← ./home

// privacy policy

effective: 2024-01-01
updated: 2024-01-01

Data handling practices for thishost.org services. Minimal collection, secure processing, transparent use.

1. data collection

Information collected for service operation:

automatic: {
  server_logs: ["ip_address", "user_agent", "timestamp"],
  analytics: ["page_views", "session_duration", "referrer"],
  cookies: ["session_id", "preferences"]
}

voluntary: {
  contact_forms: ["email", "message_content"],
  project_submissions: ["technical_requirements", "specifications"]
}

2. data usage

Collected information used for:

Service delivery and technical support
System security and abuse prevention
Performance optimization and debugging
Communication regarding services

3. data storage

Security measures implemented:

Encrypted transmission (TLS 1.3)
Secure server infrastructure
Access controls and authentication
Regular security audits
Data minimization practices

4. data sharing

Information not sold or shared except:

Legal compliance requirements
Essential service providers (hosting, analytics)
User consent for specific purposes

5. third-party services

5.1 analytics

Standard web analytics for performance monitoring. Data anonymized where possible.

5.2 hosting providers

Infrastructure services with security and privacy commitments.

5.3 communication tools

Email and messaging services for operational communication.

6. cookies

Cookie usage:

Essential: Session management and security
Functional: User preferences and settings
Analytics: Anonymous usage statistics

7. user rights

Available data operations:

user_rights = {
  "access": "request_data_copy()",
  "rectification": "update_incorrect_data()",
  "erasure": "delete_personal_data()",
  "portability": "export_data_format()",
  "objection": "opt_out_processing()"
}

8. data retention

Retention periods:

Server logs: 90 days maximum
Analytics data: 12 months anonymized
Contact information: Until deletion requested
Project data: As specified in agreements

9. international transfers

Data processing may occur in multiple jurisdictions. Appropriate safeguards maintained for international data transfers including standard contractual clauses and adequacy decisions.

10. minors

Services not directed to individuals under 16. No intentional collection of minor personal data. Parental consent required for known minor users.

11. security incidents

Breach notification procedures implemented. Users notified of incidents affecting personal data within 72 hours of discovery when required by applicable law.

12. policy updates

Privacy policy modifications communicated via website notification. Continued service use constitutes acceptance of updated terms.

13. legal basis

Data processing legal basis:

Legitimate interest: Service operation and security
Contract performance: Service delivery
Consent: Optional features and communications
Legal obligation: Compliance requirements

14. contact

Privacy questions and data requests:

info@thishost.org
Subject line: "privacy request"

Policy compliance maintained with applicable data protection regulations including GDPR, CCPA, and other jurisdictional requirements.