Privacy Policy

Who we are

Our website address is: https://johnhenry.us.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Advertisement

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.Users commenting on posts using the wpDiscuz system installed on this site may, only by deliberate intentional action, allow one or more social media networks to be used to identify them in comments.  Please refer to the privacy policies of the platform you’re using to comment (as of March 2021 those platforms included Facebook, Google, Twitter, Disqus, and WordPress.Com, with additional sharing ability (no login required) via WhatApp.  At the time of the current revision of this document, further integration with LinkedIn and Instagram are planned.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

This website uses multiple traffic analytic systems. Some are “internal” and only visible as server logs to site administrators and their vendors. We also use Google Analytics and Statcounter, each of whom have their own privacy policies with which you should be familiar.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Please note that some activity may not take place on this site and therefore cannot be removed from it.

Personal information removal requests may be submitted via this form only and will be subject to further identity verification before action is taken.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Certain contact information e.g. e-mail addresses or e-mail communication may remain archived on our servers indefinitely, including to validate and document PII removal requests. In such cases only primary key information – name, e-mail address, login ID if different, the fact that you requested your information be removed, and any identity validating information collected as part of that process – will be retained. This information is kept for legal archival purposes only (e.g. to validate a legal claim that we have failed to remove PII), is stored in an offline database, and is not publicly visible.

Additional information

  • Certain identity artifacts, such as your IP address, are registered and recorded by web servers as a part of normal traffic. While this information, aggregated with other related information that may be available through other means, can be used as a gateway to public identification, doing so using the information in and of itself is generally not possible (save for some extraordinary and mostly hypothetical situations, e.g. you’ve built your own web browser that identifies itself uniquely to the web server AND that identity is publicly known).
  • We take no extraordinary measures to use, discard, or monitor this data beyond analysis for broad user data such as what browser or platform they may be using to view the site and limited geographical data like city and country which is associated with your IP. Frankly we’re not even sure we could track it down accurately and remove it if someone asked us to…which rather negates the idea that it’s personally identifying information.
  • Our web servers are hosted, in addition to the other integrated services mentioned herein. This means the physical machines this website exists on are under the control of other human beings, who have access to server logs and potentially all of the data on the website. This is a standard arrangement, but you deserve to know who has potential access. While my actual hosting agreement began with a company called “Stargate” back in 1999, it has been sold and merged several times and is now part of THG Ingenuity Cloud Services and based (ironically if you know me) in Salt Lake City, UT, US.
  • We do not at any point collect or even see financial information for supporters. That information just doesn’t touch our hands, nor do we want it to. Our payments are processed through PayPal and Stripe, both well known, well-established, and generally trusted organizations in terms of information security and financial safety.

How we protect your data

Mostly by not having it, not doing anything that would suggest it would be of value ot anyone else if we did have it, and making sure we’re running a reasonably secure site relative to that little bit of data we do actually collect and use.

What data breach procedures we have in place

While the potential impact if any data breach of this site is extraordinarily limited (and the motivation for anyone to bother also extraordinarily limited), we do have appropriate systems in place to let you know if your data has been compromised through us. Note that your passwords are encrypted; not even I can read them, all I can do is reset them by hand even if I dug directly into the MySQL table storing it. The entire site is also served securely to avoid man-in-the-middle breaches, which may provide an extra (and frankly superfluous) layer of security for embedded payment forms.

What third parties we receive data from

Any third party data sources we use are mentioned and linked above, save for a couple of tertiary geolocation services that our internal log analyzer uses to tell us what country, subdivision, and city our users are visiting from (in the event the equipment they’re using is properly configured and they’re not tunneling through an offshore VPN or something).

What automated decision making and/or profiling we do with user data

Not much, but we may occasionally reach out to registered users or to our local database of past supporters from time to time with site news. While it’s not technically “user data” as such, we also designate between site users (“Subscribers”) and supporting members who have made financial contributions (“Supporters.”) Supporters may have access to content that is not publicly available.

Industry regulatory disclosure requirements

None applicable.