Who We Are
Twinkling of the Soul is part of Heart Centred Support Pty Ltd (ABN 64 665 492 473), an Australian-registered company. This is where I (Geoffrey Clow) offer trauma-informed grief support and share writing about loss.
Our website is https://twinklingofthesoul.com
This page explains what information we collect, why we collect it, and what we do with it. No corporate speak. Just honest answers.
We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles. If that means nothing to you, don’t worry, the rest of this page explains it in plain English.
If You Leave a Comment
When you comment on an article, we collect what you type in the form, plus your IP address and browser information. This helps us filter out spam and keep this space safe for real people having real conversations about grief.
If you use Gravatar for your profile picture, an anonymised version of your email gets shared with them to pull up your image. Their privacy policy is here: https://automattic.com/privacy/
Once your comment is approved, your name and picture appear publicly with it. That’s how comments work.
If You Upload Images
Don’t upload images with location data (EXIF GPS) embedded in them. Anyone can download images from the site and extract that information. Protect yourself.
Cookies (The Internet Kind, Not The Edible Kind)
If you comment, you can save your name, email, and website in cookies so you don’t have to type them again next time. These last a year. Convenient, not sinister.
If you log in (most people don’t need to), we set cookies to remember you’re logged in and save your display preferences. Login cookies last two days. Screen preference cookies last a year. If you tick “Remember Me,” you stay logged in for two weeks. When you log out, the login cookies disappear.
If you edit or publish something (again, most visitors won’t), we save a cookie that notes which post you just worked on. No personal data. Just a post ID. Expires after a day.
Third-Party Services We Use
We use some third-party services to make the site work properly and understand how people use it:
- Website analytics (Google Analytics) – to see which articles people read, how long they stay, what helps
- Email services (if you contact us) – to receive and respond to your messages
- Payment processors (if you book a session) – to handle financial transactions securely
These services have their own privacy policies. We don’t control what they do with data. We choose services that treat privacy seriously, but check their policies if you’re concerned.
If You Book a Session or Make a Payment
If you book a counselling session or make a payment, we collect necessary information: name, email, payment details.
We don’t store credit card information on our servers. Payment processing is handled by Stripe, who store financial data securely according to banking standards.
We keep session booking information for record-keeping and legal requirements (professional indemnity insurance, tax purposes, etc.).
Embedded Content From Other Sites
Some articles include embedded videos, images, or content from other websites (YouTube, Vimeo, etc.). When you interact with that content, those other sites may collect data about you, use their own cookies, and track your activity—just as if you’d visited their site directly.
We don’t control what they do. Check their privacy policies if you’re concerned.
Who We Share Your Data With
If you request a password reset, your IP address gets included in the reset email. That’s it.
We don’t sell your information. We don’t share it with marketers. We don’t do anything weird with it.
The only times we’d share your information:
- If legally required (court order, subpoena, etc.)
- If necessary to prevent serious harm
- With third-party services mentioned above, only to the extent needed for them to function
- With your explicit consent
How Long We Keep Your Data
Comments and their metadata stay indefinitely. This lets us auto-approve follow-up comments from the same person instead of holding everything in moderation.
If you register an account (most people don’t), we store the information you provide in your profile. You can see, edit, or delete that information anytime. Administrators can too, but only to help if something breaks.
Session records and payment information are kept for seven years, as required by Australian tax law and professional standards.
Security
We take reasonable steps to protect your information from unauthorised access, loss, or misuse.
The site uses secure connections (HTTPS/SSL with an A+ rating). We use multiple layers of protection:
- Kinsta hosting security: Hardware firewalls, DDoS protection, and the actual server IP address is hidden from public view (making direct attacks much harder)
- Cloudflare: External protection against attacks and malicious traffic
- Wordfence: Internal WordPress firewall, malware scanning, and blocking malicious login attempts
Passwords are encrypted. We don’t store financial data on our servers, payment processors handle that according to banking security standards.
But let’s be honest: no system is perfectly secure. We do our best. We use industry-standard security measures. We keep software updated. We monitor for threats.
If you’re concerned about sending sensitive information over the internet, contact us to discuss alternatives.
Children’s Privacy
This site isn’t directed at children under 18. We don’t knowingly collect information from minors. If you’re under 18 and have left a comment or submitted information, contact us and we’ll delete it.
If you’re a parent and think your child has provided us with personal information, let us know and we’ll remove it.
Your Rights
Under Australian privacy law, you have the right to:
- Know what personal data we hold about you
- Request a copy of that data
- Correct inaccurate information
- Request deletion of your data (except where we’re legally required to keep it)
- Complain to the Office of the Australian Information Commissioner if you think we’ve mishandled your information
You can request a file of all personal data we hold about you, comments you’ve left, profile information if you have an account, session records if you’re a client, anything we’ve collected.
You can also request we delete all your personal data. We’ll do it, except for anything we’re legally required to keep for administrative, legal, security, or professional record-keeping purposes.
Where Your Data Goes
Your data is stored on secure servers provided by Kinsta, with the primary data center in Sydney, Australia. Kinsta is enterprise-grade hosting with multiple layers of security, daily backups, and 24/7 monitoring.
We use Cloudflare for performance and security, which means cached copies of public content (articles, images) are distributed globally to speed up the site.
We use Google reCAPTCHA v3 to protect forms from spam and bots. This means Google collects information about how you interact with the site to determine if you’re human. Google’s privacy policy applies: https://policies.google.com/privacy
Comments may be checked through an automated spam detection service to keep bots and trolls out.
Third-party services we use (analytics, payment processors, email services) typically store data on overseas servers, usually in secure facilities that comply with international security standards.
If data location concerns you, contact us to discuss what’s stored where and what options exist.
Changes to This Policy
We may update this policy occasionally, usually when we add new features or services, or when privacy laws change.
If we make significant changes, we’ll post a notice on the site. For minor updates, we’ll just update the “Last Updated” date below.
By continuing to use the site after changes are posted, you’re accepting the updated policy.
Governing Law
This privacy policy is governed by Australian law. If there’s a dispute about privacy matters, Australian law applies and Australian courts have jurisdiction.
Questions or Concerns?
If you have questions about your data, want to request information, or have concerns about how we’re handling things, contact us:
Email: Here
Mail: 22a Larakia Street, Waramanga, ACT 2611, AUSTRALIA
We’re human. We’ll give you a human answer.
If you’re not satisfied with our response, you can complain to the Office of the Australian Information Commissioner: https://www.oaic.gov.au/