Privacy policy

01Who we are

Publications du JEPA is an independent publishing house operated as a sole proprietorship based in Buffalo, NY, United States. The website jepapublications.com is owned and managed by us.

For any privacy-related questions or requests, contact us at [email protected].

Data Controller. The Data Controller responsible for the processing of your personal information is José Emiliano Pinto de Andrade, operating under the trade name JEPA Publications, with principal place of business in Buffalo, New York, United States. For privacy enquiries, data access requests, or data deletion requests, contact [email protected] or write to [email protected]. JEPA Publications does not currently have a designated Data Protection Officer (DPO); the Data Controller fulfils that role in person.

02Information we collect

We collect personal information in three ways:

Information you provide voluntarily — when you subscribe to our newsletter, request book previews, make a donation, fill out our contact form, or create an account:

• Name (optional in most forms)
• Email address
• Message content you choose to share
• Language preference

Information collected automatically via cookies and similar technologies (only after your consent — see Section 05):

• IP address (anonymized for analytics)
• Browser type and version, operating system, screen resolution
• Pages visited, time spent, referrer URL
• General geographic location (country/city level, not precise)

Information from third parties — when you interact with our content via embedded services (e.g., a YouTube video, a Facebook share button), those platforms may share limited interaction data with us.

We do not knowingly collect sensitive personal data such as government ID numbers, payment card details, biometric data, or health information through this website. Cryptocurrency donations (see Section 09) are processed without identity verification.

03How we use your information

We use the data we collect exclusively to:

• Send updates about new books, releases, and author content (only if you opted in to our newsletter)
• Respond to your messages and inquiries
• Improve the website experience based on aggregated, anonymized usage statistics
• Translate the site automatically into your preferred language
• Comply with legal obligations (tax records for sales, etc.)
• Protect the website from spam, fraud, and abuse

We never sell, rent, or trade your personal data. We do not engage in targeted advertising profiling. We do not share your data with anyone outside the services strictly required to run the website (listed in Section 06).

04Legal basis for processing (GDPR)

Under the European General Data Protection Regulation (GDPR), we process your personal data on the following legal grounds:

• Consent — for newsletter subscriptions, analytics cookies, marketing cookies, and any optional data collection. You can withdraw consent at any time.
• Legitimate interest — for basic functional cookies needed to run the site (e.g., session, security, language preference), spam protection, and our legitimate communication with subscribers who have opted in.
• Legal obligation — for accounting and tax records related to any purchases or donations.
• Contract performance — when you purchase a book or product through us, processing your data is necessary to deliver what you ordered.

05Cookies and tracking technologies

This website uses cookies and similar technologies to function, analyze traffic, and remember your preferences. We classify cookies into four categories:

• Functional — strictly necessary for the site to work (session, security, language switcher, cookie consent itself). Always active.
• Preferences — remember your settings (preferred language, theme). Loaded only with your consent.
• Statistics — anonymized analytics to understand how visitors use the site (Google Analytics 4). Loaded only with your consent.
• Marketing — currently we do not run targeted advertising. This category is reserved for future use and will not load any scripts until enabled.

You can manage your cookie preferences at any time using the consent banner that appears on your first visit, or by clicking “Manage Consent” in the footer of any page. For a complete list of every cookie used on this site, see our Cookie Policy.

We respect the Global Privacy Control (GPC) and Do Not Track (DNT) signals: if your browser sends one of these signals, we automatically treat that as a rejection of analytics and marketing cookies, with no banner shown.

06Third-party services

We rely on the following processors and service providers, each of whom processes only the minimum data necessary and is contractually bound by data protection agreements:

• Hostinger (Lithuania / EU) — website hosting and email infrastructure for @jepapublications.com addresses. Privacy policy.
• Cloudflare (USA) — content delivery network, DDoS protection, and basic edge analytics. Privacy policy.
• Google LLC (USA) — Google Analytics 4 with anonymized IP, Google Site Kit, MonsterInsights integration. Used only after consent. Privacy policy.
• MailerLite (Lithuania / EU) — newsletter delivery, signup forms, and email automations. Privacy policy.
• TranslatePress + DeepL (Germany / EU) — automatic translation of website content into Portuguese (Portugal and Brazil), Spanish, and French. Page content is sent to DeepL servers for translation; no personal data is transferred. DeepL privacy policy.
• Amazon (USA) — when you click a link to purchase one of our books, you are redirected to amazon.com under their own privacy policy. We do not receive payment information.

Embedded social media buttons and content from Facebook, Instagram, X (Twitter), LinkedIn, TikTok, Pinterest, YouTube, and Fils are blocked by default and only loaded after your explicit consent.

07International data transfers

Some of our service providers (Google, Cloudflare, Amazon) are based in the United States, while others (Hostinger, MailerLite, DeepL) are based in the European Union. When personal data is transferred outside the EU/EEA, we rely on:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission
• EU–U.S. Data Privacy Framework certifications where applicable
• Additional safeguards including encryption in transit (TLS) and at rest

You can request a copy of these safeguards by emailing [email protected].

08Data retention

We keep personal data only as long as necessary for the purpose it was collected, then we delete or anonymize it:

• Newsletter subscribers: data is retained while you remain subscribed. You can unsubscribe at any time using the link at the bottom of every email; your data is deleted within 30 days after unsubscription.
• Contact form messages: retained for up to 24 months after your last interaction, then deleted.
• Analytics data: aggregated and anonymized; the maximum retention in Google Analytics is set to 14 months.
• Tax and accounting records (purchases, donations, invoices): retained for the period required by applicable US tax law (typically 7 years).
• Cookies: durations vary by cookie; see the Cookie Policy for details. Most session cookies expire when you close the browser; persistent cookies expire within 1–13 months.

09Cryptocurrency donations

JEPA Publications accepts voluntary donations in cryptocurrency (Bitcoin, Ethereum, Litecoin, USDT on TRC20/ERC20 networks, and Solana). These donations are:

• Voluntary and irreversible. Once a transaction is confirmed on the blockchain, it cannot be refunded by us.
• Processed without identity verification (KYC). We do not collect your name, address, or any personal information at the time of donation.
• Permanently recorded on a public blockchain. While we do not link transactions to your identity, blockchain transactions are public by nature. Use a privacy-respecting wallet if anonymity is important to you.
• Not financial advice or investment products. Donations to JEPA Publications do not constitute an investment, a return of value, or any future obligation on our part.

10Your rights

Depending on where you live, you may have the following rights regarding your personal data:

Under GDPR (European Union, UK, EEA):

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) — request deletion of your data
• Right to restrict processing — temporarily limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — to processing based on legitimate interest, including direct marketing
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
• Right to lodge a complaint with your national data protection authority

Under CCPA / CPRA (California):

• Right to know what personal information we collect and how it is used
• Right to delete personal information we hold about you
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. There is no fee, and you do not need a lawyer.

11Children’s privacy

This website is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal information, please contact [email protected] and we will delete it promptly.

12Sécurité

We take reasonable technical and organizational measures to protect your data, including:

• HTTPS/TLS encryption for all connections (managed by Cloudflare)
• Web Application Firewall (WAF) rules against common attacks
• Daily encrypted backups of the website and database
• Two-factor authentication on administrator accounts
• Regular security updates of the WordPress core, plugins, and themes

While we strive to protect your data, no method of transmission over the internet is 100% secure. In the unlikely event of a data breach affecting your personal information, we will notify you and the appropriate authorities within 72 hours as required by GDPR.

13Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify subscribers by email and post a notice on this page. The “Last updated” date at the top of this policy shows when it was most recently revised.

Previous versions of this policy are available on request.