Privacy Policy
Effective date: June 5, 2026 · Last updated: June 5, 2026
1. Who we are
This website is operated by Lisa Randall ("we", "us", "our"), based in Ontario, Canada. We are responsible for the personal information collected through this site. For any privacy question or request, contact us through our contact page.
2. What we collect, and why
We collect only what we need for the purposes below. We do not sell your personal information, and we do not use it for advertising or third‑party tracking.
| Information | When | Why (purpose) |
|---|---|---|
| Name, email, subject, message | When you use the contact form | To receive and respond to your message |
| Email address | When you subscribe to the newsletter | To send the newsletter you requested (with confirmation) |
| Name, email, comment text | When you comment on a blog post | To display and moderate comments |
| IP address | Automatically, when you submit a form | Security, spam prevention, abuse detection, rate limiting |
| IP address + action details | In our administrative audit log | To secure the admin area and investigate misuse |
| Email / domain / IP address | In our spam blocklist, only if a submission is identified as spam/abuse | To block repeat spam and abuse |
We do not knowingly collect information from children, and we do not collect sensitive (special‑category) data.
3. Legal basis (GDPR) / authority (PIPEDA)
- Responding to you (contact form): to act on your request / your consent.
- Newsletter: your consent, given when you subscribe and confirm. You can withdraw it at any time.
- Security, spam and abuse prevention (IP logging, audit log, blocklist): our legitimate interests in keeping the site secure and available, balanced against your rights.
4. How long we keep it
- Contact form submissions: up to 12 months, then deleted.
- Newsletter subscriptions: until you unsubscribe.
- Blog comments: until removed by you (on request) or by us.
- IP addresses in security / audit logs: up to 24 months.
- Blocklist entries: kept while needed to prevent abuse, reviewed periodically, and may carry an automatic expiry.
5. Who we share it with
We use a small number of service providers ("processors") who handle data on our behalf, under contract, only to provide the service:
- Railway — website and database hosting (servers in the United States).
- Brevo — sending transactional and newsletter emails.
Some providers are located outside Canada (e.g., the United States), so your information may be processed there. For EU/UK visitors, such transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses). We do not otherwise disclose your personal information except where required by law.
6. Cookies
We use a single, strictly‑necessary session cookie to operate the admin area and features such as password‑protected pages. We do not use advertising, analytics, or third‑party tracking cookies.
7. Your rights
Subject to applicable law, you may access, correct, or delete your information, withdraw consent (e.g., unsubscribe — every email has an unsubscribe link), and object to or restrict certain processing. To exercise any right, use our contact page. We will respond within the time required by law (generally 30 days under PIPEDA / one month under GDPR), and may need to verify your identity first.
You can also complain to the Office of the Privacy Commissioner of Canada or, in the EU/UK, your local data‑protection authority.
8. How we protect your information
We use reasonable safeguards including HTTPS encryption in transit, access controls (the admin area is restricted and protected by two‑factor login), and regular backups. No method of transmission or storage is 100% secure, but we take steps appropriate to the sensitivity of the information. If a breach creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the latest version, and material changes will be posted on this page.
10. Contact
Questions or requests: please use our contact page.