Who we are
PenStars (https://penstars.com) is a content assessment service. We accept written submissions and provide feedback on ways to improve your writing.
PenStars is run from Kenya (business, by Walter) and the UK (technical, by Spike) and is hosted in GoDaddy’s Netherlands data centre. We must therefore comply with the new GDPR (General Data Protection Regulation).
What personal data we collect and why we collect it
We collect your email address, which cannot be tracked back to you without further information from third parties.
We record IP addresses, which we associate with login names (and therefore email addresses). Our site uses an “activity log” for user activity auditing and security that monitors IP addresses to shut down attacks.
You may also enter a PayPal address (to receive refunds from your account, where appropriate) and a “screen name” (purely for personalisation).
Contact forms
If you contact us (through the site or directly by email), we record your email address. Again, it cannot be directly tied to your real-world identity without third-party information.
Cookies
When you log into your PenStars account, we set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
When you submit or edit content, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Analytics
We use Google Analytics, which uses anonymised data to track site visits, page views and so on. No personal data is transmitted.
Who we share your data with
No one. We NEVER share your data with anyone. The only reason we would is if we were legally obliged.
How long we retain your data
We retain your data indefinitely, unless you ask us to delete your account. This is so you can log in and submit content whenever you wish. The only people who can see your personal information are site administrators (Walter and Spike). Assessors only see anonymised content, with no author information.
Please note that your login name remains in the system even if we close your account, to maintain any existing transactions for our financial records (a legal requirement).
What rights you have over your data
If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
We don’t send your data anywhere. It all stays here. The only data transmitted from our site is to PayPal and only includes payment option information and transaction ID. No personal data (not even your email) is sent.
Additional information
How we protect your data
PenStars uses SSL to encrypt all communications. The database is stored on a GoDaddy VPS and only allows localhost connections (i.e. a hacker would have to hack the server account or be in the data centre to get access).
What data breach procedures we have in place
A PenStars data breach would reveal no useful information. All passwords are encrypted by default (i.e. not readable) and the only personal information associated with your account is from PayPal payments. We store no delivery addresses or other information from that site, so a hacker would not be able to perform any kind of social engineering.
What third parties we receive data from
We receive updates from PayPal and automatically process incoming payments, to ensure your money goes to your account. We do not use any personal information in this process: it’s based on transaction IDs and is processed internally, on our site.
What automated decision making and/or profiling we do with user data
The only decision our sites takes is when to send you notifications. We do not profile our users or gather any information for advertising or other such activities.
Account removal requests
If you wish to close your account, simply contact us. We’ll close your account with no hard feelings.
As mentioned above, your login name remains in the system, connected to any transactions on your account. You can change your email to a fake address and delete your screen name and PayPal address before closing your account, if you wish.