Last updated April 20, 2021.
Who we are
What personal data we collect and why we collect it
When email is sent to a company email address, we collect metadata that is gathered by your email client. This metadata is collected and sent by your email client along with the contents of your message. The metadata collected varies by email client and service but it could include the origin mail server’s IP address, information about the email client that you use, and date or time stamps. This information is collected not because we request it but because you provide it. Email metadata is not normally used by us, but it is a normal part of email messages.
If you CC other people within an email that is sent to us, then we do not assume that you or the CC individuals have given permission for us to contact them unless it is explicitly stated within your email that you want us to ‘Reply All.’
When visitors leave comments on the site we collect the data shown in the comments form. We also collect the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Information submitted to any website contact form is packaged up and sent via internal email to one or more company email address. Our website is hosted using secure HTTPS. Contact form information is not directly visible to other internet users if you submit information using website contact forms. However, information submitted via any contact form is not subsequently encrypted before being converted into an internal Baseline Softworks, LLC email. This is not normally a problem because our email server and our web server are within the same physical datacenter. We just thought that you should know.
We will use information provided in a contact form to contact you in regards to any questions that you may have. Reasons for us reaching out include (but are not limited to) inquiries about the locations in which we operate, our areas of expertise, project ideas, networking, and general correspondence. By submitting the contact form, you warrant that you are the person specified in the “Your name” box on the contact form and that you are giving us permission to contact you via any means that you specify.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We collect basic information about your browser during your visit. This includes your operating system, your browser type and version, how much data was transferred between us and you, the IP address reported for your visit (which can be used to determine a coarse physical location), and whether or not you reach out via any contact forms or click on any link that is designed to reach out to us. This information is not personally identifiable and is only used to improve our website.
Who we share your data with
We normally do not share your data with anyone except for other members or employees of Baseline Softworks, LLC. The exception to this is a valid legal request (such as a subpoena) from or supported by the authority of a law enforcement agency or government where we do business. We are not obliged to notify you if this exception occurs, and in some cases we may be legally prevented from doing so.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Analytics are retained for a period no less than 3 years. Most other types of data is retained as long as commercially practicable or as required by law or statute.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any public personal data we hold or display about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes, and it also does not include any data which is not publicly displayed on the website.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Your contact information includes your name, e-mail address, and/or your phone number provided on this website. We consider this information to be personal information and will always encourage you to provide it to us using the most secure communication means possible.
Your non-contact information
Your non-contact information includes any information provided on a contact form that is not your contact information. It also includes any information provided within a body or attachment of an email message, whether or not that email message was sent encrypted to us. We consider this information to be personal and/or business sensitive information and will always encourage you to provide it to us using the most secure communication means possible.
This category does not include any information provided using Comments or Media.
How we protect your data
Website logs and Website databases are protected by password authentication and are only accessible to a select few individuals at Baseline Softworks, LLC. These logs and databases are the primary storage for Comments, Media, data associated with Cookies (when appropriate), and Analytics. In addition, the Website databases are only accessible within the facility which hosts our website. The database servers are physically and electronically inaccessible outside of this facility’s network.
Please only send us email to addresses that end in baselinesoftworks.net! We aren’t able to guarantee protection of any of your data if you try to send us email with a destination address that does not end in baselinesoftworks.net
We only use our own computers to read email that you send to us. If you choose to send us email, then you should know that the contents of that email are stored exactly as sent from you. Access to these emails is protected by password authentication on our email server. In addition to this, if you send us encrypted email, then it is also protected by the following:
- If the email was sent encrypted to us using an S/MIME certificate, then only the users that possess the private certificate key can read that email.
- For the specific S/MIME certificates to use when contacting us, send an unencrypted email to your contact and they will provide their current certificate. You may also consult the Baseline Softworks, LLC public contact information page here: https://baselinesoftworks.net/e2e-keys
- For any of our S/MIME certificates provided by Entrust, please consult the latest Entrust Certificate Practice Statement for more information: https://www.entrust.com/legal-compliance/entrust-certificate-services-repository
- If the email was sent encrypted to us using an OpenPGP key, then only the users that possess the private PGP key can read that email.
- With the exception of keys.openpgp.org, do not use any key servers to obtain or update our public OpenPGP keys!
- For the specific OpenPGP keys to use when contacting us, consult the Baseline Softworks, LLC public contact information page here: https://baselinesoftworks.net/e2e-keys
A back-up of private S/MIME certificates and private OpenPGP keys is stored internally in case of employee departure or computer failure. This backup of private keys is stored on a limited access computer, on offline password protected media, or both. All copies of private keys are stored using strong password authentication, the password is selected by the user of the S/MIME certificate or OpenPGP key, and these passwords are not shared with others. Under no circumstances are private S/MIME or OpenPGP keys ever stored unencrypted.
What if someone is impersonating me
We take great care in making sure that any data provided to us is accurate prior to responding to any communication requests. If we reach out to you based on information provided within a contact form or email message and it turns out that you did not authorize the communication request, then we will apologize and ask you if you would like us to report the incident. We will respond to any reasonable request from you to help law enforcement or internal security deal with suspected misrepresentations or acts of fraud by a third party.
What data breach procedures we have in place
If you suspect a data breach in relation to any information that we collect, please send an email to firstname.lastname@example.org as soon as possible. If you contact any employee or member of Baseline Softworks, LLC in regards to a suspected data breach, then your email will be forwarded internally to someone that will help. Any suspected points of information egress will be closed immediately. We will follow all applicable laws related to notice and responsible disclosure.
If information is provided to us via S/MIME encrypted email and the data breach is a result of the private key becoming compromised, then the appropriate Certificate Revocation List (CRL) at the respective Certificate Authority will be updated and the S/MIME certificate will be marked as revoked. We will do our best to reach out to anyone who has contacted us using the compromised S/MIME certificate at the time of public disclosure.
If information is provided to us via OpenPGP encrypted email and the data breach is a result of the private key becoming compromised, then we will post updates on our website regarding the revocation of existing OpenPGP keys and announce any replacement keys. We will do our best to reach out to anyone who has contacted us using the compromised OpenPGP key at the time of public disclosure.
What third parties we receive data from
We do not receive data from third parties.
What automated decision making and/or profiling we do with user data
We use Analytics to determine if our IT infrastructure needs to be upgraded. We also use Analytics to determine which percentage of users reach out to contact us as a result of their visit to the website.
We do not and will never perform any automated decision making using any data provided to us that was encrypted using S/MIME or OpenPGP except for running the decrypted versions of any executable file attachments through a virus scanner, including any files that are scripts.
Industry regulatory disclosure requirements
Baseline Softworks, LLC was formed in 2019 under the laws of the State of New York, United States. It solicits business primarily in New York State and is open to clients in other states pending any foreign LLC registration requirements. Any disputes will be settled through the courts located in Schenectady County, New York. While we do all that is possible to limit data ingress to those regions in which we do business, you should know that Neither this website nor Baseline Softworks, LLC is subject to the General Data Protection Regulation (GDPR) of the European Union. Baseline Softworks, LLC does not solicit business outside of the United States and it has no physical or legal presence there. If you are from the European Union and you submit personal data to this website, you understand that any compliance with the GDPR by Baseline Softworks, LLC is strictly voluntary.