Sign in Subscribe

privacy

this page explains what i collect on tot.garden, why i collect it, and how you can ask to see, correct, or delete your information. this is a summary of my practices under canada’s pipeda (personal information protection and electronic documents act). it isn’t legal advice.

last updated: 8 dec 2025
contact: totripman@gmail.com (privacy contact: tot ripman)

a quick summary

i collect as little as possible. if you subscribe or become a member, i store your email (and optionally your name). the site also generates basic server logs for security and troubleshooting.

payments, merch, and some embeds run through third-party services (listed below). i don’t see your card numbers.

you can unsubscribe anytime. you can also ask me to access, correct, or delete your information. i aim to reply within 30 days.

what i collect

you give me

  • email + name (optional) when you subscribe/join as a member or leave a comment
  • messages if you email me

collected automatically

  • server logs (ip address, browser type, referring page, and timestamp) for security and troubleshooting
  • cookies/local storage used by the site to remember preferences and by embeds (see below)

through third parties (when you choose to use them)

  • digital product payments + delivery via gumroad
  • merch via bonfire
  • music + social embeds (spotify, youtube, instagram) when they’re on a page you view. these services may set their own cookies and see your ip address/device info
  • email delivery + memberships are handled through my publishing platform (ghost)
  • if i share a referral link, the service may track clicks to credit the referral

why i use this information

  • to run the site and deliver the updates or access you requested
  • to respond to messages you send me
  • to keep the site secure and basic performance-visible
  • to fulfill purchases you choose to make on gumroad/bonfire

i rely on your consent for optional things (like subscribing), and on standard site operations you’d reasonably expect (like security logs and basic, non-invasive measurement). you can withdraw consent at any time.

sharing your information

i don’t sell your personal information. i share it only with vendors who help me run the site or fulfill what you asked for:

  • ghost (publishing + memberships/newsletters)
  • gumroad (digital product payments + delivery)
  • bonfire (merch)
  • email + hosting providers and basic analytics (if used)

these vendors may store/process data outside canada (for example in the us or eu). i choose services with a strong privacy posture, but no method is perfectly secure.

how long i keep things

  • subscriber data: until you unsubscribe or ask me to delete it
  • support emails: as long as needed to handle the thread, then archived as business records
  • server logs: typically 30–90 days unless investigating abuse or security issues
  • purchase data: handled by gumroad/bonfire under their policies; i keep only what i need for records and support

your choices & rights

under pipeda you can:

  • access the personal information i hold about you
  • correct inaccurate information
  • withdraw consent (unsubscribe, adjust cookies)
  • request deletion of information i don’t need to keep for legal/business reasons

to make a request, email msg.tot@gmail.com from the address you used and tell me what you’d like. i aim to respond within 30 days.

cookies & similar tech

site cookies keep things working (sessions, preferences). third-party embeds (spotify, youtube, instagram) and shops (gumroad, bonfire) may set their own cookies. you can block third-party cookies in your browser and still read most of the site, though some embeds may not load with strict settings.

children

this site is for adults and older teens. i don’t knowingly collect data from children under 13. if you think a child provided personal information here, contact me and i’ll delete it.

if you follow a link to another website (gumroad, bonfire, spotify, etc.), their policies apply there. i don’t control those services.

security

i use reasonable safeguards (https, access controls, vendor due diligence). no system is 100% secure; please share only what you’re comfortable sharing.

questions or complaints

email msg.tot@gmail.com for any privacy questions. if we can’t resolve something, you can contact the office of the privacy commissioner of canada for guidance or to file a complaint.

changes to this policy

if i change how i handle data, i’ll update this page and the “last updated” date. if changes are significant, i’ll note them in a post or email.