Note: This stuff is, as usual, always subject to change because this is still pretty much a draft. For some of the salient points, you can also look at Avarthrel privacy policy, a site which is also operated by me.)

The privacy policy is stated rather plainly, because I’m not a lawyer.

  1. I will only knowingly store identifying information if such information is actually needed for identification. This will include names, email addresses, websites and possibly user IDs such as OpenIDs. All of the applications I develop will use hashed passwords. I will make the best efforts to keep identifying information safe. I’ve made effort to reduce the use of information that can potentially expose the user to abuse (e.g. email addresses, which could end up to the hands of spammers). Email addresses will not be shown publicly unless requested by the user. All other information will only be shown if provided and explicitly stated as publicly viewable.
  2. I make no guarantees what information third-party applications (e.g. Drupal, Movable Type) store. However, I try to keep them up-to-date and I only use open source packages that appear to use sane security practices.
  3. My webhost collects standard Apache log information. Some of these pages use Piwik, but I, personally, am only concerned of aggregate information that doesn’t identify users: what search keywords people use to find the pages, which websites they come from, maybe which countries they come from and what they do on the site, on broad terms (e.g. do they actually read the pages or do they go away).
  4. External image and tracking stuff use is discouraged, and should only appear in third-party applications.
  5. Visitor IP addresses may be logged to make spam quenching easier, but neither the address itself nor the block owner are ever displayed publicly. Spammers may be ridiculed, though.

There is admittedly currently no easy way to contact me if problems are actually present, but you can try emailing me.