Privacy Policy


This privacy policy relates to the primary website for Piper Haywood which can be found at the following URL:

Piper Haywood is an UK-based individual and is the responsible data controller for this website. She uses her website to share information about herself and to maintain a personal blog. You can contact her if you have questions about this privacy policy by sending her an email at

This privacy policy is based primarily on guidance kindly provided by the creators of WordPress. It also draws inspiration from the genuine and clearly-worded documentation provided by the developers of Kirby CMS. “We”, “our”, and other “royal” pronouns are used below for convenience. They all refer to Piper Haywood.

About this website

We use a variety of third-party services, software, and platforms to create and maintain this website. The relevant services that may use your data in some way, shape, or form are listed below.

Hosting & SSL certificate

Our hosting provider is NFSN, Inc., located at 1540 International Pkwy Ste 2000, Lake Mary, FL 32746-5096, USA.

Our SSL certificate is issued by Let’s Encrypt. Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection if the URL reads https:// instead of http://. A green lock icon may also be displayed in your browser’s address bar. If you see the green lock icon, try clicking it. In many browsers, clicking the lock icon will give you further information about the website related to your privacy.


We use Google Analytics to better understand our audience and the relevance of our content, however limited. We’re on the fence about whether or not this is worthwhile. If you have an opinion on this we’d love to hear it, please email us at

Content Management System (CMS) & Plugins

The website is built using the open source CMS WordPress. Selected third-party plugins are used to extend default WordPress functionality. Plugins that may be relevant to the collection and use of your data include  Wordfence Security.

What personal data we collect and why we collect it

Server logs

Our hosting provides and stores information that your browser transmits to us in server log files. This data may include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

We do not combine this data with data from other sources.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you use their service. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture may be visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site, you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to the CMS, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

A number of cookies are set when you log in to the CMS. WordPress will set up several cookies to save your login information and your screen display choices. WordPress login cookies last for two days, and WordPress screen options cookies last for a year. If you select “Remember Me”, your WordPress login will persist for two weeks. If you log out of your account, the WordPress login cookies will be removed. WordFence will set up a cookie to authenticate your login request. This cookie expires in 30 minutes.

If you edit or publish an article in the CMS, WordPress will save an additional cookie in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

When you visit the site, we set up several cookies related to Google Analytics. Two of these are used to distinguish users; _ga expires in two years and _gid expires in one day. Another cookie, _gat, is used to throttle the request rate and expires in one minute.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Google Analytics

Traffic on this site may be tracked by Google Analytics. We have configured Google Analytics so that IP addresses are anonymised, we do not collect User IDs or other pseudonymous identifiers, and we do not allow this data to be used for advertising features.

About your data and how we use it

What rights you have over your data

  1. The right to be informed: We inform our users about what data is being collected and how we use it by placing links to this privacy policy prominently on our website. We have tried to make this information clear and readily available, yet unobtrusive to our users’ browsing experience.
  2. The right of access: Get in touch and we will provide you with an exported file of any data we hold about you, including data you have provided to us. If you have an account, you can log in and access your account data at any time.
  3. The right to rectification: If there’s any personal data about you that should be corrected by us, please let us know.
  4. The right to erasure, a.k.a. the “right to be forgotten”: Let us know and we will delete all your personal data that we store. If you have an account on this site, you can delete your account at any time. If you have commented on the site or we hold your data for any other reason, you can request that we erase any personal data we hold about you. Please note that we cannot remove or erase data that we are obliged to keep for administrative, legal, or security purposes.
  5. The right to restrict processing: If you would like to restrict or suppress the processing of any data we hold about you, get in touch and we will work with you to accommodate this.
  6. The right to data portability: We will give you an exported copy of your data so that you can provide it to another service.
  7. The right to object: You have the right to file a complaint regarding our collection and use of your data. Please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to your national data protection authorities.

Who we share your data with

Your data will only ever be shared with the services outlined in this document, the majority of which are essential for the basic functionality of this website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

The data that is sent to Google Analytics is stored for 26 months.

Please see the Cookies section of this document for information about what cookies we set and when they expire.

Additional information

How we protect your data

We use SSL encryption to protect our website traffic. Wherever possible, we follow WordPress’s best-practice guidance regarding security and hardening the CMS. We also use Wordfence to configure a firewall, block malicious traffic, give us immediate alerts in the event of malicious activity, and enforce strong passwords. We never store passwords in plain text formats such as spreadsheets, text files, or emails, and you shouldn’t either.

Data breach procedures

If there is a data breach where personal data may have been compromised, we will report the breach to the relevant supervisory authority. We will do so within 72 hours of becoming aware of the breach, where feasible. We will also get in touch with the affected users as soon as possible to let them know the nature of the breach and what data may have been involved.

Other websites

Though we are occasionally involved in the development and maintenance of others’ websites and we take care to consider data privacy when offering development services, we are not responsible for the data privacy or privacy policy of other websites since we are not their data controller.

Questions & Feedback

We try to keep our privacy policy as transparent and easy to understand as possible. Please let us know if we can improve it further or if you have any other questions by emailing us at