Who we are
Our website address is: https://infinitesynergysolutions.com/
What personal data we collect and why we collect it
Comments & Discussion Forums
When visitors leave comments/forum posts on the site we collect the data shown in the comment/forum post form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment/forum post.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact Forms
When visitors fill out the contact form, we collect the data shown in the form, and also the visitor’s IP address to help with spam detection.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks or until your cookies are cleared in some other manner. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Profile information
When members fill in profile data, that data is typically visible publicly on their user profile. Any information we collect about you in this way shall be used in a manner in keeping with the spirit in which the information was provided. For example, if you enter biographical information about yourself on your profile, that information shall be displayed to other users when they visit your profile.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics for aggregated, anonymized website traffic analysis. In order to track your session usage, Google drops a cookie (_ga) with a randomly-generated ClientID in your browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google your IP Address. We use GA to track aggregated website behavior, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness. If you would like to access what browsing information we have – or ask us to delete any GA data – please delete your _ga cookies, reach out to us via our contact form, and/or install the Google Analytics Opt-Out Browser Add-On.
When our newsletters are opened, as well as clicks on links in our newsletters may be recorded. This helps us determine the interest level of individuals subscribed to our newsletter.
How long we retain your data
If you leave a comment (including a forum or direct message,) the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
IP addresses that have been stored as part of site usage (rather than as part of the meta data of a comment) are kept for a period of 3 months and then discarded. This is to help us with spam, harassment and fraud prevention.
If you choose to delete your user account, messages that you have sent will remain on the site. This includes messages posted publicly, such as in forums or on news posts. This is similar to how sending an email cannot be undone; the recipient of the message may keep it for reference or conversational continuity. This includes messages left on articles, in direct messages and in forums.
Notes made by staff in a user’s moderation/customer service log may be kept indefinitely.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
We do not view messages you have left for other users, such as comments, as personal information; however, your name may be removed from comments if you have also closed your user account with which you made those comments (if any.)
Who we share your data with
Infinite Synergy Solutions staff members, such as administrators and moderators, can view data you provide to us or post on the site. Private information is held in confidence and not discussed outside of the staff.
However, anonymity is not a free license to mistreat other members. If a user creates multiple accounts, and makes use of those accounts to harass another member(s), we may inform the victim(s) that all the accounts were owned by the same person.
Announcements may be made about corrective action taken against an account and why, especially if the infractions were public. (ex. “So and so’s account was closed and their IP has been banned, due to the harassing posts made yesterday.”)
Any message sent using Infinite Synergy Solutions may be reviewed by Infinite Synergy Solutions staff. This includes direct messages, especially if we have any reason to suspect rule-breaking, harassment, law-breaking activity or other abuse of our service.
We never sell or trade your information to third-parties.
In the few and rare cases where information is shared with third parties, it is with the understanding that that information be used solely to assist us in providing you with the services associated with Infinite Synergy Solutions. See “where we send your data” below for more on this topic.
Where we send your data
Visitor comments/forum posts may be checked through an automated spam detection service.
We make use of the email service Active Campaign to send our newsletters and other announcements. If you have opted-in to our newsletter, we may sync some basic information about you to Active Campaign to help us address our emails to you. Active Campaign may not use or distribute this information for any reason other than delivering the emails from us to you. You may unsubscribe from our newsletter at any time to stop receiving these emails.
We use Stripe as our credit and debit card processor. Stripe offers safe, secure storage of credit card data. We may also share your name and email address with Stripe for the sole purpose of identifying payments made by you, to make it possible for us to look up charges to your account, double-check their accuracy, and refund them if requested. You may occasionally receive subscription receipts or notices about charges failing or your credit card expiration approaching. See Stripe’s privacy policy here.
What third parties we receive data from
We receive anonymized data from Google Analytics regarding where people are accessing the site from, what browsers and devices are used when accessing the site, what portions of the site see the most traffic, and durations of sessions. This information is not personally identifiable to you and instead gives us an “in general” data view about how the site is used over time.
Gravatar provides us with the images that have been associated with an email account, presumably by the email account owner. We use these provided images as user account avatars, assuming you do not override this by uploading one directly to our site.
Your contact information
On rare occasions, we may use your provided contact information (email) to contact you off-site. This includes “transactional” messages (such as receipts,) notifications that you have requested (such as alerts about new posts in discussions you have subscribed to,) and questions or notices regarding your account.
If you’ve entered links to social media sites on your public profile, site visitors may be able to find and contact you on those sites. Please use your best judgement about whether or not you wish to publicly share contact information.
Additional information
How we protect your data
Securing a website requires many different types of threats to be minimized and prepared for. This includes securing the website code, the server that the website is hosted on, and the transfer of data between the user’s access device and our service. It also includes having appropriate data-handling policies in place and a culture of security for staff that must handle user data. We’ve made efforts to address all of these areas, and continue to educate ourselves on evolving best-practices and update our procedures or code accordingly.
All connections to the site are done via https:// with a valid third party SSL certificate to prevent attackers from “listening in” or changing data as it is sent between your computer and our server, and vice versa.
All passwords are stored using one-way encryption; not even the staff here at Infinite Synergy Solutions can see your password. In addition, access to even the encrypted passwords is restricted to a very small number of staff members whose jobs absolutely require interacting with the database.
Our customer service procedures are written to require that when someone contacts us about an account, we may only discuss account information or provide password resets or other assistance with the email address associated with the account. If for some reason this is not possible, then other methods of identification must be provided. Simply telling us you no longer have access to your email account is insufficient, as anyone could tell us this. If a member is requesting assistance changing the email associated with their account, we will email the old email address first, in addition to asking for other methods of identification.
We keep our underlying software updated with all necessary security patches.
We have worked with the hosting company that owns the server that Infinite Synergy Solutions is hosted on to ensure that our hosting server has been properly hardened against attackers, and have received assurances that if a security breach occurs on their end we will be immediately notified.
Your credit card data never touches our server and instead goes directly to Stripe’s storage vault. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. See Stripe’s security information.
In addition to our continued efforts to keep the site safe and secure, we urge our users to make use of good password hygiene practices, including not re-using passwords between different sites or accounts. This is one of the most important steps an individual can take to avoid losing control of more sensitive accounts, such as email and banking.
What data breach procedures we have in place
If we discover or suspect that a data breach has taken place, we will notify all potentially affected users as soon as possible, and no later than 24 hours after becoming aware of the data breach. This will allow potentially affected users to take immediate action to protect themselves such as by changing their passwords on any other site where they re-used their Infinite Synergy Solutions password.
We will thoroughly investigate the breach or potential breach, and provide further updates to affected members should any new information of relevance come to light. We will also take corrective action to prevent a similar breach from re-occurring. However, these remedies will not delay our initial alert to members.
If we have a reason to suspect that an individual account has been compromised on the user’s end (ex. having your laptop that was logged into our service stolen, having your password known or guessed by a jealous ex) we may initiate a password reset and contact the account owner.