Permalink
Fetching contributors…
Cannot retrieve contributors at this time
113 lines (87 sloc) 10.7 KB

Privacy Policy Snippets

Copy and paste-able snippets that describe how core collects, manages and shares data provided by site users and visitors.

Definitions

  • Logged In vs Logged Out Users: Logged in users are users who have registered (created) an account on the site and have provided their Username and password to log in to the site. Some sites require users to be registered and logged in to do things like comment on an article. Logged out users are users who have not logged in, or who do not have an account on the site at all (e.g. visitors).
  • Gravatar: An optional public profile, including a photo or image, related to your Email Address.
  • IP Address: The address of your device on the Internet. This address is assigned by the Internet Service Provider providing the connection to the Internet which your device is using and may be shared with other devices at that same location.
  • REST API: An alternative means of accessing the data on a website. Instead of navigating a browser to a page to retrieve website content, a script or other means is used to electronically collect website content. The content retrieved via the REST API interface for a given article or media attachment may include more data than is displayed in a browser.
  • Role: A logged in user also has a role, e.g. Contributor, Author, Editor, etc. Each role has a prescribed set of capabilities - e.g. some roles can delete comments but others cannot.
  • User Agent: A browser’s user agent is a line of text that usually includes which browser you are using, its version, and your operating system and its version.

Cookies

  • If you are logged out and leave a comment on this site you may opt-in to saving your name, email address and website. If you opt-in, three cookies will be created - one for your name, one for your email address and one for your website. These cookies are unique to this site and will persist for 1 year. (comment_author_{site}, comment_author_email_{site}, comment_author_url_{site})

  • If you attempt to log in to this site, we will set a temporary cookie to determine if your browser accepts cookies at all. This cookie contains no personal data and is discarded when you close your browser. (wordpress_test_cookie)

  • If you have an account and you log in to this site, we will set up to three cookies to save your log in information in your browser. These cookies are unique to this site and include your user name and a login token for you. If you select “Remember Me” these cookies will persist for two weeks. If not, they will persist for two days. Since these cookies save your user name and login information, if you log into this site using a public computer, it is important to log out before leaving the computer to prevent unauthorized access. (wordpress_{site}, wordpress_sec_{site}, wordpress_logged_in_{site}).

  • If you have an account, if your role permits it and if you use the administration pages of this site, up to two additional cookies will be saved in your browser. These cookies both include your user ID. The first cookie contains any screen options you've selected and the second contains the timestamp of the last time you visited an administration page. They expire after 1 year. (wp-settings-{userID}, wp-settings-time-{userID})

  • If you have an account, if your role permits it and if you use the administration pages of this site to edit articles, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. (wp-saving-post)

Comments

Comments Left by All Users

  • If you elect to leave a comment on an article, in addition to the comment text you provide we also collect your IP Address and your User Agent.
  • Your comment text, your Name, Email Address, Website (URL), IP Address and User Agent are accessible by administrators on our site.
  • An anonymized string created from your Email Address (also called a hash) is provided to the Gravatar service to see if a profile picture of you is available for display. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ Prior to approval of your comment, your profile picture is only visible to administrators. After approval of your comment, your profile picture is visible to the public in the context of your comment.
  • Following approval of your comment, your comment text, your Name, and Website (URL) (if provided) are visible to the public.
  • Comments containing links or certain words or phrases may require manual approval by an administrator.
  • Your comment, including comment text, your Name, Email Address, Website (URL), IP Address and User Agent, is:
    • shared with the Akismet service to determine whether or not your comment is spam. The Akismet service privacy policy is available here: https://automattic.com/privacy/
    • stored in the website’s database, access to which is restricted to site administrators. Site administrator authentication is by username and password.
    • retained indefinitely until explicitly deleted by an administrator.

Comments Left by Logged In Users

  • You may edit the Display Name used for new comments in your profile.
  • If your role on the site has sufficient permission (e.g. Editor), you may edit or delete comments.

Comments Left by Logged Out Users / Visitors

  • If you are not logged in to the site and elect to leave a comment on an article, we require your Name and your Email Address and we request your Website (URL). You may also elect to provide a partial name, initials or even a pseudonym in lieu of your full name. You are not required to provide a website URL.
  • When you leave a comment, you will be asked if you opt-in to saving your Name, Email Address and Website (URL) in your browser for future commenting. If you so opt-in, we store three cookies on your browser to make it easier for you to comment again in the future. The cookies contain your Name, your Email Address and your Website (URL). They are set to expire after one year.

Embedded Content

Registered Users

  • If you create an account on this site, you will be prompted to select a Username and provide your Email Address.
  • When choosing a Username, we strongly advise you not use or include your real name. Usernames cannot be changed.
  • Your Username and Email Address are stored in the website's database. Your Email Address is used to send you an email with a link to set your password or to send you an email with a link to reset your password in the event you forget your password.
  • Once an account is created, you must contact an administrator to have it deleted.
  • Accounts have a numeric User ID assigned to them when they are created. The User ID cannot be changed.

Profiles

  • An anonymized string created from your email address (also called a hash) is provided to the Gravatar service to see if a Profile picture of you is available for display. The Gravatar service privacy policy is available here: https://automattic.com/privacy/
  • You may optionally complete your Profile by providing your First Name, Last Name, Website (URL) and/or Biographical info. These additional details are also saved in the website's database. You may edit these details, and your Email Address, in your Profile at any time.
  • You may also choose how your name is displayed (your Display Name) to visitors to the site (e.g. in comments you create) in your Profile.
  • Your Username, First Name, Last Name and Email Address are accessible by administrators on the site.
  • Your Profile Picture (Gravatar), Display Name, Website (URL) (if any) and Biographical Info (if any) may be visible to visitors to the website (e.g. if you leave a comment or contribute an article).
  • If you author an article on the website, your Username, User ID, Profile Picture (Gravatar), Display Name, Website (URL) (if any) and Biographical Info (if any) are provided to any visitor using the website's REST API interface.

Media

  • If you upload media (e.g. images) to the website, you should avoid uploading images with EXIF GPS location data included. Visitors to the website can download and extract any location data included in images on the website.
  • Visitors using the website's REST API interface can correlate uploaded media to a particular user. This may allow such visitors to map a user to a particular time and location if EXIF GPS location data was included in the uploaded media.