Privacy policy

[Last updated: 26 February 2024]

I’ve tried my best to minimise the amount of personal data I collect (and share with third parties), but I do need it for a few things.

Who I am

I’m Chris Lovie-Tyler, a New Zealand artist, and my website address is https://chrislt.art.

See the bottom section of this page for my contact details.

My website host

The primary place I store personal data is on the same server as my website, which is hosted by MyHost. MyHost is a New Zealand web host and has its own, dedicated data centre in New Zealand.

MyHost privacy policy

My security measures

Aside from the infrastructure and protocols my website host has in place (links above), including taking daily backups for me, I do the following:

  • Keep my WordPress installation, theme, and plugins up to date.
  • Use plugins to prevent against brute-force attacks and spam.
  • Use the full range of cPanel WordPress Security Measures.

Comments

When you leave a comment on this site, I collect the data shown in the comments form, and also your IP address and browser user-agent string to help with spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it.

Gravatar (Automattic) privacy policy

After approval of your comment, your profile picture is visible to the public in the context of your comment.

I receive email notifications when people submit new comments. I may store these, indefinitely, in my privacy-focused email client, Fastmail, for future reference.

Fastmail privacy policy

The anti-spam plugin I use doesn’t collect or share personal data with a third-party service.

Note: I also have a commenting policy.

Email subscriptions

I use the Mailpoet plugin and Sending Service to manage email subscriptions and send emails to subscribers, respectively.

To send you emails, I record the name and email address you enter on my Subscribe page. My site also logs the IP address you use when you sign up for the service to prevent abuse of the system.

If you have subscribed to my blog by email, you’ll receive an email every time I publish a new post.

I don’t track opens or clicks, so I may also, periodically, email you to check that you still want to be subscribed.

The only identifiable information that is tracked outside this website, by the Mailpoet Sending Service, is your email address.

However, if you reply to one of the emails, I may store your reply, indefinitely, in Fastmail, for future reference or in case it might be appropriate to contact you again in the future.

I also store:

  • Email notifications about new subscriptions in Fastmail, so I have a record of when people subscribed.
  • A password-protected backup of all subscribers (email address and IP address) on my personal computer. I do this in case I need to restore my list or move to a different email-delivery service.

You can unsubscribe from email updates at any time by clicking the Unsubscribe link at the bottom of an email.

Mailpoet (Automattic) privacy policy

Contact form

When you send me a message via the Contact form on my About page, I receive an email with your name, email address, and message in it. I may store this, indefinitely, in Fastmail, for future reference or in case it might be appropriate to contact you again in the future.

Cookies

To the best of my knowledge (based on the plugins I’ve used and the testing I’ve done), the only cookie my site saves to your browser is a Mailpoet one called ‘popup_form_dismissed’. This determines the number of days after which the slide-in subscription form will reappear after you’ve dismissed it.

Analytics

I use the plugin Independent Analytics, which uses cookieless tracking and doesn’t record or share any personal data with a third party.

The plugin does use your IP address to determine your location, down to the city, but then encrypts it along with your user-agent string to recognise future visits. Read about this in the article “What makes [the plugin] GDPR compliant?“.

Embedded content from other websites

Posts on this site may include embedded content (e.g. videos, podcast audio files, or tweets). Embedded content from other websites behaves in the exact same way as if you have visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who I share your data with

As above, I only share your data with:

  • The Mailpoet Sending Service (for email subscriptions)
  • The Gravatar service (for comments)

I may also save emails (comment notifications, replies to new-post emails, and messages via the contact form) in my email client, Fastmail.

I’ve linked to the relevant privacy policies above.

How long I retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

If you subscribe to the blog by email, I’ll record your email address and IP address indefinitely, until you unsubscribe or ask me to delete it.

As above, for other emails I receive (comment notifications, replies to new-post emails, and messages via the contact form), I may store these indefinitely.

What rights you have over your data

If you have left comments on this site or subscribed to the blog by email, you can request to receive an exported file of the personal data I hold about you. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Mailpoet’s servers are in Germany and Finland, but they also rely on some third-parties in other parts of Europe and the USA, whose servers may or may not be in those places. Read more in Mailpoet’s article “Data collected and stored by Mailpoet“. Note, too, Mailpoet is now owned by Automattic who have data centres all over the world. It’s possible Mailpoet also makes use of these.

Like Mailpoet, Gravatar is an Automattic service. I couldn’t find any specific server information for that service. (See the link above about Automattic’s data centres.)

According to “Annex 2” of Fastmail’s Data Protection Policy, their main servers are located in New Jersey, USA, and their secondary servers are located in Seattle, USA.

Each of these companies has its own security infrastructure and protocols. See the relevant sections and links in their linked privacy policies above.

Updates to this policy

If I make any significant updates to this policy, I’ll post a short update on the blog.

Contact

If you have a question or request related to this policy, use the form on my About page to contact me.

You can also send snail mail to:

Suite 13676
PO Box 106910
Auckland 1143
New Zealand