Privacy Policy – Solitude State of Mind

Solitude State of Mind ("this site," "we," or "I") is a personal blog operated by a private individual, not a business entity. This Privacy Policy explains what limited data we collect, why we collect it, and the rights available to you under applicable law. By using this site you acknowledge that you have read and agree to this policy.

1. Information We Collect

a) Information you provide

Account registration — name, email address, and password (stored as a bcrypt hash; we never store plain-text passwords).
Contact form submissions — name, email, subject, and message.

b) Automatically collected data

Session cookies — a single session cookie keeps you logged in across page views. It expires when you close your browser or after 30 days if you use "Remember me."
Basic analytics — we log IP address, browser user-agent, referring URL, and page visited to understand site traffic. No third-party analytics tracker (e.g., Google Analytics) is used.

c) What we do NOT collect

We do not sell, rent, or share your personal information with third parties for marketing purposes.
We do not use advertising networks or place advertising cookies.
We do not build advertising profiles.

2. EU / UK General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, the following applies:

Legal bases for processing

Contract performance — processing your account data to provide access to content you have registered for.
Legitimate interests — server-side analytics to understand site traffic and protect against abuse.
Consent — where required (e.g., cookies beyond strictly necessary), we ask for your consent via the cookie notice. You may withdraw consent at any time by clearing your browser cookies and local storage.

Your rights under GDPR

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure ("right to be forgotten") — request deletion of your account and associated data. We will comply within 30 days.
Restriction — ask us to limit processing while a dispute is resolved.
Portability — receive your data in a structured, machine-readable format.
Object — object to processing based on legitimate interests.
Lodge a complaint — with your local data protection authority (e.g., the ICO in the UK, or your national DPA in the EU).

To exercise any of these rights, contact us via the Contact page. We will respond within 30 days.

Data retention: Account data is retained for as long as your account exists. Analytics logs are deleted after 12 months. Contact form submissions are retained for up to 24 months.

International transfers: This site is hosted on Amazon Web Services (AWS) in the United States. If you are in the EEA/UK, your data is transferred to the US under AWS's standard contractual clauses and participation in the EU-US Data Privacy Framework where applicable.

3. California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the following rights:

Right to Know — request disclosure of categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete — request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct — request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing — we do not sell or share your personal information with third parties for cross-context behavioral advertising. No opt-out action is required.
Right to Non-Discrimination — we will not discriminate against you for exercising any CCPA rights.

Categories of personal information collected (past 12 months): identifiers (name, email, IP address); internet/network activity (pages visited, browser type); account credentials (hashed passwords).

Purpose of collection: to provide account access, personalize content, and analyze site traffic for operational improvement only.

To submit a verifiable consumer request under the CCPA, use our Contact page. We respond within 45 days.

4. Accessibility Disclaimer (ADA)

Solitude State of Mind is a personal blog operated by a private individual, not a place of public accommodation, business, or commercial enterprise subject to Title III of the Americans with Disabilities Act (ADA). As a personal, non-commercial website, this site is not legally required to comply with ADA web-accessibility standards (WCAG 2.1 or otherwise) under current Department of Justice guidance applicable to private individuals.

Access to this site's content is provided as a personal courtesy and may be restricted or modified at any time at the sole discretion of the site operator. No accessibility accommodation, alternate format, or auxiliary aid is guaranteed or implied.

If you experience difficulty accessing content and wish to request a courtesy accommodation, you are welcome to reach out via the Contact page and we will do our best to assist where reasonably practicable.

5. Cookies and Local Storage

Name	Type	Purpose	Duration
`PHPSESSID`	Cookie (strictly necessary)	Maintains your login session	Session / 30 days (Remember me)
`cookie_accepted`	Local Storage	Records that you dismissed the cookie notice	Persistent until manually cleared
`files_view`	Local Storage	Remembers preferred file manager view (grid/list)	Persistent until manually cleared

You can delete cookies and local storage at any time through your browser settings. Deleting the session cookie will log you out.

6. Third-Party Services

Amazon Web Services (AWS) — hosting (EC2), file storage (S3), email delivery (SES), and content delivery (CloudFront). AWS Privacy Policy.
Bootstrap / jsDelivr CDN — serves CSS/JS framework files. jsDelivr may log your IP per its own privacy policy.
Font Awesome CDN — serves icon fonts. May log your IP per its own privacy policy.
Authorize.Net — if you purchase a paid membership, payment data is processed directly by Authorize.Net; we never store full card numbers. Authorize.Net Privacy Policy.

7. Children's Privacy

This site is not directed at children under 13 (or under 16 for EEA residents). We do not knowingly collect personal information from minors. If you believe a minor has registered, please contact us and we will delete the account promptly.

8. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

9. Contact

For privacy requests, data deletion, or questions about this policy, please use our Contact page.