Who we are
Our website address is: https://carlenelikesyou.com. This website is owned by Stormcrow Entertainment, LLC. Stormcrow Entertainment was founded in 2005. All information posted on this website is under our copyright. We are a combination entertainment and eCommerce company also Do Business As (DBA) Arcane Objects, Stormcrow Pictures and Stormcrow Digital.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
If you fill out a contact form we will receive an email with the information that you filled out on the form. We may respond to the contact form with a direct email to you. We will not put your email on a “list” unless you click the checkbox to join our email list.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics to measure our site’s success. This may record the area where you are located and the type of computer / phone you are using. We do not connect this with any specifics such as your name or address. This is only used by us so that we can optimize our website.
Who we share your data with
We do not share your data with anyone else other than our printing partners who will only use your address to ship your order to you. They will not share your data or market to you.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Additional information
How we protect your data
We use SSL to guarantee that your data is safe. We also frequently monitor our website’s technology to make sure that it is up-to-date and secure. We also use Stripe as our payment processor. Stripe is incredibly secure and we do not store any credit card information. Stripe is PCI compliant. Here’s some more information about Stripe.
Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.
- Stripe.js is served only over TLS
- Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
Encryption of sensitive data and communication
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
PGP
Stripe has two PGP keys to encrypt your communications with Stripe, or verify signed messages you receive from Stripe. Which key you make use of is dependent on the information needing to be transmitted:
- To securely contact Stripe, use our general PGP key
- To send sensitive data, such as credit card information as part of a data import, use our data migration PGP key
If you’re unfamiliar with PGP, check out GPG, and start by importing a public key.
Vulnerability disclosure and reward program
Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in Stripe’s security, please get in touch at security@stripe.com (optionally using our general PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by Stripe.
We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Stripe rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).
A minimum reward of $500 USD may be provided for the disclosure of qualifying bugs. At our discretion, we may increase the reward amount based on the creativity or severity of the bugs. If you report a vulnerability that does not qualify under the above criteria, we may still provide a minimum reward of $100 USD if your report causes us to take specific action to improve Stripe’s security.
As with most security reward programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. Although Stripe itself and all services offered by Stripe are eligible, vulnerabilities in third-party applications that use Stripe are not. Critical vulnerabilities in Stripe-owned services (e.g., IndieHackers) are eligible for reward if there is concrete evidence that the vulnerability can be used to compromise sensitive information.
As with most security reward programs, there are some restrictions:
- We will only reward the first person to responsibly disclose a bug to us;
- Any bugs that are publicly disclosed without providing us a reasonable time to respond will not be rewarded;
- Whether to reward the disclosure of a bug and the amount of the reward is entirely at our discretion, and we may cancel the program at any time;
- Your testing must not violate any laws; and
- You are ineligible to participate in this program if you are a resident of any U.S. embargoed jurisdiction, including but not limited to Iran, North Korea, Cuba, the Crimea region, and Syria; or if you are on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By participating in the program, you represent and warrant that you are not located in any such country or on any such list.
What data breach procedures we have in place
We use secure SSL and keep our website up-to-date. We also have security measures in place that will inform us if there is ever a data breach. We will then inform our customers in the extremely rare event that this occurs.
What third parties we receive data from
We receive credit card approvals from Stripe. We also receive product listings from our printing partner’s websites. These are products that we design and post on our website. We also receive upgrade notices from our website technology partners.
What automated decision making and/or profiling we do with user data
You will receive emails about your order. These are order confirmations, shipping notifications and order receipts. If you’ve opted in to our email newsletter, you’ll also receive our email newsletter and also some product related emails. We do not profile users by any other method except for product selection and choice.
Recent Comments