Privacy Notice
Overview
This privacy notice explains the data collection and processing practices for Apparebit, which is my, Robert Grimm’s, personal website. While I reside in the United States and host this website within the United States, Apparebit’s data collection and processing practices are designed to comply with the European Union’s General Data Protection Regulation. That is because, in stark contrast to this country’s overall lack of meaningful privacy protections, GDPR sets a strict, global standard for protecting people’s personal data.
This privacy notice serves to meet the lawfulness, fairness and transparency requirements of that regulation — and any other applicable laws and regulations. Notably, Apparebit adheres to GDPR’s principle of data minimization and maintains only conventional server access logs. It does not use third-party analytics services. While it may still store data and run code on your computer, it will only ever do so to improve your experience accessing its content.
The rest of this notice starts by explaining the routine data collection practices when you access Apparebit. It then discusses outgoing hyperlinks and Apparebit’s interaction with social networks. Finally, it outlines basic operational practices. If you have any question or concerns about this website, this notice, or the practices described therein, please do reach out to me. After all, I am this website’s controller, responsible for both content and operation.
Accessing Content on Apparebit
Apparebit maintains conventional server access logs that identify what resources were accessed at what time and from what location. Logged information includes a timestamp, your computer’s IP address, the summary of browser, operating system, and device known as “user agent”, the accessed URL, as well as the kind and size of the response.
Apparebit collects this information for three reasons:
- To better understand what content you access and how you interact with the content;
- To comply with licensing requirements, notably for commercially licensed typefaces;
- To ensure the security of this website and the integrity of its content.
The above reasons clearly meet requirement 1.f — “legitimate interests persued by the controller” — for lawful data processing as laid out in GDPR’s Article 6. In particular, effective security monitoring requires logging each client’s IP address, thus obviating the need for explicit user consent.
Otherwise, Apparebit does not collect any personal information. Also, it does not track your online activities through “cookies” and similar client-side state. It does not utilize third-party tracking and analytics services such as Google Analytics — though it did so in the past.
If supported by your browser, Apparebit may install a small script, known as a “service worker,” on your computer. That script may, in turn, download content from this website onto your computer. It does so only to make your experience accessing Apparebit a more pleasant. It does not collect any information beyond what is already collected in the server access log. You can verify that claim by auditing the source code for Apparebit, which is publicly accessible.
Linking Content from/to Apparebit
This website integrates with other websites, notably social networks, only minimally. In particular, Apparebit does not embed any third-party content or services within its pages. That is very much intentional because doing so would enable those third parties to track Apparebit’s visitors.
Instead, this website links to content on other websites including on social networks as separate pages. If you follow such outbound links, Apparebit’s privacy policy does not apply. In particular, your browser may notify the server hosting the linked content of the referring website, i.e., Apparebit. To limit such cross-site tracking by social networks, Apparebit instructs browsers to omit the referrer for links to content hosted by Facebook, Instagram, LinkedIn, and Twitter.
Still, Apparebit’s web pages include markup to identify my Facebook and Twitter profiles. If you share content from this website to either social network, they track your sharing activity and may make aggregate information available to me. Please consult the privacy policies for Facebook and Twitter for further details.
Operating Apparebit
In developing and operating Apparebit, I follow best security practices. That includes using randomized passwords, two-factor authentication, and encrypted network channels. The sources for Apparebit are stored on my own computers and on Github’s servers. I use my own static website generator called site:forge to produce the production version. That version becomes the publicly accessible website after deployment to my hosting provider’s servers. Access logs are stored on those same servers as well as on my own computers. They are only accessible by myself. I may, however, share aggregate statistics with others, including through blog posts.