Privacy and Policies

Who is Second Act Fables:

Second Act Fables is a publishing company promoting the works of J. Scott Bradley (and from time to time other works, designs sites, copy edits, etc.,). The goal is to redefine the fairy tale (stories are not just for children) and publish quality content. Legends and stories are the fabric of our society.

Store Details and PCI Compliance:

I do sell stuff on this site, specifically books. This is a labor of love. For getting your credit card/accepting payments, I leverage two services: PayPal and Stripe. You have options to use either, whatever works and provides you with the most comfort. If you choose PayPal, the transaction is handled on their website. If you choose to checkout on my store, the transaction is handled by Stripe, which enables merchants to post their transactions securely off the internet into the credit card payments environment. Both of these are PCI compliant solutions and I don’t hold credits cards or numbers as part of the transaction, which is perfect for folks like me.

Typically, I enjoy spending time with my family, writing books, designing sites, and having a day job. Handling payments doesn’t make my list. As these companies are both world class at collecting information and handling payments, I felt this a wise choice.

What personal data is collected and the reasons why:

Typically, I don’t think I collect anything but that’s not how the web works. Software, WordPress in particular, collects cookie and such to operate. Note, I don’t sell your data and only really leverage your email to reach out once in a great while. At all times, you have the ability to control such things. Details as follows:

Comments

When visitors leave comments on the site the data shown in the comments form is collected, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Typically, I don’t allow the ability to comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

As noted above, I do haver a contact form on the site to get in touch with me and an email distribution list for those who want to reach out. These services, MailChimp, are all GDPR compliant and you can choose not to use them.

Cookies

If you leave a comment on our site you may opt-in, saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, I will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I do leverage Jetpack and other services from Automattic. You can learn more about their GDPR compliance here. Typically, I only look at the location and if a post struck a chord. 

Who I share your data with:

I don’t share your data. It’s only used to reach out from time to time.

How long I retain your data:

If you leave a comment, the comment and its metadata are retained indefinitely (or until you want it removed). This is so I can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (not commo), I also store the personal information provided in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data:

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data, including any data you have provided. You can also request that I erase any personal data we hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes. If you have questions, feel free to reach out on the submissions form.

Where I send your data:

Visitor comments may be checked through an automated spam detection service. Typically, this doesn’t apply. I don’t typically approve or accept comments on the site.

Additional information:

Typically, I keep fairly close watch on the site through regular updates, this is a managed service that includes data breach procedures and such. If you have any questions, don’t hesitate to reach out.