JHUS Staging

Privacy Policy

[su_dropcap style=”flat” size=”4″]T[/su_dropcap]he following constitutes the Privacy Policy for JohnHenry.US and all associated web platforms and properties not covered by other agreements (e.g. Facebook, Google).

Who we are

Our website address is: http://passionate-cyan-owl.192-250-227-172.cpanel.site.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

We use various integrations with popular social media and other identity platforms. These platforms may include Google and Meta services, among others. You are strongly advised to be familiar with these platforms and their terms of use. Use of the JohnHenry.US comment system may include collection of personally identifiable information such as e-mail addresses from third-party platforms. In no instance are your passwords for other systems transmitted or used by JohnHenry.US nor stored on our servers.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

This website uses multiple traffic analytic systems. Some are “internal” and only visible as server logs to site administrators and their vendors. We also use Google Analytics whom has their own privacy policies with which you should be familiar.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. (Note: Administrators can’t see passwords, but can change them.)

Frankly we don’t collect enough personal information here to worry about. Things like credit card information used for purchases or contributions are sent directly to the processor (e.g. PayPal or Stripe) and we typically do not store that information.

  • Purchases made directly through the WooCommerce storefront here may retain payment information on third-party servers to facilitate future purchases. This information is not useful and incomplete, e.g. the last four numbers of a card, but not the expiration date or CVV. Similar functionality exists with most major processors. The information stored on our servers cannot be reverse-engineered to construct usable personal financial information. There simply isn’t enough there.
  • We may collect and retain certain information through third party platforms like Patreon, Facebook/Meta, and so forth, for instance if you create a site account when leaving a comment. We may sometimes offer newsletters, send out mass e-mails, or other communication intended for those who have agreed to receive that information. In all cases these communications will have appropriate opt-out mechanisms available.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Please note that some activity may not take place on this site and therefore cannot be removed from it.

Personal information removal requests may be submitted via this form only. Note that you must be logged in to use the form.

Where we send your data

Visitor comments may be checked through an automated spam detection service. Purchase and contribution transactions may be handled via various third parties. Please see our return policy for more information about specific vendors.

Comments using third-party platform logins like Facebook will, obviously, require sending data back and for to that platform.

Your contact information

Certain contact information e.g. e-mail addresses or e-mail communication may remain archived on our servers indefinitely, including to validate and document PII removal requests. In such cases only primary key information – name, e-mail address, login ID if different, the fact that you requested your information be removed, and any identity validating information collected as part of that process – will be retained. This information is kept for legal archival purposes only (e.g. to validate a legal claim that we have failed to remove PII), is stored in an offline database, and is not publicly visible.

Additional information

  • Certain identity artifacts, such as your IP address, are registered and recorded by web servers as a part of normal traffic. While this information, aggregated with other related information that may be available through other means, can be used as a gateway to public identification, doing so using the information in and of itself is generally not possible (save for some extraordinary and mostly hypothetical situations, e.g. you’ve built your own web browser that identifies itself uniquely to the web server AND that identity is publicly known).
  • We take no extraordinary measures to use, discard, or monitor this data beyond analysis for broad user data such as what browser or platform they may be using to view the site and limited geographical data like city and country which is associated with your IP. Frankly we’re not even sure we could track it down accurately and remove it if someone asked us to…which rather negates the idea that it’s personally identifying information.
  • Our web servers are hosted, in addition to the other integrated services mentioned herein. This means the physical machines this website exists on are under the control of other human beings, who have access to server logs and potentially all of the data on the website. This is a standard arrangement, but you deserve to know who has potential access. While my actual hosting agreement began with a company called “Stargate” back in 1999, it has been sold and merged several times and is now part of THG Ingenuity Cloud Services and based (ironically if you know me) in Salt Lake City, UT, US.
  • In order to maintain the ability to notify you in case of a data breach, your e-mail address will be retained indefinitely.

How we protect your data

Mostly by not having it, not doing anything that would suggest it would be of value to anyone else if we did have it, and making sure we’re running a reasonably secure site relative to that little bit of data we do actually collect and use.

What data breach procedures we have in place

While the potential impact if any data breach of this site is extraordinarily limited (and the motivation for anyone to bother also extraordinarily limited), we do have appropriate systems in place to let you know if your data has been compromised through us. Note that your passwords are encrypted; not even I can read them, all I can do is reset them by hand even if I dug directly into the MySQL table storing it. The entire site is also served securely to avoid man-in-the-middle breaches, which may provide an extra (and frankly superfluous) layer of security for embedded payment forms.

What third parties we receive data from

Any third party data sources we use are mentioned and linked above, save for a couple of tertiary geolocation services that our internal traffic log analyzer uses to tell us what country, subdivision, and city our users are visiting from (in the event the equipment they’re using is properly configured and they’re not tunneling through an offshore VPN or something; this information comes from the network, not your computer). This is used for statistical analysis.

What automated decision making and/or profiling we do with user data

Not much, but we may occasionally reach out to registered users or to our local database of past supporters from time to time with site news. While it’s not technically “user data” as such, we also designate between site users (“Subscribers”) and supporting members who have made financial contributions (“Supporters.”) Supporters may have access to content that is not publicly available.

Industry regulatory disclosure requirements

None applicable.