Privacy policy

Data collection

When you visit this site, certain standard information is logged, including: your IP, the time of your visit, the request you made, the referrer, and your useragent. The site does not include ads, but some pages may include resources served from third-party servers. This may allow those third parties to collect information about you, and any such collection is governed by their respective privacy policies. A list (current as of August 24, 2013) of the third parties which serve resources included in pages on this site, and what is served is below:

  • Akismet scans submitted comments to weed out spam.
  • Pingdom's "Real User Monitoring" service is used to monitor performance.
  • Mustachify.me is used to provide sexy facial hair during Movember. I apologize in advance if your workplace blocks this as pornography.
  • Gravatar is used for avatars in the comment sections.
  • Flattr previously served some javascript for the flattr button. Currently, a simple link is used instead of the dynamic javascript button.
  • Twitter previously served resources necessary for the Twitter buttons on posts.
  • AddToAny previously served some javascript necessary for the share buttons on posts, and included Google analytics.
  • Google previously served the jQuery library, and Google Analytics was used. It is unlikely that this will ever be the case again.

If you don't wish to be tracked by these third parties, you can block the specific resources, at a loss of the noted functionality; or avoid taking the specified action.

On some pages or posts, there may embedded content from third-party sites. Typically they're below the fold, and kept to a minimum.

If you submit comments to this site, you may voluntarily disclose additional information, such as your name, email address, a website, and the comments themselves. These data are published on the site publicly, except your email address. Your comment is also shared with Akismet, who perform spam filtering.

Analytics

This site sometimes uses Open Web Analytics to collect visitor data and analyze traffic. When you visit the site, the pages that you look at, and a short text file called a cookie, are downloaded to your computer. A cookie is used to store small amounts of information - this does not contain personally-identifying details. Depending on the browser that you use, you can set your preferences to block cookies, and/or notify you before they are placed. On subsequent pages, this information may be collected from your browser to facilitate traffic analysis only. I will only track what I consider necessary to gain insight into the visitor patterns on this site - typically, that is page views, and clicks. The collection and analysis of this tracking data is not conducted by a third party.

Data retention

The data collected is retained for two different lengths of time:

  1. Visitor logs are retained for 7 days, and are deleted automatically.
  2. Anonymous analytics data is collected intermittently, but retained indefinitely.

Disclosure

None of this data will be disclosed to any third party under any circumstances, unless I have a good-faith belief that such disclosure is required by law (for example, due to a subpoena, or other valid court order). If disclosure is required by law, I will attempt to inform you of the fact, unless I am prohibited from doing so. While a failure on your part to challenge the disclosure request may require me to turn over your information, I will object independently to requests I believe are improper.

For your information, I am typically physically located within Canadian federal jurisdiction, and the server is physically located in English federal jurisdiction. My hosting provider is an American corporation and is probably subject to both American and English federal jurisdiction.

Secure access

The site is available over TLS. The current certificate is signed by "StartCom Class 1 Primary Intermediate Server CA" and the fingerprint is:

SHA-256: 91 3F BB AD D0 E5 91 32 AD 23 E8 F9 A0 E5 77 40
         BB 25 07 85 5A 67 18 03 95 1B 95 6C 74 2D 82 CA
SHA-1:   83 2D BA 53 42 CF 53 A6 A2 F8 A4 11 C3 8D 69 21
         14 87 23 7C

The site configuration encourages HTTPS use by making all links point to the HTTPS site, but no redirection is performed. Once using HTTPS, the HSTS header is used to inform your web browser that it should only use HTTPS in the future.

Changes to this policy

This privacy policy may change from time to time. The last modification was Nov 1, 2013. I endeavour to collect the minimum amount of data to operate the site effectively, retain it for the minimum length of time, and to do all data collection and analysis without involving third parties. If substantive changes to the policy are made, it will be noted on the main page.