TIAA Privacy Policy

This Privacy Policy was last modified on 09-Dec-2024.

This Privacy Policy describes how we collect, store and process your personal information in order to operate the Technology in A.A. Forum (hereinafter “the Forum”) website (https://discourse.tiaa-forum.org/), which is owned and operated by the Technology in A.A. Forum Community (“TIAA Forum”). The purpose of this forum is for AA members (and non-members who support AA services) to share about using technology for accomplishing the primary purpose of AA. The Forum is available by invitation only.

The TIAA Forum is the controller of your data and can be reached via email at info@tiaa-forum.org. We don’t share user information with third parties except for the limited purposes described below. We don’t sell data.

What Personal Data Do We Collect, and Why?

A. Information You Provide

i. Registering an Account

If you choose to register an account to use the Forum, we may collect information like your email address, username, full name, and password. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.

You can choose to add further information and customize your account profile from your Preferences, including by adding an “About me” section, indicating your time zone and location, sharing your website, area and service position, and/or adding a profile heading or user card background.

ii. Participating in the Forum

You may choose to participate in the Forum by posting content to others in the community, including your questions, experiences, advice or opinions. This content is subject to our Terms of Service and Forum Guidelines.

B. Information Collected Automatically

We collect certain information automatically when you use the Forum in order to understand when you visit, what pages you visit, and the device and browser you use. This includes the use of cookies, small files that a site or its service provider transfers to your hard drive through your web browser (if you allow it). We recommend that you leave cookies enabled, so we can offer you a better experience. These cookies enable the site to recognize your browser and your registered account. It also includes server logs, which include the IP address of requests to our server. We will not drop cookies or other tracking devices that are persistent and/or cannot be erased on an end user’s hard drive or device.

We do capture usage statistics and make them available in your profile. These statistics include items like days visited, read time, number of topics viewed, and the number of posts read, liked, and created. You can see this information in your profile under “Summary”.

We use cookies to understand and save your preferences for future visits and to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. As addressed below, we may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Disable Cookies

Users can manage their preferences for cookies directly from within their own browser. Preferences can include the deletion of existing cookies, enabling or disabling all cookies, and settings for certain websites. Users can find information about how to manage cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Edge.

How Do We Use the Personal Data We Collect?

i. Account Data

Your account data is used to identify you on the Forum and to create your profile page.

As the Forum is access-restricted, we make your profile data available to anyone who can access the Forum, according to the Forum administrator’s configuration. You have the ability to control what is displayed from your profile and can hide your public profile and presence features.

We may use your external personal email address to do things like notify you about activity in the Forum, reset your password and keep your account secure, contact you in relation to your account, or contact you about legal requests if they arise. Your personal email address is not displayed to other users, only your Forum personal message link is accessible.

ii. Data about visits to the Forum

We use data about how our users use the website in order to do things like:

  • optimize the Forum so it’s quick and easy to use
  • diagnose and debug technical errors
  • defend the Forum from abuse or technical attacks
  • compile statistics on Forum and topic popularity
  • compile statistics on the kinds of software and computers visitors use

You can see your account data at any time by visiting your account page on the Forum, which includes your posts and other activity.

Exercising Your Data Rights

We provide users of our Forum with certain legal rights to their data, including the right to access their personal information, change, correct or delete their personal information, or obtain a copy of their personal information in an easily accessible format.

  • You can change your profile data at any time by visiting the profile page for your account. Your account activity page lists your posts and other activity, including your likes and bookmarks.
  • Your account activity page also provides a link that lets you download all of your activity in standard comma-separated values format.
  • You can also choose to hide your public profile and the presence features of your profile by going to your profile preferences and selecting “Hide my public profile and presence features.”

You can delete your account by visiting the preferences section of your profile page. Closing your account starts a process of erasing or anonymizing the data you provided for your account.

  • Information you have shared with others in the Forum may continue to be publicly visible, even after your account has been deleted. However, the attribution of this information to your profile will be removed. Your username will be anonymized and replaced by a unique number, which will act as a placeholder for any posts.
  • Copies of certain information, such as log records, may remain in our database but are disassociated from personal identifiers.
  • Because we maintain the Forum to protect from accidental or malicious loss or destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.

We offer Forum users the opportunity to receive emails and notifications about relevant activity in the Forum, as well as the ability to opt-in to a mailing list mode. Users can change their settings at any time by accessing their account Preferences page. Any emails that we send contain an obvious means of unsubscribing from further messages, with a link appearing at the bottom of the email.

Data Retention

For personal data under our control, we retain this data only for as long as is necessary for the purposes set out in this policy, for as long as your Forum account remains open (i.e. for the lifetime of the account) or as needed to provide these services.

If you no longer wish to use the Forum then you can close your account and delete your data at any time.

Notwithstanding the above, we may retain and use personal information to the extent necessary to comply with any legal obligations, resolve disputes, or enforce agreements. We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.

Our Legal Bases for Processing Personal Information

For personal data under our control, we rely on three bases to lawfully obtain and process personal information:

  • Consent: When users have given us valid consent to process their data. This includes instances where users voluntarily provide information, such as when registering an account or participating in the Forum.
  • Contractual Necessity: When processing is necessary for the performance of a contract to which the user is a party, or to take steps at the request of the user prior to entering into a contract. For example, we need to process your data to provide access to the Forum and maintain your account.
  • Legal Obligations and Legitimate Interests: When processing is necessary to comply with our legal obligations or to pursue our legitimate interests, provided these interests are not overridden by the user’s rights or interests. This can include purposes such as improving the Forum’s functionality, ensuring its security, and preventing abuse.

How and When We Share Information

The purpose of this Forum is to enable members of the community to ask questions, share experiences, give advice, and communicate with others about using technology for accomplishing the primary purpose of AA. We share data about your posts, profile, and other Forum activity with others as described here.

We do not sell or give away your information to third party companies or services. However, we do make use of certain service providers to perform certain functions on our behalf. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated not to disclose or use your information for other purposes.

The TIAA Forum is hosted using Discourse open source software, a product of the Civilized Discourse Construction Kit, Inc (CDCK). We also use a WordPress front end. Directly, or through Discourse, we may also use service providers including the following for certain identified purposes:

  • Akismet - a common WP anti-spam filter used primarily for blocking spam in comments (which we have turned off) but we hope it will be useful in protecting us from other vulnerabilities.
  • Digital Ocean - stores backups and test site.
  • Duplicator – allows us to create backups/images of our WP site easily.
  • Elementor Pro - page design and forms for WP front end.
  • WP Mail SMTP – used to work with our mail relay/gateway solution.
  • Formidable Forms – this forms package allows us to do fairly simple forms for sign up, contact and donations. We use this with the Stripe add-on.
  • If Menu – allows us to show different navigation/pages based on whether a member is logged in or not.
  • Matomo Analytics - an open-source alternative to Google Analytics.
  • WP Discourse - plugin acts as an interface between the WordPress front end and Discourse, acting as an authentication provider.

Children’s Privacy

This Forum is not designed for, and is not marketed to, people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors and we do not knowingly allow minors to use the Forum. By using the Forum or accessing our website, users represent that they are at least the age of majority in their country, state, and/or province of residence.

Data Location and Transfers

The Forum is hosted by Civilized Discourse Construction Kit, Inc., which stores data in CDCK’s data centers and Amazon Web Services S3 in the United States. Your personal data could potentially be accessed by government authorities in accordance with United States law.

The TIAA Forum is a voluntary service and users can choose whether, and how, they wish to use it. In order to make our website and services work as they do, and to enable basic functionality, we ask users to agree to our Terms of Service, which set out the contract between us and our users. Because the Forum is available to people in different countries, we may need to transfer your personal information across borders in order to deliver our services. If or where we may need to transfer data across borders from EEA countries to a non-EEA service provider, we establish the means to ensure an adequate level of data protection.

The Security of Your Information

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information, including a number of administrative, technical and physical safeguards. When you provide us with personal information, the connection between your computer and our server is encrypted using TLS (secure pages are identified by a padlock icon and “https://” in the address bar). Databases and servers have restricted role-based access. We also use firewalls and have 24/7 monitoring services for indicators of a potential breach. Unfortunately no method of transmission or storage is 100% secure.

Contact Us

If you have any questions, comments or suggestions about how we handle personal information you can contact us at: info@tiaa-forum.org.