Privacy Policy

This privacy policy governs the relationship between Yarnpond and users of the yarnpond.com service for matching designers and test knitters/crocheters.

What data we hold, where it comes from, who we share it with, and what we do with it.

When you sign up for an account on Yarnpond, we need to capture your email address and a password. These are submitted by you and used to control access to your account. Your email address is also used to send automated emails from Yarnpond regarding activity on the system that you need to know about or that may interest you. Once you're signed up, you have full control over what emails you receive from Yarnpond and how often you receive them. We do not share your email address with anyone. Your password is encrypted on our servers and obviously we would not share that with anyone either.

At present we do not send any regular newsletters to Yarnpond members. We may start sending such newsletters in future, but in this case you will have the ability to remove yourself from those mailings without removing or changing your Yarnpond account.

Your Yarnpond account can contain other personally identifiable information, that is supplied by you. All the below pieces of information are optional, but contribute to making Yarnpond a more useful service.

Your real name This makes it possible for other users to find you on Yarnpond (e.g. for sending a personal message), or to find you on other social media. This is optional, but you must supply either this or a forum username (see below), or both.
A forum username of your choice This makes it possible for other users to find you on Yarnpond (e.g. for sending a personal message), or to find you on other social media. You may choose to use the same name as you use on Instagram or Ravelry for example. This is optional, but you must supply either this or your real name (see above), or both.
Your Ravelry username or designer name, and your Instagram handle These are all optional. If you're signing up as a tester, these can enable designers to view your past projects. If you're signing up as a designer, then these can help testers to see some of your prior work and decide whether or not to join your testing pool.
All these personal data items can be updated by you at any time, from within Yarnpond.

Finally, we also store the IP address you sign in from. This is stored automatically as part of our authentication system. This is used for statistical purposes, and can help us to detect account fraud.


How we ask for and record consent

By signing up to Yarnpond you consent to us holding the above personal data items. The existence of a user account on Yarnpond represents recorded consent. You can withdraw consent by cancelling your Yarnpond account.


Data we collect during the pattern testing process

During the pattern testing process, the designer submits text and images to describe their pattern, and the tester submits text and images relating to their progress and feedback about the pattern. At the end of the pattern test, both the designer and tester have the ability to rate each other with regards to that particular test.

All data relating to a pattern test is visible to the designer who is running the test.

Individual ratings are visible only to the person who made them. The rating that you can see for yourself is the average of all the ratings you have received.

Review comments (supplied along with a rating) are visible to any users who are logged in to the system. However the author of the comment can decide whether or not their name will appear alongside their comment.


Withdrawing consent: how you can delete your data from Yarnpond, and your right to be forgotten

Should you wish to leave Yarnpond, you can opt to delete your account. This removes your access, and any personally identifiable data that relates to you will either be removed or anonymised.

If you have participated in any pattern tests, then data collected on behalf of the designer (such as your feedback about the pattern) will be retained so that they can maintain full records. However, that data will be anonymised so that it can no longer be linked back to you as an individual.

Should a full calendar year pass since the last time you logged in to your Yarnpond account, you will get an email to ask whether you wish to keep the account or not. If we get no response to that email within the time frame it specifies, or if you respond with a request to remove your account, then your account will be deleted automatically.


If you have an objection to the processing of your personal data

Objections to the way we hold and process personal data will be dealt with on a case by case basis. You can contact site-help@yarnpond.com at any time to contact our data protection officer, if you have a question or concern about your personal data.


Data protection, and third parties

We do not sell, trade, or otherwise transfer your Personally Identifiable Information to any outside parties. Since we don't display advertising, we are not a part of any advertising networks that engage in behavioural tracking.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology (the "s" in "https").

You have the right to request a full audit of all personal data held by Yarnpond. Send your request to site-help@yarnpond.com and it will be responded to within one calendar month.

All Yarnpond's data is stored securely in a database server that is hosted by Heroku. You can read about Heroku's privacy policy and security certifications here.

Images uploaded to Yarnpond (such as user avatars and FO photographs) are stored in a third-party hosting site called Cloudinary. None of your personal information (name or email for example) is sent to Cloudinary, and there is no data associated with the images that can personally identify you.

Links to your images hosted on Cloudinary are encoded by Yarnpond so that they are not guessable. It is extremely unlikely that anyone would be able to view your image on Cloudinary in any context other than they way the images are displayed within the Yarnpond system.

You can read Cloudinary's privacy policy here.

We link to ko-fi.com, a site that allows you to "buy a coffee" that helps support the development of Yarnpond. The Ko-fi service sets a cookie that you can choose to disable without any adverse affect to your experience on Yarnpond. There is no connection between your Yarnpond account and Ko-fi, and we do not pass any data about you to Ko-fi. Nor does Ko-fi pass any data about you back to Yarnpond.

Updates to your profile on Yarnpond can only be made by yourself, when you are logged in on the site, or by the site administrator and in that case only when in agreement with you about the changes to be made.


Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.

We use cookies to track the fact that you are logged in on the site. We do not store any personally identifiable information in the cookie.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off for www.yarnpond.com, we will not be able to maintain a session for you on the site, and you will therefore not be able to log in.


How does Yarnpond handle Do Not Track signals?

We don't use advertising on the site at any time. Since not saving a cookie would mean you will be unable to sign in and use the site, we do not interpret the Do Not Track signal as an instruction not to save the session cookie.


Google

We have not enabled Google Analytics or Google AdSense on Yarnpond, but we may do so in the future. In that case this policy will be updated accordingly.


California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.
See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

You will be notified of any Privacy Policy changes:

You Can change your personal information:


COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.


Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur we will notify you via email within 72 hours.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.