In this document, I describe how and why I collect, store and use personal data for the daily operation of ChrisRosser.net. In an ideal world, I wouldn't collect a single shred of data, however running a website with a membership, comments, and newsletter component requires that I collect and use some personal information.
Privacy is important to me. Yes, that's easy to say, and harder to prove, but it is my hope this document alleviates any concerns you might have.
In collecting, storing, and using data, I adhere to the following principles:
- Your data is yours, not mine, nor does it belong to big tech and media companies.
- I collect and use only the information I need to run my website and membership business.
- I put privacy before profit.
- I never sell personal information.
- When I delete data, it's gone for good.
- I take security seriously.
Regardless of where you live, and what jurisdiction governs your life, I believe privacy is a universal human right.
- You have the right to know what information I collect, and how I use it.
- You have the right to ask for and receive a copy of the information I hold.
- You have the right to withdraw consent to use your personal data.
- You have the right to have your information deleted upon your request.
- You have the right to be forgotten.
Why I collect data
- Allow people to join my website with a free or premium membership account.
- Send newsletters and updates to members.
- Allow members to comment on articles.
- Analyse aggregated visitor data.
- Automate aspects of member management.
- Protect my website and server from malicious actors.
When I delete data
- When a member asks me to.
- When a member unsubscribes from my newsletter.
As my site allows access to, and collects data from, citizens of the United Kingdom and European Union, I am also bound by the requirements of the GDPR.
My website is not intended to be viewed by anyone under the age of 18. I do not knowingly collect data from children, and should I learn if this has happened, I will take immediate steps to remove their data from my services and terminate their account.
What I collect
If you are a casual reader of my site, I ask for and collect nothing. Your time on my site is logged by my analytics software (more on that below), but this data is anonymised before it is stored in my database.
Should you choose to become a member of my site, I ask for your email address and name. The name is optional, and you are free to omit it entirely, or use an alias, should you wish. Additionally, my website's membership system will attempt to record and store your general location and country, for example, Melbourne, Australia. Logging into my website also records your IP address, and the time you logged in.
I use your email address to send out login links, my fortnightly newsletter, and important notices such as changes to this policy.
I collect visitor reading habits data using analytics software. I do so only to gauge what articles are popular, note where my readers originate, and how readers are referred to my website from sources such as Google search, social media, or direct.
This information includes:
- browser type and version
- device type (i.e. mobile or desktop)
- time zone and country
- operating system and platform
To collect analytics, I use an open-source, self-hosted installation of Umami. Umami is privacy-focused. Umami does not collect identifiable information, and all data is and anonymised before it is stored in my website's database, and presented to me in aggregate.
Data storage, security, and retention
Data I collect is stored in a MySQL database hosted on a DigitalOcean Virtual Private Server (VPS) located in the United States. This database only permits connections from Ghost and Umami, which run locally on the same machine. Root access to the VPS and database is disabled. As Ghost uses magic links, no member passwords are stored in the database.
I retain data only for as long as necessary to fulfill the functions of my website. If I don't need it, I delete it.
A Cookie is a small piece of data stored on your device by my website.
Additionally, my payment provider, Stripe may store cookies on your device to facilitate payment.
While I limit the presence of third-party cookies, some pages may contain them as a result of embedding widgets such as Twitter posts, and Amazon Kindle reading previews.
Integration with third-parties
Pipeline and Slack
I use Pipeline to send notifications to Slack when a member unsubscribes from my newsletter. Upon which, I delete that member's account from my website.
Transaction and direct mail
Bulk mail service, Mailgun, handles all transactional emails I send to my website's members as newsletters, updates, and notices.
My website emails login links directly to individual members using Fastmail.
I provide premium subscriptions using a third-party payment processor, Stripe.
- 2021-10-17 Unsubscribed accounts now deleteted
- 2021-09-07 Minor corrections
- 2021-08-08 Initial release