Privacy Policy

Who we are

Erick T. Hitter operates a variety of sites using several infrastructure providers. Collectively, these hosts are referred to herein as “the erick t. hitter network.” The following privacy policy covers all public sites hosted on this network; it does not cover sites or services not intended for public access, except as otherwise provided for below.

The types of sites covered by this policy can generally be classified as follows:

  1. Sites that are part of the WordPress multisite instance at ethitter.com;
  2. Other content-only sites hosted on the erick t. hitter network.

While some portions of the erick t. hitter network are served from infrastructure located outside of the United States, any data collection by the erick t. hitter network occurs exclusively on infrastructure located within the United States.

Covered domains include:

ethitter.com, i.ethitter.com, erick.blog, erick.me, squirex2.com, chrisanderick.com, s.eth.pw, r.eth.pw, idranktoomuch.coffee, bartlet.rocks

What personal data we collect and why we collect it

Contact & Donate Forms

To prevent abuse and fight spam, form submissions include the submitter’s IP address, along with whatever personal information is supplied in the form submission. This information is stored indefinitely, but is not shared with third parties for any purpose, except as noted on the form (for example, in the case of a contest for early access to a service).

Forms that accept payment, such as donation forms, do so using Stripe. A Stripe transaction identifier, as well as the last four digits of the credit card number, are stored along with the aforementioned information retained for forms.

Comments

When visitors leave comments on the network, we collect the data shown in the comments form, and also the visitor’s IP address and browser user-agent string. This information is used to prevent abuse and fight spam.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Webmentions

Webmentions are an explicit feature of your content management system: by sending a webmention to the webmention endpoint of this website, you request the server to take notice of that referral and process it. As long as public content is concerned (i.e. you are not sending a private webmention), such use of this website’s webmention endpoint implies that you are aware of it being published.

You can at any time request the removal of one or all webmentions originating from your website.

Cookies

By visiting any site on the network, cookies are set by the analytics packages noted in the Analytics section. If you opt out of tracking by the network’s analytics package, Matomo (fka Piwik), a cookie is used to record your decision.

If you leave a comment on the network, you may opt in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

One analytics package is used across the erick t. hitter network: Google Analytics.

The privacy policy for Google Analytics can be found at https://support.google.com/analytics/answer/6004245. Instructions for opting out of Google Analytics tracking are available at https://tools.google.com/dlpage/gaoptout.

Server logs

Access and error logs may contain IP addresses, form submission data, usernames, or other personal data. This information is captured to prevent abuse and resolve service problems.

Who we share your data with

Infrastructure for the erick t. hitter network is provided by:

  • Linode
  • Digital Ocean
  • Vultr
  • Amazon AWS
  • KeyCDN
  • SiteGround

While data is not explicitly shared with these providers, they may retain their own logs, or otherwise access their respective elements of the network as provided by in their respective terms of service and related policies.

Payments are processed using Stripe. To do so, the email address supplied in the form, as well as the payment total, are shared with Stripe.

To prevent spam, comment data, including IP address, is shared with the Akismet spam-detection service. Read more at https://akismet.com/privacy/.

To analyze and archive server logs, their contents may be archived in Amazon AWS S3 buckets.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For registered users, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Form submissions (Contact, Donate, etc.) are retained indefinitely.

Analytics data is retained indefinitely.

Server logs are retained indefinitely.

What rights you have over your data

If you have an account, have left comments, or have submitted forms on the network, you can request to receive an export file of the personal data we hold about you, including any data you have provided to us. You can also request that we delete any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Additionally, content (posts, comments, contact form submissions, etc) is not removed, but rather is anonymized.

If you visited any portion of the network prior to May 5, 2018, you can request that your IP address be anonymized in un-anonymized analytics logs. Server logs cannot be anonymized for administrative, legal, and security reasons.

Payment information submitted to Stripe is subject to their data-retention policies. The related form data retained by the network can be exported or anonymized as described above.

Where we send your data

With the exception of content served from a KeyCDN node, all requests to the erick t. hitter network are served from infrastructure located in the United States.

Visitor comments may be checked through an automated spam detection service. This may be located abroad.

Your contact information

If you have questions, or would like to request either an export or that your data be anonymized, visit http://ethitter.com/contact/ and select “Privacy Policy / GDPR” from the Nature of Inquiry dropdown.

Additional information

How we protect your data

All requests are served over encrypted connections, with many domains appearing in the HSTS preload list. Strong passwords are required on all administrative accounts. Whenever possible, accounts are secured with multifactor authentication. Appropriate access controls are utilized.

Server access exclusively uses public keys of at least 2,048 bits. Backups are encrypted at rest when feasible. All server access is monitored and reported via redundant services. All communication between servers in the network occurs over encrypted connections, as does all communication with third-parties services. Servers are monitored for unexpected behaviour, including irregular network traffic and unexpected processes.

What data breach procedures we have in place

In the event that a breach is detected, and whenever feasible, impacted individuals will be notified of what data was compromised.

What third parties we receive data from

None

What automated decision making and/or profiling we do with user data

None