Scroll·
Home DMCA
Overview Data We Collect How We Use It Cookies Sharing Retention Your Rights Contact

Privacy.

We keep this short and honest. This page lists every piece of data we actually collect — nothing speculative, nothing aspirational.

GDPR compliant CCPA compliant Last updated May 2026

Minimal collection

Three sources only: what you type into a comment, what you submit to the DMCA form, and a handful of functional cookies.

Your data, your control

Request an export or an erase any time — we ship the WordPress Personal Data tools out of the box.

No selling, no tracking

No analytics scripts, no advertising pixels, no third-party trackers. We do not sell, rent, or trade your data.

§ 01

Data we collect

Comment data

When you leave a comment we collect the name, email address, and optional website URL you supply in the form, plus the comment body itself. WordPress core also records the IP address that submitted the comment for spam-prevention and moderation. Logged-in users contribute their account username and avatar instead of the name/email fields.

DMCA submission data

If you submit a DMCA takedown notice through the form on this site we collect the following — all of which is mandatory under 17 U.S.C. § 512(c)(3):

  • Full legal name, email address, phone number, mailing address
  • Optional company / organisation name
  • Description of the original copyrighted work and (optionally) its URL
  • URLs of the allegedly infringing content on this site, plus optional context
  • Your electronic signature (your typed legal name)
  • The IP address that submitted the notice (audit log)
  • A unique reference number assigned to the submission

This data is stored as a private record in the WordPress admin, visible only to site administrators with the manage_options capability.

Interaction signals

The theme tracks a few non-personal signals to power its social UI:

  • Post likes — the IDs of posts you have liked are stored in a cookie on your own device. The server records only an aggregate like count per post.
  • Comment likes — available only to logged-in users; the IDs of liked comments are stored in your user profile.
  • View counts — each post stores an anonymous total view count. Your IP is briefly held in a short-lived cache (cleared within one hour) to prevent the same visitor inflating the count on repeat views.
Abuse prevention

When you submit any form on this site, your IP address is held in a short-lived rate-limit cache to prevent comment-spam, like-flooding, and DMCA form abuse. These entries expire automatically within minutes to hours depending on the form type. We do not log the IP-to-request mapping persistently.

§ 02

How we use your data

Every collection point above has a single, narrow purpose:

  • To display comments + their author labels — the only reason the comment form asks for name and email. Email is never displayed publicly; the optional website URL is linked from your displayed name.
  • To process DMCA notices — your submission is reviewed by site administrators, forwarded to relevant content owners where appropriate, and used as the basis for any takedown or counter-notice action. This is a legal obligation under DMCA safe-harbour rules.
  • To power likes and view counts — purely to render the same number to the next visitor and to remember your liked-list across pages.
  • To detect and prevent abuse — IP rate-limits, hidden honeypot form fields, and HMAC-signed submission timestamps stop bots from posting comments or filing fake DMCA notices.

We do not run analytics on individual visitor behaviour. We do not build advertising profiles. We do not send marketing email.

§ 03

Cookies we set

Every cookie this site sets is strictly necessary — they remember a preference, prove a form submission is human, or remember an action you took. No tracking cookies, no advertising cookies. The full list:

  • scroll_layout_view — Remembers whether you prefer the grid or feed layout. Set when you toggle layouts. Lifetime: persistent until cleared.
  • scroll_liked_posts — Comma-separated list of post IDs you have liked. Read by the browser to highlight the heart icon on posts you already liked. Lifetime: 1 year, set when you like your first post.
  • comment_author_* — WordPress core cookies that pre-fill your name, email, and website on the next comment form if you tick the "save my details" checkbox. Lifetime: 1 year. Not set unless you opt in.
  • scroll_form_t / scroll_form_s — A timestamp and HMAC signature embedded in every comment and DMCA form so the server can reject submissions that fire faster than a human could fill out the form. These are hidden form fields, not browser cookies — they vanish when the form is submitted.
  • scroll_hp — An off-screen "honeypot" form field. If a bot fills it in, the submission is silently dropped. Not stored anywhere.

You can clear or block any of these from your browser settings. Blocking the layout or liked-posts cookies will reset those preferences on every visit; blocking the form fields will cause submissions to be silently rejected as suspected bots.

§ 04

Data sharing

We do not sell your personal data. We share it only in two narrow circumstances:

  • DMCA counter-notices — if content reported in your DMCA notice is later challenged with a counter-notice by the uploader, your contact information may be disclosed to the counter-notifying party as required by 17 U.S.C. § 512(g). This is a statutory requirement; the form itself warns you of this at the point of submission.
  • Legal compliance — if a valid court order, subpoena, or government request compels disclosure. Where the law permits, we will notify the affected user before disclosure.

Publicly visible content — your published comments, the name you attached to them, and any view / like counts — is by definition viewable by anyone and may be indexed by search engines.

§ 05

Data retention

Each data point has a specific retention window:

  • DMCA submissions — retained for 12 months after submission (long enough to cover the 17 U.S.C. § 512(g) counter-notice window), then permanently deleted by an automatic daily cleanup task. Site operators may extend this window for active legal holds.
  • Comments + their author labels — retained indefinitely while the post they belong to remains published, or until you request erasure.
  • Rate-limit / abuse-prevention IP cache — automatically expires within minutes to one hour depending on the form type. Never persisted to disk beyond the cache TTL.
  • View-count cooldown cache — your IP is held for one hour per post, then discarded. The aggregate count itself contains no personal data.
  • Like-list and layout cookies — live on your own device for as long as you allow. Server-side we only ever store the totals.
§ 06

Your rights

GDPR (EEA / UK residents)

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Restriction — limit how we process your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Complaints — lodge a complaint with your local supervisory authority.

CCPA (California residents)

  • Know — know what personal information is collected and how it is used.
  • Delete — request deletion of personal information we have collected.
  • Opt out — opt out of the sale of personal information (we do not sell data).
  • Non-discrimination — we will not discriminate against you for exercising these rights.
  • Correct — correct inaccurate personal information.

How to exercise these rights: the site administrator can invoke Tools → Export Personal Data or Tools → Erase Personal Data in the WordPress admin, supplying your email address — the theme is wired into WordPress's built-in Personal Data tools and will return every DMCA submission tied to your email, plus delete them on request. For all other requests, email chris@jaded.net and we will respond within 30 days (GDPR) or 45 days (CCPA). We may ask you to verify your identity before processing the request.

§ 07

Privacy contact

Questions about your data?

Email is the fastest way to reach the privacy contact. Replies typically arrive within 5 business days; mark urgent requests (security incidents, legal holds) in the subject line.

You also have the right to lodge a complaint with your country's data protection authority if you believe we have not handled your data appropriately.

Email
chris@jaded.net
Copyright
DMCA Takedown Requests