Privacy / TOC

Hi there. If you've reached this page, you might be wondering what I'm doing with your data. Rather than make this a forty-page legal doc, I thought I'd write this in as plain a language as possible.

So, cookies. Cookies are little packages of information that get stored in your browser for future use. In my case, once you login, I store some information about you in cookies so that I don't have to make calls to a database every time I need to know who you are or what permissions you should have. If you want to see what I store, you can open up Dev Tools in your browser, go over to the "Memory" tab, and look at your cookies. I prefix all mine with "sublunar" so you can easily tell them apart. In short, once you log in, I store an encrypted token ("sublunar") that I can send to my server, decrypt, and see if you still have access or not. When I send that back, I store your name, email, customer ID (for any shopping sprees), and your role. Once you log out, this info gets deleted, so you probably want to log out on any public computers.

I also use Google Analytics to track basic website metrics like users, pageviews, etc. I opted out of sharing even anonymized data with Google, and I send no personal info to GA for tracking purposes (no name, email, or even customer ID)>

As far as your payment information, I never store any of that, nor does it actually interface with my servers at all. You have to go through tons of certifications for that, and it seemed unneccesary. Any time you enter payment information on the site, it's done through Stripe. They handle all of that payment and billing that goes on through Sublunary Editions. You can read their privacy policy here. I can log into their admin tool and see any information you've entered (cards only ever show the last four digits, and I can never get at that information).

Why do I make you create an account to do anything on the store? Mostly, to make it easy for you to have a record of all transactions. You can always visit your My Account page to see what orders you've made, as well as any active subscriptions. In my database, hosted securely by AWS, I only ever store the following information: Your name, your email address, your subscriber role, your customer ID (via Stripe, to retrieve your orders and subscriptions), a long, random string known as a "salt", and a hash of your password plus that salt. I never store your password, and in fact, someone could have access to the info in my database and still not be able to log in as you. You can read more about hashing and salting (which always makes me want breakfast) here.