(Document Version 1.0, published January 23, 2019)

The privacy policy is subject to change; it is stated rather plainly and informally, because I’m not a lawyer. Yet, I hope it covers the necessary legal ground nevertheless and will provide suitable information to the users regarding their privacy.

  1. Three types of user information may be collected by this service: user-provided contact information, user IDs for authentication, and technical information internally provided by server software and the Internet protocols.
  2. User-provided contact information is only stored when the users specifically choose to provide it, specifically for the purpose of publishing it. As a basic principle, contact information will not be shown publicly unless provided by the user for that explicit purpose.
  3. Currently, the website uses no software that requires the user to authenticate themselves; therefore, user IDs are not stored here. In case such software will be used, I will make the best efforts to keep identifying information safe according to state-of-the-art means.
  4. Technical identifying information will be stored internally, as far as it helps prevent abuse (e.g. spam) and can be used to generate non-identifying analytics. It will not be publicly visible.
  5. Currently, the site does not use dynamic content management software (i.e. publishing systems, blogware, wikis, comment frameworks). If such third-party software is used, I cannot make technical disclaimers what information such software stores internally. In case third-party software will be used, I try to keep them up-to-date with latest security fixes and I only use open source packages that appear to use sane security practices.
  6. My webhost collects standard web server log information, and I do not necessarily have access to it, for analytics or otherwise. Previously, I used Piwik as analytics software. When that system was in use, I was only concerned of aggregate information that doesn’t identify users: what search keywords people use to find the pages, which websites they come from, maybe which countries they come from and what they do on the site, on broad terms (e.g. do they actually read the pages or do they go away). Piwik’s features for IP anonymisation, Do Not Track and user opt-out were used and honoured.
  7. External content and JavaScript frameworks hosted on external content distribution networks is discouraged. Formerly, some third-party applications included external dependencies, but the site should be completely self-hosted.
  8. You may contact me if you want to know if there is material belonging to you that is covered by GDPR, in case you simply want a copy or want it removed. However, these queries are handled on case-by-case basis and require manual work, so please allow delays.
  9. Connections to the website are insecure, as there is no advanced tracking and personal information isn’t necessary to access the systems. The beastwithin.org website currently doesn’t use SSL due to the limitations of the hosting platform. The avarthrel.org website optionally uses SSL. No personally identifiable information collection (besides the website’s technical logs, which contain visitor IP addresses and browser identification) happens on non-SSL sites.

For all privacy questions and legal issues, you can contact me by email.