Privacy Policy

Last Updated: June 3, 2019

Who is T.O.F.U.?

T.O.F.U. Magazine is an independent vegan publication founded in Canada in 2007, and currently owned and operated by Ryan Patey. For further information, please visit the about page.

T.O.F.U.’s website address is:

Your Personal Data and Why T.O.F.U. Collects It


When visitors leave comments on the site, T.O.F.U. collects the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you leave a comment on the site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, T.O.F.U. will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Mobile Theme

A cookie (akm_mobile) is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version.

Embedded Content From Other Websites

This site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

As well, this site contains links to other websites. Please be aware that T.O.F.U. is not responsible for the privacy practices of such other sites. When you go to other websites from here, you are advised to be aware and read their privacy policy.


T.O.F.U. uses Google Analytics to better understand website traffic and webpage usage. Google Analytics is a service which transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google.

By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

T.O.F.U. also uses interfaces with social media sites such as Facebook, Twitter, and others. If you choose to engage with information from this website through any of these services, you should review the privacy policy of the respective service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other personal information

Who T.O.F.U. Shares Your Data With

As mentioned above, T.O.F.U. may share data with Google and various social media platforms to better understand website traffic and webpage usage.

If you sign-up to the newsletter, T.O.F.U. also shares the data collected in the form with Mailchimp to provide the information mentioned within the sign-up form.

Finally, visitor comments are checked through an automated spam detection service. The information collected includes the commenter’s IP address, user agent, referrer, and site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).

As well, visitor IPs are collected to identify 404s and other site access errors through the Redirection plugin.

How Long T.O.F.U. Retains Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so T.O.F.U. can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Data sent to platforms or services such as Mailchimp, Google, Facebook, etc. is retained according to their policies. Thus, T.O.F.U. suggests you familiarize yourself with each policy to better understand the use of your data.

For users that register on the website (if any), T.O.F.U. also stores the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What Rights You Have Over Your Data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data T.O.F.U. holds about you, including any data you have provided. You can also request that T.O.F.U. erases any personal data it holds about you. This does not include any data T.O.F.U. is obliged to keep for administrative, legal, or security purposes.

Additional Information


For the site’s registered users, the following information is captured: user email address, user role, user login, user display name, and local user IDs, the activity to be recorded, the site ID of the site on which the activity takes place, the site’s Jetpack version, and the timestamp of the activity. Some activities may also include the actor’s IP address (login attempts, for example) and user agent.

In terms of user activities, the following information is tracked: login attempts/actions, post and page update and publish actions, comment/pingback submission and management actions, plugin and theme management actions, widget updates, user management actions, and the modification of other various site settings and options. Along with this, some data is synced, including successful and failed login attempts, which will include the actor’s IP address and user agent.

Jetpack Comments and Akismet Spam Filter

This site uses both Jetpack and Akismet. These services may send to servers or store the following as cookies: commenter’s name, email address, and site URL (if provided via the comment form), timestamp, and IP address. Additionally, a IFrame receives the following data: blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content. For Akismet , the following information is sent to the service for the sole purpose of spam checking: commenter’s name, email address, site URL, IP address, and user agent.

In the case of comments on the site, all data and metadata (see above) associated with comments is synced. This includes the status of the comment and whether or not it was classified as spam by Akismet.


This feature is only accessible to users logged in to

In order to process a post like action, the following information is used: IP address, user ID, username, site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code.


This feature is only accessible to registered users of the site who are logged in to

For notifications, the following data is used: IP address, user ID, username, site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to the site owner via this feature. This may include: email address, username, site URL, email address, comment content, follow actions, etc.

If you use this service, the following actions will be tracked: sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.


In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

For protection of the site, the following actions are tracked: failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. As well, the following data is synced: failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.


When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.


To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

As well, functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

WooCommerce Services

For payments, we send the purchase total, currency, and customer’s billing information to the respective payment processor. Please see the respective third party’s privacy policy (Stripe’s Privacy Policy and PayPal’s Privacy Policy) for more details. For automated taxes, we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates, we send the destination ZIP/postal code and purchased product dimensions, weight, and quantities to USPS or Canada Post, depending on the service used. For shipping labels we send the customer’s name, address, as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.

For payments with PayPal or Stripe: purchase total, currency, and billing information are used. For taxes: the value of goods in the cart, value of shipping, and destination address are used. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities are used. For shipping labels: customer’s name, address, as well as the dimensions, weight, and quantities of purchased products are used.

Contact Information

For further information, you may use the contact form found here.