In this day & age, information about you is being inferred by 3rd parties depending on your browsing habits. It is very difficult to be truly "anonymous" on the web. The European Union is cracking down on this, as they should.
Before the GDPR went into effect, and given that Big Data is being used for sale, advertisements, and tracking people around the web, we (the Crisses / (Rev.) Criss Ittermann) decided that since our main audience is very sensitive about personal data, we would do our best to eliminate our involvement in Big Data (Google, for example — or Amazon retargeting pixels, etc.) collecting any of your browsing habits or information, as much as we could while still providing the services that we feel compelled to offer the world.
What constitutes "personal data"?
Information that allows a person to be identified whether directly or indirectly, especially by reference to any given identifier. Isn't that confusing? So, it can be your name, number, phone number, email address, your common online "username" or "handle" that may elsewhere be associated with you personally, your system name if you use that online or out in the world anywhere other than our conversation, your IP address could help identify you (or someone using your internet connection), your location information, and anything that could identify you in the future. So broadly defined, just about anything that could point back to you.
That in conjunction with any information about you (even if volunteered by you) that can be used against you — your location, gender, orientation, mental health status, physical health status, politics, religion, etc. — means that, even though I'm a small 1-person operation, I still have to be extra careful with your information. This is exactly the type of information you should be able to share with your life coach — and I have to be very careful about any note-taking or record keeping regarding your information.
Protecting Your Information
- Emails are inherently insecure. If you send us those details in email, please understand you are taking the risk of transmission of that information across the Internet — we have secure SMTP on our end of the email transaction, but cannot guarantee your end of the transaction is secure — it's up to your email programs, email service providers, and mail transfer agents to provide secure email connections to our secure server. Our contact information for end-to-end encrypted chat or voice calls is listed below.
- See our To Do section for information about our web email and comment forms on the website as well.
- See Your Privacy & Security for Group Programs for more about protecting group coaching participant's confidentiality and personally identifying information.
Given that our services are usually conducted remotely, over phone, Internet phones (like Skype), end-to-end encrypted voice or data transfer — it's inevitable that our customers and potential customers send us their personal identifying information (phone number, Skype account ID, email address, a check with their address, etc.) so it's possibly you will be sharing your legal name, system name, identities within your system, your phone number, email address, IP address, or more — especially if you want coaching, to ask questions, get help, or would like a reply back.
Also during coaching you may disclose information about yourself, your medical or mental health condition, or where you are located — for these reasons we're required to maintain HIPPA compliance for sensitive information about our coaching clients.
What do we do with your information and data
There are more details in specific below and some tips on how to protect yourself from data collection on 3rd parties. We do what we can to protect you.
- We removed Google Analytics off of this site. We no longer directly track your browsing information or flow through our websites through 3rd party software.
- Our dedicated web server tracks IP addresses for data hits and web page requests in the server logs. We only look at the logs if there's a website issue that needs to be addressed. Logs are archived (compressed), rotated, and eventually deleted on an automatic schedule.
- Our server has 2 administrators — ourselves (The Crisses) and our partner, who is also a DID system. We always do everything we can to keep other persons or even our own customers out of our server data. If there are legitimate other users or customers with any direct access to the server, they are in a chrooted "jail" i.e. they can only access their own section of the server, and the rest of the sever is not available to them. So for example a customer can use our webmail services or FTP files to/from their own directories, but not access the rest of the server.
- We have not had any known server/data breaches.
- If you email me through the website forms, I will get whatever information you put into the forms. Hopefully this would be obvious. My emails are generally removed from the server in 1 week, but I keep my emails on my business computer for decades. If you have ever or will ever email me, that email may very well be "forever". My emails are stored on my business computer and in onsite & offsite backups/cloud backups of my computer. If you absolutely need me to erase an email sent by you, you may have to provide me with exactly what information you put into it and approximate dates so I can locate it in my enormous email warehouse. Your IP address should be tracked on my server, but is not sent to me in the emails sent by the webform which just becomes an email from my server to me with your information from the form in the body of the email. The email may tell me which webpage you were on which helps give me context if you have a question or concern — so I know what you were looking at when you contacted me.
- Where you are tracked is if you leave comments on the blogs or pages on this website. You can choose whatever name to sign your comments with. Your IP address — i.e. your computer routing information — is saved when you post comments to the site. It is used to stop abuse of the site and is available if the authorities insist by way of a warrant to get information from my server. We would do everything in our legal power to keep them from having this information, but tracking that information is necessary for protecting ourselves from harassment or attack, or protecting the community from perpetrators. If someone is violative, exploitative, etc. we might volunteer their information to the authorities to help protect potential future victims.
Coaching Data Storage
Coaching customers need to be tracked, and data transmitted for billing, appointments, session notes, between-appointment communications, and the actual coaching session. Clients may also be given an intake questionnaire, feedback forms, homework handouts, sent links or homework reminders, asked to watch videos or read articles, etc. all to facilitate the coaching relationship.
- Session notes: we moved to electronic hand-written session notes in MyScript Nebo on our iPad Pro which is encrypted and has biometric protection on it. We do not upload the notes to the Cloud. There are iPad backups on our main business computer system. If you are in the EU, we will have to ask you for permission to take notes during sessions. We can (per GDPR policy) delete session notes, and will periodically delete older notes that are no longer needed or relevant for any purposes. If you want our session notes deleted, we may ask permission to keep your generic session information on-file (name, contact info, date of session, length of session) for tracking hours for additional coaching certifications.
- Appointment data, billing data, payment information - these need to be tracked so we can keep our appointments, log our coaching hours for certification, make sure we get paid, track our income, and pay income taxes. These are on our main business desktop computer, backed-up on the cloud (Carbonite), and appointments (iCloud) and our billing system (Dropbox) are sync'd to our other devices. Our contact list with your phone number, email address (Mac/iOS Contacts), or other contact information (Skype, Keybase, Signal) is used to keep appointments with customers.
3rd Party Tracking
We do not send your coaching session notes/data directly to any 3rd parties. Appointments are synced via iCloud (see above), devices and computers are backed up to Carbonite (above), and appointments may be tracked at Acuity Scheduling (see "Appointment Scheduling Software" below).
The following are ways you may be tracked or identified on 3rd party platforms as having an association with LiberatedLIfeCoaching.com:
- Referring Site Data. New: as of September 7, 2018, offsite links are sent through dereferer.org to block other Big Data collectors from knowing you came from our website. Newer browsers won't even tell dereferer.org where you came from, older browsers will but dereferer.org claims not to care and not to track it to give back to the open-source community etc. This beats Google, Facebook, etc. from knowing exactly what page(s) you visited them from. To test what information your browser sends, try this link: https://www.whatismyreferer.com and it shouldn't give away that you were on this site. Previously: Any offsite links you click to follow may show what webpage address you clicked on to follow the link (called the "referring" webpage link). To go to a link without the "referring page" information, right-click, grab the website address, open a new tab, and paste the address into a new browser window. You'll go straight to the link without the tracking information of what webpage referred the link. We don't control this — web browsers send this information silently when you click on links. We just thought you might want to know this.
- Email lists. Iif you sign up on our email list, it's hosted at MailChimp, since I can't bulk email from my personal or business accounts. Those data protection policies are covered by MailChimp. They have whatever information you submit to their webforms on our site(s).
- Amazon Links and Purchases. Our Amazon affiliate links (for book purchases) only track you if you click on them. We get a tiny commission on the sale of the book, but it does not change your price. Amazon will be able to see which site referred you on their end of the click (as stated above), and will also know I referred you to that book because you clicked my affiliate link. You can go to Amazon directly by opening a new browser tab and search for the book's title or our name as an author to avoid this. Even if I give a non-affiliate link they would still know you clicked the link from my site unless you copy it and paste it into a new browser window — that information is sent to their server by your browsing software (as outlined under "Referring Site Data" above) and has nothing to do with our site or programming on our site.
- Videos. New: As of September 7, 2018, we no longer are embedding videos, to avoid Google/YouTube tracking you on our website. Previously: YouTube and other sites may track you if you open a page with the embedded player. The data is streaming from their site, but they may know the URL of the page requesting the video feed or embedded player, and your IP address, or login credentials stored in their own cookies from Google/Gmail/YouTube. We don't control this.
- Feedback Questionnaire. We have a session feedback questionnaire that is in Google Forms and stores submitted information to a Google Sheet. The information is directly transmitted through the Google Drive and their security and GDPR compliance will apply to the data stored on their system. Google may know who you are via your Google login information stored in a cookie from Google.
- Paypal Tracking. - most clients pay us via PayPal for everyone's security and convenience. We do not take credit cards directly. Please do not send us any credit card information. We can arrange other 3rd party processors if you are not comfortable with PayPal. We send you a simple paypal.me link to pay your invoice, but we do not put the invoice information into PayPal unless requested. Your invoice, if required or requested, will be send via either an email or a more secure method (Dropbox link, Signal connection, Keybase, etc.). You may also simply make payments on our agreement without an invoice (the invoice will be issued in our accounting system, but we don't need to send you a copy — we need to just mark them paid). As all sessions are paid in advance, it's usually very clear whether you have money due.
- Appointment Scheduling Software. Setting appointments can be done with us manually, or you can opt to use our scheduler which is on AcuityScheduling.com. They get our "busy" information from the iCloud server, but not the appointments from our manual calendar. If you use AcuityScheduling.com to schedule appointments, they will have collected information from you to send you text or email reminders, whatever name you give them, etc. Manual scheduling can be used to circumvent AcuityScheduling having any access to your personal information.
- Coaching Session Logging. While we intend to question and fight this policy, there is a requirement from coaching certification bodies to hand over client session information and personal identifying information to "prove" how many hours of coaching a coach has completed to earn certifications. We debate whether or not to bow to that practice, and plan to fight it. However, if permissible, we would appreciate permission to share that information. Feel free to lodge a formal protest with us.
We have several websites to work on, so here's what we have not discussed or maybe not discussed in enough detail yet:
- Add Patreon, did we do enough about email?
- Inform about personal health info, sexual orientation & gender info, using system names as usernames & whether that constitutes identifying information, etc. Did we do a good enough job at the top?
- Device security, email storage, site backups, etc. — more about biometrics and Apple's protections?
- Backups — Why we back up email why we back up the devices & client notes on our desktop.
- We are NOT set up for https (secure web browsing) yet, this is in-progress. So your connection to our website is not secure, and your connection to our email and comment forms on our website is not ensured. Once you fill in the forms, the form sends the email directly to my secure email account on the same server, or the comment form information is added to the website on the back-end and we manually approve the comment to go public. What you submit into our forms could be captured while being sent to this website without our server being breached. Fixing this is in progress in June 2018 and we hope to have this security issue fixed by end of July 2018.
If you need information removed from our website, or have any other privacy/data concerns, please let us know by phone or email. If you need end-to-end secure/encrypted communications with us, we are available through our phone number on Signal, and as "crisses" on Keybase.io (with credential proofs to kinhost.org & our other sites), and you can set the conversation to wipe after a set time.
Liberated Life Coaching is a service provided under Eclectic Tech, LLC by Rev. Criss Ittermann.
We can be reached at:
Eclectic Tech, LLC
PO Box 225
New Hampton, NY 10958