[an error occurred while processing this directive]
mallorn computing privacy policy
Effective: May 8, 2025
Hey there! We care about your data and want to be upfront about what we collect, why we keep it, and what your options are, whether you’re down the street or across the country.
1. What we host
- Active mailing lists: Your name, email, and message content in live lists. Messages go into a permanent public archive. Once posted, it stays posted.
- Historical archives: Pseudonymized messages remove direct identifiers (names, emails) where feasible.
- Server logs & analytics: We log IP hashes (or raw IPs when needed), timestamps, URLs, and user-agent for site health and basic usage stats. We self-host Open Web Analytics, so no third-party cookies or data-sharing with Big Tech.
2. Why we keep it
- Active lists: You opted in, knowing there’s a public archive. We don’t remove messages; archives are part of the permanent record.
- Historical archives: Retained for public-interest archiving under GDPR Article 89 (if you ever see the banner for EU visitors).
- Logs & analytics: Retained short-term (30 days) or pseudonymized on ingest to protect privacy while giving us enough data to keep the site running smoothly.
3. Your rights & options
- Access & correction: Ask for a copy of your data or correct factual errors.
- Deletion requests:
- Mailing-list archives: We decline deletion under free-speech laws (Cal. Civ. Code § 1798.105(d)(1)) because these are public, user-generated discussions.
- Logs & analytics: We’ll delete or anonymize your IP/log entries if you verify control of that IP (see below).
- Unsubscribe: You can unsubscribe from active lists anytime. This stops future emails but does not erase past posts.
4. U.S. state privacy laws
We’re not in the business of selling or sharing personal data. Still, some state laws give rights when data is “sold” or if certain thresholds are met. Here’s a quick rundown:
California (CCPA/CPRA)
- Sale/share definition: Sharing personal info (IP, cookies) with ad networks counts as a “sale” even if it’s a simple script load.
- Scope triggers:
- ≥ $25M annual revenue, or
- Data on ≥50,000 California households/consumers/devices, or
- ≥ 50% of revenue from selling personal info.
- Rights: Access, deletion, correction, portability, opt-out of sale.
- Our stance: We self-host analytics (no sale or sharing), and our revenue is under thresholds, so CCPA doesn’t apply. No Do-Not-Sell link needed.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)
- Scope triggers: Processing data of ≥100,000 residents, or ≥25,000 plus deriving revenue from sale of personal data.
- Rights: Access, deletion, correction, portability, opt-out of targeted ads.
- Our stance: We do not sell data or run targeted ads, and our visitor counts are below thresholds, so these laws don’t apply to us today.
Nevada (SB 220)
- Sale opt-out only: Consumers can opt out of sale of personal data. No deletion or broad rights.
- Our stance: We don’t sell data, so no opt-out is necessary.
5. GDPR
-
Historical archives:
Open globally with a banner noting GDPR Article 89 safeguards.
-
Data Retention & Archival Exception:
Our public mailing-list archives are maintained as an immutable historical record.
For full details on why we preserve these messages and how we handle erasure
requests under GDPR’s archival exception, see our
Archive Policy.
6. Verification procedure for log deletions
- Submit a request at privacy@hort.net, noting the IP and approximate timestamp/user-agent.
- We’ll issue a one-time verification URL. Please fetch that URL from the same network.
- Once we see your request come from that IP, we’ll delete or anonymize those entries and confirm by email.
|
[an error occurred while processing this directive]
All Rights Reserved.