Privacy Policy

This privacy policy governs the relationship between Kniterator and its users.

What data we hold, where it comes from, who we share it with, and what we do with it.

When you sign up for an account on Kniterator, we need to capture your email address and a password. These are submitted by you and used to control access to your account. Your email address is also used to send automated emails such as purchase confirmations.

After signup you are also added to our newsletter mailing list. You can remove yourself from that mailing list at any time without removing or changing your Kniterator account - just look for the unsubscribe link at the bottom of the newsletter email.

Your Kniterator account can optionally also include your Ravelry username. This enables us to easily find you on Ravelry for the purpose of communication, and you can choose not to supply it.

We also store the IP address you sign in from. This is stored automatically as part of our authentication system. This is used for statistical purposes, and can help us to detect account fraud.


How we ask for and record consent

By signing up to Kniterator you consent to us holding the above personal data items. The existence of a user account on Kniterator represents recorded consent. You can withdraw consent by cancelling your Kniterator account.


Withdrawing consent: how you can delete your data from Kniterator, and your right to be forgotten

Should you wish to leave Kniterator, you can opt to delete your account. This removes your access, and deletes any patterns you have previously purchased and unused credits that you may have. Just login, click the "Profile" option under "My account", and click the "Cancel my account" button.


If you have an objection to the processing of your personal data

Objections to the way we hold and process personal data will be dealt with on a case by case basis. You can contact chief-knitting-officer@kniterator.com at any time to contact our data protection officer, if you have a question or concern about your personal data.


Data protection, and third parties

We do not sell, trade, or otherwise transfer your Personally Identifiable Information to any outside parties. Since we don't display advertising, we are not a part of any advertising networks that engage in behavioural tracking.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology (the "s" in "https").

You have the right to request a full audit of all personal data held by Kniterator. Send your request to chief-knitting-officer@kniterator.com and it will be responded to within one calendar month.

All Kniterator's data is stored securely in a database server that is hosted by Heroku. You can read about Heroku's privacy policy and security certifications here.

All financial transactions with Kniterator are processed through Stripe. We do not store any of your credit card details on our own servers. You can read Stripe's privacy policy here

Updates to your profile on Kniterator can only be made by yourself, when you are logged in on the site, or by the site administrator and in that case only when in agreement with you about the changes to be made.


Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.

We use cookies to track the fact that you are logged in on the site. We do not store any personally identifiable information in the cookie.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off for www.kniterator.com, we will not be able to maintain a session for you on the site, and you will therefore not be able to log in.


How does Kniterator handle Do Not Track signals?

We don't use advertising on the site at any time. Since not saving a cookie would mean you will be unable to sign in and use the site, we do not interpret the Do Not Track signal as an instruction not to save the session cookie.


Google

We use Google Analytics (GA) to track visitor activity on www.kniterator.com. This data is anonymous, and we do not transfer any personally identifiable information about you to GA.

We have not enabled Google AdSense on Kniterator, but we may do so in the future. In that case this policy will be updated accordingly.


California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.
See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

You will be notified of any Privacy Policy changes:

You can change your personal information:


COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.


Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur we will notify you via email within 72 hours.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.