Privacy Policy
Privacy Policy
Last Updated: 17 October 2025
Who we are
This is the personal website of Paul Filkin, operated at https://multifarious.filkin.com. This site includes blog content, and links to software
What personal data we collect and why
Comments
When visitors leave comments on the site, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string. This information is used to help detect spam. The IP address is stored temporarily for this purpose and is not used to personally identify users.
If you use Gravatar, an anonymised string (hash) created from your email address may be sent to the Gravatar service to check if you have a profile image. See: https://automattic.com/privacy/.
User Accounts and Registration
If you create an account on this site, we collect:
- Username
- Email address
- Name (if provided)
- Password (securely hashed)
Used to:
- Process orders and licenses
- Provide support
- Send order confirmations and updates
Newsletter Subscriptions
We collect:
- Email address
- Date and opt-in confirmation status
Used only to:
- Deliver blog or product updates
Double opt-in applies. You may unsubscribe any time via the link in emails.
E-commerce and Purchases
When you “buy” (there are currently no chargeable items) software or services, we collect:
- Name and email address
- Billing data (processed securely through one.com’s infrastructure)
- Order history
- License information
Used for:
- Order fulfillment and delivery
- Support access
- Legal compliance (tax records)
Note: No external payment or email marketing services are used. All communications are managed through this website and its infrastructure.
Support Tickets
When submitting a ticket, we collect:
- Name and email
- Message content and attachments
Used solely to resolve your inquiry.
Media
If uploading images (e.g. in comments), avoid including location (EXIF GPS) data.
Cookies
We use cookies for basic functionality, e-commerce, and optional analytics.
Essential Cookies
Set for login sessions, user preferences, and shopping cart functionality.
Analytics Cookies
We use a self-built, privacy-friendly analytics system running on our own website. With your consent, we track:
- Visit counts and duration
- Country (from anonymised IP)
- Traffic sources and referring sites
- Device and browser types
We do NOT collect:
- Personal identifiers
- Raw IP addresses
- Behavioural profiles
Consent required: These cookies are only used after you accept cookies via our banner. You may revoke consent anytime.
Embedded Content (e.g. YouTube)
We use embedded YouTube videos. YouTube may set cookies and track usage if you proceed.
YouTube privacy policy: https://policies.google.com/privacy
Who we share your data with
We only share your data when needed to provide the services you’ve requested:
- Web Hosting & Email Infrastructure: one.com (based in the EEA) – https://www.one.com/en/legal
We use one.com for web and mail hosting, but all integrations and email handling are managed via custom-developed tools. No external newsletter or tracking platforms are in use.
We never sell your data. We will only disclose information when legally required.
How long we retain your data
Comments
Retained indefinitely for moderation.
Newsletter
Retained until you unsubscribe.
Accounts
Retained while active. Deleted within 30 days upon request, unless legally required otherwise.
Orders and Licenses
- Retained for 10 years (per § 147 AO for tax purposes)
- Retained indefinitely for license validation and support
Support Tickets
Retained for at least 2 years after last activity.
Analytics
- Individual records: 90 days
- Aggregated stats: indefinite
Your rights under GDPR
You have the right to:
- Access your personal data
- Request correction of incorrect data
- Request deletion of your data (unless required by law)
- Restrict or object to processing
- Data portability (export)
To exercise any right, use the contact form and include identifying details (e.g. order number, email).
Data security
We use:
- HTTPS encryption
- Secure European hosting
- Regular server updates
- Hashed password storage
You are responsible for your login credentials.
Children’s privacy
This website is not intended for users under 16. We do not knowingly collect data from minors. Please contact us if you believe a child has submitted data.
Changes to this policy
We may update this Privacy Policy at any time to reflect legal requirements, technical changes, or service updates. The version published on this website at the time of your visit or use of our services is the version that applies. Please check this page periodically to stay informed of any updates. Your continued use of the site or services after changes have been made will be taken as your acceptance of the revised policy.
Contact
Questions or GDPR requests? Contact:
Paul Filkin
via the contact form
Include “Data Request” in the subject for GDPR inquiries.
