Privacy Policy

Last updated: [replace with date]

Who we are

Our website address is: https://crystalmeanings.org.

Comments

When visitors leave comments, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (a hash) may be provided to the Gravatar service to check if you are using it. The Gravatar service Privacy Policy is available at https://automattic.com/privacy/. After approval of your comment, your profile picture (Gravatar) is visible to the public in the context of your comment.

Media

If you upload images, avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract location data from images on the website.

Cookies

If you leave a comment, you may opt in to saving your name, email address, and website in cookies for your convenience. These cookies last for one year.

If you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. It contains no personal data and is discarded when you close your browser.

When you log in, we set several cookies to save your login information and display choices. Login cookies last two days; screen options cookies last one year. If you select “Remember Me,” login persists for two weeks. Logging out removes the login cookies.

If you edit or publish an article, an additional cookie will be saved in your browser. It includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

Embedded content from other websites

Articles may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the same way as if the visitor has visited the other website. Those sites may collect data about you, use cookies, embed additional third‑party tracking, and monitor your interaction with that content, including tracking if you have an account and are logged in to that website.

What we collect (overview)

We collect information only when we have a legitimate reason—such as to provide our services, communicate with you, secure the site, or improve content and features. Sources include: information you provide directly, information collected automatically through site operation, and data from outside sources (e.g., Gravatar).

Information you provide (beyond comments)

• Account details: Email address, username, password, and optional profile fields (display name, bio, avatar, links).
• Purchases and contact (if applicable): For orders we collect the details needed to process them (name, billing/shipping info, email) and keep purchase records.
• Communications: If you contact us via form or email, we store our correspondence as permitted by law.

Information we collect automatically

• Log data: Browser type, IP address, device identifiers, language, referrer, date/time, operating system, and mobile network info.
• Usage data: Pages viewed, searches, features used, interactions with navigation/admin bar, screen size and device information—used to deliver, secure, and improve the site.
• Approximate location: Inferred from IP address for visit statistics by region.
• Cookies & pixels: To recognize visitors, remember preferences, analyze performance, and (if applicable) measure advertising.

Information from other sources

Gravatar: When you comment with an email address, we may send a hashed version to Gravatar to check if you use it. If so, your avatar and public profile may appear next to your comment. See Automattic’s Privacy Policy.

How we use information

• Provide and maintain the site (publish comments, manage accounts, process orders, support users).
• Ensure security and prevent abuse (detect spam, fraud, or malicious activity).
• Analyze and improve the site (debug issues, develop new features and content).
• Communicate with you (transactional messages, important updates, and optional marketing you can opt out of).
• Comply with legal obligations and enforce our terms.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

We may also share limited data with service providers who help operate our site (hosting, email delivery, analytics, payment processing, anti‑spam). They are bound by confidentiality and data‑protection obligations. We may disclose information to comply with legal requests or where necessary to protect rights, property, and safety. We may share aggregated or de‑identified data that cannot reasonably identify you. We also share data with third parties when you consent or direct us to do so.

Information shared publicly

Content you choose to make public—such as your comment, display name, and avatar—is visible to others and may be indexed by search engines.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely so we can recognize and approve follow‑up comments automatically.

For registered users (if any), we store the personal information provided in user profiles. All users can see, edit, or delete their personal information at any time (username cannot be changed). Website administrators can also see and edit that information.

We keep server logs for a limited period (typically about 30 days) for security, diagnostics, and analytics. Deleted content may remain in backups and caches for a limited time before being purged.

What rights you have over your data

If you have an account on this site or have left comments, you can request an exported file of your personal data we hold, including any data you provided. You can also request erasure of personal data we hold, except for data we are obliged to keep for administrative, legal, or security purposes.

Depending on where you live (e.g., GDPR jurisdictions or certain U.S. states), you may also have rights to correct your data, object to or restrict processing, receive a portable copy, and withdraw consent where processing is based on consent. We will need to verify your identity before acting on a request; you may designate an authorized agent with written authorization.

Your choices

• Limit information: Optional profile and billing fields aren’t required unless needed for a purchase or feature.
• Marketing opt‑out: You can unsubscribe from promotional emails at any time (service/legal notices may still be sent).
• Cookie settings: You can set your browser to refuse or delete cookies; some features may not function properly without them.
• Analytics opt‑out: If available in your account, you can opt out of sharing future in‑account events with our analytics tools.
• Close account: You can request account closure; some data may be retained as necessary to comply with law or for legitimate business purposes.

Security

We use reasonable technical and organizational measures to protect information from unauthorized access, use, alteration, or destruction. No online service is 100% secure. Use a strong, unique password and enable two‑step authentication where available.

US privacy law notices (if applicable)

In the last 12 months we may have collected identifiers, commercial information, internet/network activity, geolocation data, audio/visual information (e.g., profile image), professional or employment information (for applications), and inferences. We do not sell personal information in the traditional sense. Some sharing with advertising, marketing, or analytics partners could be considered a “sale” or “share” under certain state laws—you can opt out via a “Do Not Sell or Share My Personal Information” link where required. Opt‑outs are cookie‑based; if you clear cookies or use another browser, you’ll need to opt out again. We honor the Global Privacy Control (GPC) signal.

International data transfers

If your information is transferred outside your region (e.g., outside the EEA/UK), we use appropriate safeguards required by law (such as Standard Contractual Clauses).

Third‑party software and services

If you use third‑party plugins, payment providers (such as Stripe/PayPal/WooPayments), social sharing, or embedded content, those third parties process your data under their own privacy policies. Review their policies before using those services; we do not control them.

How to contact us

Questions or requests about this Privacy Policy or your data rights: [email protected] or use our contact form. You may appoint an authorized agent by providing written authorization.

Changes to this policy

We may update this policy from time to time. We will post the revised date on this page and, when appropriate, provide additional notice. Continued use of the site after changes means you accept the updated policy.

License and attribution

Portions of this policy are adapted from Automattic’s Privacy Policy, which is available under a Creative Commons Sharealike license. Ensure this text reflects our actual practices and, where appropriate, include credit with a link to https://automattic.com/privacy/.