Privacy Policy

This is a personal blog. My website address is: https://operational-security.com. I am, above all, a privacy and security advocate.  I value my privacy greatly and dislike being tracked, monitored, or watched without my knowledge or consent.  As such, I feel it only fair to be as transparent as possible about the activities on this site.

What personal data I collect and why I collect it

Contact forms

My contact form is powered by a WordPress plugin called Contact Form 7. I make the following efforts to respect users’ security and privacy:

  • My contact form is encrypted. When you connect to https://operational-security.com your connection (to all pages, including the contact form) is encrypted with TLS 1.2 (technical details below).
  • The content of your contact form submissions is encrypted. Most contact forms forward plaintext emails to the recipient account. Even if that account itself is secure, emails sent through insecure forms are insecure/unencrypted. My public PGP (encryption) key is embedded in the Operational-Security.com contact form. This key encrypts your message locally before sending it to my ProtonMail account where it is decrypted. Keep in mind: email addresses and subject lines are NOT encrypted.
  • I make every effort to collect minimal information. There are only four fields in the contact form: name, email address, subject, and message. You may put whatever name you wish into the “name” field. The email field is optional and if you do not require a direct response, I recommend leaving it blank. The subject field is also optional.

Information that you submit in the contact form may be retained indefinitely. It is retained in my email inbox. Your email address will not be shared, sold, exchanged, or otherwise disseminated. The content of messages may be quoted in future articles on this blog (i.e. to answer reader questions), but your name, email address, and any personal information will not be published unless you provide express written consent to do so.

Cookies and Tracking

Operational-Security.com uses Matomo Analytics. Matomo (formerly Piwik) is an open-source, privacy-focused analytics platform. I own the data collected through Matomo and I make every effort to minimize the data collected. Three bytes of all IP addresses are anonymized (i.e. 192.xxx.xxx.xxx), and Matomo is also configured to honor Do Not Track requests. Data is retained for a period of 186 days, after which it is deleted. You may opt-out of tracking by enabling Do Not Track requests, or by opting out below:

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who I share your data with

I do not share, sell, exchange, or otherwise disseminate your data.

How long I retain your data

For users that register on our website (if any), I store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. Information submitted through the contact for may be retained indefinitely.

What rights you have over your data

You can request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes.

Additional information

How I protect your data

This entire site is protected with industry-leading encryption (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit Keys, TLS 1.2). Your connection here is encrypted at all times.

Affiliate Links:  I currently have two affiliate relationships: one with Amazon.com and one with Private Internet Access (a VPN provider).  If you click an outgoing link to one of these sites and make an order, they know that you were referred by this site. I receive a small referral fee from these companies, but get no information about you whatsoever. It is also extremely important for me to point out that I would never recommend a service that I would not use myself. The products and services that I recommend here are ones that I believe in, use, or would be comfortable using.