Like most website operators, I collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. My purpose in collecting non-personally identifying information is to better understand how my visitors use Letters Blogatory. From time to time, I may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of Letters Blogatory.
I also collect potentially personally-identifying information like Internet Protocol (IP) addresses of visitors. I only disclose IP addresses under the same circumstances that I use and disclose personally-identifying information as described below.
Gathering of Personally-Identifying Information
Certain visitors to Letters Blogatory choose to interact with the website in ways that require me to gather personally-identifying information. The amount and type of information that I gather depends on the nature of the interaction. For example, commenters must provide a valid email address and a name, and email subscribers must provide a valid email address. In each case, I collect such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Letters Blogatory. I do not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
Protection of Certain Personally-Identifying Information
Except as noted below, I disclose potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when I believe in good faith that disclosure is reasonably necessary to protect my property or rights.
If you are a Letters Blogatory contributor or email subscriber, I may occasionally send you an email to solicit your feedback or just keep you up to date with what’s going on with Letters Blogatory. I take reasonable measures to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Because Letters Blogatory allows third-party tracking only if you affirmatively opt in, Letters Blogatory complies with the proposed Do Not Track standard. Note, however, that the proposed standard only applies to third-party tracking. Letters Blogatory will track your visit using my first-party analytics software even if you set your browser to use the DO NOT TRACK header. But because I use first-party software that runs on my own server rather than a third-party service such as Google Analytics or Statcounter, no third party will have access to my analytics data about your visit.
Letters Blogatory uses OCSP stapling. While the main purpose of using this technique is improved performance, not enhanced privacy, one benefit of the technique (for those readers who use modern browsers) is that my certificate authority will not receive information about your visit to Letters Blogatory, as all OCSP queries will originate from my server, not from your computer.
In order to overcome some technical problems, I publish my RSS feed via Google’s Feedburner service. Thus if you subscribe to my RSS feed, some information regarding your use of the feed may be available to Google.
Also, for technical reasons, I use SendGrid to send my daily newsletters to subscribers via email. Thus if you subscribe to my newsletter, some information regarding your use of Letters Blogatory may be availalbe to SendGrid.
Security Of Your Communications With Letters Blogatory
This section describes the steps I take to attempt to ensure that no third party can view the contents of communications you receive from Letters Blogatory or communications that you send to Letters Blogatory (e.g., via my contact page).
All communications between your web browser and my server are encrypted end-to-end using TLS. This means that only my server and your server can read the data exchanged between the two servers, including the particular URL requested. In other words, while a third party may be able to determine that your server has sent a URL to my server and received data in response, it would not be able to determine the particular URL you typed into your browser. If you are interested in seeking to prevent third parties from knowing that you are communicating with my server, you may want to consider using TOR.
I use DNSSEC and DANE to provide some assurance that a malicious person has not misdirected your request to a different server or substituted its own TLS certificate for mine. You can use a browser plugin to take advantage of these protocols.
My email server is configured to communicate securely with other email servers. However, because your email server may not be properly configured, I can’t promise that email communications with a @lettersblogatory.com email address are encrypted. However, messages sent via my contact page are encrypted end-to-end, just like any other data transmitted via HTTPS.
While this policy explains the steps I take to secure your communications, I make no promises that these steps will work!
|3/4||28 Sept. 2015||Add SendGrid and OCSP stapling provisions.|
|3.3||23 Feb. 2015||Add Google Feedburner disclosure.|
|3.2||22 Jan. 2015||Removed Amazon disclosures (again).|
|3.1||25 Nov. 2014||I think I’m done fiddling for the time being; I have modified the Amazon disclosures and added language about DNSSEC and DANE to the security section.|
|3.0||16 Nov. 2014||Add Do Not Track disclosure; add section on security of communications|
|2.8||14 Nov. 2014||Add modified Amazon disclosures|
|2.7||10 Jun. 2014||Remove Amazon disclosures (at least temporarily!)|
|2.6||8 Jan. 2014||More Amazon disclosures.|
|2.5||8 Dec. 2013||Move commenter requirements from here to Terms of Service page.|
|2.4||6 Oct. 2013||Add Amazon SES disclosure.|
|2.3||15 Sept. 2013||Modify PII section.|
|2.2||5 May 2013||Modify the social sharing language.|
|2.1||23 Apr. 2013||Remove a sentence from the Automattic policy that was inapplicable; remove Pingdom provision; include pseudonym provisions from the prior policy.|
|2.0||21 Apr. 2013||Major restatement of the policy|