In addition to the standard Privacy page, the following applies to registered users of teneightymagazine.com (i.e. members of the TenEighty team who have an account that allows them to access the content management system, sometimes called “the CMS” or “the backend”):
TenEighty account and profile
TenEighty uses WordPress as its CMS. When you first become a TenEighty contributor, an account on the CMS will be created for you with a username, display name, and email address you provide, and a randomly-generated temporary password which you will be advised to change as soon as possible.
The username is used for logging in, and is publicly displayed as part of the URL where your posts can be found. The display name is used as your byline on the site, and is publicly displayed alongside your posts. The email address gives you additional control of your account and the information it contains by allowing you to reset your password if you forget it, and is not publicly displayed. Nobody (including the website manager) can access your password, though it can be reset on your behalf should you be unable to access the email address associated with your account.
The username cannot be changed, but the display name, email address, and password can be altered by you at any time via the Profile page.
The WordPress software creates an anonymised string from your email address (also called a hash) and automatically provides it to the Gravatar service to see if you are using it; if so, your Gravatar profile photo will be attached to your TenEighty account, and displayed publicly as part of your byline.
The Profile page also gives you the option to add additional information to be displayed publicly, like a biography (which will appear below your posts) and a non-Gravatar profile photo (which will be part of your byline). These are optional and can be modified or removed at any time.
In addition to the controls included in the Profile page, you can request to receive an exported file of the personal data you have provided to us. You can also request that we erase any personal data we hold about you (though this does not include any data we are obliged to keep for administrative, legal, or security purposes).
Cookies
Cookies are required to use your TenEighty account.
When you log in to the CMS, WordPress sets a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, WordPress will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.
Security
In order to protect the CMS from brute-force attacks, we log the IP addresses of users who make repeated unsuccessful attempts to log in within a short time, and temporarily block these addresses from retrying. These logs are not publicly visible, but are stored indefinitely to help us identify and tackle ongoing threats.
Media uploads
If you upload images to the website (including to your profile), any embedded location data (EXIF GPS) is included, and can be downloaded and extracted from visitors to the website.
TenEighty uses a plugin to reduce the file size of uploaded images, which sends images to the WPMU DEV servers to be optimised. This includes the transfer of EXIF data, which will either be stripped or returned as it is. It is not stored on the WPMU DEV servers. The plugin uses the Stackpath Content Delivery Network (CDN), which may store information about visitors; its privacy policy can be found here.