Click To Immediately Go To A Specific Section:
- What Personal Data We Collect And Why We Collect It
- What Third Parties We Receive Data From
- What Rights You Have Over Your Data
- How We Protect Your Data
- What Data Breach Procedures We Have In Place
- Who We Share Your Data With/Where We Send Your Data
- Who On Our Team Has Access
- How Long We Retain Your Data
- Children Should Not Use This Site
What Personal Data We Collect And Why We Collect It
We use your information to:
- Allow you to access the site faster with something called cache.
- Identify if you are a real human or a computer program; the later could be a threat; if they are our security usually catches them & blocks/bans them to protect you & us.
- To understand what pages you visit most so we can help you out more by improving those pages or make improves to the products & services based on those pages you are most interested in. And send you emails based on what you are likely interested in. Example: If you don’t complete a course we might send you a email asking if you need help with anything so you don’t get stuck.
- To diagnose problems you might have viewing the site, & to respond to sales or customer support questions.
- So that you can buy things on the website & to protect against fraud. Your info (like your name, username, password, email) allows this site to create your membership, save your products/services under your name, grants you access to what you bought by saving it under you info, enables you to chat, send/receive messages, chat in the courses you purchased, & send you the emails associated with the courses (or any products & services) you purchased. We do this because it’s causes less errors & it’s easier than if we manually added your info to every feature that the website gives you; or had to memorize what you are supposed to have access to & what you aren’t.
- We also use your info to keep you logged in to your membership for your convenience (so it’s faster & easier for you to access everything you paid for). But you can always log out at any time; or just clear your cache/cookies in your web browser.
- To email you about new products & services that may be helpful for you.
- For legal obligations, like to pay our taxes.
- When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
- If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- Contact forms
- I you ask me in person if I use contact forms on ILoveShinyObjects.com I’d say no. But when you buy something the info you have to put in to buy something could maybe be called a contact form. I use these forms to collect information to:
- prevent/catch credit card fraud.
- To contact you in case you need/want me to or I need to.
- And your address to send you things in the mail to help you, encourage you, & just for fun.
- It also helps me send you relevant emails, like receipts, helpful info that compliments your purchase, & to automatically add you to the chats, groups, courses, & unlock the parts of the website your purchase grants you.
- If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
- Stripe the payment processor we use uses these cookies: wp_woocommerce_session_HASH, _stripe_mid, & _stripe_sid.
- Embedded content from other websites
- Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
- We only use 1 company drip.co which also sends out all the emails to you guys. Most sites on the internet use at least 2; but it’s common to use 3-6 different sites that all track you. And Drip is full SSL secure so the likelihood of your data being snatched by anyone else is greatly decreased. To give you persepective as of Jan 2017 only 1/2 of the websites on the web were encrypted (in other words had SSL/TLS).
- While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
- We collect information about you during the checkout process on our store:
- When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address (sometimes depending on if the product needs to be shipped to you or not), email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
- If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
- We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 7 years for tax and accounting purposes; encase we get audited. This includes your name, email address and billing and shipping addresses.
- We will also store comments or reviews, if you choose to leave them so that other people can read/view them.
- If you use Amazon Pay; it’s saved on Amazon’s servers.
- If you use Google Pay it’s saved on your Android device (phone, tablet, chrome browser) & Google’s servers.
- If you use Apple Pay; it’s saved on your Apple device & Apple’s servers.
- And if you pay with a credit card it’s saved on stripe’s servers; along with the required info to process & support your payment such as purchase total & billing info. Even when you check that button to save your credit card. It creates a SSL protected long token (that no 1 else can access unless they hack it) that gives my site only access to recharge your card only when you allow it to. So even if someone did hack it they wouldn’t have access to any of your credit card information.
- For the purposes of processing recurring subscription payments, we store the customer’s name, billing address, shipping address, email address, and credit card/payment details (only the unique payment identifier, & payment provider identifier; we do not store the credit card info on your card #, exp date, cvc.).
- We use your email address to, send you information about your account and order, & create your account for our Learning Management System which is called LearnDash.
- If you register a free account then we will store your email address.
- We store information about you for as long as your account exists.
- We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable).
- We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.
- Also, WordPress stores comments on courses, lessons, topics, assignments, and essays if these features are activated.
- Security Logs:
- They collect the IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.
- Security logs are retained for 14 days.
What Third Parties We Receive Data From
- Amazon if you pay with amazon
- Apple if you pay with Apple Pay
- Google if you pay with Google Pay.
What Rights You Have Over Your Data
You have the right to control your personal data. Specifically, you have the following rights:
- The right to be informed: Informed on how we are using your data, & why.
- The right of access: We’ll provide you with the data we have about you.
- The right to rectification: You can make any request to fix incorrect data about you.
- The right to erasure: You can request we erase any data you want us to about you.
- The right to restrict processing: You can ask us to restrict certain type of processing of your personal information.
- The right to data portability: You can ask us to provide your personal data in a easy to read exported file format.
- The right to object: You have the right to object to how we use your data.
If you want to exercise any of these rights just send our Data Protection Officer an email with exactly what you want done (note: it must be done with the email you have used on this website for identity verification we don’t want to send your info to anyone else except you). Send your request to privacy(at)iloveshinyobjects(dot)com. Note: the reason why we wrote the email like this is because if we write it normally were you can click on it some robots will come & get that email & sell it to others & start spamming us which makes it harder/takes us longer to respond to you guys when you email us. Also note: IF YOU MAKE REPEATED REQUESTS (which is more than 2) I AM PERMITTED UNDER LAW TO ASSESS A REASONABLE FEE; WHICH IS $5 FOR EACH ADDITIONAL REQUEST.
Note: We will delete any data you want us to. But we will keep a offline copy of only the data we legally need to have to operate this business; or to meet any legal requirements.
You can also opt out of email communications by clicking the unsubscribe link at the bottom of any email. Note: if you have purchased a product you will not get anymore emails when that product gets updated or changed if you click the unsubscribe link.
How We Protect Your Data
I currently have 25 (as of May 2018) big overall security best practices that are not found on most small business websites & I add more & more every year as my security advisers update my code monthly. These 25 security best practices are not including my high level server security & Cloudflare’s security. Plus I have a 100% SSL (secure connection) on the entire site.
I have the highest level SSL security you can have a Full (strict) Secure Socket Layers which is a technology that is used to encrypt your data that is sent between you & me.
When SSL is activated, it makes it almost impossible for an attacker to intercept data in transit, therefore making the transmission all your personal & financial data much safer.
My server has a comprehensive, multi-layer dynamic firewall, plus a webapp firewall configured to protect us in many ways (imagine a castle, that has a moat around it, then another huge castle wall around the moat, that’s this website which is way more secure than most peoples homes/websites). Also on my server the files are isolated from all the other websites they host; so if a less secure site got hacked mine would be okay. And security scans are performed on a regular basis to find & prevent intrusions.
And on https://www.drip.co. Which allows me to send you all the helpful customized emails. They use a full SSL/https connection as well.
The entire site’s traffic is filtered thru a company called Cloudflare which:
- Protects the website from known threats like DNS spoofing, snooping of data in transit, brute force login attempts, & malicious payload exploits by automatically blocking them; all of those threats can be used to steal your info like name, address, email, phone #, credit cards, passwords, basically any data you have put on the site.
- They also use a Web Application Firewall which blocks requests that contain any malicious content; like cross-site scripting (XSS) & SQL injections. When new vulnerabilities are discovered on 1 of the 7,000,000 million websites in monitors & protects it creates a new rule which protects all the other websites from the same vulnerability.
- They also protect us from something called DDoS attacks which is were the attacker tries to overload the server so that it appears like it’s offline. They have successfully stopped the largest DDoS attack ever thus far.
- I have 2 different companies that monitor over 7,000,000 websites every second for hackers & attacks; & as soon as they find 1 they stop it & automatically block that person/program from attacking anyone else who uses their service.
- I’m using the latest as of May 2018 TLS 1.3 protocol which is the newest, fastest, & most secure version of the TLS protocol. SLL/TLS is the protocol that encrypts communication between us & this website. It’s what allows you to see that green lock next to where you type in the website you want to go to in your browser.
- OWASP ModSecurity Core Rule Set: detects & stops bad web robots from attacking us; detects attacks against web-based applications. Protects http of my site so it doesn’t look like my site but is really a bad site that looks like mine but it’s they are usually just trying to steal your data; detect different known attacks like RFI, SQLi, WordPress specific attacks, XSS attacks, SQL server attacks; detection of web trojans (think trojan horse but in code).
What Data Breach Procedures We Have In Place
Step 1: is to lock down the site telling cloudflare & my hosting provider I’m being attacked. Which will cause the attack to immediately be stopped from further data breaching.
Step 2: Notify the authorities immediately.
Step 3: Notify everyone (no matter how many of you guys were effected) within 72 hours with the data that was breached, the # of users exposed, the nature of the breach, and what actions are being taken to mitigate the effects for you.
Who We Share Your Data With/Where We Send Your Data
Visitor comments may be checked through an automated spam detection service.
Also to Drip.co so we can send you the emails you receive after you purchase something to better help you out with your struggles & to notify you of new products, services, or new blog/downloads that you have already paid for. We also use drip to see what topics on the website, & products/services you have purchased so we can better help more of you guys.
The software that allows you to earn badges does so thru “Open Credit” API by Credly, which is a free web service for issuing, earning, and sharing badges.
Lastly, we may share your info with Cloudflare, the employee’s of LightingBase (who monitor my server), to consultant programmers I hire, & the authorities if you attend to harm the site or steal data from anyone that uses this site.
Who On Our Team Has Access
Members of our team have access to the information you provide us. For example, only the Owner Brandon Cordoba & any programming administrator (usually to help debug coding issues) have access to your:
- Order information like what was purchased, when it was purchased and where it should be sent.
- & customer information like your name, email address, and billing and shipping information.
All our customer support team members have access to your:
- Name, email, shipping address, & the products or services you have purchased so that they can fulfill orders, process refunds, and provide customer support to you.
- Course information such as your enrolled courses, course progress, username, & email address.
How Long We Retain Your Data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Children Should Not Use This Site
This site & the products & services are not for children. We do not want or expect children to buy our products & services. If you are a child looking for help tell your parents to look for a place that specializes in children their are many.
Last Updated on: 7/22/2018