If have any questions, would like to see your data, or have it deleted email me at caleb@calebgamman.com

I don’t really need (or care) to track the use of this website, beyond the simple statistics offered by the server logs. And, I have no plans to use this site for any advertising. So as much as possible, I am not tracking you.

Cookies

Cookie Cookie

First I store a cookie to check if you have seen the cookie notice. So that on dismiss, you don’t have to keep seeing it. This is basically pointless, but it does let me do a cookie notice without it annoying everyone every time they visit the site.

Embeds

This site includes embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Youtube

Obviously, a key part of this website is embedding YouTube videos. I have tried to set all of these to use YouTube’s “nocookie” domain (aka “Privacy-Enhanced Mode”) so that it will not store any cookies. And they’re true to their word, it doesn’t store any cookies. However, instead of using a cookie, YouTube just saves your tracking data to local storage, then fetches it when you next visit their site. Different words, different process, but still tracking without consent, still in violation of the GDPR.

So as a second privacy step, and a bit of website optimisation, rather than use YouTube’s embeds directly, I instead just fetch the thumbnail, and place a fake play button on top. Only when clicked does the (nocookie) embed actually load. Visually indistinguishable, without all Google’s bullshit.

Those are the only embeds used right now, and if I add any more I will try to make them as privacy friendly as possible. However these big tech companies are fully willing to completely violate these laws, and just accept a few multi-million dollar slaps on the wrist.

ReCaptcha

To stop spam signups and improve security in as unobtrusive a way as possible, I have had to use Google’s ReCaptcha. I have somewhat isolated it to only exist on the pages where required. Regardless, another in for Google.

User Accounts

If you visit the login page, it will set a temporary cookie to determine if your browser accepts cookies at all. This cookie contains no personal data and is discarded when you close your browser.

When you log in, I have set up several cookies to persist that for convenience Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for a year. If you log out of your account, the login cookies will be removed.

Stripe

I am processing payments through Stripe, and Stripe uses cookies for fraud prevention and functionality. Read more about that here: https://stripe.com/cookies-policy/legal

Personal Data

Collected Data

At checkout, this site will collect your name, email address, username, and password. This information is used to setup your account for our site. The last 4 digits of your credit card number and the expiration date are saved by the site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

Where your data is shared

If you request a password reset, the requesting IP address will be included in the reset email.

Payment information is processed through Stripe.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.