AI for DBAs

Get Started →

Privacy & Compliance

This page tells you exactly what aifordbas.com collects, what it does not, and what your rights are. It also makes specific disclaimers about regulated-industry acronyms (HIPAA, NERC CIP, PCI DSS, SOC 2, GDPR, CCPA/CPRA, COPPA) so visitors do not assume coverage that does not apply.

Last updated: May 8, 2026

The short version

  • The only personal data this site collects is what you voluntarily submit through the contact form: name, email, message subject, and message body.
  • We do not run analytics, advertising trackers, or third-party tag managers.
  • Your contact-form submission is stored in a private SQL Server database hosted on equipment we control, indexed by submission date.
  • We do not sell, rent, or share your personal data with third parties for marketing purposes.
  • You can ask us to delete your data at any time. Email [email protected].

Who we are

This website (aifordbas.com) is operated by Ward Minson, a sole-proprietor consultant working in Kensett, Arkansas, USA. Contact: [email protected]. There is no separate corporate entity behind this site.

What we collect

We collect personal information only when you provide it to us directly:

  • Contact form submissions: name, email address, the subject category you selected, and the message body. The submission is timestamped (UTC) and we record the connecting IP address and user-agent string for spam-mitigation and audit purposes.
  • Server logs: our edge provider (Cloudflare) and our origin server keep short-term request logs that include IP address, request URL, response code, and user-agent. These logs are used for operations and security and are not aggregated for marketing.

We do not collect:

  • Tracking pixels, advertising beacons, or third-party analytics scripts (no Google Analytics, no Facebook Pixel, no Hotjar, etc.).
  • Any personally identifying information beyond what you submit through the form.
  • Payment information — this site does not process payments. See the PCI DSS section below.

How we use what we collect

  • Contact submissions are read by Ward and used to reply to you. They are stored to maintain a history of correspondence and to allow you to confirm we received your message.
  • Server logs are used to investigate operational issues and security events. Logs older than 30 days are automatically discarded.

Cookies and similar technologies

This site does not set its own analytics or marketing cookies. The two cases where cookies may be set:

  • Cloudflare — our edge provider may set the __cf_bm bot-management cookie and similar security cookies. These are operational and not used for marketing. See Cloudflare's cookie policy.
  • Embedded LinkedIn content — if a page on this site embeds a LinkedIn newsletter widget or similar, LinkedIn may set its own cookies. See LinkedIn's privacy policy. You can avoid LinkedIn cookies by not interacting with embedded LinkedIn content.

Third parties we rely on

  • Cloudflare for CDN, DDoS protection, and TLS termination. Traffic to aifordbas.com passes through Cloudflare's network.
  • LinkedIn for the AI for DBAs newsletter and any embedded LinkedIn content.
  • minsondata.com (operated by the same author) for hosting the book PDF and EPUB.

We do not embed third-party advertising or marketing-tracking widgets.

How long we keep data

  • Contact submissions: retained for as long as the correspondence remains operationally relevant, or until you ask for deletion. We do not have a fixed retention schedule beyond that. If you would like a specific retention period applied, ask us.
  • Server logs: rotated and discarded within 30 days.

Your rights

GDPR (European Union / United Kingdom)

If you are in the EU, EEA, or UK, the General Data Protection Regulation (and the UK GDPR) gives you the following rights regarding personal data we hold about you:

  • Right of access — ask us what we have.
  • Right to rectification — correct what is wrong.
  • Right to erasure (the "right to be forgotten") — ask us to delete it.
  • Right to restrict processing — tell us to stop using it for specific purposes.
  • Right to data portability — receive a copy in a machine-readable format.
  • Right to object — object to specific processing on legitimate-interests grounds.
  • Right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email [email protected] from the address you used to contact us. We will respond within 30 days as required by Article 12.

CCPA / CPRA (California)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the right to:

  • Know what personal information we have collected, used, disclosed, or sold about you.
  • Delete the personal information we have collected, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.
  • Limit the use of "sensitive personal information."
  • Not be discriminated against for exercising any of these rights.

To exercise these rights, email [email protected]. We do not sell or share personal information for cross-context behavioral advertising, and we do not use sensitive personal information for inference. There is therefore nothing to "opt out" of in those categories, but the right to know and the right to delete still apply.

Compliance acronyms — what does and does not apply here

Because this site is read by DBAs working in regulated industries, we are explicit about which regimes do and do not apply to aifordbas.com:

HIPAA

This site is not a Covered Entity or a Business Associate under the U.S. Health Insurance Portability and Accountability Act. We do not handle Protected Health Information (PHI). Do not submit PHI through the contact form. If you do, we cannot accept it as protected, and we will delete the submission and notify you so you can resend through an appropriate channel.

NERC CIP

This site is not a Bulk Electric System (BES) Cyber Asset under the North American Electric Reliability Corporation's Critical Infrastructure Protection standards. We do not store BES Cyber System Information (BCSI). Do not submit BES configuration data, asset inventories, or any CIP-classified information through the contact form.

PCI DSS

This site does not process, store, or transmit cardholder data and is therefore not within scope of the Payment Card Industry Data Security Standard. Do not submit credit-card numbers, CVVs, or other cardholder data through the contact form. We have no payment functionality on this site.

SOC 2

This site is not SOC 2 Type I or Type II certified. Articles on this site that discuss SOC 2 controls or principles are general guidance about the framework, not a representation about the operating effectiveness of controls in your environment, nor about ours.

COPPA

This site is intended for adult database administrators and IT professionals. It is not directed to children under 13 in the United States or under 16 in the EU. We do not knowingly collect personal information from children. If you believe a child has submitted information through this site, contact us and we will delete it.

Security

We take reasonable technical and organizational measures to protect data we hold:

  • Database access is limited to authenticated, network-restricted service accounts following the principle of least privilege.
  • Form submissions are transmitted over TLS terminated at Cloudflare.
  • The application runs in a containerized environment under a non-root user.
  • Backups are encrypted at rest.

That said, no system is invulnerable. If a breach occurs that affects your personal data, we will notify you and the relevant supervisory authority within the timeframes required by applicable law (including GDPR Article 33's 72-hour reporting window where applicable).

Disclaimers

  • The content of this site — articles, code samples, technical recommendations — is for informational and educational purposes only. It is not legal, regulatory, or compliance advice for your environment.
  • References to specific tools, vendors, or AI models do not constitute endorsement.
  • Code samples are provided as-is, without warranty of any kind, under the licenses noted in each post or in the relevant repository.

Changes to this policy

We may update this policy as the site evolves or as the legal landscape changes. The "Last updated" date at the top of this page is authoritative. Material changes will be flagged on the homepage for at least 30 days after publication.

How to contact us about privacy

For any privacy or data-rights request, write to [email protected]. Use the subject line [Privacy] for fastest routing. We will respond within 30 days; faster if your request is time-sensitive (incident response, breach notification).