Privacy Policy

Privacy Policy

Who we are

Our website address is: https://borderlandshunts.com and all its subdomains

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Use of Google User Data (Google Sign-In)

This website (https://borderlandshunts.com and its subdomains) utilizes Google Sign-In (OAuth 2.0) to allow users to register for an account and log in using their existing Google account credentials.

What Google Data We Access:
When you choose to register or log in using Google Sign-In, we request access to the following basic information associated with your Google account:

  • Email Address: Used as a primary identifier for your account.
  • Basic Profile Information: This includes your name (which may be used to generate your initial username on our site, potentially based on your associated YouTube channel name if applicable) and your public profile picture (avatar).

How We Use Your Google Data:
The Google user data we access is used solely for the following purposes within our website:

  • Account Creation and Management: To create and manage your user profile on our WordPress site. Your email address is linked to your account for identification and communication (e.g., password resets, if needed, though primarily login is via Google).
  • Authentication: To securely verify your identity and allow you to log in to our site without needing a separate password.
  • User Identification and Attribution: To display your chosen username and avatar publicly alongside your activities and contributions on the site, such as comments you leave or your ranking on site features like the points leaderboard.

We do not use the information obtained via Google Sign-In for any other purposes, such as marketing communications, unless you provide separate, explicit consent for such use. We adhere to the principle of data minimization, accessing only the basic profile information necessary to enable the Sign-In functionality and associated site features.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. (Note: Login via Google Sign-In follows Google’s session management combined with our site’s login status cookies).

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address might be included in the reset email. (This typically applies to standard WordPress password resets, not Google Sign-In flows).

Sharing of Google User Data

We take your privacy seriously, especially concerning data accessed via Google services.

Personal data obtained specifically through Google Sign-In (your email address, name/username, avatar) is not shared with, sold to, rented to, or transferred to any unaffiliated third parties for their own marketing or processing purposes.

We will only disclose this information under the following limited circumstances:

  • With your explicit consent for a specific type of sharing.
  • To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • To enforce our Terms of Service, including investigation of potential violations.
  • To detect, prevent, or otherwise address fraud, security, or technical issues.
  • To protect against harm to the rights, property, or safety of our users, the public, or our service, as required or permitted by law.
  • To a third party as part of a merger, acquisition, or sale of assets, in which case we will provide notice and/or seek explicit consent regarding the transfer of Google user data as required by applicable policies and law.

As detailed in the “Where Your Data Is Sent” section, encrypted backups which may contain this data are stored on secure third-party infrastructure (Google Drive) solely for disaster recovery purposes.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (including via Google Sign-In), we store the personal information they provide (Email, Username, Avatar) in their user profile for as long as their account remains active. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. If an account is deleted, associated personal data is removed, subject to data needed for backups or legal/administrative requirements.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. To request data access or erasure, please contact us through the available site contact methods.

Data Security

We are committed to protecting the security of your personal data, including information accessed via Google Sign-In. We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access it:

  • Encryption in Transit: All communication with our website (

    https://borderlandshunts.com and its subdomains) is encrypted using HTTPS (SSL/TLS) technology.

  • Secure Hosting: Our website and data are hosted on dedicated bare-metal servers under our direct control, providing a secure physical and network environment.
  • Encryption at Rest: Personal user data stored in our site’s database is encrypted to provide an additional layer of security.
  • Access Controls: Access to personal data within our systems is restricted to authorized personnel who require access for operational purposes (e.g., website administration). Administrative access to our WordPress backend is further secured using Two-Factor Authentication (2FA). Measures are in place to prevent unauthorized access by regular users.
  • Network Security: We employ security measures such as a Web Application Firewall (WAF) to monitor and filter traffic, helping to protect against common web vulnerabilities and brute-force login attacks.
  • Software Updates: We strive to keep our website software, including WordPress core, themes, plugins, and underlying server software, updated to patch known security vulnerabilities.
  • Secure Backups: Backups of website data are password-protected and stored securely (see “Where Your Data Is Sent”).

Where Your Data Is Sent

Visitor comments may be checked through an automated spam detection service.

Other than the specific circumstances outlined in the “Sharing of Google User Data” section and for the purposes of spam detection, your personal data is generally not shared with or transferred to third parties for their independent use. Data primarily resides on our secure servers that we control.

For disaster recovery and business continuity purposes, encrypted and password-protected backups of site data (which may include personal information) are securely stored on both our own self-hosted hardware and on Google Drive infrastructure. This data stored on Google Drive is for backup purposes only and is not actively processed by Google beyond secure storage.