Privacy Policy

Last Updated: December 10, 2025

TL;DR: I collect minimal data, don't sell anything, and respect your privacy. You can comment anonymously, delete your data anytime, and I'm transparent about what I track.

1. Who We Are

Daily Thautism ("we", "us", "our") is a personal blog operated by John Drexler. Our website address is: https://dailythautism.com

Contact: drex.john@gmail.com

2. What Data We Collect and Why

2.1 Comments

When you leave a comment, we collect:

  • Name or username (you choose what to display—can be anonymous)
  • Email address (never displayed publicly, used only for comment notifications)
  • IP address (for spam prevention, automatically deleted after 30 days)
  • Comment content and timestamp

Why: To enable community discussion and prevent spam/abuse.

Legal Basis (GDPR): Legitimate interest in maintaining site functionality and community safety.

2.2 User Accounts (Optional)

If you create an account, we store:

  • Username
  • Email address
  • Password (hashed—we never see your actual password)
  • Profile information (optional: bio, profile picture)
  • Badges and reputation points (from community interactions)

Why: To provide personalized features like saved posts, voting, and badges.

Legal Basis (GDPR): Contractual necessity to provide the service you signed up for.

2.3 Analytics Data

We use Google Analytics to understand how visitors use the site:

  • Pages visited
  • Time spent on site
  • Approximate location (country/city level, not precise)
  • Device type and browser
  • Referral source (how you found us)

Why: To understand what content is valuable and improve the site.

Legal Basis (GDPR): Legitimate interest in improving user experience.

Opt-out: Use browser extensions like uBlock Origin or Privacy Badger, or enable Do Not Track.

2.4 Cookies

We use cookies for:

  • Session management: Keeping you logged in
  • Preferences: Remembering your settings (theme, font size, etc.)
  • Analytics: Google Analytics tracking (see above)

Essential cookies (login, security) cannot be disabled. Analytics cookies can be blocked via your browser settings.

3. What We DON'T Do With Your Data

  • We don't sell your data. Ever. To anyone.
  • We don't share it with advertisers. No ads on this site.
  • We don't send spam. You'll only get emails you explicitly opt into.
  • We don't track you across other sites. No third-party tracking pixels.

4. Third-Party Services

We use these external services that may collect data:

4.1 Google Analytics

Tracks anonymous usage statistics. See Google's privacy policy: https://policies.google.com/privacy

4.2 Email Service (AWS SES)

Used only for transactional emails (password resets, comment notifications you opt into). We don't use it for marketing.

4.3 Media Storage (AWS S3)

Profile pictures and uploaded images are stored on AWS. Only publicly-shared images are accessible.

5. Your Rights (GDPR/CCPA)

You have the right to:

  • Access your data: Request a copy of what we have
  • Correct your data: Update inaccurate information
  • Delete your data: Request complete removal ("right to be forgotten")
  • Export your data: Get a machine-readable copy
  • Opt-out of analytics: Disable tracking
  • Withdraw consent: Stop email notifications anytime

To exercise these rights: Email drex.john@gmail.com with your request. I'll respond within 30 days (usually much faster).

6. Data Retention

  • Comments: Kept indefinitely unless you request deletion
  • Account data: Kept until you delete your account
  • IP addresses: Automatically deleted after 30 days
  • Analytics: Google retains for 26 months
  • Backups: Deleted data may exist in backups for up to 90 days

7. Data Security

We take security seriously:

  • HTTPS encryption for all traffic
  • Password hashing (bcrypt algorithm)
  • Regular backups (encrypted at rest)
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Automated security updates

However, no internet transmission is 100% secure. Use strong, unique passwords.

8. Children's Privacy

This site is not intended for children under 13. We don't knowingly collect data from children. If you're a parent and believe your child has provided data, contact us and we'll delete it immediately.

9. International Users

This site is hosted in the United States. By using it, you consent to data transfer to the US. We comply with GDPR for EU users and CCPA for California residents.

10. Changes to This Policy

We may update this policy occasionally. Material changes will be announced on the site. Continued use after changes means you accept the updated policy.

Version history: Check the "Last Updated" date at the top.

11. Questions?

If anything is unclear or you have privacy concerns:

  • Email: drex.john@gmail.com
  • Response time: Usually within 48 hours

Why I Care About Privacy

As someone with ADHD and autism, I'm acutely aware of how overwhelming digital spaces can be. I built this site to be respectful of your attention, your data, and your trust. No dark patterns, no manipulation, no BS. Just honest content and transparent practices.