Privacy Policy

Hi! This page explains, in plain language, what personal information I collect on this blog, why I collect it, how I use it, and the choices you have. I care about privacy and keep data collection to the minimum needed to run this site and its community.

Who I am

Controller / Data Fiduciary: Varun Hemachandran (individual; personal blog)

Site: Seldon Crisis (blog) — https://seldoncrisis.blog

Contact (general): seldon@g0v.to

Grievance Officer (India – DPDP): Varun Hemachandran — seldon@g0v.to. For safety and privacy reasons, I do not publish a postal address; please use email for all grievances and rights requests.

If you live in the EU/EEA/UK, you can also contact me for any GDPR questions at the same email.

Where this policy applies & voluntary alignment

This blog is operated by an individual based in India. My primary legal framework is India’s Digital Personal Data Protection Act, 2023 (DPDP). While I am not otherwise subject to the GDPR or non‑Indian privacy laws, I believe in mutual trust and respect and will do my best to align with their spirit and core rights (like access, correction, deletion, and transparency). If any law does apply to me because of how you use this site, I’ll honour the rights and duties that law requires.

What data I collect (and why)

I only collect what I need to run the blog and community:

Account & newsletter data: first name, last name, and email address — to create an account, send updates you ask for, and manage community membership.
Support messages: anything you send me by email or forms — to respond to you.
Analytics: I use Google Analytics to understand aggregate site traffic and content performance. Analytics providers may collect identifiers (cookies or similar), device/browser information, approximate location, and interaction data (pages viewed, time on page, referrers). Exact collection and retention are controlled by the provider’s settings and may change; please see their own documentation/policies for details.

I do not collect sensitive categories of personal data here, and I do not use automated decision‑making that has legal or similarly significant effects.

Where the data comes from

Directly from you (when you sign up, subscribe, comment, or contact me)
Automatically from your device for basic analytics/cookies (see Cookies & analytics below)

How I use your data (purposes)

Run the blog and newsletter (accounts, subscriptions, member updates)
Community operations (managing memberships and perks)
Telemetry/analytics (to understand what content is useful and improve the site)
Legal and security (detect abuse, comply with laws, enforce terms)

I do not sell or rent your personal information. I also do not share it for cross‑context behavioural advertising.

Services that help me run this site (processors/partners)

I use a small number of trusted services to operate the blog and community. They process your data on my instructions:

Ghost (site platform/hosting)
Patreon (community membership & payments, if you join there)
Google Analytics (analytics/telemetry)
Email delivery provider (for newsletters and member emails)

Each provider has its own privacy and security practices. I only share what’s necessary to provide the service, under a contract, and require appropriate safeguards.

When GDPR applies, I process your data under these legal bases:

Consent (e.g., newsletter sign‑ups, certain cookies/analytics where required)
Legitimate interests (running and protecting the site, community operations, non‑intrusive analytics) — balanced against your rights
Legal obligations (responding to lawful requests, record‑keeping)

You can withdraw consent at any time in the ways described below.

Your choices & rights

For everyone

Access & portability: ask for a copy of your data
Correction: ask me to fix inaccurate data
Deletion: ask me to delete your data (unless I need to keep it by law)
Withdraw consent: unsubscribe or change cookie preferences at any time
Complain: contact me at seldon@g0v.to and I’ll do my best to resolve it.

India (DPDP Act)

As a Data Principal, you have the right to: access information, correct, erase, and seek grievance redressal. I provide a readily available grievance channel via the email listed above. If you use a Consent Manager, I will honour requests routed through them.

Although I’m not established in the EU/EEA/UK and do not primarily target these regions, I voluntarily align to key GDPR principles as a matter of good practice and respect for users. When and if GDPR applies to any interaction here, you have the GDPR rights: to be informed, access, rectification, erasure, restriction, portability, objection, and not to be subject to automated decisions. If you have concerns, please contact me and I will try to help.

California, USA (CCPA/CPRA)

I do not sell or share your personal information. California residents have the right to know, delete, correct, and opt‑out of sale or sharing. While I am not a California business, I voluntarily respect these rights in practice where feasible. If you believe any of these apply, contact me using the details above.

I do not sell or share your personal information. California residents have the right to know, delete, correct, and opt‑out of sale or sharing. If you believe any of these apply, contact me using the details above.

How to exercise your rights: email me at seldon@g0v.to from the address you used here. I may ask you to verify your email before acting on a request.

Cookies & analytics

I use essential cookies to run the site and, where enabled, analytics cookies set by Google Analytics.
Where required by law, I will ask for your consent before setting non‑essential cookies.
Analytics settings and the data collected are controlled by the provider and may change; please refer to their documentation and privacy policy for details.
You can refuse analytics cookies in the consent banner (where shown) or use built‑in browser mechanisms (e.g., content blockers). Some features may not work without essential cookies.

International transfers

I am based in India. Some providers I use (e.g., Ghost, Patreon, Google Analytics, email delivery) may process data in other countries. I do not control where these providers host their systems. My data transfers therefore depend on the provider’s infrastructure and their published terms/policies.

Where a law requires specific safeguards for international transfers, I rely on the provider’s standard terms and any safeguards they make available (for example, standard contractual clauses or similar mechanisms), but I cannot promise a specific transfer mechanism in advance. Please review each provider’s documentation and privacy policy for details. If those change in a material way, I will update this section.

For India, transfers will comply with the DPDP Act and any applicable government notifications about restricted countries.

How long I keep data (retention)

I don’t run automated purge cycles. In general, data remains on my systems until you ask me to delete it. When I receive a valid deletion request, I will make a best effort to delete what’s reasonably possible within 60 days of notice, subject to technical, security, or legal constraints (for example, limited access backups that expire on their normal schedule, or records I must retain to comply with law).

Account/newsletter data: kept while you’re subscribed or a former member. If you unsubscribe or ask me to delete it, I’ll aim to delete within 60 days, unless I’m required to keep certain records by law.
Support messages: kept until you ask me to delete them; I’ll aim to delete within 60 days of your request, unless retention is required by law.
Analytics: collected and stored by the analytics provider (e.g., Google Analytics) under their own retention settings; I don’t control those durations. Please refer to the provider’s policy and tools for managing retention and opt-outs.

I aim to minimise what I keep and will honour deletion requests as described above.

Security

I take reasonable technical and organisational measures to protect your information (for example: HTTPS, access controls, strong passwords, and limited access). No website is perfectly secure, but I work to prevent unauthorised access and will notify you and/or regulators of material incidents when required by law.

Children

This site is for a general audience but not directed to children under 13. If you believe a child has provided personal data here without appropriate consent, please contact me and I will delete it.

Third‑party links

This site may link to other websites (for example Patreon posts). Their privacy practices are their own, so please review their policies.

Changes to this policy

I may update this policy at my discretion and will post the revised version here with a new Effective date at the top of the page. I do not send email notices about changes. Your continued use of the site after an update means you accept the revised policy. Please check this page from time to time.

Copyright & ownership

Contact & grievance redressal

Questions or requests? Email seldon@g0v.to.

For India (DPDP) grievance redressal, contact Varun Hemachandran at seldon@g0v.to. For safety and privacy reasons, I do not publish a postal address; please use email for all grievances and rights requests. I will acknowledge and resolve grievances within the timelines prescribed by law.

Quick summary (plain‑English)

I collect just your name and email so I can run the blog/newsletter and community.
I use trusted services like Ghost, Patreon, and Google Analytics to do this.
Your data is not sold, and I don’t share it for targeted ads.
You can access, fix, or delete your data anytime — just email me.
Cookies are minimal; analytics may be used; you can opt out where available.
I keep data until you ask me to delete it, then make a best effort to remove it within 60 days (subject to technical/legal limits). I use security best practices and will be transparent about any changes.