Privacy Policy II

Last Updated: September 2025

This Privacy Policy explains how J.S. Nathaniel (“we,” “us,” “our”) collects, uses, and shares information when individuals visit jsnathaniel.co, interact with the newsletter, download resources, or follow outbound links to book retailers and platforms. By using the site, individuals consent to the practices described here, subject to rights under applicable laws.

What we collect
• Information provided: Name, email address, and any message content submitted via contact forms, newsletter sign‑ups, or download requests.
• Device and usage IP address, browser type, device identifiers, pages visited, timestamps, and referral URLs gathered via cookies and similar technologies for analytics and performance.
• Transactional context: If following outbound links to third‑party retailers (e.g., Amazon) or distributors, those platforms may collect personal information under their own policies; no payment data is processed on our site.
How we use information
• Communications: Send opt‑in newsletters, updates, and author announcements; recipients can unsubscribe any time via the link in each email.
• Site operations: Diagnose issues, analyze performance, and improve content and user experience using aggregated analytics.
• Legal compliance: Maintain appropriate records, respond to rights requests, and meet regulatory obligations.
Legal bases (GDPR)
• Consent: Email marketing and optional analytics or marketing cookies operate on prior, freely given consent that can be withdrawn at any time.
• Legitimate interests: Basic, strictly necessary site functionality and security.
• Contract and legal obligation: Responding to inquiries and complying with applicable laws.
Cookies and tracking
• Types: Essential cookies for core functionality; optional analytics cookies to measure traffic and performance. A cookie notice will present choices and link to this Policy.
• Controls: Browser settings can limit cookies; consent tools allow opt‑in/opt‑out for non‑essential cookies consistent with GDPR/CCPA norms.
Email marketing and CASL
• Express consent: Newsletter sign‑ups require a clear, affirmative opt‑in describing message types and frequency; consent records are retained. Emails include sender identification, mailing address, and an unsubscribe mechanism honored within 10 days.
• No pre‑checked boxes: Consent controls are never pre‑selected; explicit action is required.
• Proof of consent: Time, source, and method of consent are documented.
Sharing information
• Service providers: Email delivery (e.g., Mailchimp/Constant Contact), website hosting, and analytics vendors process data under instructions and appropriate safeguards; no sale of personal information.
• Legal: Disclosure may occur to comply with law or protect rights, safety, and security.
International transfers
• Where services operate across borders, appropriate safeguards are applied consistent with GDPR requirements for international transfers, such as standardized contractual clauses by vendors.
Data retention
• Personal data is retained only as long as necessary for the purposes described, including consent records for compliance and until an unsubscribe or deletion request is processed, subject to legal retention duties.
Individual rights
• GDPR (EEA/UK): Right to access, correct, delete, restrict or object to processing, and data portability; where processing is based on consent, it can be withdrawn at any time without affecting prior lawful processing. Requests will be addressed consistent with Articles 13–15.
• CCPA/CPRA (California): Notice at collection; right to know categories and specific pieces of personal information collected, sources, purposes, and disclosures; rights to delete, correct, and limit use of sensitive personal information; and opt‑out of sale/share if ever applicable; at least two submission methods are provided for eligible businesses operating beyond exclusively online contexts. We do not sell or share personal information for cross‑context behavioral advertising.
• CASL and CAN‑SPAM: Individuals can unsubscribe from commercial emails at any time, and such requests are processed promptly.
Notice at collection (CCPA/CPRA)
• Categories collected: Identifiers (e.g., name, email), internet activity (e.g., pages viewed, IP address), and inferences for site performance; retention periods align to operational necessity and legal requirements. Detailed category disclosures are included in a CCPA table accessible via the Privacy page. We do not sell or share personal information.
Children’s privacy
• The site is not directed to children under 13, and personal information from known children is not knowingly collected; data identified as such will be deleted.
Third‑party links
• Outbound links to retailers and platforms (e.g., Amazon, Substack, Audible/ACX, IngramSpark, Draft2Digital) are governed by those services’ privacy practices; review their policies before engaging.
Security
• Reasonable administrative, technical, and organizational measures are used to protect personal data; no method is entirely secure, and residual risk remains.