Privacy Policy

Last Updated: May 12, 2025

I. Introduction

A. Who We Are

This Privacy Policy describes how GeekGenerated.com (“we,” “us,” or “our”), the operator of the website located at https://wwww.geekgenerated.com (the “Website”), collects, uses, stores, discloses, and protects information obtained from individuals (“you”) who visit or interact with our Website. This document serves as a formal notification regarding our data processing practices and your associated rights. Identifying the entity responsible for your data is a fundamental requirement under data protection laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Therefore, this policy clearly outlines GeekGenerated.com as the data controller for the personal information processed through the Website.

For this policy, the following terms have specific meanings:

Personal Information (or Personal Data): Any information that relates to an identified or identifiable individual. This includes data points like names, email addresses, IP addresses, cookie identifiers, user-generated content associated with an individual, and more, reflecting the broad definitions under laws like GDPR and CCPA/CPRA.
Processing: Any operation performed on personal information, such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or erasure.
Data Controller: The entity that determines the purposes and means of processing personal information (in this case, GeekGenerated.com).
Data Processor: An entity that processes personal information on behalf of the controller (e.g., hosting providers, analytics services).
Data Subject: The individual whose personal information is being processed (you).
Third Party: An entity other than the data subject, controller, processor, or persons authorized to process data under the direct authority of the controller or processor.
Cookies: Small text files stored on your device by your web browser when you visit websites.

B. Scope of This Policy

This Privacy Policy applies to all personal information collected through the Website and its associated features, including user accounts, comments, media uploads, analytics, and potential advertising services. It applies to all visitors and users, regardless of their geographical location, acknowledging the global reach of online services and the applicability of international data protection standards such as the GDPR for individuals in the European Economic Area (EEA) and the United Kingdom (UK), and specific state laws like the CCPA/CPRA for residents of California. This policy should be read in conjunction with our Website’s Terms of Service, if applicable.

C. Our Commitment to Privacy

GeekGenerated.com is committed to protecting your privacy and handling your personal information transparently and responsibly. We strive to comply with all applicable data protection laws and regulations. The purpose of this policy is to provide you with clear, concise, and understandable information about our data practices, avoiding unnecessary legal or technical jargon wherever possible, in line with the transparency requirements of regulations like GDPR. Building and maintaining your trust is important to us.

D. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following details:

Email: Support@GeekGenerated.com
Website Contact Form: https://geekgenerated.com/contact/
Mailing Address: 2559 Blossom Hill Road Morton, Mississippi 39117

Under certain conditions stipulated by the GDPR, organizations may be required to appoint a Data Protection Officer (DPO). The DPO for Geek Generated is Jack Anderson – he can be reached using the above information.

II. Information We Collect

A. Overview

We adhere to the principle of data minimization, meaning we aim to collect only the personal information that is reasonably necessary for the specific purposes outlined in this policy. We collect information in several ways:

Directly from you: When you actively provide it to us (e.g., by commenting, registering, or contacting us).
Automatically: As you navigate and interact with the Website (e.g., through server logs and cookies).
From third parties: Through integrations with external services you choose to use (e.g., social logins, spam filters).

B. Information You Provide Directly

Comments: When you leave comments on the Website, we collect the data shown in the comments form, which typically includes your name, email address, and optionally, your website URL. We also collect the content of your comment itself.
User Accounts/Registration: To create an account on GeekGenerated.com, you may need to provide information such as a username, email address, and password (which is stored in a hashed, non-readable format). You might also choose to add further details to your user profile, such as a display name or an “About Me” description.
- Third-Party Logins (Google/X): If you choose to register or log in using your Google or X (formerly Twitter) account, we receive certain profile information from these services, based on the permissions you grant to them during the login process. This typically includes your name, email address, and profile picture associated with your Google or X account. The data shared by Google or X is governed by their respective privacy policies and your privacy settings on those platforms. We do not receive your password for these third-party accounts. It is important to understand that by using these third-party login services, you are subject to their data sharing practices, and we encourage you to review their privacy policies.
Contact Forms: If you use a contact form on our Website (e.g., via the “Contact Us” link, if it leads to a form), we collect the information you provide, such as your name, email address, the subject of your inquiry, and the content of your message. Other details, like a phone number, might be requested depending on the form’s design.
Media Uploads: If you upload images or other media files to the Website (for example, as part of a comment or profile picture), the file itself is collected. We strongly advise against uploading images that contain embedded location data (EXIF GPS). Visitors to the Website could potentially download images and extract this location information.
Newsletter Signups: If we offer a newsletter subscription service, we will collect your email address, and potentially your name, when you opt in to receive it. Subscription requires your explicit consent (opt-in), which you can withdraw at any time..
Surveys/Feedback: If you voluntarily participate in surveys or provide feedback, we collect the information and opinions you submit.

C. Information Collected Automatically

As you interact with the Website, certain information is collected automatically by our servers and through tracking technologies:

Log Data: Our web servers automatically record information that your browser sends whenever you visit the Website. This log data typically includes your Internet Protocol (IP) address, the type and version of your web browser (user agent string), your operating system, the address of the webpage that referred you to our Website (referring site), the specific pages you visited on our site, the time and date of your visit, the time spent on those pages, and other interaction data like clicks or reactions you make. This information is essential for website operation, security monitoring, and basic analytics.
Cookies and Similar Technologies: We use cookies and potentially other similar technologies (like pixels or web beacons) to collect information about your interaction with the Website. This can include data about your session, preferences (like language or login status), identifiers for analytics purposes, and potentially identifiers used for advertising. A detailed explanation of our cookie usage is provided in Section IV.
Device Information: We may collect information about the device you use to access the Website, such as the device model, operating system version, browser type, and potentially unique device identifiers, particularly if you access the site via a mobile application or if collected by analytics services.
Analytics Data (via MonsterInsights/Google Analytics): We use MonsterInsights, a plugin that connects our Website to Google Analytics, to gather data about how users interact with our site. This includes information like page views, session duration, traffic sources, general geographic location (derived from IP address, which may be anonymized depending on settings), clicks, scrolls, and potentially aggregated demographic information (like age range and gender) and interest categories if enabled and consented to. Google Analytics uses cookies and potentially app-instance identifiers to track these interactions. It is against Google’s policy for us to send personally identifiable information (like names or email addresses) directly to Google Analytics. The specific data collected can depend on our MonsterInsights and Google Analytics configuration settings (see Sections III and IV).
Advertising Data: If we display advertisements from third-party networks, these networks may use cookies, pixels, or other tracking technologies to collect information about your browsing activity on our Website and potentially across other websites. This data can include your IP address, device identifiers, cookie data, websites visited, location information, and interactions with ads (impressions, clicks) to show you more relevant (targeted) advertising.

D. Information from Third Parties

We may also receive information about you from third-party services integrated with our Website:

Gravatar: If you leave a comment and use an email address associated with a Gravatar account (a service by Automattic), an anonymized string (hash) created from your email address is sent to the Gravatar service to check if you have a profile picture. If you do, your public Gravatar profile picture will be displayed next to your comment. Automattic’s privacy policy governs its use of this data.
Social Logins (Google/X): As mentioned previously, if you log in using Google or X, we receive basic profile information (name, email, profile picture) from them based on your authorization granted to that platform.
Spam Detection (Akismet): To help prevent spam comments, we use the Akismet anti-spam service (also provided by Automattic). When you submit a comment, information associated with the comment – including your IP address, browser user agent, referring site, website URL, and the comment data you provided (name, email, website, comment content) – is sent to Akismet servers for analysis. This processing is based on our legitimate interest in protecting the Website from spam.
Advertising Partners: If we work with advertising partners, they might provide us with information linked to identifiers (like cookie IDs or hashed emails) or device IDs, potentially including demographic or interest data they have collected or inferred from your activity on other sites, to help target advertisements.

E. Sensitive Personal Information

GeekGenerated.com does not intentionally collect or request “Sensitive Personal Information” (also known as “special categories of personal data” under GDPR). This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, data concerning health, or data concerning a person’s sex life or sexual orientation. Under the CCPA/CPRA, sensitive personal information also includes items like Social Security numbers, driver’s license numbers, precise geolocation, account login credentials combined with passwords, the contents of private communications (mail, email, text messages unless the business is the intended recipient), and genetic data.

While we do not solicit this information, users might include sensitive details within user-generated content, such as comments or uploaded media. We strongly advise you not to submit any sensitive personal information through these channels. If we become aware that we have inadvertently collected sensitive personal information without a valid legal basis (such as explicit consent where required), we will take steps to delete it. The potential for such inadvertent collection underscores the importance for users to be mindful of the content they share publicly or upload to the site.

The detailed breakdown of information collected across various site functions and third-party integrations is necessary due to the transparency requirements of laws like GDPR and CCPA/CPRA. A clear understanding of what data is collected, how, and from where empowers you to make informed decisions about your privacy.

III. How and Why We Use Your Information (Purposes and Legal Basis)

A. Overview

We process the personal information we collect for specific, explicit, and legitimate purposes. We do not process your information for reasons incompatible with these original purposes without informing you and ensuring a valid legal basis exists. Under the GDPR, every processing activity involving personal data must be justified by a specific “legal basis” as defined in Article 6 of the regulation. We outline these purposes and their corresponding legal bases below.

B. Specific Purposes of Use

We use the information collected for the following primary purposes:

To Provide and Operate the Website: This includes displaying website content, delivering pages upon request, enabling core functionalities like user login and account management, processing and displaying user comments and reactions, and ensuring the general technical functioning of the site. Legal Basis (GDPR): Primarily Contractual Necessity (for services directly requested, like account access) and Legitimate Interest (for general site operation and display of user-generated content like comments).
To Improve and Personalize User Experience: We may use information, often collected via cookies, to remember your preferences (e.g., login status via “Remember Me”, comment form details, display settings), understand how the site is used to make it more intuitive, and potentially highlight content that is trending or popular. Legal Basis (GDPR): Consent (for non-essential cookies storing preferences or enabling personalization) or Legitimate Interest (for basic usability improvements based on aggregated/anonymized data).
To Communicate with Users: We use your contact information to respond to your inquiries submitted via contact forms or email, to send important administrative notifications (e.g., password reset emails, policy updates), and, if you opt in, to send newsletters or marketing communications. Legal Basis (GDPR): Contractual Necessity (for responses related to your account/requests), Legitimate Interest (for essential administrative messages), Consent (for marketing communications/newsletters).
To Analyze Website Usage (Analytics): We utilize tools like Google Analytics (via the MonsterInsights plugin) to analyze website traffic and user behavior. This helps us understand which content is popular, where visitors come from, how they navigate the site, and overall site performance. This analysis typically relies on aggregated or pseudonymized data. Legal Basis (GDPR): Legitimate Interest (if data is sufficiently anonymized/pseudonymized and a balancing test is met) or Consent (if potentially identifying information is used, or for certain analytics cookies/features like demographics reports). The specific basis depends heavily on the MonsterInsights/GA configuration chosen. For instance, if IP addresses are anonymized and demographic tracking is disabled, legitimate interest might be justifiable. However, using features that track individual users more closely likely requires explicit consent.
To Ensure Security and Prevent Fraud, we process technical data like IP addresses and user agent strings, often in conjunction with services like Akismet, to detect and prevent spam comments, monitor for malicious activities, protect against security breaches, and maintain the integrity of the Website and user accounts. Legal Basis (GDPR): Legitimate Interest (protecting the site and users from harm) and potentially Legal Obligation (if certain security measures are mandated by law).
To Display Advertisements: If we incorporate advertising on the Website, information (often collected via cookies) may be used to display these ads. If ads are personalized based on your activity or inferred interests, this requires specific disclosure and consent mechanisms. Legal Basis (GDPR): Consent (for personalized/targeted advertising cookies and associated data processing) or potentially Legitimate Interest (for non-personalized, contextual advertising, though consent is often preferred practice).
To Comply with Legal Obligations: We may need to process your information to comply with applicable laws, regulations, legal processes (like court orders or subpoenas), or enforceable governmental requests, or to enforce our Terms of Service. Legal Basis (GDPR): Legal Obligation.
To Facilitate Comments and User Interaction: We process comment data (name, email, website, content, IP address, browser info) and potentially link it with Gravatar profile pictures to enable the commenting feature and display interactions publicly on the Website. Legal Basis (GDPR): Legitimate Interest (facilitating user discussion and interaction on the site) and potentially Consent (for optional data fields like website URL or profile picture display via Gravatar).

C. GDPR Legal Bases Relied Upon

For individuals whose data processing is subject to the GDPR, we rely on the following legal bases under Article 6:

Consent: Where required, particularly for non-essential cookies, direct marketing communications (like newsletters), personalized advertising, and any processing of sensitive personal data (if applicable), we will obtain your freely given, specific, informed, and unambiguous consent. You have the right to withdraw your consent at any time, easily, and without detriment, although withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Contractual Necessity: We process personal information necessary for the performance of a contract with you (e.g., our Terms of Service when you create an account) or to take steps at your request before entering into a contract (e.g., responding to a service inquiry). This basis covers processing essential to deliver the services you have explicitly requested.
Legal Obligation: We process personal information when necessary to comply with a legal obligation to which we are subject (e.g., responding to lawful requests from authorities).
Legitimate Interests: We process personal information when necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms. Examples include ensuring website security, preventing spam, conducting basic website analytics to improve our service, and facilitating user comments. When relying on legitimate interests, we conduct a balancing test to ensure your rights are protected. We identify the specific interest (e.g., “maintaining a secure and functional website,” “understanding user engagement to enhance content”). You have the right to object to processing based on legitimate interests. It is important to note that “Legitimate Interest” is not a default basis and requires careful justification; it cannot be used if the impact on individual privacy outweighs the stated interest.

(Note: The legal bases of Vital Interests and Public Task are not typically relevant to the operations of this Website based on its described features ).

D. Table 1: Summary of Processing Activities (GDPR)

To enhance transparency as required by the GDPR, the following table summarizes key data processing activities, the types of data involved, their purposes, and the primary legal basis relied upon under the GDPR. This table provides a structured overview, complementing the narrative descriptions above, and reflects our commitment to mapping data flows to legal justifications.

Category of Personal Data Processed	Purpose of Processing	Legal Basis under GDPR
Comment Data (Name, Email, Website (opt.), Content, IP Address, User Agent)	Displaying comments, facilitating discussion, and Spam detection (via Akismet)	Legitimate Interest (Comment display, Spam detection), Consent (Optional website field)
Account Data (Username, Email, Hashed Password, Profile Info, Login Timestamps, IP Address)	User registration, Login authentication, Account management, Security	Contractual Necessity (Account provision), Legitimate Interest (Security)
Third-Party Login Data (Name, Email, Profile Pic from Google/X)	User registration/login via third-party service	Legitimate Interest (Enhancing comment display, based on user using a Gravatar-linked email)
Contact Form Data (Name, Email, Message Content, etc.)	Responding to user inquiries	Legitimate Interest (Responding to unsolicited inquiries), Contractual Necessity (If inquiry relates to a service/contract)
Technical & Log Data (IP Address, Browser Type, OS, Referring URL, Pages Visited, Timestamps)	Website operation, Security monitoring, Troubleshooting, Basic traffic analysis	Legitimate Interest (Site operation, Security), Legal Obligation (Certain security logging)
Analytics Data (Cookie IDs, Usage Patterns, Device Info, Aggregated Demographics/Interests – if enabled)	Website usage analysis, Performance monitoring, Content optimization	Legitimate Interest (if anonymized/pseudonymized) OR Consent (if identifying/detailed tracking or non-essential cookies used)
Cookie Data (Session IDs, Preference Tokens, Login Tokens, Analytics IDs, Ad IDs – if applicable)	Legitimate Interest (Enhancing comment display, based on the user using a Gravatar-linked email)	Contractual Necessity/Legitimate Interest (Strictly Necessary Cookies), Consent (Functionality, Performance, Advertising Cookies)
Gravatar Data (Hashed Email Address)	Site functionality, remembering preferences, Analytics, Advertising (if applicable)	Retrieving and displaying the user profile picture
Marketing Data (Email Address, Name – if applicable for newsletter)	Sending newsletters or promotional emails	Consent
Advertising Data (Cookie IDs, IP Address, Browsing History, Ad Interactions – if applicable)	Displaying ads, Targeting/Personalization of ads	Consent (Personalized Ads), Legitimate Interest (Contextual Ads – use with caution)

Export to Sheets

(Note: This table is illustrative. The specific legal basis for Analytics and Advertising depends heavily on the exact implementation and user consent choices.)

IV. Cookies and Tracking Technologies

A. What Are Cookies?

Cookies are small text files that are placed and stored on your computer or mobile device by your web browser when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the website owners and third parties. We may also use similar technologies, such as web beacons or pixels, which are small graphic files that can recognize certain types of information on your device, but for simplicity, we will refer to all these technologies collectively as “Cookies” in this section.

B. How We Use Cookies

We use Cookies for various purposes on GeekGenerated.com, categorized as follows:

Strictly Necessary Cookies: These Cookies are essential for the basic operation of the Website and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. They enable core functionality like security and network management. While consent is not required for these, their use must be disclosed.
Functionality/Preference Cookies: These Cookies allow the Website to remember choices you make and provide enhanced, more personal features. For example, they can remember your login details (if you select “Remember Me”), your username, language preferences, or the region you are in. They may also be used to remember details you enter in comment forms so you don’t have to re-enter them each time. The cookie set when you leave a comment to save your name, email, and website lasts for one year [User Query]. Screen options cookies also last for one year [User Query]. Login cookies last for two days, but if you select “Remember Me,” the login persists for two weeks [User Query].
Performance/Analytics Cookies: These Cookies collect information about how visitors use our Website, such as which pages are visited most often, how users navigate the site, session duration, and if they encounter error messages. We use this information, primarily through Google Analytics (via MonsterInsights), to analyze traffic, understand user engagement, and improve the Website’s performance and content. These Cookies may be first-party (set by us) or third-party (set by Google Analytics). Their duration varies; for example, common Google Analytics cookies like _ga Typically last for 2 years, while _gid lasts for 24 hours.
Advertising/Targeting Cookies: If we partner with third-party advertising networks, these Cookies may be set through our site by those partners. They may be used by those companies to build a profile of your interests based on your browsing activity on our site and others, and show you relevant advertisements elsewhere. These are almost always third-party Cookies and require your explicit consent.

We use both session Cookies (which expire when you close your browser) and persistent Cookies (which remain on your device for a set period or until you delete them). The specific Cookies used can change; providing a dynamic, up-to-date list is often best achieved through a dedicated Cookie Declaration tool or a separate Cookie Policy page, which we recommend implementing.

C. Your Choices and Consent

Under laws like the GDPR and the ePrivacy Directive, the use of non-essential Cookies (typically Functionality, Performance, and Advertising Cookies) requires your prior informed consent.

Consent Mechanism: When you first visit GeekGenerated.com, you will be presented with a Cookie consent banner or interface. This tool allows you to understand the types of Cookies we use and provide your consent. Importantly, consent must be granular – you should be able to accept or reject different categories of non-essential Cookies. Pre-ticked boxes for non-essential Cookies are not permitted, and simply continuing to browse or ignoring the banner does not constitute valid consent. The complexity arising from multiple cookie types with different lifespans (session, 1 day, 2 days, 1 year, analytics cookie durations) necessitates a robust consent management solution capable of handling these nuances effectively, rather than a simple “accept all” banner.
Managing Preferences: You can change or withdraw your Cookie consent at any time. We provide a mechanism (e.g., a persistent link or icon, often in the website footer or via the initial banner) to access your Cookie settings and modify your preferences.
Browser Settings: Most web browsers allow some control over Cookies through their settings. You can typically configure your browser to block some or all Cookies, delete existing Cookies, or alert you when Cookies are being sent. Please note that blocking strictly necessary Cookies may impact the functionality of the Website. You can find information on managing cookies in popular browsers via their help pages.
Analytics Opt-Out: To opt-out of being tracked by Google Analytics across all websites, you can install the Google Analytics Opt-out Browser Add-on.
Do Not Track / Global Privacy Control (GPC): Some browsers offer a “Do Not Track” (DNT) signal. However, there is no universal standard for how websites should interpret DNT signals, and we currently respond to DNT signals. The CCPA/CPRA requires disclosure regarding honoring opt-out preference signals like the Global Privacy Control (GPC). We recognize GPC signals as a valid request to opt-out of the sale or sharing of your personal information under the CCPA/CPRA for applicable users.

The use of third-party cookies, particularly for analytics and advertising, means that data (like cookie identifiers, IP addresses, browsing behavior) is collected by and potentially shared with these third parties (e.g., Google, ad networks). Under CCPA/CPRA, sharing data via cookies for cross-context behavioral advertising likely constitutes “sharing” and potentially “selling,” triggering specific opt-out rights detailed in Section IX.

V. How We Share Your Information

A. Overview

We do not sell your personal information in the conventional sense of exchanging it for monetary payment. However, under the broad definitions of “sale” and “sharing” in laws like the CCPA/CPRA, certain activities, particularly related to third-party advertising cookies, might qualify (see Section IX). We only share your personal information with third parties in the specific circumstances described below, and we take steps to ensure these parties respect your privacy.

B. Service Providers/Processors

We engage third-party companies and individuals (“Service Providers” or “Data Processors”) to perform certain functions necessary for the operation and improvement of the Website. These providers process personal information on our behalf, based on our documented instructions, and are contractually obligated (typically through Data Processing Agreements or Addenda) to implement appropriate security measures and maintain confidentiality. Key service providers include:

Automattic:
- Akismet: Processes comment data (commenter’s IP address, user agent, referrer, site URL, name, email, website, comment content) for spam detection purposes. This involves sharing data with Automattic, which acts as a processor for this function.
- Gravatar: Processes hashed email addresses to retrieve and display public profile pictures for commenters.
- Automattic’s Privacy Policy: https://automattic.com/privacy/
Google:
- Google Analytics: Processes website usage data, device information, and identifiers (e.g., cookie IDs, potentially anonymized IP addresses) to provide analytics services via the MonsterInsights plugin. Google acts as a processor for this data under its terms.
- Google Login: Facilitates user login using Google accounts, receiving basic profile information upon user consent.
- Other Google Services: May utilize other services like Google Fonts or reCAPTCHA (often used for spam prevention).
- Google’s Privacy Policy: https://policies.google.com/privacy
X (formerly Twitter):
- X Login: Facilitates user login using X accounts, receiving basic profile information upon user consent.
- X’s Privacy Policy: https://twitter.com/en/privacy (or current URL)
Hosting Provider: stores all website data, including potentially personal information contained within the site database and files.
Advertising Partners: If we use third-party advertising networks (e.g., Google AdSense, BuySellAds), these partners may place cookies and collect data directly from users’ browsers to display ads and measure their effectiveness. The data collected and shared can include identifiers, browsing history, location, and ad interactions. We will endeavor to identify major ad partners if applicable.

C. Third-Party Integrations (User-Initiated)

Embedded Content: Articles and pages on this Website may include embedded content (e.g., videos from YouTube, posts from X/Twitter, images from other platforms). Embedded content from other websites behaves in the same way as if you had visited the other website directly. These external websites may collect data about you, use their cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, especially if you have an account and are logged in to that external website. Their data collection is governed by their privacy policies, not this one. This interaction highlights how data can flow to third parties even without direct action from us, simply by embedding their content.
Social Sharing Buttons: The Website includes social media icons in the footer. If you click on these icons or use social sharing buttons (if implemented elsewhere) to share content, your browser may send information directly to the respective social media platform (e.g., Facebook, X/Twitter, Instagram), subject to their privacy policies.

D. Legal Requirements and Business Transfers

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, applicable law, regulation, court order, subpoena, or other valid legal process.
Protect and defend the rights, property, or safety of GeekGenerated.com, our users, or the public, including enforcing our Terms of Service.
Detect, prevent, or otherwise address fraud, security, or technical issues.

Furthermore, if GeekGenerated.com is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets, or similar transaction or proceeding, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

E. With Your Consent

Beyond the circumstances described above, we will only share your personal information with other third parties when we have your explicit consent to do so.

F. International Data Transfers

Our Website servers and the servers of our third-party service providers may be located in countries outside of your country of residence, including the United States. This means your personal information may be transferred to, stored, and processed in jurisdictions with data protection laws that may differ from those in your own country.

For individuals in the European Economic Area (EEA) or the United Kingdom (UK), when we transfer your personal information to countries outside the EEA/UK that have not been deemed to provide an adequate level of data protection by the European Commission or the UK Government, we rely on appropriate safeguards. The primary safeguard used is the implementation of Standard Contractual Clauses (SCCs) approved by the European Commission (and/or the UK’s equivalent International Data Transfer Agreement or Addendum) in our agreements with relevant third-party service providers (such as Google, Automattic, and potentially our hosting provider). SCCs are legally binding contractual commitments requiring the data importer (the entity outside the EEA/UK) to protect personal data to a standard equivalent to that required within the EEA/UK. We may also rely on adequacy decisions where applicable. The use of services like Akismet and Gravatar, operated by Automattic, inherently involves data transfer, potentially to the US, necessitating reliance on these transfer mechanisms for EEA/UK users.

G. Table 2: Summary of Data Sharing (CCPA/CPRA)

For residents of California, the CCPA/CPRA requires specific disclosures about the categories of personal information shared or sold within the preceding 12 months. The following table provides this information using the categories defined under the law. This structured format aims to provide the clarity needed for Californians to understand our practices and exercise their rights effectively.

Category of Personal Information (Defined by CCPA/CPRA)	Category of Third Party Recipient	Business or Commercial Purpose for Sharing/Selling	Sold/Shared? (Y/N)
Identifiers (e.g., Name, Email Address, IP Address, Cookie ID, Username)	Service Providers (Hosting, Spam Filter, Analytics), Social Login Providers (Google/X), Advertising Partners (if applicable), Gravatar Service	Performing Services (Hosting, Spam Filtering, Analytics, Login), Security, Auditing, Debugging, Advertising (Potentially Cross-Context Behavioral)	Shared (Potentially Sold if for Ads)
California Customer Records Statute categories (e.g., Name, Address, Telephone number – if collected via contact form/account)	Service Providers (Hosting, potentially Customer Support tools)	Performing Services, Responding to Inquiries	Shared
Commercial Information (e.g., Records of products/services considered – via analytics/ads)	Service Providers (Analytics), Advertising Partners (if applicable)	Analytics, Advertising (Potentially Cross-Context Behavioral)	Shared (Potentially Sold if for Ads)
Internet or other electronic network activity information (e.g., Browsing history on site, Interaction with site/ads, Device/Browser info)	Service Providers (Hosting, Spam Filter, Analytics), Advertising Partners (if applicable)	Performing Services (Analytics), Security, Debugging, Auditing, Advertising (Potentially Cross-Context Behavioral)	Shared (Potentially Sold if for Ads)
Geolocation Data (Imprecise location from IP address)	Service Providers (Hosting, Spam Filter, Analytics), Advertising Partners (if applicable)	Performing Services (Analytics), Security, Advertising	Shared
Audio, electronic, visual… information (e.g., Profile pictures, Uploaded media)	Service Providers (Hosting), Gravatar Service	Performing Services (Displaying content)	Shared
Inferences drawn from other personal information (e.g., User preferences/interests inferred by analytics/ad partners)	Service Providers (Analytics), Advertising Partners (if applicable)	Analytics, Advertising (Potentially Cross-Context Behavioral)	Shared (Potentially Sold if for Ads)
Sensitive Personal Information (As defined by CPRA – unlikely intentionally collected, see Sec II.E)	N/A (Not intentionally collected/shared)	N/A	No

Export to Sheets

(Note: “Sharing” under CPRA includes disclosing data for cross-context behavioral advertising. “Selling” includes exchanging data for monetary or other valuable consideration. The “Sold/Shared?” column reflects potential classification based on typical practices; actual status depends on specific contracts and data use, particularly concerning advertising partners.)

VI. Data Security

A. Our Commitment

We are committed to implementing and maintaining reasonable and appropriate technical and organizational security measures designed to protect the personal information we collect and process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our goal is to ensure a level of security appropriate to the risk associated with the processing activities.

B. Security Measures

While we cannot disclose exhaustive technical details for security reasons, the measures we employ generally include:

Encryption: Using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) technology (HTTPS) to encrypt data transmitted between your browser and our Website.
Secure Hosting: Utilizing reputable hosting providers with robust security practices.
Software Maintenance: Regularly updating the WordPress core software, plugins, and themes to patch known vulnerabilities.
Access Controls: Implementing strong passwords for administrative accounts and limiting access to personal information on a need-to-know basis.
Spam and Malware Protection: Employing tools like Akismet for spam filtering and potentially using security plugins or firewalls to protect against malicious attacks.
Data Minimization and Pseudonymization: Limiting data collection to what is necessary and employing techniques like IP address anonymization in Google Analytics, where feasible and configured.
Secure Payment Processing: If financial transactions occur, rely on established third-party payment processors that comply with Payment Card Industry Data Security Standards (PCI-DSS).

These measures represent our effort to comply with legal standards like GDPR Article 32, which mandates “appropriate technical and organizational measures”. The aim is to demonstrate diligence in protecting data without revealing information that could be exploited by malicious actors.

C. User Responsibility

Data security is a shared responsibility. We encourage you to take steps to protect your own information, such as choosing strong, unique passwords for your user account (if applicable), keeping your login credentials confidential, and logging out after using the Website on shared devices.

D. Disclaimer

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

E. Data Breach Procedures

In the event of a data breach involving personal information, we have procedures in place to assess the situation, contain the breach, evaluate the potential risks to individuals, and notify the relevant supervisory authorities (such as data protection authorities under GDPR) and affected individuals where legally required (e.g., within 72 hours for certain breaches under GDPR).

VII. Data Retention

A. General Principle

We retain your personal information only for as long as it is necessary to fulfill the specific purposes for which it was collected, as outlined in Section III of this policy. Retention periods are determined based on the purpose of the processing, our legitimate business needs (such as record-keeping, security, or defending legal claims), and any applicable legal or regulatory requirements that mandate longer retention periods. We adhere to the principle of storage limitation, meaning data should not be kept in an identifiable form for longer than necessary.

B. Specific Retention Periods

We apply the following retention periods or criteria for different categories of data:

Comments: As indicated in the initial suggested text, comments you leave on the Website and their associated metadata (name, email, website, IP address, timestamp) are retained indefinitely. The stated purpose for this is to recognize and approve any follow-up comments automatically instead of holding them in a moderation queue [User Query]. While this serves a functional purpose, indefinite retention requires careful justification under GDPR’s storage limitation principle. We rely on our legitimate interest in facilitating ongoing discussion and the user’s expectation when commenting publicly. However, this indefinite retention is subject to your right to request erasure (see Section VIII).
User Account Information: Personal information associated with your user profile (username, email, profile details) is retained for as long as your account remains active on the Website. If you delete your account, we will typically delete or anonymize your profile information within a reasonable timeframe, unless we are required by law or have a legitimate need (e.g., for security or legal records) to retain it for longer.
Analytics Data: Data collected via Google Analytics is subject to the data retention settings configured in our Google Analytics account. Google Analytics offers options such as 14 months, 26 months, 38 months, or 50 months for user and event data retention, after which it may be automatically deleted. We have configured our retention settings to. Note that standard aggregated reports in Google Analytics are generally not affected by these user-level data retention settings.
Cookies: The lifespan of Cookies varies depending on their type and purpose, as detailed in Section IV. Session cookies expire when you close your browser. Persistent cookies have set expiration dates (e.g., comment convenience cookies: 1 year; login cookies: 2 days or 2 weeks if “Remember Me” is checked; screen options cookies: 1 year; analytics cookies: varying durations like 24 hours or 2 years).
Contact Form Submissions: Information submitted via contact forms (if applicable) will be retained for.
Server Logs: Web server logs containing technical data like IP addresses are typically retained for a limited period (e.g.,) for security analysis and troubleshooting purposes, after which they are deleted or anonymized.
Akismet Data: Data processed by Akismet for spam checking is retained by Automattic for short periods, generally between two weeks and ninety days, before being automatically deleted.
Newsletter Subscription Data: If you subscribe to our newsletter (if applicable), your email address and any associated information are retained until you unsubscribe from the mailing list.

The varied retention periods reflect the different purposes for which data is collected and the principle that data should only be kept as long as genuinely necessary.

VIII. Your Privacy Rights

A. Overview

You have certain rights concerning your personal information, granted by data protection laws such as the GDPR (for individuals in the EEA/UK) and the CCPA/CPRA (for residents of California). We are committed to facilitating the exercise of these rights.

B. Rights Under GDPR (for individuals in the EEA/UK)

If GDPR applies to the processing of your personal information, you have the following rights :

Right to Access: To request confirmation of whether we process your personal data and, if so, to access copies of that data and receive information about the processing (e.g., purposes, categories, recipients). [User Query]
Right to Rectification: To request the correction of inaccurate personal data we hold about you, and to have incomplete data completed.
Right to Erasure (‘Right to be Forgotten’): To request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purpose it was collected, if you withdraw consent and there’s no other legal ground, if you object and there are no overriding legitimate grounds).
Right to Restrict Processing: To request that we limit the processing of your personal data under certain conditions (e.g., while the accuracy of the data is contested, if the processing is unlawful but you oppose erasure).
Right to Data Portability: To receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have the right to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.
Right to Object: To object, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests. We must stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for legal claims. You also have the absolute right to object to processing for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Rights related to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (subject to exceptions).

C. Rights Under CCPA/CPRA (for California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA :

Right to Know/Access: To request that we disclose the categories of personal information we collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting, selling, or sharing it, the categories of third parties to whom we disclose it, and the specific pieces of personal information we collected about you (covering the preceding 12 months, and potentially longer for data collected after Jan 1, 2022, unless impossible or involving disproportionate effort).
Right to Delete: To request the deletion of personal information we collected from you, subject to certain exceptions (e.g., information needed to complete a transaction, detect security incidents, comply with legal obligations, or for certain internal uses).
Right to Correct: To request the correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing: To direct us not to “sell” or “share” your personal information. “Sharing” under CPRA specifically includes disclosing personal information for cross-context behavioral advertising. You can exercise this right via the link provided in Section IX.
Right to Limit Use and Disclosure of Sensitive Personal Information: If we collect sensitive personal information (as defined in Section II.E) and use it for purposes beyond those specified in the CPRA (see Section IX.D), you have the right to direct us to limit its use and disclosure to only those permitted purposes. You can exercise this right via the link provided in Section IX (if applicable).
Right to Non-Discrimination: To not receive discriminatory treatment from us for exercising any of your CCPA/CPRA privacy rights. This means we cannot deny goods or services, charge different prices, or provide a different level or quality of service because you exercised your rights (unless the difference is reasonably related to the value provided by your data).

D. How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us using one of the following methods:

Email:
Website Form:
Toll-Free Telephone Number:
User Account Settings: [If applicable, describe rights that can be exercised directly via account settings, e.g., updating profile info, deleting account]

Please note that providing these specific methods, particularly the web form and toll-free number for CCPA/CPRA compliance, requires operational implementation beyond just listing them here.

Verification: To protect your privacy and security, we will take reasonable steps to verify your identity before processing requests to know/access, delete, or correct your information. The verification process will depend on the sensitivity of the information requested and the nature of your relationship with us. We may ask you to provide additional information (matching data points we already hold, such as email address or recent activity) or confirm via email. We will not require you to create an account to submit a request, nor will we request overly sensitive information (like Social Security numbers unless strictly necessary and already held) for verification. Verification is generally not required for requests to opt-out of sale/sharing or limit use of sensitive PI, unless we have reason to suspect the request is fraudulent. The verification process must balance security against accessibility, ensuring it is not unduly burdensome.
Response Timeframe: We will confirm receipt of your request within 10 business days (for CCPA/CPRA requests). We aim to respond substantively to verifiable requests within 45 calendar days (CCPA/CPRA) or one month (GDPR) of receipt. If we require more time (up to an additional 45 days for CCPA/CPRA or two additional months for complex GDPR requests), we will inform you of the reason and extension period in writing within the initial response period. For requests to opt-out of sale/sharing under CCPA/CPRA, we will act upon the request within 15 business days.

E. Authorized Agents (CCPA/CPRA)

California residents may designate an authorized agent to make requests on their behalf. We will require written permission signed by the consumer demonstrating the agent’s authority, and we may also need to verify the consumer’s own identity directly with us.

F. Right to Lodge a Complaint

If you are located in the EEA or UK and believe that our processing of your personal information infringes data protection laws, you have the legal right to lodge a complaint with a supervisory authority responsible for data protection in your jurisdiction (i.e., your member state of habitual residence, place of work, or place of the alleged infringement). California residents can report concerns to the California Privacy Protection Agency (CPPA).

IX. Specific California Privacy Disclosures (CCPA/CPRA)

A. Scope

This section provides supplementary information specifically for residents of California, as required by the California Consumer Privacy Act (CCPA) of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020.

B. Categories of Personal Information Collected, Shared, or Sold

In the preceding 12 months, GeekGenerated.com has collected the categories of personal information detailed in Section II. The categories of third parties with whom we may have shared this information, and the business or commercial purposes for doing so, are outlined in Section V and summarized in Table 2. As noted, we do not “sell” personal information in the traditional sense for monetary value. However, the use of third-party analytics and advertising cookies may constitute “sharing” or “selling” under the CPRA’s broad definitions, particularly for cross-context behavioral advertising. This interpretation is crucial because the use of common advertising technologies likely triggers the requirement for the opt-out mechanism described below.

C. Right to Opt-Out of Sale/Sharing

California residents have the right to direct us not to sell or share their personal information. You can exercise this right by clicking the following link, which is also available in the footer of our Website:

(Link to Opt-Out Page/Mechanism)

This link leads to a page where you can submit your opt-out request, typically via an interactive web form. We will process your request within 15 business days and will respect your decision for at least 12 months before potentially asking you to opt back in. We also endeavor to recognize legally valid opt-out preference signals, such as the Global Privacy Control (GPC), transmitted via your browser or device, as requests to opt-out of sale/sharing.

D. Right to Limit Use of Sensitive Personal Information

California residents also have the right to limit the use and disclosure of their “Sensitive Personal Information” (as defined in Section II.E) to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer requesting those goods or services, or for other specific purposes permitted by the CPRA regulations (e.g., security, non-personalized advertising, verifying service quality).

We collect certain categories of sensitive personal information (e.g., [List specific categories like precise geolocation if applicable]) and may use it for purposes beyond those strictly necessary for service provision (e.g., [List purposes like inferring characteristics for personalization]). Therefore, you have the right to limit our use of this information. You can exercise this right by clicking the following link, which is also available in the footer of our Website:

(Link to Limit Use Page/Mechanism)

GeekGenerated.com does not intentionally collect Sensitive Personal Information as defined by the CPRA. Any sensitive information potentially processed (e.g., inadvertently through user comments, or imprecise location data via analytics) is not used for purposes that would require us to offer the right to limit its use under CPRA §1798.121 (e.g., we do not use it to infer characteristics about consumers beyond basic service provision or security). Therefore, the “Limit the Use of My Sensitive Personal Information” link is not provided as this right is not applicable to our current data processing activities.

If this approach is taken, the policy text should reflect this.]

E. Financial Incentives

We do not currently offer any financial incentives or price/service differences to consumers in exchange for the collection, retention, sale, or sharing of their personal information. If we were to offer such a program in the future, we would provide a clear Notice of Financial Incentive explaining the material terms and obtain your opt-in consent.

F. Minor’s Data (Under 16)

GeekGenerated.com does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age. Our services are not directed at children under 16, and we require opt-in consent (from the minor if aged 13-16, or from a parent/guardian if under 13) before knowingly selling or sharing the personal information of any California resident under 16. (See also Section X).

X. Children’s Privacy

Protecting the privacy of children is especially important. Our Website is intended for a general audience and is not directed at children under the age of 13 (as defined by the U.S. Children’s Online Privacy Protection Act – COPPA) or children under the age of 16 (as relevant under GDPR and CCPA/CPRA).

We do not knowingly collect personal information online from children under these relevant age thresholds without obtaining verifiable parental consent (for COPPA) or ensuring appropriate consent mechanisms are in place (for GDPR/CCPA/CPRA). As stated in Section IX.F, we also comply with California’s specific requirements regarding the sale/sharing of data for minors under 16.

If we learn that we have collected personal information from a child under the applicable age limit without the required consent, we will take steps to delete that information as quickly as possible.

Parents or legal guardians who believe that their child may have provided personal information to us without the necessary consent should contact us immediately using the contact details provided in Section I.D. Parents have the right to review the information collected about their child, request its deletion, and refuse to allow any further collection or use of the child’s information.

The multi-jurisdictional nature of online privacy means we must consider COPPA (age 13), GDPR (generally 16, variable), and CCPA/CPRA (under 16 for sale/sharing opt-in) simultaneously to ensure broad compliance.

XI. Changes to This Privacy Policy

A. Updates

We may update this Privacy Policy from time to time to reflect changes in our data practices, service offerings, technology, or legal requirements. We reserve the right to modify this policy at any time. Under the CCPA/CPRA, we are required to review and update our privacy disclosures at least once every 12 months.

B. Notification

When we make changes to this Privacy Policy, we will update the “Last Updated” date at the top of this page. For material changes (changes that significantly alter our data practices or your rights), we will provide more prominent notice, which may include posting a notice on the Website homepage or, if we have your email address (e.g., for registered users), sending you an email notification prior to the change becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Website after any changes constitutes your acceptance of the revised policy. The process of regular review, updates, and notification is not just good practice but a legal requirement under laws like CCPA/CPRA, ensuring ongoing transparency.

XII. Contact Us

If you have any questions, comments, concerns, or complaints about this Privacy Policy or our data handling practices, or if you wish to exercise any of your privacy rights, please contact us using the methods provided below. Ensuring easy access to contact information is crucial for transparency and facilitating user rights.

Email: Support@GeekGenerated.com
Website Contact Form: https://geekgenerated.com/contact/
Mailing Address: 2559 Blossom Hill Road Morton Mississippi 39117
Toll-Free Number (for CCPA/CPRA requests): N/A

We will endeavor to respond to your inquiries in a timely and helpful manner.