@ The Outset

Privacy Policy

For the longest time I thought you had to cut and paste some long boilerplate “privacy policy” from some legalzoom type website in order to have this page. Now I’m thinking I should just lay out my understanding in plain English.

This privacy policy was last updated and is effective May 25, 2018.

Overview

In general, I don’t want any of your private information. Luckily this is a pretty simple website: it’s just plain old HTML files, no fancy logic or targeted whatever. I do however use a couple of tools to help administer the site. By necessity, these tools collect some aggregate (non-identifying) information and, if you explicitly opt in, some personally identifying information.

I’ll outline these tools one by one.

Personally Identifying Information

Mailing List

If you sign up for my mailing list, you’ll do it through Mailchimp. On my behalf, they will collect your email address and any other information you choose to provide on the signup form. Mailchimp has their own privacy policy; the section called “Privacy for Contacts” covers how they handle your information. For my part, I use this information to send you an email when new posts come online, or I guess to announce anything that I think you might have an interest in. I will not share this information with any other parties.

You can withdraw your consent to be emailed at any time by clicking the Unsubscribe link on any received email; this will remove all of your information from my Mailchimp contact list, and I will no longer have access to any of that data.

Comments

Comments may be offered on the blog in the future. The comments system I currently have in place is entirely self-hosted, and stores the comments in a single file on my web host’s server. The comment system collects only the information you give it, which may include your name, email address, a website if you choose to include one, and your IP address for spam prevention purposes. This information is solely used to store and display comments on pages on this website.

You should be able to delete your own comments by visiting the comments section from the same browser where you left the comment; this will delete all the information that was originally collected in the course of leaving that comment. If for whatever reason you lose access to the delete button, you can contact me directly (joey at the outset dot net) from the email address associated with the comment; I’m happy to go into the database file and delete your comment manually.

Aggregate Information

Analytics

I use Google Analytics to see aggregate information about who’s visiting the site, what they’re seeing and where they’re from. This information is not personally identifying, and it is reported to me only in aggregate. Location information is limited to broad categories of city or state (i.e. “Sydney, Australia”, not “42 Wallaby Way, Sydney, Australia”).

To the best of my understanding, there is no personally identifying information in Google Analytics, just aggregate data. Even so, if you wish to opt out, you can use a tool like Ghostery within your browser to block the Google Analytics script. If you do this, your visit will not be reported to Google Analytics, and you will not be included in the aggregate data.

I have explicitly opted out of demographic tracking. Google offers a tool that embeds an advertising cookie in order to collect users’ age, gender, and interests. I turned this tool off before launching the site, and I do not get any of this information. Don’t want it. Also don’t want to expose you to a tracking cookie.

Google Analytics is the only third party analytics script on The Outset, and I think it strikes an appropriate balance between protecting your privacy and gaining insight into how the site is doing.

DDOS Protection

When you connect to The Outset, you’re connecting to Cloudflare’s servers before you connect to my web host. It’s set up this way to prevent denial of service attacks. Cloudflare collects some information about your internet connection to make sure you’re not part of an attack, but they don’t surface that information to me; I’m only mentioning it because they’re part of the infrastructure. Cloudflare has a privacy policy here, but my understanding is that they only traffic in the information necessary to prevent attacks.

Web Hosting Logs

This last one has to do with the technical aspect of running a website. My web host, Webfaction, maintains logs of requests and errors that come through the web server. These logs may contain your IP address and browser configuration. I do not mine these logs for information, and frankly I’d rather they not exist at all, but it’s just how web servers work.

In terms of data retention, these logs are ephemeral by design, and my understanding is that they are destroyed on a rolling basis every seven days. More information about server logs can be found here.

Updates

This is the first revision of this document, published on May 25, 2018. I pledge to update this page if circumstances change in the future. If there are changes, I also pledge to update this section with a plain English description of what’s changed and the rationale behind those changes.

- Joey

— Follow The Outset —

— Or get The Outset by email —