On 25th May 2018, we’ll be updating out terms of service and privacy policies.
All the sites we manage are administered in a broadly similar way, with principles based policies on privacy and security a central concern.
We don’t collect or store any data that you’re going to be uncomfortable about (we think a username, email address and password are as personal and sensitive as it gets).
We serve all pages, including the admin ones over SSL, even though there are few financial transactions taking place.
If you have uploaded additional information in a distracted moment, e.g. to your public profile, while technically you consented to it being made public, we think that having second thoughts, buyers remorse, didn’t appreciate the consequences, just want to uphold your right to be forgotten – are acceptable reasons for redress or complaint. We are as guilty as the next in agreeing to T&Cs without reading them.
Please just get in touch and we’ll look into any problem you have with your personal data on our systems and we will not make a fuss and delete anything that you are not comfortable with.
We log things, more things than you would think. The database holds most of this and there are log files stored on the server (though not visible to you unless you are an NSA/MI6 operative), which get pruned / deleted at intervals.
A good example of a typical user (admin) journey is:- you logged in, you made a change to page, enabled a plugin, deleted a file, you logged out (or didn’t, which – remember – is a security risk). We do this to provide you with support, and only the last 1000 lines of the log are retained.
In detail, you should know that ‘WP revisions’ holds earlier versions of your edits – you’ll need to ask us to purge revisions / edits.
Posts and pages, as well as other content types are not deleted immediately, so you can retrieve them from the trash within 30 days, after which you will rely on database backups or a (google or other search engine) cached version of the public website.
Most of our websites, indeed all, have comments closed, so no personal information is collected.
You host me, does this policy cover everything?
No it doesn’t. We are just covering the parts that we are responsible for, which includes the basic server operation and the free core softwares that we operate for you.
In detail if you use a number of third party tools, you’ll be governed by a plethora of agreements and policies, which you may need to tell your customers about.
1) We take a snapshot daily of the whole server – kit and caboodle. These are disaster recover orientated and kept for 4 days, after which they get overridden. The files are kept off the server, because if it should become inaccessible, we may need to spin up a new server and start again.
2) We also use backup2l to take incremental backups. These files are stored on archive quality disks, in the case of anything to do with sketchery, archaeo or projectspoint they reside in AWS.
3) On smaller setups we also use a business Dropbox account to store weekly (all the files) and daily snapshots of the database.
A great many hosted offerings might offer one backup option, at most.
With all this redundancy, we still only offer this on a best efforts basis.
All user interactions are logged, leaving a potentially personally identifiable trail.
This is by design, helps us troubleshoot problems, reduces security risks and more.
We do it for the effective management and security of all the hosted sites.
No unnecessary or ‘sensitive private data’ are stored in our systems though.
Our data retention policy is set to delete said logs after 3 months.
If you’re NOT cool with that please contact firstname.lastname@example.org
If you employ social media tools, please be aware that you are governed by the terms of the third party.
If you use Google analytics, more data that you can possibly imagine is being processed and stored by our friends at Google. Our standard setup involves removing admins from being tracked and generally it is quite hard to track an individual AND identify the person using analytics, but it is entirely possible (e.g. in a site that rarely gets used). Remember that when you sign up to Analytics, there are a number of T&Cs that you agree to. Generally, if we think this might not be in your interests or risk breach of privacy, we will not recommend this options. We have tended to use our google account to set up analytics.
Jetpack also stores a good deal of data about site usage. Remember that when you sign up to Jetpack, there are a number of T&Cs that you agree to. Generally, if we think this might not be in your interests or risk breach of privacy, we will not recommend this options. We have tended to use our wordpress.com / jetpack account to set up statitics.
If you’re concerned about any of these analytical tools, get in touch and we will look into whether any of this risks breaching personal privacy or potentially undermines your reputation.
PS You got this far? Great, that means you’re concentrating.
There are 4 grammatical errors and one spelling mistake in the above (Ed. I think he means there are typos), hope you found them all.