Privacy-Policy

OZ BOOKS

Privacy Policy

Effective date: May 4, 2026

1. Who we are

OZ Books is the personal author website and writing community of Janice Strohmeier, who self-publishes independently under the name OZ Books (collectively, the “Author,” “we,” “us,” “our”), operating from Smith County, Texas, United States. The site is published at https://ozbooks.org. For privacy questions, please use our contact form at https://ozbooks.org/contact/ with the subject “Privacy Question.”

2. Scope of this policy

This Privacy Policy describes how we collect, use, share, and protect personal information when visitors use our website. It applies to ozbooks.org and to interactions with our newsletter, contact form, and comment system. It does not apply to third-party services we link to or that you connect through our site (notably Substack, Amazon, and Instagram), each of which has its own privacy policy.

3. What we collect, when, and why

3.1 Contact form (/contact/)

When you submit our contact form, we collect:

  • Name, email address, subject category, and message.
  • Date and time of submission.
  • IP address and user agent string captured by Cloudflare and our hosting provider for spam and abuse prevention.

We use this information to read and respond to your inquiry. We do not use it for marketing or share it with third parties unless required by law or necessary to respond (for example, forwarding a press inquiry to a publicist).

3.2 Newsletter signup (Substack)

Our newsletter is hosted by Substack, Inc. (“Substack”), a U.S. company. When you submit your email through any subscription form on this site, your email address is sent directly to Substack to manage your subscription. We do not store your newsletter email on our own servers; the subscription is managed entirely on Substack’s platform.

Substack’s collection and use of your data is governed by Substack’s privacy policy at https://substack.com/privacy. We have no control over Substack’s practices and disclose this so you can make an informed decision before subscribing.

3.3 Comments

Comments on our blog posts and writing prompts are powered by WordPress. When you post a comment, we collect:

  • Name and email address (required by WordPress to associate the comment with you).
  • Optional website URL.
  • The comment content itself.
  • IP address and user agent (logged by WordPress and our hosting provider for spam prevention and moderation).
  • A “remember me” cookie, only if you check the optional checkbox at the time of submission.

All comments are moderated by Janice personally before they appear on the site. Approved comments and the author’s display name are visible publicly. Email addresses are not displayed publicly. Comments may be edited or removed at our discretion.

3.4 Server logs and security data

Our hosting provider and Cloudflare automatically log technical information about every request: IP address, user agent, request URL, response status, and timestamp. This data is used for site availability, performance monitoring, and abuse mitigation. Standard server logs are retained on a rolling basis (typically 30–90 days) and are not used for marketing or analytics.

3.5 Cookies and similar technologies

We use the following cookies and similar technologies. Cookies marked “strictly necessary” are required for the site to operate and are set without consent. Cookies marked “analytics” or “advertising” are loaded only after you provide consent through the cookie banner that appears on your first visit, and you may withdraw or change that consent at any time.

Strictly necessary

  • Cloudflare bot management (__cf_bm, _cfuvid). Distinguishes humans from bots; protects against abuse. Set on every page load. Persists for 30 minutes or for the session.
  • WordPress comment cookies (comment_author_*). Set only if you check the “Save my name, email, and website” box. Persist for one year.
  • WordPress login cookies. Set only when an administrator logs in. Persist for the session, or up to 14 days with “Remember me.”
  • Cookie consent cookies. Record your consent choices so the banner does not show repeatedly. Persist for up to 12 months.

Analytics (loaded only with consent)

  • Google Analytics 4 (_ga, _ga_*, _gid). Operated by Google LLC (USA). Provides aggregate, pseudonymized statistics about how visitors find and use the site (page views, referrer source, approximate location, device type). IP addresses are anonymized before storage where the GA4 setting is enabled. Persist up to 2 years (configurable).

Advertising and measurement (loaded only with consent)

  • Meta Pixel (_fbp, _fbc, fr). Operated by Meta Platforms, Inc. (USA). Used to measure the effectiveness of any advertising we run on Facebook or Instagram, build custom audiences, and report conversions. Persist for 90 days to 2 years.

Your control

  • On your first visit you will see a cookie consent banner with options to Accept All, Reject All, or customize by category.
  • You can change your choices at any time through the “Cookie preferences” link in our footer.
  • We honor the Global Privacy Control (GPC) browser signal as a valid opt-out request under CCPA / CPRA. If GPC is enabled in your browser, analytics and advertising cookies will not be set.
  • Browser-level controls (cookie blocking, “Do Not Track”) will also be respected when feasible.

4. Third parties who may receive your data

We share information with the following service providers, each strictly for the purposes described:

  • Substack (Substack, Inc., USA) — newsletter delivery and subscriber management. Receives: your email address when you subscribe.
  • Cloudflare, Inc. (USA) — content delivery, DDoS protection, bot mitigation. Receives: your IP address and request metadata for every page visit.
  • Bluehost / our web host — site hosting. Receives: standard server log data.
  • Google LLC (USA) — Google Analytics 4. Loaded only with consent. Receives: pseudonymized usage data (page views, referrer, approximate region, device type, anonymized IP).
  • Meta Platforms, Inc. (USA) — Meta Pixel. Loaded only with consent. Receives: pseudonymized event data (page view, conversion, click) used to measure ad performance and to build custom audiences for any Facebook/Instagram advertising we run.

We do not sell personal information for money. We do, however, “share” personal information with Meta for cross-context behavioral advertising as defined under California’s CPRA when the Meta Pixel is loaded. You may opt out of this sharing at any time through the cookie banner, the “Cookie preferences” link in our footer, or by enabling Global Privacy Control in your browser. See Section 7.1 for details on your CCPA/CPRA rights.

5. Legal basis for processing (for EU/UK visitors)

If you are in the European Union or United Kingdom, our legal bases under GDPR / UK GDPR are:

  • Consent — for newsletter signups, the optional “remember me” comment cookie, and ALL analytics and advertising cookies (Google Analytics, Meta Pixel). These cookies are not loaded until you actively consent through the cookie banner.
  • Legitimate interest — for security logging, spam prevention, and responding to contact-form inquiries you initiate.
  • Compliance with legal obligation — for any disclosure required by court order or law enforcement request.

6. International transfers

We are based in the United States. The third-party processors listed above (Substack, Cloudflare, Bluehost, Google, Meta) are also U.S.-based. If you are outside the United States — including in the European Union, the United Kingdom, Canada, or elsewhere — by using our site or submitting personal information, you understand that your data will be transferred to and processed in the United States. We rely on each processor’s own transfer mechanisms (Standard Contractual Clauses, Data Privacy Framework certification, or equivalent) for lawful international transfers; please review each processor’s privacy policy for details.

7. Your rights

7.1 If you live in California (CCPA / CPRA)

You have the right to:

  • Know what personal information we collect, how we use it, and whether we share it.
  • Request deletion of personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information for money. We do “share” data with Meta when the Meta Pixel is loaded (see Section 4). You may opt out by: clicking “Reject All” or “Customize” on the cookie banner, using the “Cookie preferences” link in our footer, or enabling Global Privacy Control in your browser — we honor GPC as a valid opt-out signal.
  • Limit the use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA.
  • Non-discrimination for exercising any of these rights.

7.2 If you live in the European Union or United Kingdom (GDPR / UK GDPR)

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection authority.

7.3 If you live in Texas (TDPSA)

Texas residents have the rights to access, correct, delete, and obtain a portable copy of personal data we process about them, and to opt out of targeted advertising, sale of personal data, and certain profiling activities. The cookie banner provides the mechanism to opt out of targeted advertising on our site.

7.4 If you live in Canada (PIPEDA)

You have the right to access personal information we hold about you, to challenge its accuracy, and to file a complaint with the Privacy Commissioner of Canada.

7.5 How to exercise these rights

Submit a request through our contact form at https://ozbooks.org/contact/, with the subject “Privacy Request.” We will respond within the timeframes required by applicable law (typically 30–45 days). We may need to verify your identity before fulfilling certain requests.

8. Data retention

  • Comments: retained indefinitely while the post they belong to is published. You may request deletion of your comments through our contact form.
  • Contact form messages: retained in our email inbox for as long as needed to handle the inquiry, typically 1–2 years, then deleted.
  • Newsletter subscriptions: retained by Substack until you unsubscribe; managed under Substack’s policy.
  • Server logs: retained on a rolling basis by our hosting provider (typically 30–90 days).
  • Cloudflare logs: retained per Cloudflare’s policy (generally 30 days for free-tier customers).
  • Google Analytics data: retained per the GA4 retention setting (default 14 months; configurable to 2 months minimum).
  • Meta Pixel data: retained per Meta’s policy (typically up to 2 years).

9. Children

OZ Books is intended for an adult audience and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted personal information to us, please contact us through the contact form and we will delete it promptly.

10. Security

We use HTTPS for all site traffic, run WordPress with current security updates, restrict administrative access, log and monitor abnormal activity, and rate-limit login attempts. No site or service is perfectly secure; if we become aware of a security incident affecting your personal information, we will notify you in accordance with applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page reflects the most recent update. Material changes will be announced on the homepage or by email to newsletter subscribers as required by law.

12. Contact

Questions about this Privacy Policy can be sent through our contact form at https://ozbooks.org/contact/ with the subject “Privacy Question.”