Privacy Policy for YourFavStoryteller.org

Last Updated: Octobber 6, 2025

Welcome to YourFavStoryteller.org (“we,” “us,” or “our”). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data, in compliance with the General Data Protection Regulation (GDPR) for individuals in the European Union and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents. By using our website, you agree to the practices described below.

1. Information We Collect

We collect limited information to enhance your experience on our storytelling blog:

• Engagement Data: When you participate in discussions, we collect your email address and username. This is optional and only required if you choose to comment or join the conversation.
• Newsletter Sign-Up: If you subscribe to our newsletter, we store your email address to send you updates about new stories and site news.
• Usage Data: We collect anonymized data like IP addresses, browser type, device information, and pages visited via cookies or similar technologies to serve ads. This helps us understand how our site is used and personalize content, including advertisements (unless you opt for anonymity).
• Comments: Any comments you post are stored and displayed publicly with your chosen username.

We do not collect sensitive personal details beyond what’s necessary for these purposes. For California residents, this serves as our Notice at Collection under CCPA/CPRA.

2. How We Use Your Information

We use your data to:

• Facilitate discussions by associating your comments with your username and email.
• Send newsletters with updates, if you’ve subscribed (your email won’t be used for anything else).
• Personalize your experience, such as recommending stories or serving relevant ads based on your activity (unless you prefer anonymity, in which case we respect that choice).
• Improve our website by analyzing how visitors interact with it.

3. Cookies and Tracking

We use cookies or similar technologies (e.g., web beacons) to collect usage data. Third-party ad providers (e.g., Google AdSense) use cookies to personalize ads displayed on our site. You can manage cookie preferences via your browser settings or opt out of personalized ads through tools like Google’s Ad Settings (https://adssettings.google.com). For California residents, you can opt out of the sale or sharing of personal information for targeted advertising (see Section 6). For EU residents, we obtain your consent for non-essential cookies per GDPR requirements.

4. Third-Party Sharing

• Newsletters: Your email is stored securely and shared only with our newsletter service provider (e.g., Mailchimp), which complies with GDPR and CCPA/CPRA.
• Ads: Anonymized usage data is shared with ad networks like Google AdSense to serve relevant ads. These partners have their own privacy policies (e.g., Google’s at https://policies.google.com/privacy). Under CCPA/CPRA, this may constitute a “sale” or “sharing” of personal information for targeted advertising.
• Legal Requirements: We may disclose your data if required by law or to protect our rights, safety, or property.
• We do not sell or share your identifiable data (email, username) with third parties for purposes other than those listed above, except as required by law.

5. Legal Basis for Processing (GDPR)

For individuals in the EU, we process your data based on the following lawful bases under GDPR:

• Consent: For newsletters, comments, and non-essential cookies (e.g., for personalized ads), we rely on your explicit consent, which you can withdraw at any time.
• Legitimate Interest: For improving the site, serving ads, and analyzing anonymized usage data, we rely on our legitimate interests, balanced with your privacy rights.
• Legal Obligation: To comply with applicable laws or regulations.

6. Your Rights

You have control over your information. Below are your rights under GDPR (for EU residents) and CCPA/CPRA (for California residents):

GDPR Rights (EU Residents)

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data (e.g., comments, email, or newsletter subscription).
• Restriction: Request that we limit processing of your data in certain cases.
• Data Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests (e.g., personalized ads).
• Withdraw Consent: Withdraw consent for data processing at any time (e.g., unsubscribe from newsletters).
• To exercise these rights, contact our Data Protection Officer at dpo@yourfavstoryteller.org.

CCPA/CPRA Rights (California Residents)

• Right to Know: Request details about the personal information we collect, use, disclose, or sell/share, including categories of data, sources, and purposes (up to twice in a 12-month period).
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Opt out of the sale or sharing of your personal information for targeted advertising. Use our “Do Not Sell or Share My Personal Information”
• Right to Correct: Request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising these rights (e.g., by denying services or charging different prices).
• To exercise these rights, contact us at admin@yourfavstoryteller.org or use the opt-out link above. We will verify your identity using your email or username, as applicable, and respond within 45 days (extendable by 45 days if needed).

7. Data Retention

We retain your data only as long as necessary:

• Comments: Stored indefinitely unless you request deletion.
• Newsletter Emails: Kept until you unsubscribe or request deletion.
• Usage Data: Anonymized data is retained for up to 24 months for analytics and ad purposes, unless you opt out.
• We delete data upon your request or when no longer needed for the purposes outlined, in compliance with GDPR and CCPA/CPRA.

8. Data Security

We implement reasonable technical and organizational measures to protect your information from unauthorized access, loss, or disclosure. However, no online system is 100% secure, so we cannot guarantee absolute security.

9. International Data Transfers (GDPR)

If you are in the EU, your data may be transferred to third-party service providers (e.g., Google AdSense, newsletter providers) located outside the European Economic Area (EEA). We ensure these transfers comply with GDPR through Standard Contractual Clauses or other approved mechanisms to safeguard your data.

10. Anonymity Option

We respect your choice to stay anonymous. If you prefer, you can engage without personalization—just let us know when you contact us, and we’ll ensure your data isn’t used for tailored experiences or ads.

11. California Privacy Notice (CCPA/CPRA)

For California residents, we collect the following categories of personal information:

• Identifiers: Email, username, IP address.
• Internet Activity: Browser type, device information, pages visited.
• Commercial Information: Data used for personalized ads.

We disclose identifiers and internet activity to ad networks (e.g., Google AdSense) for targeted advertising, which may be considered a “sale” or “sharing” under CCPA/CPRA. We do not knowingly collect or sell/share personal information of consumers under 16 years old. To opt out, use the “Do Not Sell or Share My Personal Information”.

12. Changes to This Policy

We may update this policy as our site evolves or to comply with legal requirements. Check back here for the latest version. Significant changes will be noted with an updated “Last Updated” date. For EU residents, we will notify you of material changes as required by GDPR.

13. Contact Us

Questions or requests? Contact us at:

• General Inquiries: admin@yourfavstoryteller.org
• Data Protection Officer (GDPR): dpo@yourfavstoryteller.org

For GDPR or CCPA/CPRA rights requests, we will respond promptly within the legal timeframes (30 days for GDPR, 45 days for CCPA/CPRA).