privacy.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Privacy Policy • Apparebit</title>
<link rel="preload" href="/assets/fonts/bely-regular.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="/assets/fonts/reforma-2018-gris.woff2" as="font" type="font/woff2" crossorigin>
<script async type="module" src="/assets/function.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
<link rel="stylesheet" href="/assets/form.css">
<link rel="icon" type="image/png" sizes="32x32" href="/assets/icons/a-circle-32x32.png">
<link rel="icon" type="image/png" sizes="512x512" href="/assets/icons/a-circle-512x512.png">
<link rel="apple-touch-icon" type="image/png" sizes="192x192" href="/assets/icons/a-circle-192x192.png">
<link rel="manifest" href="/assets/apparebit.webmanifest">
<link rel="icon" type="image/svg+xml" sizes="any" href="/assets/icons/a-circle.svg">
<meta property="og:title" content="Privacy Policy">
<meta name="description" content="Apparebit’s privacy policy in plain English">
<meta property="og:description" content="Apparebit’s privacy policy in plain English">
<meta name="keywords" content="Robert Grimm, apparebit.com, privacy policy, plain English">
<link rel="canonical" href="https://apparebit.com/about/privacy">
<meta property="og:url" content="https://apparebit.com/about/privacy">
<meta property="og:image" content="https://apparebit.com/assets/images/apparebit-1200x630.jpg">
<meta property="og:image:type" content="image/jpeg">
<meta property="og:image:width" content="1200">
<meta property="og:image:height" content="630">
<meta property="og:image:alt" content="“apparebit” in high-contrast serif letters">
<meta name="author" content="Robert Grimm">
<meta property="article:author" content="https://facebook.com/apparebit">
<meta property="fb:app_id" content="301854043178629">
<meta property="og:site_name" content="Apparebit">
<meta property="og:type" content="article">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@apparebit">
<meta name="twitter:creator" content="@apparebit">
<meta name="theme-color" content="#f3f4f6" data-fallback="#e5e6e8" media="(prefers-color-scheme: light)">
<meta name="theme-color" content="#000000" media="(prefers-color-scheme: dark)">
<meta name="color-scheme" content="light dark">
</head>
<body class=reforma>

<nav class="page-header">
<ul role=list>
<li><a rel=home href="/">
<svg aria-hidden="true" width="30" height="30" viewBox="0 0 100 100"><path d="M88.1 93.6V41.8c0-27-12.5-40.5-36-40.5C33.4 1.3 19.5 8.9 6.8 23l1 1A31 31 0 0128.2 17c14.2 0 22.4 10.3 22.4 30.8-31 3.4-49.3 14.8-49.3 32 0 11.8 8.2 18.7 20.4 18.7 10.2 0 20.2-5 29-12.5v10.6h46.7v-3H88zM46.4 84c-7.4 0-11.2-4.7-11.2-13.4 0-10 4.3-17 15.5-20.2v33c-1.6.4-3.1.6-4.3.6z"/></svg>
<span class=invisible>Home</span>
</a></li>
<li><a href="/blog">Blog</a></li>
</ul>
</nav>

<main>
<article>
<header><h1>Privacy Notice</h1></header>

<section aria-labelledby=overview>
<h2 id=overview hidden>Overview</h2>

<p>This privacy notice explains the data collection and processing practices for
<a rel=home href="https://apparebit.com">Apparebit</a>, which is my, Robert
Grimm’s, personal website. While I reside in the United States and host this
website within the United States, Apparebit’s data collection and processing
practices are designed to comply with the European Union’s <a
href="https://commission.europa.eu/law/law-topic/data-protection/eu-data-protection-rules_en"><cite>General
Data Protection Regulation</cite></a>. That is because, in stark contrast to
this country’s overall lack of meaningful privacy protections, <abbr>GDPR</abbr>
sets a strict, global standard for protecting people’s personal data.</p>

<p>This privacy notice serves to meet the <em>lawfulness, fairness and
transparency</em> requirements of that regulation — and any other applicable
laws and regulations. Notably, Apparebit adheres to <abbr>GDPR</abbr>’s
principle of <em>data minimization</em> and maintains only conventional server
access logs. It does <em>not</em> use third-party analytics services. While it
may still store data and run code on your computer, it will only ever do so to
improve your experience accessing its content.</p>

<p>The rest of this notice starts by explaining the routine data collection
practices when you access Apparebit. It then discusses outgoing hyperlinks and
Apparebit’s interaction with social networks. Finally, it outlines basic
operational practices. If you have any question or concerns about this website,
this notice, or the practices described therein, please do <a rel=me
href="mailto:apparebit@gmail.com?subject=About%20Apparebit's%20Privacy%20Notice">reach
out to me</a>. After all, I am this website’s <em>controller</em>, responsible
for both content and operation.</p>
</section>

<section aria-labelledby=access-content>
<h2 id=access-content>Accessing Content on Apparebit</h2>

<p>Apparebit maintains conventional <em>server access logs</em> that identify
what resources were accessed at what time and from what location. Logged
information includes a timestamp, your computer’s <abbr>IP</abbr> address, the
summary of browser, operating system, and device known as “<a
href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent">user
agent</a>”, the accessed <abbr>URL</abbr>, as well as the kind and size of the
response.</p>

<p>Apparebit collects this information for three reasons:</p>

<ul class=tight>
<li>To better understand what content you access and how you interact with
the content;</li>
<li>To comply with licensing requirements, notably for commercially licensed
typefaces;</li>
<li>To ensure the security of this website and the integrity of its
content.</li>
</ul>

<p>The above reasons clearly meet requirement 1.f — “legitimate interests
persued by the controller” — for lawful data processing as laid out in
<abbr>GDPR</abbr>’s Article 6. In particular, effective security monitoring
requires logging each client’s <abbr>IP</abbr> address, thus obviating the need
for explicit user consent.</p>

<p>Otherwise, Apparebit does <em>not</em> collect any personal information.
Also, it does <em>not</em> track your online activities through “cookies” and
similar client-side state. It does <em>not</em> utilize third-party tracking and
analytics services such as Google Analytics — though it did so in the past.</p>

<p>If supported by your browser, Apparebit may install a small script, known as
a “<a
href="https://jakearchibald.github.io/isserviceworkerready/resources.html">service
worker,</a>” on your computer. That script may, in turn, download content from
this website onto your computer. It does so only to make your experience
accessing Apparebit a more pleasant. It does <em>not</em> collect any
information beyond what is already collected in the server access log. You can
verify that claim by auditing the <a
href="https://github.com/apparebit/apparebit.com">source code for Apparebit</a>,
which is publicly accessible.</p>
</section>

<section aria-labelledby=social-sharing>
<h2 id=social-sharing>Linking Content from/to Apparebit</h2>

<p>This website integrates with other websites, notably social networks, only
minimally. In particular, Apparebit does <em>not</em> embed any third-party
content or services within its pages. That is very much intentional because
doing so would enable those third parties to track Apparebit’s visitors.</p>

<p>Instead, this website links to content on other websites including on social
networks as separate pages. If you follow such outbound links, Apparebit’s
privacy policy does <em>not</em> apply. In particular, your browser may notify
the server hosting the linked content of the referring website, i.e., Apparebit.
To limit such cross-site tracking by social networks, Apparebit instructs
browsers to omit the referrer for links to content hosted by Facebook,
Instagram, LinkedIn, and Twitter.</p>

<p>Still, Apparebit’s web pages include markup to identify my Facebook and
Twitter profiles. If you share content from this website to either social
network, they track your sharing activity and may make aggregate information
available to me. Please consult the privacy policies for <a rel=noreferrer
href="https://www.facebook.com/policy.php">Facebook</a> and <a rel=noreferrer
href="https://twitter.com/privacy">Twitter</a> for further details.</p>
</section>

<section aria-labelledby=data-management>
<h2 id=data-management>Operating Apparebit</h2>

<p>In developing and operating Apparebit, I follow best security practices. That
includes using randomized passwords, two-factor authentication, and encrypted
network channels. The sources for Apparebit are stored on my own computers and
on Github’s servers. I use my own static website generator called <a
href="https://github.com/apparebit/siteforge">site:forge</a> to produce the
production version. That version becomes the publicly accessible website after
deployment to my hosting provider’s servers. Access logs are stored on those
same servers as well as on my own computers. They are only accessible by myself.
I may, however, share aggregate statistics with others, including through blog
posts.</p>
</section>

<hr>

<footer class=about-this-page>
<p>This privacy notice was last updated Wednesday, <time
datetime=2022-01-05>January 5, 2022</time> — mostly to make its language simpler
and more direct, but also to document that out-going links now hide the referrer
from social networks. The previous update on Friday,
<time datetime=2019-12-13>December 13, 2019</time> was more substantial: That
day, I removed Google Analytics from this website, deleted all previously
accumulated data from the service, and updated this privacy policy
accordingly.</p>
</footer>

</article>
</main>