Jaani.net

Privacy policy

Data controller

This privacy policy applies to the website accessible at the Fully Qualified Domain Name: https://jaani.net (Website). The data controller is me (Jaani Riordan), an individual.

Data processors

I may instruct third parties to process your personal data on my behalf, in which case I will remain responsbile for the means and purposes of processing.

The third party data processors currently comprise:

  • Anthopic Inc: certain site maintenance functions (such as assigning categories to posts, generating meta descriptions and other metadata, scanning for errors, and monitoring site security) are performed by Claude models, which are under the control of Anthropic. It is possible that this would lead Claude to crawl site content, which may include your personal data (e.g. in comments). All processed data is opted out from training.
  • Google Ireland Ltd: the Website uses Google Analytics and Google Data Console to provide basic analytic functions. I’ve disabled most of the advanced features and just rely on this to give a basic idea of how many people visit the site and roughly where (city/country) they come from. For these platforms, the data processor is Google Ireland.
  • Dreamhost LLC: the Website is hosted on a Virtual Private Server under the management and control of Dreamhost. In the course of maintaining and upgrading the server (e.g. to apply urgent security patches or correct technical errors), they may carry out automated processing of data stored on the server.

How your personal data is collected

In general, I do not collect your personal data, save in very limited circumstances:

  • Comment cookies: where you post a comment and opt in to save your user details. This results in a trivial cookie being stored on your device containing your chosen username. These cookies will last for one year.
  • Comment text and IP address: if you or others submit text in the content of comments or other user submissions to the Website, this may contain any personal data that is embodied in that text. Your IP address is collected when you submit a comment for the purpose of detecting and preventing spam.
  • IP address, browser and operating system: like any website that uses analytics, the Google Analytics platform collects this information from your browser when you make an HTTP request for a page on this Website. This data is not linked to your name but could, in principle, amount to personal data.
  • Avatars: if you use an avatar when posting a comment, an anonymised string created from your email address (a hash) may be provided to the Gravatar service. The Automattic Inc privacy policy applies to this processing. After approval of your comment, your profile picture is visible to the public in the context of your comment.
  • Uploaded media: if you upload images or other media to the Website, any embedded metadata (such as EXIF GPS) may be retained, which could enable other visitors to view or extract location and other data from images on the Website. Be careful in what you choose to upload.
  • Technically necessary cookies: if you happen to visit the secret backend login page (and there is no reason why you should), the Website will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
  • Login cookies: at this stage, user registrations are not allowed. In the event that I enable this functionality later on, then if you login a session cookie would be stored to save your login information and any site preferences. Login cookies last for a short period (typically a few days), while preferences cookies last for a year.
  • Embedded content: it’s possible that I will hyperlink to other people’s websites by using an embedded widget or frame. If this happens, then such embedded content will normally behave in the same way as if you visited the other website. Any processing of your personal data would be carried out only by the operator of that other website, not me.

Disclosure of your personal data

To the limited extent your personal data is collected, I do not voluntarily share it with anyone, except where you have chosen to publish it (e.g. by posting a comment).

It is theoretically possible that I might be the subject of a disclosure order by a court of competent jurisdiction, in which case I would be bound to comply with the terms of that order if it were properly made. I have not, to date, received any such request.

Data retention

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you register a user account, you will be prompted to provide information for your user profile. All users can see, edit, or delete their profile information, other than their username, as can website administrators (i.e. me).

Your rights as a data subject

If you have a registered user account on this site, or have left comments, you can request to receive an exported file of the personal data that I hold about you, including any data you have provided to us. You can also request that we erase this personal data. However, I am entitled to retain such data as may be reasonably necessary and proportionate for administrative, legal, or security purposes.

If you have any questions about this Policy, or how your personal data may be processed on this Website, please get in touch.