Get my free book. Learn MoreSeriously, get my book free

Privacy Policy

Who we are

Our website address is: https://debrawebster.org.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We collect your e-mail address and first name.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

We share your data with an e-mail service so we can send you updates and free gifts.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

What rights you have over your data

Your data is not stored on this site. You can unsubscribe from e-mail notifications anytime you receive one.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Privacy for Contacts

This section applies to the information we process about our Members’ Contacts as a data controller pursuant to our legitimate business interests, as explained in the “Legal Basis for Processing” section below. Our Services are intended for use by our Members. As a result, for much of the Personal Information we collect and process about Contacts through the Services, we act as a processor on behalf of our Members. Mailchimp is not responsible for the privacy or security practices of our Members, which may differ from those set forth in this privacy policy. Please check with individual Members about the policies they have in place. For purposes of this section, “you” and “your” refer to Contacts.

A. Information We Collect

The Personal Information that we may collect or receive about you broadly falls into the following categories:

(i) Information we receive about Contacts from our Members: A Member may provide Personal Information about you to us through the Services. For example, when a Member uploads their Distribution List or integrates the Services with another website or service (for example, when a Member chooses to connect their e-commerce account with Mailchimp), or when you sign up for a Member’s Distribution List on a Mailchimp signup form, they may provide us with certain contact information or other Personal Information about you such as your name, email address, address or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from a Member.

(ii) Information we collect automatically: When you interact with an email campaign that you receive from a Member or browse or purchase from a Member’s connected store, we may collect information about your device and interaction with an email. We use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Statement here.

  • Device information: We collect information about the device and applications you use to access emails sent through our Services, such as your IP address, your operating system, your browser ID, and other information about your system and connection.
  • Product usage data: We collect usage data about you whenever you interact with emails sent through the Services, which may include dates and times you access emails and your browsing activities (such as what pages are viewed). We also collect information regarding the performance of the Services, including metrics related to the deliverability of emails and other electronic communications our Members send through the Services. This information allows us to improve the content and operation of the Services, and facilitate research and analysis of the Services.

(iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as social media platforms and third-party data providers. We take steps to ensure that such third parties are legally or contractually permitted to disclose such information to us, and we use this information to provide publicly available social media information about you to Members who have enabled the “Social Profiles” feature in their Mailchimp accounts.

B. Use of Personal Information

We may use the Personal Information we collect or receive about you for our legitimate business interests, including:

  • To enforce compliance with our Terms of Use and applicable law. This may include developing tools and algorithms that help us prevent violations.
  • To protect the rights and safety of our Members and third parties, as well as our own. For example, sometimes we review the content of our Members’ email campaigns to make sure they comply with our Terms of Use. To improve that process, we have software that helps us find email campaigns that may violate our Terms of Use. Our employees or independent contractors may review those particular email campaigns, which may include your contact information. This reduces the amount of spam being sent through our servers and helps us maintain high deliverability.
  • To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
  • To prosecute and defend a court, arbitration, or similar legal proceeding.
  • To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • To provide, support and improve the Services. For example, this may include sharing your information with third parties in order to provide and support our Services or to make certain features of the Services available to our Members. When we share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this privacy policy and applicable privacy laws.
  • For our data analytics projects. Our data analytics projects use data from Mailchimp accounts, including your Personal Information, to provide and improve the Services. We use information, like your purchase history, provided to us by Members, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you prefer not to share this data, you can opt out of data analytics projects at any time by emailing us at [email protected].
  • Other purposes. To carry out other legitimate business purposes, as well as other lawful purposes.
C. Cookies and Tracking Technologies

We and our partners may use various technologies to collect and store information when you interact with a Member’s email campaign or connected store, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. For example, we use web beacons in the emails we send on behalf of our Members. When you receive and engage with a Member’s campaign, web beacons track certain behavior such as whether the email sent through the Mailchimp platform was delivered and opened and whether links within the email were clicked. They also allow us to collect information such as your IP address, browser, email client type, and other similar details. We use this information to measure the performance of our Members’ email campaigns, and to provide analytics information and enhance the effectiveness of our Services.

Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement here.

D. Legal Basis for Processing

We process Personal Information about you as a data controller as described in this section, where such processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests typically include: improving, maintaining, providing, and enhancing our technology, products and services; and ensuring the security of the Services and our Website.

E. Other Data Protection Rights

You may have the following data protection rights:

  • To access, correct, update or request deletion of your Personal Information. Mailchimp takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete, and up to date. You may contact us directly at any time about accessing, correcting, updating or deleting your Personal Information, or altering your data, by emailing us at [email protected]. We will consider your request in accordance with applicable laws.
  • In addition, if you are a resident of the EEA, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by emailing us at [email protected].
  • You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

As described above, for much of the Personal Information we collect and process about Contacts through the Services, we act as a processor on behalf of our Members. In such cases, if you are a Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by Mailchimp as a processor on behalf of our individual Members, you should contact the relevant Member that is using the Mailchimp Services, and refer to their separate privacy policies.

If you no longer want to be contacted by one of our Members through our Services, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us directly, we may remove or update your information within a reasonable time and after providing notice to the Member of your request.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.

How we protect your data

What data breach procedures we have in place

As a company that takes data security and privacy very seriously, we recognize that Mailchimp’s information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.

Data Center Security

  • Mailchimp delivers billions of emails a month for millions of users. We use multiple MTAs, placed in different world-class data centers around the United States.
  • Our data centers manage physical security 24/7 with biometric scanners and the usual high tech stuff that data centers always brag about.
  • We have DDOS mitigation in place at all of our data centers.
  • We have a documented “in case of nuclear attack on a data center” infrastructure continuity plan.

Protection from Data Loss, Corruption

  • All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
  • Account data is mirrored and regularly backed up off site.

Application Level Security

  • Mailchimp account passwords are hashed. Our own staff can’t even view them. If you lose your password, it can’t be retrieved—it must be reset.
  • All login pages (from our website and mobile website) pass data via TLS.
  • The entire Mailchimp application is encrypted with TLS.
  • Login pages and logins via the Mailchimp API have brute force protection.
  • We perform regular external security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.

Internal IT Security

  • Mailchimp offices are secured by keycard access and biometrics, and they are monitored with infrared cameras throughout.
  • Our office network is heavily segmented and centrally monitored.
  • We have a dedicated internal security team that constantly monitors our environment for vulnerabilities. They perform penetration testing and social engineering exercises on our environment and our employees. Our security team includes OSCP and CISSP certified members.

Internal Protocol and Education

  • We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
  • Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
  • All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
  • In order to protect our company from a variety of different losses, Mailchimp has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.

SOC II Compliant PCI DSS Certification

Mailchimp’s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits.

We’re happy to provide our full SOC II Report. Just fill out the form and we’ll send it to you.

Request Report

Protecting Ourselves Against You

Yes, you heard that correctly. We can secure ourselves like Fort Knox, but if your computer gets compromised and someone gets into your Mailchimp account, that’s not good for either of us.

  • We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
  • Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
  • We monitor accounts and campaign activity for signs of abuse.
  • In addition to our scalable algorithms, we employ another layer of human reviewers, who monitor for anomalous account and email activity.
  • We make 2-Factor Authentication available to our customers and offer a discount on accounts that engage this feature.
  • We provide the ability to establish tiered-levels of access within accounts.

Investing in Your Privacy