Privacy Policy

Last Revised: 3/2019

Who we are

Rogue Mountain Gold
Our website address is:
https://roguemountaingold.com
Contact: info@roguemountaingold.com

Privacy starts with web security and the data we ask for is only what is needed to to interact with the website to be functional and safe. Here are some things we are doing to enhance privacy:

  • We won’t ask  for any information we don’t need.
  • Use the principles of data minimization–related to the point above, we only collect what we need and only disclose what is absolutely necessary.
  • We are transparent about how your data is used, by whom, and how long it is stored.
  • We use anti-phishing techniques in all forms of communication with you– the Anti Phishing Working Group (APWG), a not for profit group of industry members has good advice on how to mitigate phishing attempts.

What data we collect and why we collect it

The only personally identifiable data; e.g., name, email, address, phone number; we collect are what you choose to share with us via our online store, contact forms, requests for returns, blog comments or comments on our website. With the exception of credit card data, we store the information from your order form to allow us to track consulting issues or refer to a previous order to help provide customer service. To correct or have your information completely removed from this system you may contact us with your request.

Web Pages, Interactions, and E-commerce

Comments

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service is provided by AUTOMATTIC. To see how AUTOMATTIC interacts with Rogue Mountain Gold’s customer data, visit their Privacy Notice.

When visitors leave comments on the site we collect the data shown in the comments form as well as the visitor’s IP address and browser user agent string to help spam detection. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Online Store

We use the WooCommerce ecommerce platform for provided by AUTOMATTIC. To see how AUTOMATTIC interacts with Rogue Mountain Gold’s customer data, visit their Privacy Notice. While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for estimating shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site. For more information on Cookies, see below.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud (we do not store this information, see Payments section below)
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages such as sale dates or coupons, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 2 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses. We do not store credit card information.

We will also store comments or reviews, if you choose to leave them.

Anti-Spam

We collect information about visitors who comment using the Akismet, spam protection by AUTOMATTIC. Visitor comments may be checked through an automated spam detection service. Akismet receives the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as your name, username, email address, and the comment itself). To see how AUTOMATTIC interacts with Rogue Mountain Gold’s customer data, visit their Privacy Notice.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website may download and extract any location data from images on the website.

Contact forms

We use a third-party plugin, Caldera Forms, to make streamlined forms that are elegant and easy for our customers to use, such as the Contact form and the Return Request form. We collect personal information including your name and email address. We receive an email with your submission, but your contact information is stored in a database on our server. We will never use this information for marketing, nor will we sell your personal data. If you would like us to delete your data from our server, please contact us with your request.

Caldera Forms stores data only briefly for each submission. Uploaded media files may remain on the server. Read Caldera Forms Privacy Policy here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

The only analytics we are monitoring are how many visitors come to the site. In the future we will monitor shopping behaviors such as product click counts and abandoned carts.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies.  You can find out more by visiting www.aboutcookies.org.  Flash cookies operate differently than browser cookies and cookie management tools available in a web browser may not remove Flash cookies. Visit Macromedia‘s settings manager documentation to learn how you can manage your Flash cookie settings. Please note, however, that without cookies you may not be able to take full advantage of all of the features of the Services. Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Who we share your data with

Payments

We accept credit card payments through a PCI-compliant payment gateway called Square. When processing payments, some of your data will be passed to Square, including information required to process or support the payment, such as the purchase total and billing information. Square has privacy policies for those who create accounts with them, and for those who do not. Most of our customers will not create a square account, thus the privacy notice found here applies. If you create a Square account, this privacy policy applies.

WE DO NOT STORE YOUR CREDIT CARD DATA, NOR WILL WE EVER HAVE ACCESS TO IT. We use Square for processing credit cards and they guarantee strict PCI compliance, as outlined below in the section titled: How we protect your data.

Who has access to your information

Rogue Mountain Gold is a sole proprietorship and the owner/operator is the only person with access to your order data.

  • Order information indicating what was purchased, when it was purchased and where it should be sent, and
  • Customer information including your name, email address, and billing and shipping addresses.

This information is to help fulfill orders, process refunds, and support you.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time, with the exception of changing usernames. Website administrators can also see and edit that information

How we protect your data

Payments

  • Level 1 PCI compliance: Card processing systems adhere to the PCI Data Security Standard (PCI-DSS), Level 1.
  • Coding best practices: Web development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
  • Systematic security updates: Security updates and patches are installed on servers and equipment in a timely fashion.
  • Compliant data storage: Square prohibits storage of card numbers, magnetic-stripe data, and security codes on client devices.
  • Strong cryptographic controls: Square uses industry-standard cryptographic protocols and message formats (such as SSL/TLS and PGP) when transferring data.

See Square’s full Security and compliance measures here.

Security against brute force attacks

We use Loginizer Security to protect against brute force data breach attacks. We get email notifications, failed attempt logs, whitelist IPs, blacklist IPs and extended lockouts.

Changes to Our Privacy Policy

We reserve the right to update or change this Privacy Policy at any time. If we make a material change to our Privacy Policy, we will provide notice to you (by email and/or posting on our website) that our privacy practices have changed and will provide a link to the new policy. In the event we make a material change to how we use your personal information, we will provide you with an opportunity to opt out of such new or different use. The date this Privacy Policy was last revised is at the top of this page. We encourage you to review this Privacy Policy periodically to check for any updates or changes.