Visitor Data Policy

This is a quick page regarding how any data generated by visitors is handled, where it is kept and for how long, and what is (or more commonly, isn’t) done with that data.

First of all, what data is actually generated?

  • Some of the software packages deployed by this website may be configured to leave cookies, or other fragments of local data, related to technical operation of the site. (A full breakdown of all cookies generated by software on this site is pending.)
  • Most incoming internet traffic to these servers, such as HTTP requests and Fediverse related traffic, is logged. All log data generated is kept largely anonymous; the only thing in them that could be considered “personally identifiable” without logging into my network’s SSO (which you can’t) would be your IP address, which isn’t even that identifiable by itself.
  • In the event that a comment is left on a WordPress article, that data is of course obviously kept in order to display the comment, unless deleted as a moderator action.

Now, what do I do with all that information?

  • Firstly, and most importantly, absolutely no data, in its original form or any derivative form (see below), is ever distributed, sold, traded, released, publicized, or displayed without consent, explicit or implicit, from the originating person, at any time, to any party, for any sum, for any reason, under any circumstances. Ever. Period. It will not happen. What happens here, stays here. Your data and my logs are not Google’s, Microsoft’s, Meta’s, Amazon’s, my employer’s, your employer’s, or anyone else’s business. Law enforcement will be required to have explicit jurisdiction over myself or my servers, require a warrant from a judge, and will be required to wait for this warrant to be reviewed by a lawyer under my own employ, before any data is supplied, and only the data expressly specified within the warrant, and only because I don’t want the police coming in, beating/sexually violating my household and shooting my pets over it.
  • Secondly, the data, when generated, will be analyzed by automated tools (and by my own eyes as a second pass) to ensure that no harm will come to myself, my infrastructure, or any software running on it. An example of one such automated tool is fail2ban, which checks for perceived attacks and prevents IP addresses from contacting the system if it is tripped.
  • Thirdly, the data is checked again, largely by myself (though automated tools may also be employed here), to ensure certain kinds of content that would cause physical, emotional, or legal harm to come to myself or other “protected” groups, as defined within my own jurisdictional laws, specifically RCW 49.60.030, is eliminated and prevented from reappearing. This includes: race and skin color, creed, national origin, sexuality and/or gender identity, military status and history, and disabilities. In addition, certain other kinds of illegal content will also be immediately eradicated, and if the content is declared particularly egregious, retaliatory action will be taken to prevent further harm. (Which means: If you somehow put CP on my servers, or anything else awful like that, I will find out who you are and end you.)
  • If your data has made it this far through the document without being considered unfit for this network, it will be kept within an observability stack accessible only to myself, and nobody else. Anonymized statistics may be generated for the sake of ensuring reliability or troubleshooting. Most information generated, however, would be very difficult to link back to you, the user, without intervention on your part, and any personal identification linked to this data would remain mostly ephemeral, as logging exactly who generated what information is useless to me.
  • Lastly, unless otherwise specified as part of any other clause in this document, raw data will be expunged from the system after a short period, within single digits of days. Some anonymized statistics, such as user counts, may be kept for longer, but will be expunged of anything even remotely identifiable if they are kept for that long.

Should you still prefer that any data linked to yourself be manually expunged on your own request, you may drop an email to nicole <at> otl-hga (dot) net with your takedown request, and it will be acted upon in a timely manner. I am not technically beholden to the European Union’s General Data Protection Regulation, or the California Consumer Privacy Act, but any emails received that mention these laws will still be honored, so the email template you already have will work just fine. You may be requested to provide examples of how the data can be linked back to you, which will also be expunged from my systems during the actual takedown.