have viewed or otherwise interacted with a specific post” to “such as (again without limitation) summaries of how many people have viewed or otherwise interacted with a specific post.” In Disclosure of Personally Identifying Information, amended the paragraph on photos, images, and/or other media to change “in hopes of identifying the other people shown” to “in hopes of identifying other people visible and/or audible in that video” for greater clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the “Biometric information” category to fix some inadvertent uses of “us” and “our” rather than “me” and “my” (which accidentally occurred during the revisions made on November 26, 2021). Further updated the recently added bullet point beginning “Information about an individual or household’s interactions with government agencies …” (under “Other types of personal information”) to change “(e.g., information regarding official reports, filings, disclosures, hearings, audits, and/or complaints)” to “(e.g., information regarding an individual or household’s tax returns; other legally required filings, reports, registrations, and/or disclosures; and/or involvement in official inspections, audits, investigations, proceedings, hearings, and/or complaints, of whatever type(s) and/or nature(s))”. Also changed “If you have questions, if you are a parent …” to just “If you are a parent …” for internal consistency. In Privacy Policy Changes, added a sentence indicating that any changes will be summarized in the Recent Revisions section and that I may provide additional notice in other ways. Also changed “is shown near …” to “will be shown near …” Inevitably tinkered with these revisions after initial publication.
- November 26, 2021: In Other Information I Receive from Third-Party Sources, revised the paragraph on sources to add “designers”; “architects”; “developers”; “editors”; and “publishers” to the examples, change “illustrators and/or other artists” to just “artists,” and rearrange a few of the listed examples. In California Do Not Track Disclosure , added an explanatory sentence: “(California residents are entitled to this disclosure under California Business and Professions Code Section 22575(b)(5).)” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, reordered the categories of personal information to put them in a more logical sequence. Updated the first bullet point under “Identifiers” to change “pseudonyms/aliases …” to “pseudonyms, aliases …” Combined the bullet points on “Telephone numbers (and/or FAX numbers)” and “Other contact information” into a single bullet point (“Telephone numbers, FAX numbers, and/or other contact information”) and moved them from “Additional categories of personal information” to “Identifiers”. Deleted the bullet point on “Information collected through cookies and/or similar technologies” under “Identifiers” (since it’s listed under “Internet or similar network activity information”). Moved the bullet points about encryption keys and potentially personally identifying information in electronic files to “Internet or similar network activity”. Moved the bullet point beginning “Records of financial transactions with me …” from “Additional categories of personal information …” to “Commercial information.” Moved the bullet points about gifts, donations, charitable contributions, and/or political contributions; licenses and/or permits; and employees, independent contractors, etc. (from “Other types of personal information”) to “Commercial information”. Deleted the bullet point on “Skills, aptitudes, abilities, and/or intelligence” (under “Professional or employment-related information”), since those fall more into the category of “Inferences” (listed separately). Revised the bullet point on “Information about an individual or household’s interactions with government agencies, departments, organizations, and/or entities of whatever type(s) and/or level(s), whether within the U.S., in other countries, or both” (under “Professional or employment-related information”) to change “is an officer of …” to “is an officer or trustee of …” Amended the bullet point beginning “Publishing histories/bibliographies/discographies …” (under “Professional or employment-related information”) to revise some of the examples, mostly for internal consistency. In the “Additional categories of personal information …” category, changed “as defined in …” to “described in …” Changed “Other physical characteristics …” to “Physical characteristics …” Changed “Other financial information …” to “Financial information …” Revised the bullet point on specific vehicles to add the parenthetical phrase “(irrespective of their actual ownership)” to better explain the intent. (My automotive writing and research frequently involve observing and/or otherwise collecting information about specific vehicles without necessarily knowing to whom they actually belong!) Added a bullet point under “Other types of personal information”: “Information about an individual or household’s interactions with government agencies, departments, organizations, and/or entities of whatever type(s) and/or level(s), whether within the U.S., in other countries, or both (e.g., information regarding official reports, filings, disclosures, hearings, audits, and/or complaints)”. Amended the “Inferences” category to change “estimation of an individual’s personality, character, aptitudes and/or deficiencies, predispositions, motives, motivations, and/or likely behavior, and/or their suitability for a particular job, assignment, or professional role” to “estimation of an individual’s personality, character, intelligence, abilities, aptitudes and/or deficiencies, attitudes, preferences, predispositions, motives, motivations, psychological trends, and/or behavior, and/or their suitability for a particular job, assignment, or professional role”. Deleted the bullet point beginning “Other types of personal information, and/or other types of data …” and replaced it with “Other types of information and/or data that could potentially be deemed personal information, but that do not readily fit into any of the above-listed categories” (listing this as a separate category after the others). Reordered some of the remaining bullet points under “Other types of personal information”. In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point beginning “Subject matter experts …” for consistency with the updated examples in Other Information I Receive from Third-Party Sources. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “Most payments I receive are processed by my bank(s) and/or other financial institution(s) and the applicable payment processor(s), if any” to “Most payments I receive are processed by the applicable bank(s) and/or other financial institution(s), and in some cases also by other applicable third-party service providers (e.g., payment processors and/or electronic funds transfer services).” As a global change, replaced various instances of the section symbol (§) with the word “Section” (except in older entries in this Recent Revisions list) for clarity and internal consistency. Inevitably tinkered with these revisions after initial publication.
- November 25, 2021: In Information I Collect, changed “information on you” to “information about you”. In Embedded Content, changed “includes more information on the cookies …” to “includes more information about the cookies …” In Disclosure of Personally Identifying Information, changed “for more information on this issue as it relates …” to “for more information about this issue as it relates …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a bullet point under “Other types of personal information”: “Information about an individual being featured, portrayed, depicted, represented, and/or mentioned in and/or otherwise incorporated into one or more creative works, literary works, and/or performances (of whatever type(s) and/or medium(s)), and/or having been the basis of and/or inspiration for such work(s) and/or performance(s) and/or elements thereof”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph beginning “The CCPA definitions are so expansive that …” to change “a disclosure for commercial purposes may be deemed “selling” personal information even if it does not constitute a sale as most people understand that term” to “a disclosure for which any of the parties involved receives any “valuable consideration” may be deemed “selling” personal information even if it does not constitute a sale as most people understand that term (and even if no money changes hands).” In the Cookie Notice, made some wording changes to the Administrative and Login Cookies section to reference other user agents rather than just browsers. (I can’t think offhand how someone could access the administrative dashboard from a user agent other than a browser, but there may be scenarios where it’s possible.) Also made a few minor wording adjustments to the PayPal® Buttons section. I also had to rebuild all the cookie categories in the bottom banner, which had somehow been deleted. Inevitably tinkered with these changes after initial publication.
- November 23, 2021: In Disclosure of Personally Identifying Information, revised the paragraph beginning “In general …” to change “almost any disclosure for which either party receives any “valuable consideration” whatsoever” to “almost any disclosure for which any of the parties involved receives any “valuable consideration” whatsoever”. In the subsequent paragraph about business transfers, changed “the CCPA apparently does not regard as a sale for the purposes of that law” to “the CCPA does not necessarily regard as a “sale” of personal information for the purposes of that law” for clarity. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, revised the paragraph beginning “As noted in …” to change “the CCPA apparently does NOT regard transfers of personal information” to “the CCPA does not necessarily regard transfers of personal information” and changed “for purposes of the law” to “for the purposes of that law” for internal consistency. Later in the same paragraph, changed the phrase “California’s attorney general and courts” to “the state and the courts”. Inevitably tinkered with these changes after initial publication.
- November 22, 2021: In Disclosure of Personally Identifying Information, revised the paragraph beginning “In general …” to change “virtually any disclosure in which any party has any financial stake whatsoever” to “almost any disclosure for which either party receives any “valuable consideration” whatsoever”. In Additional California Privacy Rights (CCPA), amended the first item on the numbered list (regarding “The Right to Know”) to change “the right to request …” to “the right to request to know …” In the first subordinate item under that one (beginning “The categories and/or specific pieces of personal information …”), deleted the phrase “in the preceding 12 months”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on “Information about other professional relationships” (under “Professional or employment-related information”) to add “preceptor/preceptee relationships; relationships with students, interns, trainees, and/or apprentices” to the parenthetical examples.
- November 20, 2021: In Legal Bases for Collecting and Using Information, changed “If you are in an area …” to “If you are located in a part of the world &hellip” and changed “from within the European Economic Area (EEA) may be used, stored, and/or accessed by individuals operating outside the EEA …” to “may be used, stored, and/or accessed by individuals operating outside your home country and/or the European Economic Area …” In Disclosure of Personally Identifying Information, updated the reference to the CDex audio utility to delete the phrase “open source” (which may no longer be accurate). Also added the fre:ac audio converter to the listed examples in that same bullet point. In Your Rights (GDPR and Other National or State Privacy Laws), changed “For example, the rights provided by the EU GDPR and UK GDPR include the rights to:” to “For example, if you are located in a region that falls under the scope of the EU GDPR or the UK GDPR, your rights with respect to your personal data include, subject to any exemptions provided by applicable law, the rights to:” (Both versions are adapted from the language in the current Automattic Privacy Policy described in Credits and License for This Policy, to which I decided to hew a bit more closely.) In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “The fact that I collected and/or inferred certain information does not necessarily mean that I still retain it …” to “The fact that I collected and/or inferred certain information about a given individual or household does not necessarily mean that I still retain that information, or that I have any practical way to associate the different categories and/or specific pieces of information I may have collected …” for greater clarity.
- November 19, 2021: In Embedded Content, updated the Twitter trademark notice. In Disclosure of Personally Identifying Information, updated the reference to restaurants and other food services to change “(if I use and/or arrange such services in the course of my business)” to “(if I dine out, order and/or arrange meals, and/or otherwise use and/or arrange such services in the course of my business)” for greater clarity. In Controller/Responsible Party, Questions, and How to Reach Me, revised the beginning of the first sentence to read “The controller responsible for processing personal data I collect through and/or in connection with this website (the “responsible party,” for jurisdictions that use that term) is …” for consistency with the preamble wording. Inevitably tinkered with these revisions after initial publication.
- November 17, 2021: In Definitions, updated the definition of “Protected classifications” to change “such as (without limitation) race, religion, gender, or medical conditions” to “such as (though not limited to) race, religion, gender, medical condition, and/or disability.” In Legal Bases for Collecting and Using Information, updated the bullet-pointed list to change each instance of “or” to “and/or” for wording consistency. In Categories of Information and Purposes for Collection, updated the bullet point on “Providing services” to change “perform some action” to “perform some action(s)”; updated the bullet point on “Fulfilling a contractual obligation” to change “contractual agreements, whether with you or with a third party” to “contractual agreements, whether with you, with some third party or parties, or both”; and updated the bullet point on “Legal compliance or audit” to change “subpoenas or other court orders” to “subpoenas and/or other court orders”. In Disclosure of Personally Identifying Information, updated the reference to the phpMyAdmin tool to change “but its source code …” to “but the tool’s source code …” for clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on “Race, color, ancestry, national origin, citizenship, and/or residency” (under “Characteristics of classifications protected by law”) to change “residency” to “residency status” for clarity. Also changed “Information about children (such as (without limitation) the number of children and/or their names, ages, and/or genders) and/or other family members” to “Information about familial status and/or children (e.g., the number of children and/or their names, ages, and/or genders)” and reordered several of the bullet points in that category. Revised the bullet point on certifications and/or licenses (under “Professional or employment-related information”) to read “Professional and/or business certification(s), license(s), and/or permit(s)”. Revised the bullet point about permits and/or licenses (under “Other types of personal information”) to change “permits and/or licenses” to “permit(s) and/or license(s)” and delete the comma before “other than …” Changed the bullet point “Information about other household members (e.g., roommates) and/or pets” (under “Other types of personal information”) to read “Information about other members of an individual’s family (other than spouse/partner or children), other members of a given household (e.g., roommates), and/or pets” and rearranged the order of that bullet point within that category. Inevitably tinkered with these revisions after initial publication.
- November 16, 2021: In Notice to Parents Regarding Children Under 18; Not for Children, changed “the site’s administrative email address(es)” to “the site’s administrative email address” for grammatical consistency. In Definitions, updated the “User(s) and visitor(s)” definition to fix a typographical error (duplicate quotation mark). In the last paragraph of Cookies and Similar Technologies, made some minor wording adjustments for internal consistency. In Website Server, Error, and Security Logs, changed “(e.g., the login credentials for FTP folder(s) associated with this website) to “(e.g., login credentials for FTP folder(s) associated with this website)” and changed “the routine operation of the website and its related systems” to “the routine operations of the website and its related systems”. Also changed “web host owns the servers” to “web host, DreamHost®, controls the servers”; changed “my service agreement prohibits me from tampering with the logs or other normal functions of the DreamHost servers” to “I am not permitted to tamper or interfere with the normal functions of DreamHost servers or other systems”; changed “on any server they own” to “on any server or other system they control”; and changed “for security and/or troubleshooting purposes” to “for purposes such as troubleshooting and/or security.” In Security Scans, updated the second paragraph to name the web host and add a trademark notice. Also updated the paragraph on data retention to add links to the DreamHost Privacy Policy and Customer EU Data Processing Addendum. In Data Related to Administrative Users, made a number of clarifications and wording adjustments. In Additional Information About Data Retention, changed “Other activity history on third-party sites and/or services” to “Other activity history on third-party websites and/or services” and changed “third-party sites and/or services” to “third-party websites and/or services” in the text of that bullet point. Also changed one instance of “Third-party …” to “Such third-party …” In Disclosure of Personally Identifying Information, updated the reference to DreamHost to also reiterate that they have access to most data and/or files on any server or other system they control and make some minor formatting adjustments. Also updated certain other references in that section to services DreamHost administers to change “provides the tool and owns and operates the servers” to “administers the tool and controls the servers” and change “operates the client and the mail servers …” to “administers the client and controls the mail servers …” for internal consistency. Updated the reference to 7-Zip software to better describe what it is. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point on “Network, shared device, and/or online service information” (under “Internet or similar network activity information”) to rename it “Network, shared device, online service, and/or online access information”; reorder some of the parenthetical examples; and add “other authentication and/or security information” to the listed examples. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated a reference to DreamHost to change “owns the web servers” to “controls the web servers” (again for consistency). In the preamble of the Cookie Notice, changed “websites and/or services” to “websites or services”; changed “third-party sites and/or services” to “third-party websites or services”; and changed “sites and/or services'” to “sites or services'” for wording consistency. Updated the November 15, 2021 entry in this Recent Revisions list to remove the anchor link to the “Data Related to Administrative Users” section. (The link is still present in the applicable text, but I removed it here to avoid confusion and formatting issues.) In the same entry, also fixed an erroneous use of “us” and “we” rather than “me” and “I” (which was correct in the text to which the entry referred, but not in the summary here). Inevitably tinkered with these revisions after initial publication.
- November 15, 2021: In Notice to Parents Regarding Children Under 18; Not for Children, changed “the administrator email” to “the site’s administrative email address(es)” for clarity. In Definitions, updated the “User(s) and visitor(s)” definition to add: “This policy sometimes also refers to administrative user(s) (or site administrator(s) — these terms are used synonymously), which refers to me and/or any other users I have specifically authorized to access and manage the website’s various administrative functions; see “Data Related to Administrative Users” below.” Updated the “Administrative dashboard/backend” definition to delete the phrase “(meaning me!”)” and correct “administrator backend” (a typographical error) to “administrative backend”. Also deleted the interjection “meaning me” in Advertising, replacing it with a comma. In Website Server, Error, and Security Logs, changed “email alerts that are sent to me as the site administrator” to just “email alerts to the site administrator”. In Security Scans, changed “email alerts to me as the site administrator” to “email alerts to the site administrator” for consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point on “Network, shared device, and/or online service information” (under “Internet or similar network activity information”) to change “passwords/login credentials” to “passwords and/or other login credentials”. Also revised the bullet point on inferences to change “Inferences I draw from other personal information, …” to “Inferences I make, …” and revise and expand the examples the examples as follows: “such as (without limitation) my estimation of an individual’s personality, character, aptitudes and/or deficiencies, predispositions, motives, motivations, and/or likely behavior, and/or their suitability for a particular job, assignment, or professional role”. Updated the Browser Tests section of the Cookie Notice to change “Cookies that store the results of such browser tests typically expire when you close your browser” to “Cookies that store the results of such tests typically expire when you close your browser (or other user agent)” for internal consistency. Inevitably tinkered with these revisions after initial publication.
- November 13, 2021: In Definitions, further updated the “IP address” definition to change “(although there are occasional exceptions)” to “(although there are some exceptions)”. In Website Server, Error, and Security Logs, updated the sentence beginning “Certain security-related log data …” to put the example in parentheses rather than set off with commas. In the Information Sharing subsection of the Financial Transactions Policy, changed “shipping records (if any)” to “shipping and/or delivery information (if any)” and changed “related tax documents” to “relevant tax information and/or tax documents” for greater clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point on information about specific vehicles (under “Other types of personal information”) to change “(e.g., vehicle registration dates)” to “(e.g., vehicle registration numbers and/or registration dates)”.
- November 12, 2021: In Contact Forms and Reports and Aggregate Statistics, changed “publish de-identified aggregate information about requests” to “publish aggregate information about requests”. Tinkered with these revisions after initial publication.
- November 11, 2021: In Definitions, updated the “IP address” definition to change “An IP address typically reveals the Internet service provider or mobile carrier the device is using” to “An IP address usually has an associated “hostname,” which is a type of domain name (defined below) that identifies a specific device connected to the Internet. A visitor/user’s hostname is typically a combination of their IP address and the name of a server, network node, or data center of the Internet service provider mobile carrier, or other network provider that provides that IP address; mechanisms that collect, use, and/or share visitor/user IP addresses generally also collect, use, and/or share the associated hostnames, if any (although there are occasional exceptions).” Changed the following sentence to “A given device’s IP address may change periodically (especially if the device is configured to use “dynamic” IP addresses assigned by the Internet service provider or mobile carrier, and/or if the device is used with several different Internet service providers/mobile carriers).” Renamed the “Domain name” definition “Domain name and/or hostname”; deleted the sentence “Most websites have a domain name, as do nearly all email addresses” (which was probably redundant); and replaced the next two sentences with the following: “A domain name is usually associated with one or more IP addresses. When you access an online resource by its domain name, your device first connects to a Domain Name System (DNS) server, which is an online directory that contains the IP addresses associated with domain names, to look up the appropriate IP address so your device can connect to it. Certain domain names, known as “hostnames,” identify specific devices connected to the Internet and/or other network(s). (Websites and online services may use multiple servers, sometimes located in different places, and thus may have multiple hostnames.) When you access the Internet, your hostname — which the websites and online services you visit and/or use can usually see — is typically a combination of your IP address and the name of a server, network node, or data center of the Internet service provider, mobile carrier, or other network provider you’re currently using.” Also changed “Domain name ownership must be …” to “The ownership of an Internet domain name must be …” As a global change, changed all instances of “domain name system” to “Domain Name System” throughout this page. As an additional global change, updated the various “Categories of information gathered” bullet points to change “domain names” to “domain names and/or hostnames” (with or without the asterisk, as appropriate). As an additional global change, updated various references throughout this page to IP address(es) to also reference hostname(s). As a further global change, changed various instances throughout this page of the word “aggregated” to “aggregate” where grammatically appropriate, including (though not limited to) renaming the Reports and Aggregated Statistics section “Reports and Aggregate Statistics” and updating the Table of Contents accordingly. In Certificate Authority Checks, added “domain names and/or hostnames” to the listed categories of information gathered. (This isn’t actually new, it’s just an effort to more accurately describe how information is gathered in these contexts, some of which I only poorly understand.) In Advertising, fixed a grammatical error (improper subject/verb agreement). In Contact Forms and Reports and Aggregate Statistics, changed the phrases “publish de-identified and/or aggregate information” and “publish aggregated, de-identified information and/or statistics” to “publish de-identified aggregate information” for wording consistency. In Information I Receive from Third Parties for Security Purposes, changed “domain names” to “domain names and/or hostnames”; changed “certain IP addresses and/or domain names” to “certain IP addresses, domain names, and/or hostnames”; and changed “certain email addresses or domain names” to “certain email addresses, domain names, and/or hostnames”. In Additional Information About Data Retention, changed “Names and/or company/domain names …” to “Names (including, though not limited to, business names, product names, and/or domain names)”. In Disclosure of Personally Identifying Information, changed “To publish your submitted comments” to “To publish and/or respond to your submitted comments” (which is a better summation). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point regarding “Network, shared device, and/or online service information” (under “Internet or similar network activity information”) to add “domain names and/or hostnames” to the parenthetical examples. (These would of course fall under the broader category of “names,” already listed.) Added another bullet point under that category: “Information about domain name registration(s)”. Also updated the final bullet point in that category to add “networks” immediately before “websites” (to be as comprehensive as possible). Updated the “Geolocation data” category to change “(e.g., from an IP address, hostname, telephone area code, and/or GPS coordinates)” to “(e.g., an IP address, a hostname, a telephone area code, and/or GPS coordinates)” for better grammar. Updated the final bullet point under “Professional or employment-related information” to read “Other information about an individual’s current, past, and/or prospective work, vocation, profession, trade, business, professional services, products, and/or other commercial endeavors (including, though not limited to, information about job search activity and/or marketing, advertising, and/or promotional efforts related to such work, vocation, profession, trade, business, professional services, products, and/or other commercial endeavors)”. Updated the bullet point on information about specific vehicles (under “Other types of personal information”) to add “and/or” before “related information” and change “characteristics or details” to “characteristics and/or details”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the paragraph about embedded content providers to change “(e.g., which web browser you use)” to “(e.g., which web browser you use and/or which provider you’re using to connect to the Internet)” and change “YouTube is owned &helllip;” to “The YouTube platform is owned …” Inevitably tinkered with these revisions after initial publication, including (though not limited to) tidying up some editorial errors in the earlier iterations.
- November 10, 2021: In Disclosure of Personally Identifying Information and the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on information I am legally required to disclose to change the phrase “applicable law or regulation” to “applicable laws and/or regulations” for internal consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the last bullet point under “Internet or similar network activity information” to change “but not limited to” to “though not limited to”. In the bullet point beginning “Information about an individual or household’s employees, independent contractors, interns, agents or other authorized representatives, and/or service providers …” (under “Other types of personal information”), changed “agents or …” to “agents and/or …”; changed “assistant and/or secretary” to “assistant(s), secretary or secretaries”; added “household staff” and “real estate agent(s) and/or estate agent(s)” to the listed examples; and added the word “of whatever type(s)” after “professional service providers”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, also changed “for money or other valuable consideration” to “for money and/or other valuable consideration”.
- November 9, 2021: In Credits and License for This Policy, made a few wording changes for greater clarity. Also updated the Cookie Notice to make the license language a bit less awkward and capitalize the word “Definitions” in the preamble. In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “accounting/bookkeeping” to “bookkeeping, accounting”. In the Information Sharing subsection, changed “accountant/bookkeeper(s)” to “bookkeeper(s), accountant(s)”. In Transaction-Related Information I Receive from Third Parties, changed “accounting/bookkeeping” to “bookkeeping, accounting” for consistency. Also changed “wire transfer and/or funds transfer service(s) to “money transfer or electronic funds transfer service(s)” and changed “and/or services” to “and/or service(s)” (again for internal consistency). In Other Information I Receive from Third-Party Sources, changed “someone’s accountant(s) and/or tax preparer(s)” to “someone’s bookkeeper(s), accountant(s), and/or tax preparer(s)” (for consistency). In Disclosure of Personally Identifying Information, updated the bullet point on employees, independent contractors, interns, agents, and/or business partners” to add “bookkeeping” to the parenthetical examples. Also changed “other wire transfer and/or funds transfer services” to “other money transfer and/or electronic funds transfer service(s)” (for internal consistency). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point regarding “Information about an individual or household’s employees, independent contractors, interns, agents or other authorized representatives, and/or service providers” (under “Other types of personal information”) to add “bookkeeper(s)” to the parenthetical examples. Inevitably tinkered with these revisions after initial publication.
- November 8, 2021: In Notice to Parents Regarding Children Under 18; Not for Children, updated the first sentence to read “This website is not intended for or directed to children, and should not be used or accessed by children under 18.” In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, added “your applicable taxpayer identification number” to the examples in the first paragraph. Also changed “(e.g., a wire transfer or other funds transfer service)” to “(e.g., a money transfer or electronic funds transfer service)” and changed “will be collected and processed …” to “may be collected and processed …” In the Acceptable Payment Types subsection, updated the second paragraph to add electronic funds transfers to the acceptable payment types; added a note that I do not accept cryptocurrency payments of any kind; and added a final paragraph noting that U.S. law requires that certain large transactions or related transactions paid in cash or cash equivalents be promptly reported to to the appropriate federal agency or agencies. (I went back and forth repeatedly on how exactly to word these additions.) In the Currency subsection, added a note that the obligation to report certain large transactions paid with cash or cash equivalents also applies to payments involving non-U.S. currency or currencies. In Other Information I Receive from Third-Party Sources, updated the paragraph on social media platforms to add the phrase “(again without limitation)” after “In particular”. In Disclosure of Personally Identifying Information, further amended the trademark notice for Wikimedia Foundation projects and changed “electronic signature and/or agreement services” to “electronic signature, agreement, and/or time stamping authority services”. Also in Disclosure of Personally Identifying Information and in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on information I am required by law to disclose to add “as part of and/or in connection with a customs inspection” to the listed examples (for consistency with the recent addition to the Information Sharing subsection of the Financial Transactions Policy). In the Information Shared for Business or Commercial Purposes bullet, also changed “cannot reasonably anticipate” to “cannot reasonably anticipate or enumerate here”. At the beginning of Your California Privacy Rights, added a one-sentence paragraph explaining what the section contains, in the interests of greater clarity. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “taxpayer ID numbers” (under “Identifiers”) to “taxpayer identification numbers” for internal consistency. Inevitably tinkered with these revisions after initial publication (including fixing some minor errors in this entry in the Recent Revisions list).
- November 7, 2021: Throughout this page and the Cookie Notice, added parenthetical phrases such as “(without limitation)”; “(though not necessarily limited to)”; “(but not necessarily limited to)”; or “(again without limitation)” after various instances of the phrase “such as” where such qualifiers weren’t already present. Also changed various instances of “such as” (including some that did have qualifiers like “(without limitation)”) to “e.g.,” setting off the applicable text with commas and/or in parentheses as grammatically appropriate and changed a few instances of the words “and” and “or” to “and/or” in the interests of greater wording consistency. In Definitions, updated the definition of “Websites/URLs” to change “a URL such as your social media profile or online resume/CV” to “the URLs of your social media profile(s), online resume/CV, and/or other such web page(s)”. Updated the “Cookies and similar technologies” definition to also mention other user agents in addition to and/or in place of references to “devices.” In Cookies and Similar Technologies, changed “Some are placed on your device/browser automatically …” to “Some are placed automatically …” In Certificate Authority Checks, changed “your web browser” to “your browser (or other user agent)” In Browser Tests, changed “current browser session” to “current session” and revised the text to mention other user agents as well as browsers and change “(Different browsers, and even different versions of the same browser, may handle certain content in different ways, which can create problems if content is not correctly tailored for that browser.)” to “(Different user agents — even different versions of the same browser or other user agent — may handle certain content in different ways, which can create problems if content is not correctly tailored for that particular user agent.)” In Embedded Content, changed “special: other browser settings/configuration details/add-ons*” to “special: other browser/user agent settings/configuration details/add-ons*”; changed “your browser’s settings (e.g., your time zone and/or preferred language settings)” to “your browser or user agent settings (e.g., your time zone and/or preferred language settings)”; and changed “if you visit the website from a different device or browser” to “if you visit the website using a different device, browser, or other user agent”. Also added “(or other user agent)” after “browser” where it wasn’t already included; changed of “your browser’s web storage” to “your browser or other user agent’s web storage”; and changed several instances of “browsers” to “browsers (or other user agents)” for consistency. In Consents and Agreements, changed “on your device/browser” to “in your browser (or other user agent)” and “your individual browser settings” to “your browser (or other user agent) settings” for consistency. In Age Verification, changed “on your device/browser” to “in your browser (or other user agent)”. In Comments, updated the paragraph about saving your name, email, and URL to change references to your “device” and “browser” to also refer to other user agents, making some minor wording adjustments to accommodate the additions. In Other Inquiries, Messages, and Support Requests, fixed a punctuation error (unclosed parentheses). In Data Related to Recruitment/Hiring/Employment or Business Partnerships, updated the paragraph on retention to change “receive through third parties such as staffing agencies/employment agencies, and/or …” to “receive through third parties such as (without limitation) staffing agencies/employment agencies, and/or …” In the Information Sharing subsection of the Financial Transactions Policy, updated the “As otherwise required by law” bullet point to change “to comply with applicable government reporting or disclosure requirements, such as customs inspections; …” to “to comply with applicable government reporting or disclosure requirements; as part of and/or in connection with a customs inspection; …” In Disclosure of Personally Identifying Information, updated the bullet point on photographs, images, and/or other media to change “(and/or information such as their car’s license plate number)” to “(and/or information about them, e.g., their car’s license plate number)” and changed “might send those photos and/or information such as the car’s description and/or license plate number to the event organizers” to “might send those photos and/or information about them — e.g., the pictured car’s description and/or license plate number — to the event organizers”. Also changed “how companies such as search engines or social media platforms use data they may gather through their services” to “search engines, social media platforms, or other such service providers use data they may gather through their services.” In Additional California Privacy Rights (CCPA), changed “do not technically meet any of the applicability thresholds …” to just “do not meet any of the applicability thresholds …” In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “what web browser you use” to “which web browser you use” and changed “disposing of personal property such as our copies of published books, magazines, newspapers, CDs, and/or DVDs” to “disposing of our copies of published books, magazines, newspapers, CDs, DVDs, and/or other such personal property”. In the Cookie Notice, updated the Cookies and Similar Technologies section to match the revised “Cookies and similar technologies” text in Definitions. Updated How This Website Uses Cookies and Similar Technologies to change “on your browser” to “on your browser (or other user agent)”; change “You are free to use your browser and/or browser add-ons to block or remove …” to “You are free to use your browser or user agent’s settings and/or add-ons to block or remove …”; and update the last sentence to mention other user agents as well as browsers and devices. Updated Categories of Cookies Used to also reference other user agents as well as web browsers and add a parenthetical note that persistent cookies are sometimes called “permanent cookies” (although most aren’t actually permanent). Updated the various individual cookie sections (and the Browser Tests section) to mention other user agents as well as browsers, making a number of minor wording adjustments for clarity with these additions. In the YouTube Videos section, changed “providing certain functionality such as allowing you to stop and restart a video without losing your place” to “providing certain functionality (e.g., allowing you to pause a video at a particular point)” for internal consistency. Tinkered with these revisions after initial publication.
- November 6, 2021: In Categories of Information and Purposes for Collection, updated the “Legal compliance or audit” bullet point to change “to answer subpoenas or other court orders” to “to respond to subpoenas or other court orders” for wording consistency. In Embedded Content, updated the YouTube and Vimeo bullet points to note that embedded video players may use IP addresses, geolocation data, and/or other information to determine whether or not you can view a specific video (e.g., one that’s unavailable in certain locales). In the Information Sharing subsection of the Financial Transactions Policy, changed “subpoena or court order” to “subpoena or other court order” (mostly for consistency, and because a subpoena is technically a type of court order). In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated two of the bullet points under “Commercial information” to add the word “scores” to the bullet point about sports, games, hobbies, and/or other pastimes (where it more logically belongs) and delete that word from the subsequent bullet point on sweepstakes, lotteries, raffles, and games of chance or skill (where it doesn’t make as much sense). Also revised the bullet point on “Authorship, other credits, and/or rights holder information” (under “Professional or employment-related information”) to change “creative works” to “creative works, literary works, journalistic works, scientific works” and changed “other types of intellectual property such as …” to “other types of intellectual property, such as (though not necessarily limited to) …” (mostly for the avoidance of doubt; the listed examples should give a reasonable sense of the broad intended scope of this bullet point!). Updated the Cookie Notice to make a minor clarification to the Privacy and Cookie Preferences section, changing “unless they access the publicly visible portions of the website” to “unless they access the publicly visible portions of the website and/or update their consent settings — e.g., by accepting an updated version of the Privacy Policy.” Also amended the Administrative and Login Cookies section to change “two-factor authentication” to “multi-factor authentication” for consistency with the Privacy Policy and clarify the language regarding the related cookie, changing “that verifies that the user has entered a valid authentication code” to “that verifies that the user has entered valid user credentials pending receipt of the proper authentication code”. Inevitably tinkered with these revisions after initial publication.
- November 5, 2021: In Other Inquiries, Messages, and Support Requests, made some minor clarifications to the wording of the paragraph regarding messages exchanged via third-party sites or services. Inevitably tinkered with these revisions after initial publication. In Disclosure of Personally Identifying Information, revised the bullet point on contractual obligations to insert additional instances of the parenthetical phrases “(but without limitation)” and “(again without limitation)” for emphasis. (The bullet point already clearly stated that the examples presented are intended to be representative, not exhaustive, but I want no ambiguity about that.) Also updated the subsequent bullet point about disclosures to protect property, rights, security, and/or safety to add “(again without limitation)” after “Additionally” for the same reason.
- November 4, 2021: In Information Captured by Service/Software/App/Device Telemetry, changed “with current versions of reCAPTCHA …” to “with recent versions of the reCAPTCHA service …” In Disclosure of Personally Identifying Information, updated the reference to Realtek Semiconductor Corp. to change “as well as their associated software and drivers” to “as well as their associated drivers and/or software” for wording consistency. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a bullet point to the examples under “Other types of personal information”: “Information about individuals’ dreams (literal and/or figurative), hopes, aspirations, fears, and/or worries (of whatever type(s) and/or nature)”.
- November 3, 2021: In Other Inquiries, Messages, and Support Requests, changed “a third-party website or service such as social media, …” to “a third-party website or service, such as a social media platform, …” In Other Information I Receive from Third-Party Sources, updated the language regarding social media to change various uses of the term “service” and “services” to “platform” and “platforms” respectively. Also revised the paragraph regarding content-related information to add “actors and/or other performers” to the listed examples (after “musicians and/or composers”), change “illustrators” to “illustrators and/or other artists” for completeness, and fix a punctuation error (a missing comma). In Additional Information About Data Retention, changed instances of “social media services” to “social media platforms” for consistency. In Disclosure of Personally Identifying Information, changed “Social media services” to “Social media platforms and/or other social networking services” and updated some wording in that bullet point to better reflect how various platforms and services describe themselves. Also tinkered with the wording of the LiveJournal trademark notice. Amended the reference in a later bullet point in that section to taxi, livery, shuttle, carpool, and/or rideshare services to change the parenthetical explanation from “which I may use if I use and/or arrange …” to just “if I use and/or arrange …” in the interests of less-awkward grammar. In the bullet point on contractual obligations later in that section, changed “such as social media” to “such as social media platforms” for consistency. In the text following the bullet-pointed list, changed “social media services” to “social media platforms.” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point on “Information about cars and/or other vehicles” (under “Commercial information”) to read “Information about cars and/or other vehicles an individual or household has driven or otherwise operated; owns or has owned, rented, leased, purchased, borrowed, otherwise obtained, and/or considered; desires to drive or otherwise operate; wants and/or intends to own, rent, lease, purchase, borrow, and/or otherwise obtain; and/or is considering” for clarity and completeness. Revised the subsequent bullet point (on art, books, etc.) to change “desires/intends …” to “desires and/or intends …” Revised the bullet point on “Publishing histories/bibliographies/ …” (under “Professional or employment-related information”) to add “actors” to the listed examples (mostly for the avoidance of doubt, since “performers” would reasonably encompass actors as well as other types of performers, and in any event, the examples listed aren’t intended to be an exhaustive list of the various types of professionals to which that bullet point refers). In the Collection Sources subsection of the of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Subject matter experts …” to change “illustrators” to “illustrators and/or other artists” and add “actors and/or other performers” for internal consistency. Inevitably tinkered with these revisions after initial publication. Amended the November 2, 2021 entry below to fix an inadvertent use of “we” rather than “I.”
- November 2, 2021: In Notice to Parents Regarding Children Under 18, changed “any personally identifying information …” to “any personal information …” In Definitions, amended the definition of “Other contact information” to read “This is a blanket term intended to encompass any type of contact information other than email addresses, e.g., someone’s telephone number(s) and/or postal mailing address(es).” Also updated the “Images and/or other media” definition to change “broadcasts or streams” to “broadcasts and/or streams” for wording consistency. In Embedded Content, updated the final paragraph to change “including other types of content …” to “possibly including other types of content …” In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point on membership in guilds, trade unions, and/or professional organizations (under “Professional or employment-related information”) to add “labor unions” (mostly for the avoidance of doubt; I would generally regard “labor union” and “trade union” as synonymous). Also updated the bullet point about legal information (under “Other types of personal information”) to change “(or alleged victim)” to “(or an alleged victim)” for grammatical consistency. Inevitably tinkered with these revisions after initial publication.
- November 1, 2021: In Additional California Privacy Rights (CCPA), revised the wording of the list of rights to clarify that they also apply to personal information about your household, as the law and its associated regulations define that term. (I further revised this wording after initial publication.) Updated several earlier items in this Recent Revisions list to remove erroneous reference to the Your California Privacy Rights page (since this website doesn’t currently have a separate page for that).
- October 31, 2021: In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, updated the bullet point about personal property, products, goods, and/or services (under “Commercial information”) to change “owns, rents, leases, has otherwise obtained, and/or uses” to “owns, rents, leases, otherwise obtains, and/or uses” (for greater grammatical consistency). Added a bullet point under “Other types of personal information”: “Information about an individual or household’s permits and/or licenses, other than professional and/or business permits and/or licenses (e.g., parking permits; licenses or permits to own certain animals; hunting and/or fishing permits; amateur radio licenses; permits to use certain public spaces or facilities; and/or licenses or permits to own and/or carry firearms or other weapons)”. Tinkered a bit with these additions after initial publication.
- October 30, 2021: Moved the “Legal Bases for Collecting and Using Information” section to after “Definitions” rather than before it. Updated the Table of Contents accordingly. In Categories of Information and Purposes for Collection, updated the “Fulfilling a contractual obligation” bullet point to change “to meet the requirements of a contract or legal agreement, whether with you or with a third party” to “to honor my obligations under my contractual agreements, whether with you or with a third party.” Updated the “Legal compliance or audit” bullet point to change “I use the information to ensure my compliance with applicable laws and/or regulations, and/or so that I can demonstrate my compliance to an auditor or investigator if needed” to “I use the information to ensure my compliance with applicable laws and/or regulations; so that I can demonstrate my legal and/or regulatory compliance to auditors or investigators if needed; and/or to otherwise fulfill my legal obligations (e.g., to answer subpoenas or other court orders).” In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “I may share …” to “To achieve the purposes listed in “Collection Purposes” above, I may share …” (also adding an internal link to the preceding section). Later in that same paragraph, changed “Also, as noted elsewhere …” to just “As noted elsewhere …” and changed “and/or other creative endeavors …” to “and/or my other creative endeavors …”
- October 29, 2021: Throughout this page and the Cookie Notice, amended various references to Google policy and information pages to make some minor wording changes for clarity, currency, and consistency; adjust capitalization and stylization (to better reflect how Google describes those pages); update some outdated links; and reorder certain links. Also in the Cookie Notice, updated the reference to the Optimizely cookies help page in the Vimeo Videos section to change the phrase “while the …” to “while their …” for wording consistency. In Categories of Information and Purposes for Collection, updated the “Research and publishing” bullet point to change “other writing/editing/writing consulting work” to just “writing/editing/writing consulting work” and change “decide what content and/or other work to create and/or publish” to “decide what content, work, and/or creative endeavors to create and/or publish” (mostly for internal consistency). In Embedded Content, updated the bullet point on Google API services to change “Google Hosted Libraries API(s)” and “Google Hosted Libraries API” to just “Google Hosted Libraries”; changed “content delivery networks” to “a content distribution network” (which is how Google describes it); and changed “asserts that the Google Hosted Libraries servers …” to “asserts that the Google Hosted Libraries system …” (again for consistency with Google usage). In Disclosure of Personally Identifying Information, changed “Google Hosted Libraries API(s)” to “Google Hosted Libraries” and amended the reference to museums, libraries, archives, and/or databases to change “including but not limited to the …” to “including, but not limited to, the …” for consistency. Removed some extraneous whitespace throughout this page.
- October 28, 2021: In Other Information I Receive from Third-Party Sources, revised the paragraph regarding content-related information to add “playwrights, musicians and/or composers” (after “filmmakers”) and “plays and/or theatrical productions” (after “films and/or other videos”) to the listed examples. In Disclosure of Personally Identifying Information, fixed a minor punctuation error in the title attribute of the link to the PDF-XChange Co. Ltd. & Tracker Software Products (Canada) Ltd. Privacy Policy. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised the bullet point beginning “Information about art, books, …” (under “Commercial information”) to add “performances and/or exhibitions” after “films and/or other videos”. Revised the “Publishing histories/bibliographies/discographies/ …” bullet point (under “Professional or employment-related information”) to add “playwrights” to the listed examples. In the subsequent bullet point on “Authorship, other credits, and/or rights holder information …” added “plays and/or theatrical productions” to the listed examples. In the Collection Sources subsection, changed “My automated systems and/or devices (e.g., through certain security features of my smartphone(s), and/or through other autonomous or semi-autonomous security systems)” to “My devices and/or automated systems (e.g., certain security features of my smartphone(s), and/or other autonomous or semi-autonomous sensors and/or security systems)”. Also revised the bullet point on “Published and/or publicly available sources” to add “plays and/or theatrical productions” the listed examples; revised the subsequent “Nonpublic documents, records …” bullet point to change “from film, television, radio, and/or other media projects” to “from film, theatrical, television, radio, music, and/or other media projects”; and revised the subsequent bullet point beginning “Subject matter experts, other writers, …” to add “playwrights, musicians and/or composers,” to the examples (mostly for internal consistency).
- October 27, 2021: In Security Scans, Consents and Agreements, and Disclosure of Personally Identifying Information, changed some stray instances of “we” and “us” to “I” and “me” for wording consistency. In Disclosure of Personally Identifying Information, updated the Google bullet point and the reference to Google advertising services to change “don’t use on this website” to “don’t currently use on this website” and change “but may be used by some websites, apps, and/or services I use in the course of my business, and/or may serve advertising through embedded YouTube videos, …” to “but may be used by some apps, websites, and/or online services I use and/or access, and/or may show advertising through certain embedded content, …” Later in that same bullet point, also changed “various websites and/or online services I access and/or use in the course of my online activity, …” to “various websites and/or online services I use and/or access, …” Later in that section, updated the reference to Cloudflare services to change “may access and/or use” to “use and/or access” and updated the reference to CAPTCHA and human verification services to change “access and/or use” to “use and/or access” for internal consistency.
- October 26, 2021: In Security Scans, revised a parenthetical example about my mobile carrier to read “(For example, but without limitation, my current mobile carrier sometimes warns me that certain incoming voice calls and/or text messages could be associated with a scam of some kind.)” In Disclosure of Personally Identifying Information, changed “Voice over Internet Protocol (VoIP), voice chat, teleconferencing, and/or video chat apps, clients, platforms, and/or services” to “Voice over Internet Protocol (VoIP), voice chat, teleconferencing, video conferencing, and/or video chat apps, clients, platforms, and/or services” and changed “providers of public computers and/or wireless networks I may periodically use” to “providers (public and/or private) of third-party telephones, telephony services, computers and/or mobile devices, other electronic devices, computer networks, wireless networks, and/or other Internet connections I may periodically use” for completeness. Also added “gift registries of whatever type” to the listed examples of other types of vendors and/or service providers.
- October 20, 2021: In the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, revised the first bullet point to read “You, whether through your interactions with me; through your use of this website; through public disclosures you make (e.g., blog and/or social media posts); through your participation in public events and/or activities taking place in public spaces; incidentally by virtue of your physical proximity to me (e.g., where you appear in the background of a photo or video I take); and/or in some other manner” (since these are representative examples, not an exhaustive list of possible scenarios) and split “Your employees, independent contractors, interns, agents or other authorized representatives, business partners, vendors, and/or service providers (as applicable)” into a separate bullet point. Also added an additional bullet point to that list: “My automated systems and/or devices (e.g., through certain security features of my smartphone(s), and/or through other autonomous or semi-autonomous security systems)”.
- October 18, 2021: In Definitions, updated the “Embedded content” definition to change “loaded and run in your browser” to “loaded and run in your browser or other user agent”; change “in your browser” to “on your device”; and change “your browser” to “your browser (or other user agent)”. In Website Server, Error, and Security Logs and Data Related to Administrative Users, changed “two-factor authentication” to “multi-factor authentication”. In the latter section, adjusted the description of such authentication to also mention authenticator apps. In Security Scans, changed “might record that visitor’s IP address, user agent information, and other device/browser details” to “might record that visitor’s IP address; their user agent information; and other details about their device and/or browser or other user agent”. In Embedded Content, changed “when you access their content through another website or online service” to “when you access their content through a website or online service” for greater clarity. Updated the Google Fonts and Google Hosted Libraries bullet point to change “resources from …” to “scripts and/or other content from …”; change “specific resources” to “specific content”; change “loads” to “requests”; change “what resources” to “which content”; and change change “how long stored information may remain in your browser” to “how long stored information may remain on your device”. Updated the BootstrapCDN bullet point to change “Fonts, styles, scripts, and/or icons” to “Fonts, styles, scripts, icons, and/or other content”. Updated the Font Awesome bullet point to change the first instance of “icons” to “icons, fonts, and/or other content” and change “which specific icons your browser requests and/or accesses and the website or URL from which your browser requested and/or accessed them” to “which specific content your browser requests and/or accesses and the website or URL from which your browser requested and/or accessed that content”. Updated the Sucuri Security bullet point to change “and of course the specific content …” to “and of course which specific content …” (mostly for wording consistency). Throughout that section, changed numerous instances of the phrase “device and browser” to “device and browser (or other user agent)” and changed numerous instances of the phrase “your browser” to “your browser (or other user agent)” for internal consistency. In Disclosure of Personally Identifying Information, updated the reference to Roundcube webmail client software to make a wording clarification (changing “associated libraries” to “associated resources” and rearranging the placement of that phrase for greater clarity). Updated the bullet point on Google services to add the Google Authenticator app to the listed examples. Updated the bullet point on landlords to add language about sharing information as part of and/or in connection with the application process to rent, lease, and/or otherwise obtain residence(s), space(s), and/or facilities (e.g., to provide proof of employment and/or income). Updated the reference to Signal services to fix a minor punctuation error. Added “credit bureaus” to and “credit monitoring and/or identity theft protection services” the enumerated examples of other types of vendors and/or service providers later in that section. Inevitably tinkered with these revisions after initial publication.
- October 14, 2021: In Data Related to Administrative Users, changed “our web host” to “my web host”. In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, changed “If your transaction is via a third-party payment processing service, much of this information, including payment details such as bank account or credit card numbers, will be collected and processed by the payment processor …” to “If your transaction is via a third-party payment processing service or other service provider (e.g., a wire transfer or other funds transfer service), much of this information, including payment details such as bank account or credit card numbers, will be collected and processed by the payment processor or service provider …” Also changed “contractual obligations to the applicable payment processor(s), bank(s) and/or other financial institution(s), and/or other relevant third parties …” to “contractual obligations to the applicable payment processor(s), bank(s), other financial institution(s), and/or service provider(s), and/or to other relevant third parties …” In the Information Sharing subsection of the Financial Transactions Policy, updated the bullet point beginning “To the applicable payment processor(s) …” to change “To the applicable payment processor(s), bank(s), and/or other financial institution(s)” to “To the applicable payment processor(s), bank(s), other financial institution(s), and/or wire transfer and/or funds transfer service(s)”; add the word “respective” before “legal counsel …”; and change “such payment processor(s), bank(s), and/or other financial institution(s)” to “such payment processor(s), bank(s), financial institution(s), and/or services”. In Transaction-Related Information I Receive from Third Parties, changed “contractual obligations to the applicable third-party vendor or service and/or any other relevant third parties …” to “contractual obligations to the applicable third-party vendor(s) and/or service provider(s), and/or to other relevant third parties …” for consistency. In Additional Information About Data Retention, changed “Vendor(s), service provider(s), payment processor(s), bank(s), and/or other financial institution(s) involved in a given transaction …” to “Vendors and/or service providers involved in a given transaction (e.g., the applicable payment processor(s), bank(s), and/or other financial institution(s)) …” In Disclosure of Personally Identifying Information, updated the reference to banks, other financial institutions, and/or payment processors to remove the parenthetical statement. Also updated the subsequent reference to funds transfer services to change “other wire transfer and/or other funds transfer services” to “other wire transfer and/or funds transfer services”. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, revised several of the bullet points under “Commercial information”: changed “participation and/or interest in sports, games, …” to “interest, participation, and/or achievements in sports, games, …” and changed “and/or other games of chance or skill” to “and/or games of chance or skill” (mostly for clarification). In the Information Shared for Business or Commercial Purposes subsection, changed “tax preparer(s) and/or other financial and/or legal professionals for administrative and/or compliance purposes …” to “tax preparer(s) and/or other financial and/or legal professionals (e.g., my legal counsel).” Fixed an error with the date of this entry. Inevitably tinkered with these revisions after initial publication.
- October 13, 2021: In Other Inquiries, Messages, and Support Requests, changed “reverse telephone directory” to “reverse telephone lookup service”. In Data in Submitted Images, changed “the recognizable image and/or identifiable likeness of any individual person in images and/or other media (and/or their audible voice in a video or audio recording, broadcast, or other media)” to “the recognizable image and/or identifiable likeness of any individual person (and/or their audible voice, e.g., in a video or audio recording, broadcast, or other media)”. In Disclosure of Personally Identifying Information, updated the Google bullet point to add a hyperlink to the reference to the Google Safe Browsing API; updated the reference to Bitdefender apps to make some minor wording and punctuation adjustments to the references to the Crashlytics crash reporter, Firebase platform, and Google Safe Browsing API; and updated the reference to the Mozilla Firefox browsers to fix a punctuation issue and add a hyperlink to the reference to the Google Safe Browsing API. Also updated the reference to the QuickHash GUI utility to correct the name of the utility and add a link to the privacy policy (although it currently applies only to the QuickHash GUI website). Added telephone directory, business directory, and/or reverse telephone lookup services to the examples of other types of service providers. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “phone’s geolocation services …” to “phone’s location services …” Adjusted this entry in the recent revision list to clarify the date: For reference, this update was technically first posted very late on October 12, 2021, although the effective date is October 13, 2021. Inevitably tinkered with these revisions after initial publication.
- October 9, 2021: In Other Information I Receive from Third-Party Sources, changed the first paragraph to “I may sometimes receive personal information related to this website and/or its visitors from other third-party sources. The following are some representative examples:” In the second paragraph (beginning “As noted in the …” and referring to people who contact me), changed “in addition to whatever information was provided by the person” to “in addition to any information provided by the person” for wording consistency. Later in that section, changed “With some social media platforms, …” to “On some social media platforms, …” In Disclosure of Personally Identifying Information, updated the Microsoft bullet point to reorder the enumerated examples, adjust some trademark information, and make some minor wording adjustments. Also made some minor adjustments to the Microsoft trademark information elsewhere in that section. Updated the reference to the gitg client to remove the developer name (as that was actually only one of the developers) and reorder that reference accordingly. Made a minor correction to the October 8, 2021 entry in this Recent Revisions list (“the phpMyAdmin and gitg projects” should have been “the phpMyAdmin project, the gitg client”). Inevitably tinkered with these revisions after initial publication.
- October 8, 2021: In Disclosure of Personally Identifying Information, made some minor wording adjustments to the references to specific web browsers and their associated browser extensions, themes, and/or other add-ons, mostly for wording consistency. Also updated the references in that section to the phpMyAdmin project, the gitg client, the Librera app, and VLC media player software to make some minor wording and/or punctuation adjustments (mostly for clarification) and update the trademark information.
- October 7, 2021: In the Customer Service Information subsection of the Financial Transactions Policy, made a minor adjustment to the Google trademark notice. In Disclosure of Personally Identifying Information, made a minor wording adjustment to the reference to Flickr Inc. and updated the trademark notices for Oath Inc.
- October 5, 2021: In Information I Receive from Third Parties for Security Purposes, changed “the owner of a particular domain registration and/or the geographic location associated with a particular IP address” to “the registered owner of a particular domain registration; the geographical location of a particular IP address; and/or the Internet service provider or other network operator with which a particular IP address or range of IP addresses is associated.” Also added the phrase “and/or other WHOIS/RDAP lookup services” after “IPinfo API services”. In Additional Information About Data Retention, updated the bullet point on published works to add “newspapers” after “magazines”; change “inventories, catalogs, and/or lists” to “inventories, catalogs, databases, lists, and/or other tools” for completeness; and change “naturally, copies of published works …” to “naturally, copies …” In Disclosure of Personally Identifying Information, updated the reference to the NetGuard firewall app to add the phrase “and/or other WHOIS/RDAP lookup services” after “IPinfo API services” for internal consistency and add the word “my” before the phrase “mobile apps connect …” for clarity. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “useful article(s), and/or other object(s)” to “useful articles, and/or other objects” (which is more grammatically correct in that instance). In Other Information I Receive from Third-Party Sources; the bullet point on publicly available information in Disclosure of Personally Identifying Information; and the Collection Sources subsection of the CCPA Information Collection and Sharing Notice, added “press releases and/or promotional materials” to the enumerated examples of publicly available sources. In the bullet point in Disclosure of Personally Identifying Information, also changed “about the person(s) to whom the information pertains” to “about the person(s) to whom the information pertains and/or their work”. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “copies of books, magazines, and/or other published works” to “copies of books, magazines, newspapers, CDs, DVDs, and/or other published works” for wording consistency. Tinkered with these revisions after initial publication.
- October 4, 2021: In Website Server, Error, and Security Logs, changed “logs into or otherwise accesses the administrative dashboard …” to “logs into, otherwise accesses, or attempts to log into or otherwise access the administrative dashboard …” Updated the Customer Service Information subsection of the Financial Transactions Policy to add a California Civil Code § 1789.3 notice. Also changed the phrase “or need help with a purchase or other transaction involving 6200 Productions” to “need help with a purchase or other transaction involving 6200 Productions, or have a complaint” (set off with a comma) and changed “You can also contact …” to “Alternatively, you can contact …”
- October 3, 2021: In Comments, changed “please contact me via email (to admin (at) aaronseverson (dot) com) or by leaving a comment elsewhere …” to “please contact me via email at admin (at) aaronseverson (dot) com or leave a comment elsewhere …” In the Customer Service Information subsection of the Financial Transactions Policy, changed “via postal mail:” to “via postal mail at:” In Reports and Aggregated Statistics, changed “to the extent required and/or otherwise permitted by applicable law …” to “to the extent permitted — and/or required — by applicable law …” (The main reason that paragraph is included at all is that certain businesses may actually be required to periodically disclose statistics about the privacy requests they receive.) In Disclosure of Personally Identifying Information, updated the reference to BlackBerry Limited to change “many of its associated accessories” to “many of their associated accessories” and change “of both smartphones” to “of those smartphones” (since I do technically still have a third, much older BlackBerry smartphone, although it’s basically a museum piece at this point and is gathering dust in a drawer). In Nevada Consumer Opt-Out Rights and Information-Sharing Disclosures (Shine the Light Law), updated the paragraph on how to submit a request to include an administrative email address as well as the existing references to the Controller/Responsible Party, Questions, and How to Reach Me section, also making some minor wording adjustments to accommodate this addition. In the latter section, also added a link to the Do Not Sell My Personal Information page and noted that you can now use the California Privacy Request Form to request a disclosure. (I tinkered with the wording after initial publication.) At the end of that section, changed “to learn more about other types of information I collect and how I use it” to “to learn more about the types of information I collect through and/or in connection with this website and how I may use, share, release, and/or otherwise disclose that information” for internal consistency. In Additional California Privacy Rights (CCPA), changed “provided that you have a current California residence” to “provided that you are a current California resident” and changed “The CCPA regulations issued …” to “The current CCPA regulations issued …” Renamed the CCPA Request Metrics (Record-Keeping Disclosures) subsection “California Privacy Request Metrics (Record-Keeping Disclosures)”; renamed the CCPA Request Metrics for the 2020 Calendar Year subsection “California Privacy Request Metrics for the 2020 Calendar Year”; renamed the Record-Keeping Disclosure Methodology subsection “California Privacy Request Metrics Methodology”; and updated other internal references accordingly (except in this Recent Revisions list, for the sake of posterity). In California Privacy Request Metrics (Record-Keeping Disclosures), changed “Under Section 999.317(g) of the CCPA regulations, …” to “Under Section 999.317(g) of the implementing regulations for the California Consumer Privacy Act of 2018 (CCPA), …” In Controller/Responsible Party, Questions, and How to Reach Me, changed “by sending an email to …” to “via email at …” for wording consistency. Did the inevitable tinkering with these revisions after initial publication.
- October 2, 2021: In the preamble, changed “use and/or share that information” to “use, share, release, and/or otherwise disclose that information” (mostly for the sake of wording consistency). In Contact Forms, changed “If you use the California Privacy Request Form on the Do Not Sell My Personal Information page to submit a request to exercise your privacy rights under the California Consumer Privacy Act of 2018 (CCPA) (see “Additional California Privacy Rights (CCPA)” below for more information about this law)” to “If you use the California Privacy Request Form on the Do Not Sell My Personal Information page to submit a request to exercise your privacy rights under California law (see “Your California Privacy Rights” below for more information about these rights)” and updated the internal link; changed “may share information related to CCPA requests …” to “may share or otherwise disclose information related to California privacy requests …”; and changed “to respond to subpoenas or other court orders” to “to fulfill a legal obligation (e.g., to respond to a subpoena or other court order)”. In Disclosure of Personally Identifying Information, updated the reference to other Cloudflare services to include a link to the Cloudflare Cookie Policy as well as their Privacy Policy and DPA, making some minor wording and punctuation changes to accommodate the addition. Also updated the reference to Epic Browser to also reference its “associated encrypted file vault and/or other browser features” and updated the reference to the DOI system to make a number of minor corrections and clarifications. In Additional California Privacy Rights (CCPA), amended the paragraph beginning “Please note that in addition to any exemptions …” to delete the phrase “to the rights provided by the CCPA” and changed “with regard to the deletion of your personal information” to “with respect to the deletion of personal information” (mainly for wording consistency). In Opting-Out or Submitting Other California Privacy Requests (Do Not Sell My Personal Information Page), changed “your other rights under the California Consumer Privacy Act of 2018 (CCPA) …” to “your other rights under the California Consumer Privacy Act of 2018 (CCPA) or other California privacy laws …” and set off the subsequent clause with em dashes rather than commas. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, changed “can also submit CCPA requests on behalf of …” to “can also submit privacy requests on behalf of …” In the Information Shared for Business or Commercial Purposes subsection, changed “your rights under the California Consumer Privacy Act of 2018 (CCPA) …” to “your privacy rights under the California Consumer Privacy Act of 2018 (CCPA) or other California privacy laws …” and set off the subsequent clause with em dashes rather than commas. In Controller/Responsible Party, Questions, and How to Reach Me, changed “your rights under the California Consumer Privacy Act of 2018 (CCPA) …” to “your privacy rights under the California Consumer Privacy Act of 2018 (CCPA) or other California privacy laws …” and set off the subsequent clause with em dashes rather than commas. Did the inevitable tinkering with these revisions after initial publication.
- October 1, 2021: In Comments, revised the paragraph regarding notifications to clarify that comment notification emails are sent both to the site administrator and the author of the post or page on which the comment was submitted (if the author is an administrative user other than the site administrator or has an email address different from the primary site administration email address). Also removed the parentheses around the note about spam and/or malware scans. Later in that section, changed “retain the email address along with the comment” to “retain the email address originally submitted with each comment (which is stored in the website database as part of that comment)” for clarity. In Data Related to Administrative Users, added an additional paragraph about contact information and automated email notifications. In Information I Receive from Third Parties for Security Purposes, updated the reference to IPinfo to change “retrieves such info via IPinfo” to “can look up such information via IPinfo API services” for clarity. Updated the reference in Disclosure of Personally Identifying Information to change “may also connect to IPinfo to obtain information about IP addressed and/or domains to which mobile apps attempt to connect” to “may also connect to IPinfo API services to look up information about IP addresses and/or domains to which mobile apps connect and/or attempt to connect” (mostly for internal consistency). Tinkered with these revisions after initial publication.
- September 30, 2021: In Disclosure of Personally Identify Information, made some minor clarifications to the references to Avast Software and Piriform Software Ltd., including adding a link to the Avast Product Policy, which describes what types of data Avast products may gather; made a couple of minor clarifications to the descriptions of TinyWall firewall software and the NetGuard mobile firewall app; made a minor adjustment to the reference in that section to Disconnect, Inc.; and updated the trademark information for the DuckDuckGo search engine(s). Also revised references to Yahoo! services to update the policy links and trademark information, remove references to Verizon Media, and clarify that I may also use other Yahoo! and/or AOL services besides search services. (I no longer have any Yahoo accounts and are unlikely to create new ones, but I have in the past.)
- September 28, 2021: In Disclosure of Personally Identifying Information, updated the Google bullet point to change “which provides various …” to “which provides (directly and/or through its various subsidiaries and/or affiliates) some of the …” and fix an editorial error in the trademark notice. Updated the reference to the CompanionLink Data Processing Agreement to change “European Union data protection laws” to just “European data protection laws.” Added the ProtonMail email service and related ProtonMail Bridge app to the examples of “Other types of vendors and/or service providers” later in that section.
- September 27, 2021: In Security Scans, updated the parenthetical reference to the list of Sucuri Security plugin features to also refer to the Sucuri documentation (which provides more detailed information about how each feature works). Updated references to GoDaddy throughout this page to correct the stylization of “Go Daddy Operating Company, LLC” (since the formal legal name of the company appears to include a space I had previously assumed was a typo). In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, made some minor clarifications to the bullet point beginning “If in the course of my business I access any website or online resource …” and removed some duplicative text in that bullet point.
- September 26, 2021: Updated references to the DreamHost Customer EU Data Processing Addendum in Who I Am; Website Server, Error, and Security Logs; and Disclosure of Personally Identifying Information to change “and, where applicable, the …” to “and/or, where applicable, the …” In Security Scans, changed “any data processed and/or stored by Sucuri …” to “data processed and/or stored by Sucuri …”; changed “and the Data Processing Addendum …” to “and/or the Data Processing Addendum …”; and added the phrase “as applicable” to the end of that sentence, set off with a comma. Updated the reference to Cloudflare policies to change “and” to “and/or” and add the phrase “as applicable” to the end of that sentence, set off with a comma. Made similar changes throughout the Embedded Content section for consistency. Also in Embedded Content, updated the bullet point on Google API services to change “Google API services are also subject to the …” to “Google API services are also subject, where applicable, to the …” and changed “apply to personal data the API services process on customers’ behalf that may be subject to …” to “apply to the processing of personal data that may be subject to …” Also updated the Yoast bullet point to add a reference and link to the Algolia Data Processing Addendum; add the word “their” before “‘Cookies’ policy”; and add a reference and link to the Semrush Data Processing Addendum. In Other Inquiries, Messages, and Support Requests, revised the paragraph regarding third-party sites or services to change “(and, where applicable, any other terms and policies that apply to the use of the Google Voice service, …” to “other service-specific additional terms and policies (e.g., the Gmail Program Policies and/or the various terms and policies that apply to the use of the Google Voice service, …” set off with a semicolon, also adding links to a list of service-specific terms and the aforementioned Gmail Program Policies. In Disclosure of Personally Identifying Information, updated the reference to Sucuri Security for consistency with the changed made in Security Scans and Embedded Content and to fix a punctuation error with the trademark notice. Updated the Google bullet point to add links to the Data Processing Addendum for Products where Google is a Data Processor and its region-specific addenda. Also updated the recently added references to the Microsoft Products and Services Data Protection Addendum to change “and, where applicable, the …” to “and/or, where applicable, the …” Inevitably tinkered with these revisions after initial publication.
- September 25, 2021: In Website Server, Error, and Security Logs; Security Scans; and Embedded Content, changed “(e.g., the advertising identifier and/or other universally unique identifiers of a smartphone or tablet computer)” to “(e.g., advertising identifiers and/or other universally unique identifiers of a smartphone, tablet computer, desktop computer, or other device)” (since device identifiers are not exclusive to mobile devices). In Disclosure of Personally Identifying Information, updated the Microsoft bullet point to change “gathers certain information about and/or related to …” to “may gather and use certain information through, about, and/or related to …”; add a link to the Microsoft Products and Services Data Protection Addendum; and change “many other Microsoft products and/or services” to “many other Microsoft products and services.” Also updated the reference to Adobe Inc. to change “may collect information about and/or related to …” to “may gather and use certain information through, about, and/or related to …”
- September 22, 2021: In Data Related to Administrative Users, added a link to the Cookie Notice as well as a textual reference. Also added the word “above” after the reference to the Embedded Content and Advertising sections. In Disclosure of Personally Identifying Information, made a clarification to the reference to the StevenBlack/hosts file, fixed a typo in the trademark notice for The Spamhaus Project, and reordered those and several adjacent items.
- September 21, 2021: In Browser Tests, updated the Data retention bullet point to change “Your current visit” to “Your current visit or current browser session.” In Website Server, Error, and Security Logs, added “generates or attempts to generate authentication codes for two-factor authentication (which may be used for administrative logins and/or certain other site functions)” to the examples of logged events. In Security Scans, changed “no online website, …” to “no website, online service, …” Added a new section: Data Related to Administrative Users. Updated the Cookie Notice to further adjust the wording of the Administrative and Login Cookies section and add an additional cookie (related to two-factor authentication) to the ones already described in that section. Also added language to the Browser Tests section clarifying how long stored information normally remains on your device. Tinkered with these updates after initial publication.
- September 20, 2021: In Additional California Privacy Rights (CCPA), changed “The right to make a complaint to a state government supervisory authority” to “The right to make a complaint to the applicable state government authority” for clarity.
- September 19, 2021: In Who I Am, updated the reference to my web host to make some minor wording adjustments and add a link to their Customer EU Data Processing Addendum. Also added that link to the references to their privacy policy in Website Server, Error, and Security Logs and Disclosure of Personally Identifying Information. Also made some minor wording adjustments to the main reference to my web host in the latter section to present the privacy policy link more clearly. In Advertising, changed “plugins, themes, and/or other components” to “plugins, themes, and/or other add-ons” for internal consistency. In Disclosure of Personally Identifying Information, changed several instances of the phrases “plugins, themes, and add-ons” and “plugins, themes, and/or add-ons” to “plugins, themes, and/or other add-ons” for consistency. In the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, changed “Therefore, DreamHost has full administrative access to most files, messages, and data processed by or stored on those servers” to “Therefore, DreamHost has full administrative access to most files, data, and/or messages processed by and/or stored on those servers” and changed “deliberately share with DreamHost for purposes such as troubleshooting or security” to “share with DreamHost for purposes such as troubleshooting and/or security” for wording consistency. Removed some extra spaces throughout this page.
- September 18, 2021: In Security Scans, updated the reference to the Sucuri Security plugin to change “and the Data Processing Addendum to their Terms of Service” to “and the Data Processing Addendum to their Terms of Service (which applies to personal data Sucuri services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws)” and change “(which applies to personal data Cloudflare services process on behalf of their customers)” to “(which applies to personal data Cloudflare services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws)”. Made the same changes in Embedded Content for internal consistency. Also in Embedded Content, updated the Google API services bullet point to change “and apply to the API services’ processing of personal data from areas subject to certain region-specific privacy and/or data protection laws” to “and apply to personal data the API services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws” and updated the references to the StackPath Data Processing Addendum to change “(which applies to personal data StackPath processes on behalf of its customers)” to “(which applies to personal data StackPath services process on customers’ behalf that may be subject to certain regional privacy and/or data protection laws)” for the same reason. In Disclosure of Personally Identifying Information, made the same change to the reference to Sucuri Security, added a reference to the Cloudflare Data Processing Addendum in the references to Cloudflare services, made some minor wording and punctuation adjusts to those references for clarity and made a minor wording change to the reference to the CompanionLink Data Processing Agreement for internal consistency. Also updated the trademark notices for GNU throughout that section and updated the reference to dnscrypt-proxy to fix the capitalization and add the words “DNS proxy” after the name. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a bullet point under “Professional or employment-related information”: “Fictitious business name(s) and/or trade name(s)”. Revised the existing bullet point beginning “Information about professional clients …” to read “Information about professional clients, clientele, customers, users, advertisers and/or sponsors, vendors, service providers, and/or subcontractors”. In the existing bullet point on “Information about other professional relationships …” changed the parenthetical examples to read “(such as, without limitation, publishing and/or licensing deals; management and/or representation; endorsement, sponsorship, and/or affiliate relationships; contractor and/or subcontractor relationships; professional relationships with colleagues and/or coworkers; mentor/mentee relationships; and/or professional collaborations, partnerships, and/or joint ventures)”. Also changed the bullet point on “Membership in and/or affiliation with other organizations and/or groups” to read “Membership in and/or affiliation with guilds, trade unions, and/or other professional organizations and/or groups”. Updated the Cookie Notice: In the Categories of Cookies Used section, changed “certain portions of the website’s administrative dashboard (which is not normally accessible except …” to “certain portions of the website’s administrative dashboard and/or login page (which are not normally accessible except …” Updated the Vimeo Videos section to make a minor wording change to the reference to the Optimizely Data Processing Agreement for wording consistency. Also amended the Administrative and Login Cookies section to make a number of minor clarifications and updates, including updating the trademark information and fixing an inadvertent use of “we” rather than “I.”
- September 16, 2021: In Disclosure of Personally Identifying Information, updated the reference to The Khronos Group to clarify that their software, software development kits, and/or software components may be installed in conjunction with and/or incorporated into various software and/or devices (not just display drivers, although that appears to be the most common application). Also made some minor adjustments to the stylization of the name and adjusted the anchor text for the privacy link accordingly.
- September 14, 2021: In Definitions, updated the definition of “Embedded content” for greater clarity and internal consistency (e.g., changing “resides on” to “is hosted on”). In Embedded Content, updated the first paragraph to change “web host” to “web host and/or its subprocessors” [this was initially “its affiliates,” but “its subprocessors” better expresses the intent] and change “If you access a portion of this website that contains embedded content, the embedded content provider can collect information about you” to “If you access a portion of this website that contains embedded content, your browser requests that content from the respective content provider(s), which enables those embedded content provider(s) to collect information about you.” Updated the second paragraph (about information embedded content providers typically gather) to emphasize that embedded content providers can almost always determine which specific embedded content you requested and/or accessed. Made various clarifications and corrections throughout the listed bullet points. Added a bullet point regarding Creative Commons images and/or other content (e.g., the logos, buttons, and/or icons associated with Creative Commons licenses and/or public domain dedications). Tinkered further with these changes after initial publication. In Disclosure of Personally Identifying Information, updated the reference to The Document Foundation to adjust the trademark information. Made a minor correction to the September 13, 2021 entry in this Recent Revisions list.
- September 13, 2021: In Other Information I Receive from Third-Party Sources, updated the Creative Commons trademark notice. In Disclosure of Personally Identifying Information, added a trademark notice for WebAIM. Updated the trademark information for the GNU mark and for the Wikimedia Foundation projects mentioned in that section. (I tinkered further with these changes after initial publication.)
- September 12, 2021: In Disclosure of Personally Identifying Information, further adjusted the trademark information for Avast, Piriform (CCleaner), Spybot, and The Spamhaus Project. Also adjusted the attributes of the Avast privacy policy link. Added trademark notices for Crashlytics and GNU. Added “video stores and/or video rental services” to the examples under “Providers of other search engines and/or other research and/or reference tools, services, facilities, and/or resources”.
- September 11, 2021: Adjusted the anchor text for certain privacy policy links throughout this page, for greater clarity and in an attempt to instill some stylistic consistency. In Security Scans, changed “A representative sampling of the providers of these tools and security measures is included among the examples of third-party service providers listed under “Disclosure of Personally Identifying Information” below” to “A representative sampling of providers of such tools and security measures is included among the examples of third-party vendors and/or service providers that appear in the “Disclosure of Personally Identifying Information” section below” and changed “this is not an exhaustive list” to “those examples should not be regarded as an exhaustive list.” In Embedded Content, changed “such as ad blockers” to “(e.g., ad blocker extensions)” for clarity. In Information I Receive from Third Parties for Security Purposes, removed the list of specific examples of information sources (in the interests of space and limiting repetition), replacing it with a reference to the examples of third-party vendors and/or service providers in Disclosure of Personally Identifying Information. In Disclosure of Personally Identifying Information, added a trademark notice for phpMyAdmin. Updated the Google bullet point to add Widevine technology to the listed examples of Google products and/or services. Updated the Akamai Technologies trademark notice. Revised the reference to Spybot software to update the trademark information (since the entity that owns the trademarks is different in the U.S. than in the EU). Removed the privacy policy link for Toshiba Corporation (each of their corporate affiliates has its own and there doesn’t seem to be a central hub to find which one applies in a given situation), instead adding a link to their central corporate site. Updated the references to my Internet service provider and mobile carrier(s) to add the parenthetical phrase “(in addition to any information I may share with them for security, support, and/or troubleshooting purposes)” to the end of each. Also updated the T-Mobile disclaimer language. Revised the reference to The Spamhaus Group to note that the Spamhaus trademark is registered in the EU (it doesn’t currently appear to be in the U.S.). Amended the reference to Simple DNSCrypt to fix the stylization of DNSCrypt-Proxy and add a trademark notice. Revised the reference to Epic Privacy Browser to update the trademark notice. Added Cisco Systems (whose OpenH264 Video Codec many web browsers use for encoding and decoding certain types of audiovisual content) to the listed examples. Updated the reference to Opena11y Toolkit and tota11y to add information about the “A11Y” trademark (which is owned by the Bureau of Internet Accessibility, Inc.). Amended the reference to the Adblock Plus extension to update the trademark information and make a minor wording clarification. Added a trademark notice for Mp3tag. Added “online publishing services and/or platforms” to the examples under “Providers of other search engines and/or other research and/or reference tools, services, facilities, and/or resources” and changed “other services or platforms for sharing images and/or other media” to “other services and/or platforms for sharing images and/or other media”. Also fixed a technical error (misspelled link attribute) in an external link in that section. Tinkered with some of these changes after initial publication. Updated the Cookie Notice to change “same Definitions” to “same definitions” and adjust the anchor text for certain external links for clarity and stylistic consistency.
- September 10, 2021: Further adjusted various Google trademark notices to fix some inconsistencies and editorial errors. In Security Scans, Information I Receive from Third Parties for Security Purposes, and Disclosure of Personally Identifying Information, amended the references to iThemes Security, mostly to update the trademark notices, add a privacy policy link to the reference in Information I Receive from Third Parties for Security Purposes, and adjust the privacy policy link anchor text in the other two sections. In Disclosure of Personally Identifying Information, updated the Facebook trademark notice and the trademark notice for Lulu.com. Made some minor amendments to the September 9, 2021 entry on this Recent Revisions list to clarify the changes made on that date.
- September 9, 2021: As a global change, updated all of the various Google trademark notices throughout this page and the Cookie Notice. In Certificate Authority Checks, moved the certificate authority trademark notices to after the second paragraph rather than after the first paragraph. In Embedded Content, further updated the bullet point on the FeedBurner services to note that the feeds record your activity (e.g., what feeds you’ve viewed) and may contain targeted advertising, the presence of which is controlled by the respective publishers of the blogs accessed through such feeds; added a link to the Google “Advertising” page; and made some minor wording adjustments for clarity and consistency. Also updated certain other trademark notices. In Contact Forms, revised the first paragraph to read “This section applies to messages you send me through any contact or feedback forms I may offer on the aaronseverson.com website, including, but not limited to, California Privacy Request Forms submitted through the Do Not Sell My Personal Information page.” Also adjusted the anchor text for the link to the Do Not Sell My Personal Information page for internal consistency. In Information I Receive from Third Parties for Security Purposes, changed “the Google Play Protect feature of …” to “the Google Play Protect security services of the Google Play Store and the Android platform …” and added a link to an information page about those services. In Disclosure of Personally Identifying Information, updated the references to Cloudflare services to make some adjustments to the trademark information. Removed some extra spaces on this page and throughout the Cookie Notice.
- September 8, 2021: In Website Server, Error, and Security Logs and Security Scans, added language indicating that logs and/or security scans may sometimes collect device identifiers. Also in Website Server, Error, and Security Logs, changed “the login credentials for certain …” to “the login credentials for …” Also in Security Scans, removed the examples of device security providers and replaced them with a reference to the examples of third-party vendors and/or service providers in Disclosure of Personally Identifying Information. In Embedded Content, made many clarifications and wording adjustments throughout (most of them relatively minor), with some further tinkering after initial publication. In Other Inquiries, Messages, and Support Requests, updated the paragraph about third-party services to make some wording clarifications and add references to the Google Terms of Service as well as their privacy policy. In the Customer Service Information subsection of the Financial Transactions Policy, added additional links to Google policies pertaining to the Google Voice service. In Information I Receive from Third Parties for Security Purposes, added “various public officials and/or public agencies” just before “and/or other sources not specified above.” In Additional Information About Data Retention, added a bullet point about other activity history on third-party sites and/or services. In Disclosure of Personally Identifying Information, clarified that Flickr is now owned and operated by Flickr, Inc., which is in turn owned by SmugMug, Inc., and adjusted the trademark notice.
- September 7, 2021: In Definitions, updated the “User agent information” definition to remove the reference to a third-party organization. In Website Server, Error, and Security Logs; Security Scans; Disclosure of Personally Identifying Information; and the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice, adjusted the anchor text for the links to the homepage of the Sucuri website. In Security Scans, Information I Receive from Third Parties for Security Purposes, and Disclosure of Personally Identifying Information, simplified most of the various trademark notices for BlackBerry Limited to limit the disclaimer of affiliation to the primary reference to that company that appears in the examples of third-party vendors and/or service providers in the latter section. (It seemed excessive to repeat the disclaimer over and over.) In Security Scans; Other Inquiries, Messages, and Support Requests; and Information I Receive from Third Parties for Security Purposes, condensed the references to the Google Voice service in the interests of space and linked the name to the Google “How Google Voice works” page. In Other Inquiries, Messages, and Support Requests, also added the phrase “in addition to this Privacy Policy” after the Google policy links. Also added the “How Google Voice works” link to the reference in Disclosure of Personally Identifying Information. In Embedded Content, updated the Cloudflare bullet point to make some minor editorial adjustments. Updated the Font Awesome bullet point to change “the service” to “this service”; change “accesses or downloads” to “accesses and/or downloads”; and add information about the Cloudflare CDN, which Font Awesome may use to provide its CDN service. In Comments and Contact Forms, changed “such as the trade names of …” to “such as the names of …” In Financial Transactions Policy, renamed the “Checks and Money Orders” subsection to “Acceptable Payment Types” and added language about types of transactions for which I do and do not accept payment via PayPal services. Moved that section so that it precedes rather than follows the “Currency” subsection. In the Customer Service subsection of the Financial Transactions Policy, made some wording and punctuation adjustments to the language about Google Voice, condensing some of it (in part by linking the first instance of the name to the “How Google Voice works” page), and adding a disclaimer of affiliation to the trademark notice. In Information I Receive from Third Parties for Security Purposes, updated the EFF trademark notice to reorder the listed marks so that the full name of the organization comes first. In Disclosure of Personally Identifying Information, updated the Google and Microsoft bullet points and the reference to Adobe to add disclaimers of affiliation after the respective trademark notices. (Since those references mention “software, apps, tools, and services I may use and/or offer,” additional disclaimers seemed appropriate.) Adjusted the anchor text for the links to the respective downloads pages of The GIMP Website and the FileZilla Project for stylistic consistency. Updated the references to the DuckDuckGo and Startpage.com search engines to also mention their associated browser extensions. Much tinkering with all of the above after initial publication.
- September 6, 2021: In Embedded Content, updated the Yoast SEO bullet point to add links to the Algolia and Semrush cookie policies, adjust the anchor text for some of the links, and update certain trademark notices. Also changed “To learn more about what user information such third-party websites or services collect …” to “To learn more about what personal information such third-party websites or services may collect …” In Data Related to Recruitment/Hiring/Employment or Business Partnerships, changed “may come directly from the applicable individual(s) or entity and/or from third-party sources …” to “may come directly from the applicable individual(s) or entity — with whom I may of course communicate via email, phone, and/or various other means as I deem appropriate in the particular circumstances — and/or from third-party sources …” In the Information Sharing subsection of the Financial Transactions Policy, updated the paragraph beginning “By making a payment, you also grant …” to change “to contact you via email and/or postal mail to acknowledge, complete, and/or address questions or issues related to your transaction(s) with me, and, if you call or text me regarding your transaction, to respond to your calls and/or texts via the same means …” to “to communicate with you regarding your transaction via email and/or postal mail (e.g., to acknowledge, complete, and/or address questions and/or issues related to your transaction), and/or, if you call or text me regarding your transaction and/or ask me to call or text you, to communicate with you regarding your transaction by phone and/or via text message …” Also cleaned up some redundant formatting in that paragraph. In Additional Information About Data Retention, changed “but some of my current devices and apps no longer provide that functionality, at least not in the same global manner” to “but not all the devices and apps I currently use provide that functionality, at least not in the same global manner”. In Disclosure of Personally Identifying Information, updated some attribution and trademark notices in the examples of third-party vendors and/or service providers; updated the Microsoft bullet point to make some minor wording adjustments and add a reference to BitLocker encryption and data protection features; updated the reference to Gpg4win to make some minor clarifications and rearrange the trademark notices in a more logical order; updated the reference to Tracker Software Products to adjust the privacy policy link and add references to the ABBYY FineReader Engine that powers the PDF software’s optical character recognition plugin; added “press and/or public relations representatives” to the examples of third-party vendors and/or service providers under the “Providers of other search engines and/or other research and/or reference tools, services, facilities, and/or resources” bullet point; and changed “photo-sharing services, other services or platforms for sharing images and/or other media …” to “photo-sharing services, stock photo services, other services or platforms for sharing images and/or other media …” for completeness. Updated the bullet point beginning “If the person(s) to whom the information pertains …” to change “respective assigns, heirs, and/or successors” to “respective heirs, successors, and/or assigns” for wording consistency. Made the same change in the equivalent bullet point in the Information Shared for Business or Commercial Purposes subsection of the CCPA Information Collection and Sharing Notice. In the Categories of Personal Information Collected subsection of the CCPA Information Collection and Sharing Notice, added a bullet point to the examples of “Professional or employment-related information”: “Work schedule(s), location(s), and/or assignment(s)”. Tinkered a bit with these additions after initial publication.
- September 4, 2021: Updated the September 3, 2021 entry in this Recent Revisions list to make a number of clarifications and corrections about the changes made on that date. Also made some minor changes to this page’s metadata. In Definitions, updated the “Administrative dashboard/backend” definition to change “authorized administrators” to “authorized administrative users” for internal consistency. In Disclosure of Personally Identifying Information, changed “other informational and/or instructional resources related to web development and/or web security, including (without limitation) tutorials, guides, recommendations, warnings, suggestions, examples, and/or discussion …” to “other sources of informational and/or instructional resources related to web development, online security, and/or the various aspects of operating and/or maintaining online systems, including (without limitation) providers of tutorials, guides, wikis, help files, online documentation, knowledge bases, technical consulting services, articles, and/or white papers offering recommendations, warnings, suggestions, examples, and/or discussion …” for completeness and change “and/or related software …” to “and/or other software …” Changed “online forums, message boards, discussion groups, chat rooms, mailing lists, wikis, and/or similar venues for investigating, troubleshooting, resolving, and/or preventing technical problems and/or suspicious and/or malicious activity, and/or otherwise discussing and/or researching …” to “online forums, message boards, discussion groups, chat rooms, mailing lists, technical consulting services, wikis, help files, online documentation, knowledge bases, and/or other online venues and/or resources for investigating, troubleshooting, resolving, and/or preventing technical problems and/or suspicious and/or malicious activity, and/or otherwise discussing and/or researching …” Changed “websites, wikis, blogs, …” to “websites, wikis, help files, online documentation, knowledge bases, blogs, …”
- September 3, 2021: As a global change throughout this page, updated the links to the DreamHost Privacy Policy to remove the “title” attribute. Also adjusted the anchor text for certain of those links. In Cookies and Similar Technologies, changed “The use of cookies and/or similar technologies by third-party sites and/or services is subject to the applicable site or service’s privacy policy and/or cookie policy …” to “The use of cookies and/or similar technologies by third-party sites and/or services is subject to those sites and/or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use …” Made the same change to the similar sentence that appears in the second paragraph of the Cookie Notice. In Certificate Authority Checks, updated the link to the Let’s Encrypt “How It Works” page to adjust the anchor text and put the title in quotation marks. In Security Scans, updated the paragraph on the Sucuri Security plugin to add links to the Sucuri Cookie Policy, the Cloudflare Data Processing Addendum, the Cloudflare Cookie Policy, and the WordPress.org Cookie Policy. Also added the latter link to the subsequent paragraph on the iThemes Security plugin. Updated the paragraph about other device security measures to change “whose products and services” to “whose products and/or services”; add a link to the Google “Technologies” pages, which provide additional information about how Google uses cookies and/or other technologies that may collect and/or process personal information; and change “similar features” to “comparable security measures”. In Embedded Content, updated the bullet points pertaining to Google services to change the phrase “processing of data” to “processing of personal data” and add a link to the Google “Technologies” pages, which provide additional information about how Google uses cookies and/or other technologies that may collect and/or process personal information. Updated the bullet point about BootstrapCDN to note that the jsDelivr service currently says it does not use cookies, but does use various third-party service providers, who may have access to data the service collects and/or processes. Updated the bullet point about the jQuery CDN and jQuery API services to note that those services’ cookie policy links appear to point to the cookie policy of a different organization and it’s not clear whether or not this is intentional. Also added a link to the StackPath Data Processing Amendment; fixed the links to the StackPath GDPR page and California Privacy Rights page, which were incorrectly configured; and adjusted the anchor text for those links. Updated the bullet point about the Cloudflare CDN to revise the anchor text for the link to the Cloudflare GDPR page and add links to the Cloudflare Data Processing Addendum and the Cloudflare Cookie Policy. Updated the bullet point about the Font Awesome CDNs to note that they don’t appear to have a cookie policy. Updated the bullet point about PayPal buttons to clarify that the Statement on Cookies and Tracking Technologies is linked from within the applicable PayPal Privacy Statement (it doesn’t appear to be listed in the main legal hub) and put “Legal Agreements for PayPal Services” in quotation marks. Made the same changes to the applicable section of the Cookie Notice. Also updated that section to add a link to the Akamai “Privacy and Policies” page in addition to the existing Privacy Trust Center link, also changing “processes personal data” to “may collect, process, and/or use personal data”. Updated the bullet point on embedded YouTube video players to note that embedded video players may collect device identifiers, clarify some wording, replace the link to the Google cookies page with a link to their “Technologies” pages (which include the cookie page as well as other potentially relevant information), and add links to the Google “Advertising” pages. Also updated the trademark notice. Made most of the same changes to the “YouTube Videos” section of the Cookie Notice and made a number of other minor clarifications to that section. Updated the bullet point about Vimeo videos to change the word “Visit …” to “See …”; add information about the Vimeo Cookie Policy; and note that the “Vimeo Videos” section of the Cookie Notice includes additional information about certain Vimeo analytics and/or advertising providers (although that shouldn’t be regarded as an exhaustive list). Also revised the “Vimeo Videos” section of the Cookie Notice to add some additional privacy links pertaining to Vimeo service providers, mention that the Vimeo Cookie Policy provides information on how people with Vimeo accounts can control the use of third-party advertising and/or analytics services in connection with embedded video players, and make some wording adjustments. Updated the bullet point about the Gravatar API to add a link to the Automattic Cookie Policy. Updated the bullet point about the Sucuri Security plugin to add links to the Sucuri Cookie Policy, the Cloudflare Data Processing Addendum, and the Cloudflare Cookie Policy. Updated the bullet point about the WordPress.org websites to change “for more information on …” to “for more information about …” change “please review …” to “see …”; and add a link to their Cookie Policy. Removed some extra spaces throughout that section. In Other Inquiries, Messages, and Support Requests and the Customer Service Information subsection of the Financial Transactions Policy, added a link to the “How Google Voice Works” page. In the Transaction-Related Information Gathering subsection of the Financial Transactions Policy, updated the paragraph beginning “Transactions made via PayPal® services …” to change the word “made” to “conducted”; change “policies and/or requirements” to “policies, terms, and/or conditions”; and replace the existing policy links to the PayPal legal agreements hub (as there may be different agreements and policies depending on the parties’ respective locations), again noting that the Statement on Cookies and Tracking Technologies is linked from within the applicable PayPal Privacy Statement. In Information I Receive from Third Parties for Security Purposes and Disclosure of Personally Identifying Information, updated the references to Spybot – Search & Destroy software to change “the Spybot – Search & Destroy® suite and/or its associated software and/or services” to “Spybot – Search & Destroy® security software and/or its associated apps, tools, and/or services”. In Disclosure of Personally Identifying Information, updated the Google bullet point to add a clearer link to the Google Privacy Policy and a link to their “Technologies” pages. Updated the reference to Adobe Inc. to change the privacy policy to a link to the Adobe Privacy Center (which includes the Adobe Privacy Policy and other related policies, e.g., their “Cookies” page). Updated the reference to the Sucuri Security plugin to add a link to the Sucuri Cookie Policy. Updated the reference to Cloudflare Resolver for Firefox to change the anchor text to the privacy link (it’s not exactly a privacy policy so much as a discussion of the unique privacy practices that apply to that service). In Your Rights (GDPR and Other National or State Privacy Laws), changed “for a list of European data protection authorities, see the European Data Protection Board Members page” to “for a current list of European national data protection authorities, see the “Our Members” page of the European Data Protection Board website,” adjusting the anchor text of the hyperlink accordingly. Did the usual tinkering with these changes after initial publication.
- September 2, 2021: In the preamble, changed “the respective privacy policies and terms of use/terms of service, if any, of those sites or services” to “those sites or services’ respective privacy policies, cookie policies, and/or terms of service/terms of use”. In Embedded Content, changed “is collected and processed by the applicable embedded content provider, not by me, and is subject to the provider’s terms of service/terms of use and privacy policy, which are …” to “is collected and processed by the