Sign in Subscribe

privacy

last updated: 25 oct 2025

contact: msg.tot@gmail.com (privacy contact: tot ripman)

this page explains what i collect on tot.garden, why, and how you can ask to see, fix, or delete your info. this is a summary of my practices under canada’s pipeda (personal information protection and electronic documents act). it isn’t legal advice.

a quick summary

  • i collect as little as possible: mainly your email if you subscribe, and basic server/analytics logs.
  • payments, merch, and embeds run through third-party services (listed below). i don’t see your card numbers.
  • you can unsubscribe anytime and you can ask me to access, correct, or delete your info. i aim to reply within 30 days.

what i collect

you give me:

  • email + name (optional) when you subscribe/join as a member or leave a comment.
  • messages if you email me.

collected automatically:

  • server logs (ip address, browser type, referring page, and timestamp) for security and troubleshooting.
  • cookies/local storage used by the site to remember preferences and by embeds (see below).

through third parties (when you choose to use them):

  • payments & delivery for digital products via gumroad.
  • merch orders via bonfire.
  • music + social embeds (spotify, youtube, instagram) if/when they’re on a page you view. these services may set their own cookies and see your ip address/device info.
  • email delivery / memberships are handled through my publishing platform (ghost).
  • occasionally i share referral links (i’ll label them). those services may track clicks to credit referrals.

why i use this information

  • to run the site, send posts/updates you requested, and respond to you.
  • to keep the site secure (fraud/misuse detection) and to understand what’s working (privacy-respecting analytics and server logs).
  • to fulfill purchases you choose to make on gumroad/bonfire.

legal basis (pipeda)

i rely on your consent for optional things (like subscribing), and on legitimate interests you’d reasonably expect (site security, non-invasive measurement). you can withdraw consent at any time.

sharing your information

i don’t sell your personal information. i share it only with vendors who help me run the site or fulfill what you asked for:

  • ghost (publishing + memberships/newsletters)
  • gumroad (digital product payments + delivery)
  • bonfire (merch)
  • email + hosting providers and basic, privacy-minded analytics (if used)

these vendors may store/process data outside canada (e.g., the us or eu). i choose services with a good privacy posture, but no method is perfectly secure.

how long i keep things

  • subscriber data: until you unsubscribe or ask me to delete it.
  • support emails: as long as needed to handle the thread, then archived as business records.
  • server logs: typically 30–90 days unless investigating abuse or security issues.
  • purchase data: lives with gumroad/bonfire under their policies; i keep only what i need for records and support (e.g., your email and what you bought).

your choices & rights

under pipeda you can:

  • access the personal info i hold about you
  • correct inaccurate info
  • withdraw consent (unsubscribe, turn off cookies)
  • request deletion of info i don’t need to keep for legal/business reasons

to make a request, email msg.tot@gmail.com from the address you used and tell me what you’d like. i’ll respond within 30 days.

cookies & similar tech

  • site cookies keep things working (sessions, preferences).
  • third-party embeds (spotify, youtube, instagram) and shops (gumroad, bonfire) may set their own cookies. you can block third-party cookies in your browser and still read most of the site. some embeds may not load with strict settings.

children

this site is for adults and older teens. i don’t knowingly collect data from children under 13. if you think a child provided personal info here, contact me and i’ll delete it.

links to other sites

if you follow a link to another website (gumroad, bonfire, spotify, etc.), their policies apply there. i don’t control those services.

security

i use reasonable safeguards (https, access controls, vendor due diligence). no system is 100% secure; please share only what you’re comfortable sharing.

questions or complaints

email msg.tot@gmail.com for any privacy questions. if we can’t resolve something, you can contact the office of the privacy commissioner of canada for guidance or to file a complaint.

changes to this policy

if i change how i handle data, i’ll update this page and the “last updated” date. if changes are significant, i’ll note them in a post or email.