Not So Boring Privacy Policy, Part 2—Information We Store About, and Emails We Send To, Members

© iStock/vchal

In Part 1 I covered cookies and how we track readers, in aggregate but never personally, with them.

Now let’s look at what information we store about members, and what we do with that information.

Several readers were kind enough to comment that I had indeed made Part 1 not boring. I’m going to try my best to do the same with Part 2. Thankfully, at least this one’s shorter.

Onward.

What We Store

When you become a member we ask for and store the following information:

  • Name
  • Address
  • Email address
  • Username and password
  • Your IP address when you bought a membership and the IP address that you last used to access your membership
  • Your web site URL if you add that to a comment you make.
  • A record of which emails from us you have opened and what links in those emails you have clicked on.
In addition, our credit card processing companies, Stripe and PayPal, store your credit card information, but the key point is that we at AAC can’t see that, other than the last 4 digits of your credit card number.

What We Do With Your Information

We use this information exclusively to make your membership work, as follows:

  • Send you seven emails over the several weeks after you join, explaining how to get the most out of membership.
  • Send you a monthly email digest of the content we have published in the last month.
  • Optionally, you can get an email every time we publish, but you need to specifically opt-in to get that.
  • Send you a notification just before an annual (automated) membership renews, and two further emails if that process fails, usually due to an expired credit card.
  • Send you a notification just before a non-automated membership expires.
  • Send you a notification just before we unsubscribe you from all our emails when you have not opened them for a while.
  • If we were to bring out a new product that is linked and applicable to your membership, for example a downloadable eBook (no plans), we would send you an email about that.
  • We are required by the Canada Revenue Authority to collect your IP address and location, but we only use that as part of our annual tax reporting.

What We Don’t Do With Your Information

  • We don’t share your information with anyone else.
  • We don’t, and won’t, hound you to buy stuff from us or anybody else.

Where We Store Your information:

  • On our web server.
  • At Mailchimp, our email provider. If you have no life you can read their privacy statement here.
  • As we said above, your credit card information is stored at Stripe and/or PayPal. Boring privacy statements here and here.
  • We store backups that contain some or all of your information at Amazon Web Services and Google Cloud.
  • Some of your information is on our business computers and backups here at AAC World Headquarters…OK, our cabin in the woods.

Keeping Your Information Safe

You will note in the above that the places we store your information are generally considered best in class, and we use two factor authentication (2FA) to access those services—what a pain in the ass that is!

Your really sensitive information (credit card) is at Stripe and PayPal and, as far as I know (and we did some pretty deep Google searches), those companies have never suffered a system-wide data breach.

Realistically, the biggest risk to your information getting out is probably some bad actor hacking into our site, since it’s the only place of storage that is directly internet facing.

However, we go to a lot of trouble to keep your information safe:

  • We use a private server, meaning our web sites are on a separate computer from any other company’s, which significantly improves security over the shared servers that most small web sites use.
  • We have installed the paid version of WordFence, best in class security software, on all of our web sites. Not only does Wordfence harden our site against hackers, and add 2FA for all administrators (Phyllis and me only), it also scans our sites several times a day to look for any hacks.
  • We have set up a special separate testing server for any support technicians that need access to our software, that has no subscriber information on it.
  • We update our site as quickly as practical—gotta test this stuff first—to make sure we have all the latest security patches.

And we are careful with our own computers too:

  • Our desktop computers and backups are encrypted and strong password protected.
  • Our office may be a cabin in the woods, but it does have an externally monitored alarm system.
And further good news: The only information on our web site server or computers is your name, address, email, IP address, username and password, and the password is deeply encrypted so even we can’t read it. 

So, really, there’s nothing on our site, computers, or backups that’s probably not already out there in the wild, with the exception of the latter two. (If you think your email address is not already compromised, you are either the most security savvy user on the internet…or abusing some serious controlled substances.)

All that said, we strongly recommend that you don’t use a password or username for your AAC membership that you also use for something sensitive like accessing your bank.

Your Right To Correct Your Information

If you need to correct the information we store about you, you can do that HERE.

Your Right To Access Your Information Stored With Us

Hopefully, one day, all the software and services we use will automate these requests, but that day is not today. So email us with “request for my information” in the subject line, and Phyllis and I will manually pull it all together…while simultaneously sticking pins in a wax effigy…of some privacy commissioner, not of you, of course.

Just kidding, but you would make our lives a lot easier if you would tell us exactly what you want to know, rather than making us dig through everything.

And if you do this to us frequently, or just for the fun of it, we will charge you a reasonable fee, like about a bazillion dollars…seriously, US$50 seems reasonable for repeated requests.

Your Right to Be Forgotten

If you let your membership expire, we keep your information on file and send you the monthly digest of new content (unless you unsubscribe using the link at the bottom of all emails) in case you wish to re-join.

However, if you wish to have your information removed from our records, send us an email with “forget me” in the subject line. We will comply and then send you a final confirmation email. Click here to do that.

Note that some of your information may remain in our backups for up to two years until said backups are cycled out. And, no, we can’t individually remove you from said backups, simply not practical—we backup every day and retain for a year.

Also, our credit card processing and mailing companies have not, at the time of writing, made clear how we can make sure their records are purged of your information. I’m fairly sure that will come soon. When it does, we will do that too.

All that said, Phyllis and I are human and therefore fallible. And given all the different places a snippet of your information could be hiding, I can’t totally guarantee that we will get everything deleted, but we will be diligent and make our best effort.

These last three points bring to the fore an important reality. Any company that guarantees, without any caveats, to totally and immediately forget your information, is almost certainly bullshitting you.

We Don’t Share

The good news is that we have never, in all our years of doing this, knowingly shared your information with any third party, unlike many web sites, mentioning no names…oh heck, that’s boring…yeah, I’m looking at you Zuck.

Your Agreement

Oh, yeah, one more thing:

When you become a member you are specifically agreeing to these terms.

And if you are wondering why we don’t have to get your express consent to send you emails, the reason is that all of them are to help you get the best from a product you bought (membership); therefore, adding another annoying check box is not required by the Canada Anti-Spam Act, which we have complied with ever since it became law.

That’s it. If you got this far, you deserve a large adult beverage of your choice. And just imagine what I deserve after writing this…sh…stuff.

Like what you just read? Get lots more:


Please Share

Meet the Author

John

John was born and brought up in Bermuda and started sailing as a child, racing locally and offshore before turning to cruising. He has sailed over 100,000 miles, most of it on his McCurdy & Rhodes 56, Morgan's Cloud, including eight ocean races to Bermuda, culminating in winning his class twice in the Newport Bermuda Race. He has skippered a series of voyages in the North Atlantic, the majority of which have been to the high latitudes. John has been helping others go voyaging by sharing his experience for twenty years, first in yachting magazines and, for the last 12 years, as co-editor/publisher of AAC.

16 comments… add one
  • Ernest May 22, 2018, 3:47 pm

    “forget me” – and “click here” to do that?
    Nope, never, glad to be here.
    But you already knew that.

    • John May 23, 2018, 7:46 am

      Hi Ernest,

      Thanks very much, Phyllis and I really appreciate your unflagging support.

  • Gary May 23, 2018, 7:39 am

    Wow! You have actually made reading a privacy statement, over morning coffee no less, fun.

    And in plain english, as well. There are a lot of attorneys out there who have just got a lesson in plain english writing.

    Keep up the good work. All of us out here admire your work, be it adventure sailing, web site hosting, and running a small on line business.

    • John May 23, 2018, 7:46 am

      Hi Gary,

      What a kind thing to write, thank you! Really makes the effort worth while.

  • Charles Starke MD May 23, 2018, 8:08 am

    Good article. Glad to be here and I recommend your site to all my sailing friends.
    Best wishes,
    Charles
    Charles L Starke MD FACP
    s/v Dawnpiper

    • John May 24, 2018, 7:47 am

      Thanks, Charles. Word of mouth is our most important marketing channel.

  • Randy Cadenhead May 23, 2018, 11:43 am

    Thanks for the entertaining, simple and remarkably clear series on your privacy policies. I spent 10 years doing this work for a major company and was never able to do the topic justice the way you have. Inspiring job!

    • John May 24, 2018, 7:52 am

      Hi Randy,

      Thanks very much, but don’t be too hard on yourself. I suspect that you were constrained by a legal department that wouldn’t let you say or write anything that anyone could actually understand.

  • Stein Varjord May 24, 2018, 6:37 am

    I’m generally suspicious about how companies use my info. Especially what they can find from tracking my internet usage, reading my emails (yes, google, yahoo, and all others do that), my comments everywhere, and so on. Hard info like email address and passwords that I put out there myself might also be sensitive, but still mostly less intrusive (as long as we use healthy safety measures like 2 stage logins etc) than the actual spying that has become the standard.

    I quite like the EU initiative with GDPR to give far stricter regulations on that spying and more control to users. It’s quite obvious that their target isn’t small web sites like AAC, but the giants who digest all data about us and sell it, this or that way, for big cash. Google, Facebook, etc. I’ve never thought that being present on AAC might present any type of risk to privacy or safety. Still, it’s nice to read your articles showing that you have the good attitudes I assumed and that you have more safety in place than I thought. Cool.

    Conclusion: I’ll keep telling people that if they are considering some type of long distance sailing, they need to have access to the knowledge at AAC. Not having it is flat out stupid and potentially dangerous. A mandatory AAC membership makes more sense than a mandatory life vest! 🙂

    • John May 24, 2018, 8:02 am

      Hi Stein,

      Wow, now that’s an endorsement. Thank you!

  • Stedem Wood May 29, 2018, 2:08 am

    Your policy is as much a statement of your and Phyllis’s character and integrity as a set of terms of use. Nicely done!

    Same for your disclosures about sponsors or products provided for testing or personal use.

    No one who has spent any time on your site could have a legitimate second thought about your intentions. —or, I’d bet, found anything with as much helpful stuff and asked so little in return.

    As to that other guy whom you mention so blithely….I’ve always thought his site was a bad bargain. Lately, I’m convinced that it is evil.

    No comparison, of course; I just can’t help poking my finger in that guy’s eye when on this topic.

    Stedem Wood
    M/V Atlantis

    • John May 29, 2018, 8:41 am

      Hi Stedem

      Thanks very much for the kind words, much appreciated and particularly so given your deep background in journalism.

      As for the “Other Guy”, I agree. I’m particularly disturbed by the irrefutable data coming out about the link between use of his apps and depression, particularly among teens.

  • Ian Tyler Jun 20, 2018, 5:38 am

    Thank you so much for an entertaining privacy statement – in fact, 2 of them. Well done! As you are no doubt aware here in Europe we have been targets for the blizzard from hell, to mix my metaphors, due to GDPR. Every company and website that you have never heard of, and one or two you have, has felt it necessary to send letters and email telling us absolutely nothing of any conceivable interest. Again, well done for making the completely uninteresting, interesting and finally, congratulations on your epic security measures. If only tiny, shoestring businesses like Yahoo and AOL, to name but two, cared so much about their subscribers’ information!

    • John Jun 20, 2018, 8:14 am

      Hi Ian,

      Thanks for the kind words, much appreciated. We too got deluged with long and totally meaningless privacy statements. In fact those emails where what inspired our attempt to write something clear, so very glad to hear that our efforts worked.

  • John S Jul 1, 2018, 10:24 am

    Thank you. Your use of understandable language and the humor makes this read worth the membership.
    Your sharing of sailing experiences puts it over the top. I joined after I read a free article about how to buy a boat. It helped. I had to have more.
    Thank you and Phyllis for all you share to make my sailing experiences better.

    • John Jul 3, 2018, 9:35 am

      Hi John,

      Thanks for the kind words, they mean a lot to both of us.

Only logged in members may comment: