November 26, 2015
This domain complies with user opt-outs from tracking via the "Do Not Track" (DNT) header. This file will always be posted via HTTPS at https://whereonthe.net/dnt to indicate this fact.
This DNT Policy is a slightly modified version of the Electronic Frontiers Foundation’s model DNT Policy. If you are a human and not a robot and/or lawyer, you may want to read the EFF’s human readable summary. The original policy is available from the EFF under a Creative Commons Attribution license. Thanks EFF <3!
This policy document allows an operator of a Fully Qualified Domain Name ("domain") to declare that it respects DNT as a meaningful privacy opt-out of tracking, so that privacy-protecting software can better determine whether to block or anonymize communications with this domain. Do Not Track may be sent by any client that uses the HTTP protocol, including websites, mobile apps, and smart devices like TVs. Do Not Track also works with all protocols able to read HTTP headers, including SPDY.
NOTE: This policy contains both Requirements and Exceptions. Where possible terms are defined in the text, but a few additional definitions are included at the end.
When this domain receives Web requests from a user who enables DNT by actively choosing an opt-out setting in their browser or by installing software that is primarily designed to protect privacy ("DNT User"), we will take the following measures with respect to those users' data, subject to the Exceptions, alsso listed below:
NOTE: if an “Other Domain” does not receive identifiable user information from the domain because such information has been removed, because the Other Domain does not log that information, or for some other reason, these requirements do not apply.
At least once every 12 months, we will take reasonable steps commensurate with the size of our organization and the nature of our service to confirm our ongoing compliance with this document, and we will publicly reassert our compliance.
Data from DNT Users collected by this domain may be logged or retained only in the following specific situations:
CONSENT / "OPT BACK IN"
If a DNT User actively and knowingly enters a transaction with our services (for instance, clicking on a clearly-labeled advertisement, posting content to a widget, or purchasing an item), we will retain necessary data for as long as required to perform the transaction. This may for example include keeping auditing information for clicks on advertising links; keeping a copy of posted content and the name of the posting user; keeping server-side session IDs to recognize logged in users; or keeping a copy of the physical address to which a purchased item will be shipped. By their nature, some transactions will require data to be retained indefinitely.
TECHNICAL AND SECURITY LOGGING:
If, during the processing of the initial request (for unique identifiers) or during the subsequent 10 days (for IP addresses and User Agent strings), we obtain specific information that causes our employees or systems to believe that a request is, or is likely to be, part of a security attack, spam submission, or fraudulent transaction, then logs of those requests are not subject to this policy. If we encounter technical problems with our site, then, in rare circumstances, we may retain logs for longer than 10 days, if that is necessary to diagnose and fix those problems, but this practice will not be routinized and we will strive to delete such logs as soon as possible.
From time to time, there may be errors by which user data is temporarily logged or retained in violation of this policy. If such errors are inadvertent, rare, and made in good faith, they do not constitute a breach of this policy. We will delete such data as soon as practicable after we become aware of any error and take steps to ensure that it is deleted by any third-party who may have had access to the data.
"Fully Qualified Domain Name" means a domain name that addresses a computer connected to the Internet. For instance, example1.com; www.example1.com; ads.example1.com; and widgets.example2.com are all distinct Fully Qualified Domain Names.
"Supercookie" means any technology other than an HTTP Cookie which can be used by a server to associate identifiers with the clients that visit it. Examples of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or tricks to store information in caches or etags.
"Risk mitigation" means an engineering process that evaluates the possibility and likelihood of various adverse outcomes, considers the available methods of making those adverse outcomes less likely, and deploys sufficient mitigations to bring the probability and harm from adverse outcomes below an acceptable threshold.
"Reading habits" includes amongst other things lists of visited DNS names, if those domains pertain to specific topics or activities, but records of visited DNS names are not reading habits if those domain names serve content of a very diverse and general nature, thereby revealing minimal information about the opinions, interests or activities of the user.