What the Privacy Policy for this site would look like

03. September 2013 Security 0

A comment on my last post asked “What would *your* ideal TOS look like? I bet it would be honest, easy to understand, and just snarky enough to keep the lawyers on their toes.”. As soon as I saw it I replied “Absolutely it would :)” but then I started thinking, would I really? Only one way to find out and that’s to write a Privacy Policy for this site. While a Privacy Policy is not the same as a Terms of Service (TOS) I feel a Privacy Policy would be better in this case as I do not offer any type of service, still I’ll try to make it as complete as possible. Also, this is what my Privacy Policy *would* look like, if I chose to have one, which I don’t as it would mean having it’s legality checked by a lawyer and being legally accountable for the statements in it. Lawyers cost money and I really do not feel like spending money 😉 So, let’s see what deep dark secrets I have to hide and how I’d mention them.

By visiting this website you should be aware that everything mentioned in this policy applies, whether you agree or not.

Information collected, how is the information collected & why is the information collected.
A few automated systems collect your personally and non-personally identifiable information. The systems used are the default logging that occurs on the webserver I use to host this site (AWstat and Raw access logs) and Woopra. While the collection of your information can not be helped or stopped in the case of Raw access logs or AWstat, I choose to install Woopra myself. I am considering the switch to the open source PiWik so that I don’t need a 3rd party service. The following information is collected by these systems:
– Your IP address (revealing your location)
– Your OS and Browser
– The time and duration of your visit
– Where you came from (did you get here via Google search or another website)
– What links did you click on while you were here (other articles, links to other websites or downloadable files)
Woopra collects this same information, it just allows me to see it all in real-time. While the server logs all this information as well, I never check these logs as they do not tell me anything I am interested in that Woopra doesn’t already provide. I collect all this information for the following purposes:
How many people read my posts?
This website is fairly new so I’d like to see if I am reaching a growing audience or if I am just ‘typing to myself’.
What countries are my readers from?
This will help me figure out if I should be thinking about translations or other targeted content. For example let’s say the majority of the readers are from the US but the second largest group is from Germany. I’d consider a translation feature for German and/or adding some posts that would be interesting and helpful to Germans.
How much time was spent on the site?
Do I capture people’s attention or do they split after just 20 seconds of reading. Was this visitor a crawler or a bot or an actual person.
What is the most read content?
This helps me figure out where the reader’s interests lie. If I make a post about XYZ but noone reads it, I know to not bother with this type of post again in the future. This helps me focus my time and energy on more relevant contents.

That’s all I’m after.
While opting-out of these things is not possible you can mask or hide the things that may identify you. Use a proxy or VPN to hide your IP and location. Use anonymous search engines so I can not see your exact search query that led you to this site (startpage.com or ixquick.com).

If you comment on any of my posts, your IP, email address (you provide) and name (you provide) will be logged as well. I also use several security methods to harden this self-hosted WordPress installation that collect IP address information as well if malicious activity is detected.

Who I share, sell or trade your information with.
Noone. All the above mentioned information is visible by me and me only. If anyone wants to buy or rent the information from me I will decline. If the amount of money they offer me is so absurdly high that I’d be an idiot to decline, I will set out to find a way so that everyone that has visited this site before can decide to have his/her information deleted before I sell it. If this is not possible, again I will have to decline. I am working on finding good ways to make sure I can collect all the information I need but to have all this information automatically deleted from the webserver logs/systems and Woopra at the end of every month. This will result in a list of stats like this, for example:
August:
xxx visitors,
xxx from the US
xxx from Germany
xxx from Australia
xx used Mac
xx used Windows
xx used Firefox
xx used Safari
most popular topic was: hello kitty
A list that does everything I need it to do, with no ties to IP addresses or anything identifiable, compiled by me. As there is nothing left to tie this data to a user at this point I’d be happy to sell or rent out this information if someone offers me cash for it.

From time to time I receive email notifications when someone has commented on a post, this email will include your IP, your email address, your name and your comment. Email traffic is not secure so the contents of this email may be seen by governments, government agencies and/or government contractors.

How I keep your data safe.
I have asked my host all the important questions. They do not work with service providers or 3rd parties to share or hand over my server logs. They use secure data centers and the appropriate levels of encryption. All the information kept on my own computers are transferred from the server to my computers through an SSL connection. The computers itself are protected by multiple levels of encryption and multiple firewalls. When I travel I make sure that none of the files, data or information described in this policy are present on my laptop or smart phone. I believe I do what I can to keep your data safe but if a hacker decides to go after my hosting provider, there is no telling what will happen or what will be obtained.

Questions or concerns?
I’m sure I forgot to mention something here or could elaborate on something more than I did. If you have any questions or concerns just leave a comment on this post or shoot me an email.

That’s it. Did I keep it honest and easy to understand? Well it’s honest but you’ll have to take my word for it. I think it’s easy to understand but you can be the judge 🙂 Any feedback, let me know in the comments!


Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.