BitsOfReason

Privacy Policy

Effective date: 11 December 2025
Last updated: 11 December 2025

1. Introduction

This Privacy Policy explains how BitsOfReason.org (“we”, “us”, “our”) collects, uses and protects personal data when you visit this website or contact us.

We are committed to respecting your privacy and handling your personal data in a transparent, secure and lawful way.

This policy applies only to this website. It does not cover third-party websites or services that we may link to.

2. Who we are and how to contact us

BitsOfReason.org is a personal website that publishes articles and commentary on technology and related topics.

Data controller:
BitsOfReason.org

If you have any questions about this Privacy Policy or wish to exercise your data-protection rights, you can contact us using the contact form available on this website.

The contact form is monitored by the site owner and is used solely to respond to enquiries.

We will respond to privacy-related enquiries within a reasonable timeframe.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority.

3. Personal data we collect

We collect and process personal data in the following situations:

3.1. Information you provide directly

  • Contact or email correspondence
    If you contact us by email or via the contact form, we process the information you provide, such as your name, email address and the content of your message in order to respond to your enquiry.
  • Comments
    If commenting is enabled on posts, we process the information you submit (name, email address, website URL if provided) along with your comment content and IP address (for spam and security checks).

3.2. Information collected automatically

When you visit BitsOfReason.org, certain technical data is collected automatically by our hosting and security systems. This may include:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and referring page
  • Date and time of requests
  • Basic error and performance logs

This information is primarily used for security, debugging, and ensuring the website works correctly.

3.3. Cookies and similar technologies

We use cookies that are strictly necessary for the operation and security of the website (for example, WordPress core cookies, firewall cookies and consent cookies).

We do not currently use analytics cookies or advertising/tracking cookies.

For more detail about the cookies we use and your choices, please see our [Cookie Policy].

4. Why we process personal data (purposes and legal bases)

We process personal data only when we have a lawful basis under UK GDPR / EU GDPR.

4.1. To operate and secure the website

  • Purpose: Running the website, hosting, performance optimisation, protecting against malicious traffic, abuse and spam.
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – our legitimate interest in operating a stable and secure website.

This covers processing by WordPress core, our hosting provider, and security tools such as Wordfence and SiteLock.

4.2. To respond to enquiries

  • Purpose: Responding to emails or messages you send us.
  • Legal basis: Legitimate interests – our interest in responding to queries and managing our communications with you.

4.3. Comments and user-generated content

  • Purpose: Publishing and moderating comments (if enabled) and preventing spam.
  • Legal basis: Legitimate interests – our interest in facilitating discussion and protecting the site from abuse.

4.4. Consent for optional cookies (future use)

If we introduce optional cookies (such as analytics cookies), we will obtain your consent through the cookie banner managed by CookieYes.

  • Legal basis: Consent (Art. 6(1)(a) GDPR).

You can withdraw consent at any time via the “Consent preferences” control shown on the site.

4.5. Compliance and legal obligations

We may process and retain certain information where required to comply with legal obligations or to establish, exercise or defend legal claims.

  • Legal basis: Legal obligation (Art. 6(1)(c)) or legitimate interests.

5. How we share personal data

We do not sell personal data and we do not share it with advertisers or data brokers.

We may share personal data with trusted service providers (“processors”) who help us operate this website. These processors only act on our instructions and are bound by data protection obligations.

Our main service providers are:

  • Website hosting:
    Our site is hosted by Bluehost (Newfold Digital). Hosting providers process IP addresses and technical logs to serve the website and maintain security and performance.
  • Security and firewall:
    We use Wordfence and SiteLock to protect the site against malicious traffic, hacking attempts and spam. These services process IP addresses and technical request data to identify and block suspicious activity.
  • Cookie management:
    We use CookieYes to manage the cookie consent banner and cookie preferences. CookieYes may set strictly necessary cookies to remember your choices and record consent.
  • Email service provider:
    When you email us, your message is processed by our email provider (for example, Apple iCloud Mail or similar).

Where these providers are based outside the UK/EEA, we rely on appropriate safeguards (such as standard contractual clauses) to protect your data.

We may also disclose information if we are legally required to do so, for example to law enforcement or regulatory authorities.

6. International transfers

Some of our service providers may be located outside the UK or European Economic Area (EEA), for example in the United States.

Where personal data is transferred outside the UK/EEA, we take steps to ensure an adequate level of protection, such as:

  • relying on an adequacy decision, or
  • using standard contractual clauses approved by the UK or EU.

You can contact us if you would like more information about international transfers relating to this website.

7. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Typical retention periods include:

  • Server and security logs: normally retained for a limited period (for example 30–180 days) for security and troubleshooting.
  • Emails and correspondence: retained for as long as necessary to handle your request and maintain a record of communications.
  • Comments: retained for as long as the comment remains published on the site (unless you ask us to remove it, where applicable).
  • Cookie consent records: stored for as long as required to demonstrate compliance with consent obligations.

When data is no longer needed, it is deleted or anonymised.

8. Your rights

If you are in the UK or the EEA, you have the following rights in relation to your personal data, subject to certain conditions and exemptions:

  • Right of access – to obtain a copy of your personal data and information about how it is processed.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure – to request deletion of your personal data in certain circumstances.
  • Right to restriction of processing – to request that we limit how we use your data in certain situations.
  • Right to object – you may object to processing based on legitimate interests.
  • Right to data portability – to receive your data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent – where we rely on consent (for example, for optional cookies), you can withdraw it at any time.

To exercise any of these rights, please contact us using you can contact us using the contact form available on this website. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

9. Security

We take appropriate technical and organisational measures to protect personal data, including:

  • using reputable hosting and security providers;
  • applying firewall and intrusion-prevention tools (Wordfence, SiteLock);
  • keeping WordPress core, themes and plugins updated;
  • limiting access to administrative accounts; and
  • using secure connections (HTTPS/TLS).

However, no website or internet transmission is completely secure. We cannot guarantee absolute security, but we work to minimise risks.

10. Children’s privacy

This website is aimed at adults and is not intended for use by children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data through this site, please contact us so we can delete it where appropriate.

11. Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect changes in the law, our services or the technologies we use.

The “Last updated” date at the top of this page shows when the policy was last revised. We encourage you to review this page periodically.

12. Contact

If you have any questions about this Privacy Policy or how we handle personal data, please contact us using you can contact us using the contact form available on this website.