Our website address is davidjcmorris.com (the domain sophorum.com also redirects here). This started life as a blog with capability to leave comments on an individual post and to subscribe for updates. In 2018, it evolved to selling courses and books as well. This has increased the level and type of personally identifiable information collected and stored. To show how we protect your information, and to comply with regulation and good practice, we need to explain our attitude and approach to privacy (the ‘policy’).

Yes, this is a l-o-o-o-ng page, but we need to be explicit about all the ways we handle your personally identifiable information.

What personal data we collect and why we collect it

WordPress and its plugins do not collect personally identifiable information from visitors, unless you explicitly agree to provide it. Each example is described below, along with what information is retained, what it is used for, and for how long we keep it.

Comments and product reviews

When visitors leave comments or product reviews on the site we collect the data shown in the form, and retain this with your IP address and browser information indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Your email address may be disguised and securely passed through to Gravatar to confirm whether you are signed up there, so that we can show your profile picture alongside your comments. Please see the Gravitar privacy policy for more details:
https://automattic.com/privacy.

Your IP address and browser information will also be passed through to Akismet and WordFence to help with security and spam detection.

Subscriptions and registered users

Our website uses contact forms that enable visitors to subscribe for updates, amongst other things. This will collect and store your name and email address so that we can send you emails. We will retain this until you unsubscribe.

For visitors who register as users on our website, we will store the personal information you provide in your profile. You will be able to see, edit, or delete your personal information at any time (except you cannot change your username). Website administrators can also see and edit that information.

We will never make this available to third parties for marketing purposes.

Shopping

When visitors are browsing our courses and books, we will track:

  • The products you’ve viewed: to improve your shopping experience
  • Your IP address and browser information: to estimate taxes and shipping costs
  • Your shipping address: to confirm shipping costs and deliver you the order

When visitors purchase from us, we will ask you to provide your name, billing address, shipping address, email address, phone number, payment details, and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and returns
  • Process payments and prevent fraud
  • Set up your account for our store (at your discretion)
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

We are legally required to retain information on financial transactions (i.e., sales and refunds) for seven years, for tax and accounting purposes.

Payments

We accept payments through direct bank transfer, Stripe (secure credit card gateway), and PayPal.

  • For direct bank transfers, no payment information is retained. You simply login to your bank and use the order reference provided to transfer the funds to us. When we see funds arrive in our account, we use this reference to look up your order in our system so we can update it as paid.
  • For payments through Stripe, our secure credit card gateway, we will pass through information required to process or support the payment, such as the purchase total and billing information. Stripe will ask you for your payment card number, CVC code and expiration date – this is securely held by Stripe and not our website. Instead, Stripe returns their transaction number for reference. Please see the Stripe privacy policy for more details: https://stripe.com/gb/privacy
  • For payments through PayPal, we will pass through information required to process or support the payment, such as the purchase total and billing information. PayPal will ask you for additional payment information – this is held securely by PayPal not our website. Instead, PayPal returns their transaction number for reference. Please see the PayPal privacy policy for more details. https://www.paypal.com/us/webapps/mpp/ua/privacy-full

Login attempts

Attempts to login are checked through an automated protection service, to protect against brute force attacks.

Cookies

Cookies are small pieces of text sent to your browser, that help our website remember information about your visit. This can both make it easier to visit the site again and make the site more useful to you.

If you are browsing our courses and books, we will use temporary cookies to keep track of anything you have added to your shopping cart.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If attempt to log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we set cookies with your username and screen preferences. Login cookies last for two days, unless you select ‘Remember Me‘ in which case they last for two weeks. When you explicitly log out of your account, the login cookies will be removed. Screen preference cookies last for a year.

If you publish or edit an article, the post ID of the article is saved in a cookie. It expires after 1 day.

Analytics

This site uses Google analytics to report on which pages of the site are the most popular. This information is not personally identifiable, but it associated with an IP address to improve reporting with activities, first and last page, etc.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, etc.) from other websites. This material will behave in the exact same way as if the visitor was on the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How we protect your data

We take many steps to protect your data, including: putting everything behind a security wall (the ‘s’ in https); validating and blocking invalid login attempts; screening for and blocking the submission of inappropriate content; constant surveillance of content, plugins, and themes for malware; strong physical security in our hosting environment; and multiple failover redundancies.

Contacting us about data protection and our privacy policy

Any enquiries or requests for data protection and our privacy policy should be addressed to:
privacy@sophorum.com