Privacy Policy

Last Updated: October 4, 2025

Introduction

This is a personal website operated by Kenn Williamson. I built it to share my work, connect with people, and demonstrate what I'm learning. I take your privacy seriously and want to be transparent about what data I collect and how I use it.

This policy covers kennwilliamson.org and all subdomains. If you have questions, you can reach me at privacy@kennwilliamson.org.

What Data We Collect

Account Information

When you create an account, I collect:

  • Email address (required for authentication)
  • Password (hashed using bcrypt before storage—I never see your actual password)
  • Display name and username/slug (optional, for public profiles)
  • Account creation and last login timestamps

Google OAuth Data

If you sign in with Google, I receive:

  • Your Google account email address
  • Your name from your Google profile
  • A unique identifier from Google to link your account

I only request the minimum permissions necessary for authentication. I do not access your Gmail, Google Drive, or other Google services. The OAuth flow uses PKCE (Proof Key for Code Exchange) for enhanced security.

User-Generated Content

When you use site features, I store:

  • Incident timers you create (title, description, start/end times)
  • Phrases you submit (text and suggested tags)
  • Any other content you choose to create through site features

Technical Data

For site functionality and security, I collect:

  • IP addresses (for rate limiting and abuse prevention)
  • Browser and device information (user agent strings)
  • Authentication tokens (JWT tokens stored in HTTP-only cookies)
  • Session data (to keep you logged in)

How We Use Your Data

I use your data for these purposes only:

  • Authentication: To verify your identity and keep you logged in
  • Site Features: To provide timers, phrases, and other functionality
  • Communication: To send important account-related messages (password resets, security alerts)
  • Security: To prevent fraud, abuse, and unauthorized access
  • Site Improvement: To understand how the site is used and fix problems

I do not:

  • Sell your data to anyone
  • Share your data with third parties for marketing
  • Use your data for advertising or tracking across other sites
  • Send you marketing emails (this is a personal site, not a business)

How We Protect Your Data

I take reasonable security measures to protect your information:

  • All connections use HTTPS/TLS encryption
  • Passwords are hashed using bcrypt with appropriate cost factors
  • Authentication uses JWT tokens with secure HTTP-only cookies
  • Database access is restricted and uses parameterized queries to prevent SQL injection
  • The site is regularly updated to patch security vulnerabilities

That said, no system is perfectly secure. While I do my best to protect your data, I can't guarantee absolute security. If you discover a security issue, please report it to security@kennwilliamson.org.

Data Retention

I keep your data for as long as your account is active. Here's what happens in different scenarios:

  • Active accounts: Data is retained indefinitely while you use the site
  • Deleted accounts: Account data is permanently deleted immediately upon request, though some content you've made public (like shared timers) may remain visible but disassociated from your account
  • Technical logs: Server logs and IP addresses are retained for up to 90 days for security purposes
  • Legal compliance: If required by law, some data may be retained longer

Your Rights (GDPR & CCPA Compliance)

You have the following rights regarding your data:

Access

You can request a copy of all data I have about you. Contact me at privacy@kennwilliamson.org and I'll provide it within 30 days.

Correction

You can update your account information directly through your profile settings. If you need help correcting other data, contact me.

Deletion

You can delete your account at any time through your profile settings. This will immediately and permanently remove your account data. You can also request deletion by contacting me.

Data Portability

You can request a machine-readable export of your data (JSON format). Contact me and I'll provide it within 30 days.

Opt-Out (California Residents)

Under the California Consumer Privacy Act (CCPA), you have the right to opt out of the "sale" of your personal information. For clarity: I do not sell your data. I don't share it with third parties for money or other valuable consideration.

Cookies and Tracking

I use cookies for essential site functionality:

  • Authentication cookies: HTTP-only, secure cookies to keep you logged in
  • Session cookies: To maintain your session state across page loads
  • OAuth state cookies: Temporary cookies during Google sign-in for security (PKCE flow)

I do not use:

  • Advertising cookies
  • Third-party tracking cookies
  • Analytics services like Google Analytics
  • Social media tracking pixels

The cookies I use are strictly necessary for the site to function. If you disable cookies entirely, you won't be able to log in.

Third-Party Services

The only third-party service I use is Google OAuth for authentication. When you sign in with Google:

  • You're temporarily redirected to Google's servers for authentication
  • Google's privacy policy applies during that interaction
  • I receive only the minimal data described above (email, name, unique ID)
  • I do not have access to your Google account beyond authentication

Review Google's privacy policy at: https://policies.google.com/privacy

Children's Privacy

This site is not intended for children under 13. I don't knowingly collect information from children. If you're a parent and believe your child has created an account, contact me at privacy@kennwilliamson.org and I'll delete it immediately.

International Users

This site is operated from the United States. If you're accessing it from outside the U.S., your data will be transferred to and stored in the United States. By using this site, you consent to that transfer. I comply with GDPR for EU users and CCPA for California users regardless of where you're located.

Changes to This Policy

I may update this policy as the site evolves. If I make significant changes, I'll update the "Last Updated" date at the top and notify you via email if you have an account. Continued use of the site after changes means you accept the updated policy.

Contact Information

If you have questions, concerns, or requests about your privacy:

Email: privacy@kennwilliamson.org
Website: kennwilliamson.org

A Personal Note: This is a personal project, not a corporation. I'm one person who genuinely cares about treating your data with respect. If you ever have concerns, just reach out. I'll do my best to address them promptly and honestly.

← Back to Home