Okay… TL;DR? We have to spell this stuff out now, to comply with various laws and regulations including the EU’s GDPR. But what it comes down to is this. Cheezland has zero interest in abusing your personal information, sharing it, hoarding it, leaking it, making origami out of it, or otherwise doing anything other than making it as easy and safe as possible to interact with the community. We do not embed content, allow logins via social media accounts other than WordPress itself, have social media Like or direct sharing buttons, allow advertising or third-party data analytics, or otherwise try to force you to connect with any other site outside of services (eg, Gravatar, Akismet) offered by Automattic (the company that owns WordPress and its relatives). You can see Automattic’s privacy statement here: https://automattic.com/privacy/
This is all pretty standard stuff. And what on earth would we do with the data of our friends? But, just so we can all say that the info is available, or in case you’re curious or extremely bored, feel free to read below. I’ll do my best to spell it out, although I’m not a pro at this and it’s a little complex sorting out what exactly reaches outside or stores anything.
What personal data we collect and why we collect it
If you’ve signed up for daily post emails through Feedburner, you can unsubscribe at any time via the link at the bottom. Prysmakitty/Steph Shangraw can see who has subscribed in the form of a list of email addresses, the subscription date, and whether they have been verified or not. That’s all.
Several active Jetpack services collect some or all of: IP address and other IP data, email address, WordPress.com user ID, WordPress.com username, which site you were on (ie, Cheezland), post ID (which post you were on), user agent, timestamp of event, browser language, country code.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string (basically, your browser and operating system) to help spam detection.
By default WordPress does not collect any personal data about unregistered visitors, and only collects the data shown on the User Profile screen from registered users. However some plugins may collect personal data. Cheezland has minimal plugins, and to the best of our knowledge, nothing outside of Automattic’s services (except in some circumstances our security plugin Shield Security) collects any data at all.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account (new ones can longer be created on Cheezland, due to excessive spamitude, but you can use your WordPress.com account) and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
The Mobile theme leaves a cookie in place for 3.5 days, marking whether you want to use this theme.
Mods: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
We do not embed content (e.g. videos, images, articles, etc.). All Cheezland content, with the exception of WordPress and related services such as Gravatar and Akismet, is local. This includes advertising: Cheezland does not have any.
We do not have any third-party analytics. The only stats gathered are via WordPress’ basic functionality, including the Jetpack plugin. If you want to see what that looks like, email me and we’ll send you screenshots with other users’ data blacked out. Or, if you have a WordPress blog, look at your stats page for yourself. That’s what we have. It’s all aggregate data, nothing individually identifiable. Nothing else.
Who we share your data with
Nobody. Period. We have no reason to. Your admin or mods may relay a message via your email address, rarely and if requested by a known community member, to allow private contact without personal data being made public. That’s it.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. (And, y’know, so we can see who said what, and not lose old conversations and such!)
For users with grandfathered local accounts (or new mods/admins), we store the personal information you provide in your user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. (This is legalese – your Cheezland admins are at a loss to think of what data we might be “obliged to keep” or, for that matter, what data might be worth erasing.) If you use a WordPress.com account to log in, we can remove comments, but cannot remove or access data from your account.
Where we send your data
Visitor comments are checked through an automated spam detection service, offered by Automattic as a plugin, called Akismet. This typically gathers info including your comment, email, URL if provided, IP address, and browser and OS data, in order to check for spam. Otherwise, we send nothing anywhere. There is no option to log in to Cheezland via a social media account that would share comments or likes to Facebook, Twitter, etc. Cheezland, as much as possible, stands alone. We reside physically on servers at TMDHosting.com which has data centres in both the US and Europe and is GDPR compliant – the specific VPS server on which Cheezland is hosted is located in Chicago, USA. (Your admins are in Canada. Your fellow users are viewing your public info from anywhere in the world.) We may use a personal Dropbox account to back up the site. We can’t make any promises about the physical location of that server.
Any questions? Email firstname.lastname@example.org, of course.