Privacy Policy
Last updated: 2026-07-08
This privacy policy explains how JDubb ("we", "us", "our") collects, uses, discloses, and protects personal information when you visit our website or engage with our content. This policy is drafted to comply with the California Consumer Privacy Act as amended by the CPRA (Cal. Civ. Code § 1798.100 et seq.) and the CCPA regulations at 11 CCR § 7011.
Categories of personal information we collect (past 12 months)
- Identifiers, name, email, IP address (when you submit a form or subscribe).
- Commercial information, which reviews you engaged with, click-throughs to Amazon products.
- Internet or network activity, pages viewed, referrer, browser and OS (via our self-hosted analytics).
- Geolocation (coarse), approximate city/region derived from IP address.
- Inferences, reading interests drawn from the above.
Sources of personal information
We collect personal information from:
- You directly, when you submit a contact form, subscribe to a list, or leave a comment.
- Your device automatically, when you visit our site (via cookies and server logs).
- Third-party integrations we use (Amazon Associates, YouTube), which may share aggregate engagement data with us.
Business or commercial purposes for collecting personal information
- Operating and improving the site.
- Responding to your questions.
- Delivering our email newsletter if you subscribe.
- Understanding aggregate audience behavior to inform which products we review next.
- Detecting and preventing fraud, abuse, and security incidents.
- Complying with legal obligations.
Categories of third parties with whom we disclose personal information
- Hosting and infrastructure, Cloudflare (CDN, DNS), our VPS providers.
- Analytics, our self-hosted Umami instance at
analytics.willhitestrategy.org. - Email delivery, Resend (if you subscribe to our newsletter).
- Video and embed providers, YouTube (embedded videos), Amazon Associates (product links you click).
- Advisors and service providers, accountants, attorneys, and other advisors bound by confidentiality.
- Law enforcement or regulators, where legally compelled.
Categories of personal information sold or shared, and purposes
We do not sell your personal information for money. The following table lists every category of personal information we may be deemed to "share" (as CCPA § 1798.140(ah) defines it for cross-context behavioral advertising) with a third-party recipient category, and the business or commercial purpose we share it for.
| Category of PI shared | Third-party category | Business/commercial purpose |
|---|---|---|
| Identifiers (IP, cookies) | Video / embed providers (YouTube) | Serve embedded video content you engaged with |
| Identifiers (IP, cookies) | Affiliate networks (Amazon Associates) | Attribute a purchase back to us when you click a product link |
| Internet or network activity | Analytics providers (Umami self-hosted) | Measure aggregate site usage; understand which reviews are useful |
| Identifiers (email) | Email service providers (Resend) | Deliver our newsletter if you subscribe |
Where possible we contract for the recipient to act as a "service provider" under Cal. Civ. Code § 1798.140(ag), which limits how they may use your data. You can direct us to stop such sharing at any time via the Do Not Sell or Share My Personal Information link.
Your California Consumer Rights
If you are a California resident you have the right to:
- Know, request a copy of what personal information we hold about you.
- Delete, request that we delete personal information we hold about you (subject to legal exceptions).
- Correct, request that we correct inaccurate personal information.
- Opt out, direct us to stop selling or sharing your personal information (via the Do Not Sell or Share link).
- Limit the use of sensitive personal information, see the section on sensitive PI below.
- Non-discrimination, we will not deny you services, provide a different level of service, or charge different prices because you exercised any of these rights.
Methods to exercise each right
You can exercise ANY of the CCPA/CPRA rights above using any of the following methods. All methods reach the same team and are treated equally.
- To opt out of sale or sharing (§ 1798.120), use the Do Not Sell or Share My Personal Information web form. No account required.
- To limit use of sensitive personal information (§ 1798.121), use the same web form and select the "limit sensitive PI" option.
- To know, delete, or correct (§§ 1798.100/105/106), email privacy@commquest.io with the subject line "CCPA request" and describe your request.
- Global Privacy Control, enable GPC in your browser (see below); no manual submission needed for the sale/share opt-out.
We will confirm receipt within 10 business days and respond substantively within 45 days (with one 45-day extension if needed, and only after notifying you). We do not require you to create an account to exercise any right.
Global Privacy Control (GPC)
Your browser can send a Global Privacy Control (Sec-GPC:1) signal that we treat as a valid consumer request to opt out of sale or sharing from that browser. You do not need to submit a separate form if GPC is enabled. Learn more at globalprivacycontrol.org.
How we verify a request
To protect your data we must verify that a request comes from you. For a request tied to an email or subscription we already hold, we will match identifiers you provide against our records. For a request from someone we have never contacted, we may ask for additional information. If we cannot verify identity, we will still honor opt-out requests (which do not require verification under 11 CCR § 7026) but we may not act on know / delete / correct requests until verification is complete.
Authorized agents
You may authorize an agent to submit a request on your behalf. We may require: (a) written proof of authorization (a signed letter suffices); (b) that you verify your own identity directly with us; and (c) that you confirm the agent's authority. A power of attorney under Cal. Prob. Code § 4000 et seq. is also sufficient.
Sensitive personal information
We do not knowingly collect sensitive personal information (Social Security number, driver's license number, precise geolocation, biometric data, contents of communications, health, sexual orientation, genetic data, or racial/ethnic origin) beyond what you voluntarily submit to us. Where sensitive PI is provided, we use it only for the purpose you submitted it and do not use it to infer characteristics.
Amazon Associates disclosure
As an Amazon Associate we earn from qualifying purchases. When you click a product link on our site, Amazon may set cookies to attribute a purchase back to us. That flow is governed by Amazon's privacy policy.
Retention
We retain personal information only as long as necessary for the purpose we collected it, plus any legal, tax, or audit obligation. Analytics data is retained in aggregate; identifiable form submissions are retained for as long as we might need to respond to you (typically 3 years from the last contact), then deleted.
Children
We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it. Please contact us at privacy@commquest.io if you believe a child has submitted personal information to us.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be prominently disclosed on the homepage for at least 30 days.
Contact
Questions about this policy or a CCPA/CPRA request: privacy@commquest.io.