Privacy Policy

Who we are

Our website address is: https://www.isaacdodd.com. There are also a number of associated web addresses that point to this same location on the internet, such as doddmd.com.

What personal data we collect and why we collect it

We collect information about visitors who comment on Sites that use our anti-spam service, Akismet. The information we collect typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter/user registering an account, such as their name, username, email address, and the comment itself).

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string for spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Should you choose to use contact forms, any information you enter will be visible to the administrators of the website and potentially any contractors who work on the site in the future, if applicable. Therefore, only enter information you feel comfortable sharing with others, and if a more secure form of contact is needed, withhold the confidential details and put ‘Secure Contact Requested’ in the subject-line to get a response from an encrypted, secure inbox.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for 1 year unless you erase the cookie using your browser’s cookie settings.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for 2 days, and screen options cookies last for 1 year (again, unless you erase them from your browser). If you select “Remember Me”, your login will persist for 2 weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

This website presently doesn’t use any Analytics services.

Security Logs

For security and auditing purposes, a record of all of your logged-in actions and changes within the site will be recorded in an audit log. The audit log also includes your IP address, which website you accessed this site from, the action you attempted, browser information, timestamps, and the URL you attempted to visit. Data is retained in the audit log for 30 days.

The IP address of visitors, user ID of logged in users, and username of login attempts are also conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 30 days.

Your IP Address and browser information is retained for 7 days in a separate spam-preventive security log; these can be used to help keep this website secure and prevent fraud. It is possible that this information may be logged temporarily.

Who we share your data with

This site is scanned for potential malware and vulnerabilities by Sucuri’s SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri’s privacy policy. Otherwise, your data isn’t shared with anyone unless legally compelled. Contractors may work on the website in the future, but they will be strictly required to agree not to disclose or retain any personal information in the website’s database or records.

‘Bad Behavior’ prevents spam and scrapers from overloading the website. There is a small chance that this plugin will log your IP address and browser information. This is stored in a spam-related security log file and deleted after 7 days. There is no reason why this information should be processed or be personally identifiable to you.

How long we retain your data

If you leave a comment or register an account, the comment or account and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. Upon request, all metadata can be completely erased from the website’s database, including the message requesting the deletion.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username — direct requests have to be made to manually change this instead). Website administrators can also see and edit that information where applicable.

Security logs are retained for 30 days. Spam-related security logs are retained for 7 days. Backups of security log details are retained for 98 days. Database backups are sent via email (to an end-to-end encrypted inbox) and may be retained indefinitely, but any restorations of backups will have previous personal data erasure requests honored.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service as previously described. Database backups are sent via email to an end-to-end encrypted inbox.

Contact information

Please use the Contact form on the website to get in touch with the website’s administrators.

Additional information

How we protect your data

Please use the https://… extension to the URL to have all of your interactions on the website encrypted via industry-standard 256-bit TLS/SSL encryption.

What data breach procedures we have in place

If data is ever breached for users, we’ll try to make an attempt to notify users with the contact details they have provided.

What third parties we receive data from

We actually don’t deal with third-party data for any data on file, and we don’t have any plans to do so in the future.

What automated decision making and/or profiling we do with user data

We don’t do any automated decision-making or profiling whatsoever beyond automated spam detection. As explained prior, a cookie may be used just to make it easier to fill in the details you previously filled in when you make comments.

Industry regulatory disclosure requirements

This website is not used to handle any Protected (or Personal/Patient) Health Information (PHI), or any data that would be protected under HIPAA or any other health or privacy regulations, and the administrators request that no such information be entered into this website.

Changelog

2019-01-16 – Security Logs – Added details about the audit log feature.
2019-01-05 – GDPR compliant statements for ‘Bad Behavior’ spam-preventive security logs were added.
2018-12-02 – Initialization of policy with minor edits were published.