Privacy - a_lilian's garden

What information do we collect?

We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.

When registering on our site, you may be asked to enter your name and e-mail address. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.

When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

To personalize your experience — your information helps us to better respond to your individual needs.
To improve our site — we continually strive to improve our site offerings based on the information and feedback we receive from you.
To improve customer service — your information helps us to more effectively respond to your customer service requests and support needs.
To send periodic emails — The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

Who Has Access to Your Information?

This site makes a good-faith effort to be transparent with you about who may access the information you choose to share on this site.
E-mail addresses collected during account creation and as updated by the user are solely accessible by the Administrator account.
IP addresses collected during account creation and server exchanges are solely accessible by the Administrator and Moderator accounts.

Staff Account Security

The following policies apply to both Administrator and Moderator accounts:

Administrator and Moderator accounts are secured with a randomly generated, unique, strong password and 2FA.
Passwords to the Administrator and Moderator accounts are stored in either (a) a contemporary password management tool which meets industry standards in 2024 and has been configured to the standards of that tool’s design, or (b) physical media which has been secured against unauthorized access.
For the purposes of this policy, SMS is not considered a secure factor for 2FA and will not be used to access any account enumerated in this section.
Physical devices logged into Administrator or Moderator accounts are locked when not in use.
The Administrator and Moderator accounts are not accessed from public devices.

Administrator Account Security

The following policies additionally apply to the Administrator account:

Accounts which can be used to recover the Administrator account such as the primary recovery e-mail account and e-mail accounts which can be used to recover the primary e-mail account are secured with randomly generated, unique, strong passwords and 2FA.
Physical devices which can be used to access the Administrator or affiliated e-mail accounts are secured with randomly generated, unique, strong passwords, are locked when not in use, and are secured from physical access by unauthorized persons.
Passwords to the Administrator account, affiliated e-mail accounts, and affiliated physical device accounts are stored in either (a) a contemporary password management tool which meets industry standards in 2024 and has been configured to the standards of that tool’s design, or (b) physical media which has been secured against unauthorized access.

Data Breach Policy

In the event that we find an Administrator or Moderator account or permissions have been accessed by an unauthorized person, or if we find there has been a data breach by another vector, we will make a good faith effort to notify all affected users of this site without delay. We will describe the scope of the breach as specifically as possible, and we will describe the steps you should take to protect yourself from sequelae of the breach.
In the event that an Administrator account or permissions are accessed by an unauthorized person, we will follow the steps described here.

Software Security Policy

This site is hosted by Civilized Discourse Construction Kit, Inc. (CDCK) using the open source software Discourse. As part of its hosting terms, CDCK commits to implementing industry standard security precautions to protect against malicious attacks and data breaches. CDCK updates this site’s installation of Discourse to implement the newest security patches.
This site’s staff will follow CDCK’s hosting terms to avoid configuring the site in a way that would undermine CDCK’s efforts to maintain a secure platform.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Children’s Online Privacy Protection Act Compliance

Our site, products and services are all directed to people who are at least 13 years old or older. If this server is in the USA, and you are under the age of 13, per the requirements of COPPA (Children’s Online Privacy Protection Act), do not use this site.