What We Store
When you become a member we ask for and store the following information:
- Email address
- Username and password
- Your IP address when you bought a membership and the IP address that you last used to access your membership
- Your web site URL if you add that to a comment you make.
- A record of which emails from us you have opened and what links in those emails you have clicked on.
In addition, our credit card processing companies, Stripe and PayPal, store your credit card information, but the key point is that we at AAC can’t see that, other than the last 4 digits of your credit card number.
What We Do With Your Information
We use this information exclusively to make your membership work, as follows:
- Send you seven emails over the several weeks after you join, explaining how to get the most out of membership.
- Send you a monthly email digest of the content we have published in the last month.
- Optionally, you can get an email every time we publish, but you need to specifically opt-in to get that.
- Send you a notification just before an annual (automated) membership renews, and two further emails if that process fails, usually due to an expired credit card.
- Send you a notification just before a non-automated membership expires.
- Send you a notification just before we unsubscribe you from all our emails when you have not opened them for a while.
- If we were to bring out a new product that is linked and applicable to your membership, for example a downloadable eBook (no plans), we would send you an email about that.
- We are required by the Canada Revenue Authority to collect your IP address and location, but we only use that as part of our annual tax reporting.
What We Don’t Do With Your Information
- We don’t share your information with anyone else.
- We don’t, and won’t, hound you to buy stuff from us or anybody else.
Where We Store Your information:
- On our web server.
- At Mailchimp, our email provider.
- As we said above, your credit card information is stored at Stripe and/or PayPal.
- We store backups that contain some or all of your information at Amazon Web Services and Google Cloud.
- Some of your information is on our business computers and backups here at AAC World Headquarters…OK, our cabin in the woods.
Keeping Your Information Safe
You will note in the above that the places we store your information are generally considered best in class, and we use two factor authentication (2FA) to access those services.
We go to a lot of trouble to keep your information safe on our site:
- We use a private server, meaning our web sites are on a separate computer from any other company’s, which significantly improves security over the shared servers that most small web sites use.
- We have installed the paid version of WordFence, best in class security software, on all of our web sites. Not only does Wordfence harden our site against hackers, and add 2FA for all administrators (Phyllis and me only), it also scans our sites several times a day to look for any hacks.
- We have set up a special separate testing server for any support technicians that need access to our software, that has no subscriber information on it.
- We update our site as quickly as practical—gotta test this stuff first—to make sure we have all the latest security patches.
And we are careful with our own computers too:
- Our desktop computers and backups are encrypted and strong password protected.
- Our office may be a cabin in the woods, but it does have an externally monitored alarm system.
The only information on our web site server or computers is your name, address, email, IP address, username and password, and the password is deeply encrypted so even we can’t read it.
So, really, there’s nothing on our site, computers, or backups that’s probably not already out there in the wild, with the exception of the latter two.
All that said, we strongly recommend that you don’t use a password or username for your AAC membership that you also use for something sensitive like accessing your bank.
Your Right To Correct Your Information
If you need to correct the information we store about you, you can do that in the member help area.
Your Right To Access Your Information Stored With Us
Hopefully, one day, all the software and services we use will automate these requests, but that day is not today. So email us with “request for my information” in the subject line, and Phyllis and I will manually pull it all together.
And if you do this to us frequently, or just for the fun of it, we will charge you a reasonable fee. US$50 seems reasonable for repeated requests.
Your Right to Be Forgotten
If you let your membership expire, we keep your information on file and send you the monthly digest of new content (unless you unsubscribe using the link at the bottom of all emails) in case you wish to re-join.
However, if you wish to have your information removed from our records, send us an email with “forget me” in the subject line. We will comply and then send you a final confirmation email.
Note that some of your information may remain in our backups for up to two years until said backups are cycled out. And, no, we can’t individually remove you from said backups, simply not practical—we backup every day and retain for a year.
Also, our credit card processing and mailing companies have not, at the time of writing, made clear how we can make sure their records are purged of your information. I’m fairly sure that will come soon. When it does, we will do that too.
All that said, Phyllis and I are human and therefore fallible. And given all the different places a snippet of your information could be hiding, I can’t totally guarantee that we will get everything deleted, but we will be diligent and make our best effort.
We Don’t Share
The good news is that we have never, in all our years of doing this, knowingly shared your information with any third party.
When you become a member you are specifically agreeing to these terms.