Privacy policy

Our privacy policy below explains what data we collect about you, why we collect it, and how we use it.

Cookies

We may store the following cookies on your computer…

Name	Reason
`__Host-composrapp_session`	Identifies your session so that we temporarily can uniquely link your requests together (deleted when your web browser is closed)
`__Secure-composrapp_member_id & __Secure-composrapp_member_hash`	The "remember me" feature for passwords
`__Secure-composrapp_member_id_invisible`	Whether you logged in into invisible mode
`cms_autosave_*`	References to auto-saved incomplete content
`font_size`	To remember your font size choice
`has_cookies`	To detect whether cookies are enabled, so we know whether to enable/disable features that need it
`last_chat_msg_*`	Your most recent non-posted message in a chatroom, so we can prevent data loss if you accidentally reload the page
`last_visit`	When you visited the website last, used for tracking what content is new
`software_chat_prefs`	Chatroom display preferences
`tray_, hide, og_*`	Values (yes/no) for remembering what things have been turned off/closed
`use_wysiwyg`	Whether the WYSIWYG text editor is enabled

If you wish to see what exact cookies are saved, or delete cookies, you may do so using standard tools built into your web browser.

Data Breach Procedure

While users maintain responsibility for their own data (including damages resulting from a data breach), Composr CMS: Your Data, Your Privacy, Your Control will immediately execute the following procedure in the event of a breach being made aware through a credible source:
1. Reactive Mitigation: we may temporarily increase the strictness of firewalls / security systems, lock down administrative accounts or the ability to upload files, lock down all authorization (log-in) methods all-together, or take the site offline, depending on the perceived severity. This will typically last until proactive mitigation has been taken.
2. Analysis: We will analyse and investigate the scope and severity of the data breach including identifying unauthorised access or use of personal information.
3. Proactive Mitigation: Once we have a clear picture of what happened, we will take proactive mitigation as we deem fit. This could include resetting member passwords, banning rogue members and IP addresses, reverting changes or applying patches to software or services, rolling back the site to a stable backup / checkpoint, and/or reporting the breach to law enforcement authorities for additional investigation and prosecution.
4. Communication: Once the above steps have been finished, we will communicate the data breach to all members of Composr CMS: Your Data, Your Privacy, Your Control via e-mail (except those who explicitly un-subscribed from e-mails) and via a news article on the site. We will explain what happened, what areas and data were affected, what Composr CMS: Your Data, Your Privacy, Your Control has done to mitigate the breach and prevent it in the future, and what members should do to protect themselves.

General

We include a mechanism allowing users to unsubscribe from all e-mails sent by our website software. A 'List-Unsubscribe' header is sent in every e-mail delivered from our website, as-is an unsubscribe link in the body of every e-mail. Note that these tools only unsubscribe users from e-mails sent through our website. They do not include other facilities (e.g. direct e-mails from staff or e-mails sent from other software or services).

Action	Reason
We may occasionally send bulk e-mails about Composr CMS: Your Data, Your Privacy, Your Control, or matters relating to content management systems to our members. We will not send bulk e-mails or allow others to send bulk e-mails, which we believe would be considered spam.	To keep you informed, and for sales/marketing activity.
We do not have any special handling of the "Do Not Track" header.	We do not track individual users for advertising purposes, although third-party services we rely on for unrelated functionality may do so.

Information disclosure

We will not share private details other than what can be seen in your forum profile and content submission, unless for a reason covered in this policy, or legally required to do so.

Action	Reason
Your online status may be shown publicly. Additionally, your last activity time will be shown publicly.	Online status helps foster community communication.
Hashed e-mail addresses are shared with gravatar.com, and public gravatars revealed to users.	Gravatar is a service to allow you to have a public avatar shared across the web. If you have set up a gravatar, it will show on this site too, and we need to communicate with gravatar.com to establish if you do using a hash of your e-mail address (theoretically your actual address cannot be determined from this unless Gravatar knows who you are already).
Some of the information you submitted with your account profile will be displayed publicly. This will not include information that many would consider confidential, but rather basic details such as your Username.	This is fundamental to the social networking capabilities of this website.
The staff reserve the right to read any Private Topics and posts placed on this website. Any form of conversation made through this website should be considered viewable by staff. All private-posts and posts, unless deleted by specific request, are stored on the server.	Information may be reviewed if we feel we have cause for an investigation. Situations involving investigations can be anything at our discretion, for example, to investigate specific incidents of our services being used in violation of our rules.

Information disclosure (eCommerce transactions)

Action	Reason
Address and order data will be sent to our tax partner, unknown.	For calculation of taxes.
Address and order data will be sent to PayPal at checkout.	For PayPal to correctly take and process your payment for Composr CMS: Your Data, Your Privacy, Your Control.

Information storage

Members may choose which profile fields display publicly.
If you believe data we hold is incorrect and you cannot amend this yourself, you can contact us to request that we make corrections.
Contact us if you want a copy of all the personal data we have stored on you. We can locate your data by username, e-mail address, IP address, or member ID – specify all that you have so we can maximise deletion. Raw server logs will generally not be included, unless you specifically request it.
Contact us if you wish to have personal data deleted/anonymised from our database. We can delete/anonymise data by username, e-mail address, IP address, or member ID – specify all that you have so we can maximise deletion. Exceptions:
- Some raw log data, or data in backups, will remain with us until it is automatically deleted.
- Editorial data, such as content you've submitted, will not be deleted as standard – but you may request that we delete/alter particular content if you specifically identify it.
- Logged security incidents, or bans, from/on your personal data, will generally not be cleared unless there is what we consider a good reason.
- Pending transactions with you, such as outstanding invoices or non-delivered orders, or records of your ongoing earned benefits, will generally not be cleared unless there is what we consider a good reason.

Action	Reason
User metadata is logged when website activity happens. Metadata may include dates/time, IP address, web browser name, operating system, and account IDs. Log data is automatically deleted on a schedule. Your most recent IP address and visit time will remain a part of your member account.	So we can track success and failure, and audit user behaviour for security and stability, and to generally help us maintain a good user experience.
Information entered manually into the system, or explicitly authorised, will typically be retained – although you may request removal.	This information is key to either material published on the website, or the integrity of user accounts.
IP addresses that have been banned will be permanently stored, as will data about suspicious activity.	We need to be able to permanently ban IP addresses which appear to be abusing our systems.
Use of the shopping cart may cause non-logged-in-user's sessions to stick around for a longer than normal period of time.	To keep the contents of the shopping cart from being lost.

Information transfer

Action	Reason
IP addresses, e-mail address, and usernames, may be checked against the Stop Forum Spam web service, which involves these details being transmitted within a service request. If spam activity is detected then the same details may be reported to the service, and used by the service to produce blocks on other websites.	To reduce spam.
IP addresses may be checked against multiple block lists, which involves these details being transmitted within a service request.	To reduce spam.
Web traffic coming to and from Composr CMS: Your Data, Your Privacy, Your Control may be proxied through the Cloudflare web service. Please see the Cloudflare Privacy Policy.	Cloudflare may be used for improving the security and performance of the site and web servers.
We may use external services to probe IP addresses for geographical location, and for Internet Service Provider names, and other assorted metadata, which may allow the third-party IP-data companies to see what websites you have been active on. Tracking by the companies is not known or intended, but we cannot guarantee it is not happening.	For us to learn more about users for marketing, security, and relationship purposes.
We embed web code from third-party companies. Tracking by the companies is not known or intended, but we cannot guarantee it is not happening.	Web code may be used for many purposes such as displaying non-default fonts or providing interactive page functionality
Social networks such as Facebook and Twitter may track your page views.	Code from these networks embedded so you can easily share content onto social networks, and in some cases see how many shares have already been made.

Parental controls

Action	Reason
Upon registration, members are required to fill in their Date of Birth, and we will maintain this for our records.	To facilitate enforcement of child privacy laws through our parental controls.
Upon registration, members are required to fill in, and keep up-to-date, their time zone, and we will maintain this for our records.	To facilitate enforcement of child privacy laws through our parental controls.
Upon registration, members are required to fill in, and keep up-to-date, their region, and we will maintain this for our records.	To facilitate enforcement of child privacy laws through our parental controls.

Parental Controls - Age Lockout

Members under a certain age will not be allowed to use our site until they are of age to do so. When a member under the age registers an account, they will not be able to log in / use the account until they are old enough to do so.
Members under the age of 15 cannot use our site if they are in the following regions: France. This is governed by the Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés (as modified by GDPR).
Members under the age of 16 cannot use our site if they are in the following regions: Ireland. This is governed by the Data Protection Act 2018 (as modified by GDPR).
Members under the age of 13 cannot use our site if they are in the following regions: New Zealand. This is governed by the Privacy Act 2020.

Parental Controls - Consent

Members under a certain age will be required to get parental consent before they can register for and use an account on our site. Members who require parental consent will be e-mailed a form which must be filled out by a parent or legal guardian. The form will include our contact information at which to submit the completed form. Until our staff confirm parental consent has been received, or until the member reaches the minimum age, they will not be able to log in to their account. When we receive the form, it will be maintained for our records in the event of legal necessity until deemed no-longer necessary (e.g. the member is no-longer using our services or the parent/guardian requested a purge of all data).
Members under the age of 13 must get parental consent if they are located in any of these countries / regions: United States. This is governed by the Children's Online Privacy Protection Act (COPPA).
Members under the age of 16 must get parental consent if they are located in any of these countries / regions: Albania, Andorra, Austria, Belarus, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Faroe Islands, Finland, France, Germany, Gibraltar, Greece, Guernsey, Hungary, Iceland, Isle of Man, Italy, Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, North Macedonia, Malta, Moldova, Republic of, Monaco, Montenegro, Netherlands, Norway, Poland, Portugal, Romania, Russian Federation, San Marino, Serbia, Slovakia, Slovenia, Spain, Svalbard and Jan Mayen, Sweden, Switzerland, Ukraine, United Kingdom, Holy See (Vatican City State), Åland Islands. This is governed by the General Data Protection Regulation (GDPR).
Members under the age of 13 must get parental consent if they are located in any of these countries / regions: Canada. This is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA).
Members under the age of 15 must get parental consent if they are located in any of these countries / regions: Australia. This is a general guideline in Australia as different jurisdictions enforce different age requirements.
Members under the age of 16 must get parental consent if they are located in any of these countries / regions: Brazil. This is governed by the Brazilian General Data Protection Law (LGPD).
Members under the age of 18 must get parental consent if they are located in any of these countries / regions: Japan. This is governed by the Act on the Protection of Personal Information (APPI).
As a default, members under the age of 13 must get parental consent.

Contact Us

For any privacy questions, concerns, or requests (such as to download, anonymise, or delete your data), you may:

E-mail us
Add a new ticket
Mail us:
PDStig, LLC 1417 Cimarron Cir Fairborn, OH 45324

This policy was last revised on 14th Mar 2025, 3:15 AM. Material changes to this policy will be posted as a news update to Composr CMS: Your Data, Your Privacy, Your Control.