Patton Signature
01Introduction & Scope
Patton Signature operates the website at pattonsignature.com (the “Site”) as a public documentary archive concerning WIPO UDRP Case No. D2026-1064. This Privacy Policy (the “Policy”) describes how information about visitors and users is handled.
This Policy applies to the public Site and its pages, forms, and logging endpoints. It does not apply to external websites the Site links to, which are governed by their own privacy policies. By using the Site you acknowledge the practices described here.
This Policy is a privacy disclosure. It is not legal advice, and nothing in it constitutes a position in, or a waiver of any right relating to, any proceeding referenced on the Site.
02Who Is Responsible
The person responsible for the Site and for decisions about how visitor information is processed — the “data controller” for the purposes of the EU/UK General Data Protection Regulation (GDPR) and the “business” for the purposes of California law — is:
| Controller | Tyler Patton |
| Site | pattonsignature.com |
| Contact | pattonsignature@gmail.com |
| Capacity | Individual operating a noncommercial documentary archive in the public interest |
All privacy questions, requests, and complaints may be sent to the contact address above. There is no charge to contact us about your privacy.
03Information We Collect
The Site is built to collect as little as is practical. We do not run advertising networks, we do not sell data, and we do not operate third-party behavioral trackers. The categories below are the complete picture.
3.1 Information collected automatically
When any page is loaded, a small script sends a single record to the Site’s own logging endpoint. Each record may contain:
| Data point | Example / detail |
|---|---|
| Timestamp | Date and time of the page view, in UTC |
| IP address | The public network address your request arrives from |
| Page | The path of the page viewed (e.g. /index.html) |
| Page title | The title of the page viewed |
| Referrer | The address of the page that linked you here, if any |
| User agent | The browser and operating system string your browser sends |
| Daily fingerprint | A one-way hash described in Section 4 |
These records are stored as plain log files on the Site’s own server. A per-address rate limit applies. Automated traffic (bots, crawlers, and cloud-infrastructure requests) is identified and flagged in the log but is retained for security and integrity purposes; it is excluded from visitor-count analytics and is not commingled with records of human visitors.
3.2 Information you provide to us
Some information is collected only because you choose to give it:
- Viewer agreement. To access the interactive record, you are asked to enter an email address and affirmatively agree to the viewing terms. When you do, we record that email address, the fact and time of agreement, your IP address, browser user-agent, and your browser’s reported time zone.
- Contact form / correspondence. If you use a contact form on the Site or email us directly, we receive whatever you choose to send — typically your name (optional), email address, and your message.
You are never required to provide information you do not wish to provide. If you do not complete the viewer agreement, you simply will not gain access to the gated record — the public pages remain available.
3.3 Information we do not collect
We do not knowingly collect government identifiers, financial account numbers, precise GPS location, biometric data, or any “special category” data (such as health, religion, or political opinion). We do not ask for them and the Site has no field for them.
04The Daily Visitor Fingerprint
Because this practice is unusual, it is disclosed on its own. To estimate how many distinct people visit on a given day without storing a persistent tracking identifier, the Site computes a daily fingerprint: a SHA-256 cryptographic hash of your IP address, your browser user-agent, and the calendar date, truncated to sixteen characters.
The fingerprint is a one-way hash — it cannot be reversed to recover your IP or browser. Because the calendar date is part of the input, the value changes at midnight UTC every day. The same visitor on two different days produces two unrelated fingerprints, so it cannot be used to follow an individual across days.
The fingerprint is used only to produce “unique visitors per day” counts in our private analytics. It is never shared and never combined with the contact or agreement data you provide.
05Cookies & Local Storage
The Site uses cookies sparingly and only where they are necessary for the Site to function. We do not use advertising or cross-site tracking cookies.
| Cookie | Purpose | Lifetime |
|---|---|---|
| Session cookie | A standard server session identifier. It remembers, within a single browsing session, that you have completed the viewer agreement, so you are not asked again on every page. It carries no personal data itself. | Cleared when you close your browser |
The session cookie is set with the Secure, HttpOnly,
and SameSite=Strict flags — meaning it is sent only over
HTTPS, cannot be read by JavaScript, and is never sent on cross-site
requests. Because this cookie is strictly necessary for the gated record to
work, it does not require separate consent. You may block or delete cookies
in your browser settings; if you do, the viewer agreement may ask you to
confirm again.
06Why We Use Your Information — Purposes & Legal Bases
We use the information described above only for the specific purposes below. For visitors in the EEA and the UK, the corresponding GDPR legal basis is shown.
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Operating, securing, and maintaining the Site; preventing abuse, fraud, and automated attacks; diagnosing technical faults | Legitimate interests — Art. 6(1)(f) |
| Understanding, in aggregate, how many people visit and which pages are read, to maintain the documentary archive responsibly | Legitimate interests — Art. 6(1)(f) |
| Recording your agreement to the viewing terms and granting access to the gated record | Consent — Art. 6(1)(a); and performance of your request — Art. 6(1)(b) |
| Responding to messages you send us | Consent — Art. 6(1)(a); and our legitimate interest in replying to correspondence |
| Keeping records connected to legal proceedings and complying with legal obligations | Legal obligation — Art. 6(1)(c); and legitimate interests in the establishment, exercise, or defense of legal claims |
Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms. Where we rely on consent, you may withdraw it at any time (see Section 14); withdrawing consent does not affect processing already carried out.
07IP Geolocation
When the Site’s administrator reviews traffic analytics, IP addresses from the visit logs may be looked up to estimate an approximate geographic location — typically a city, region, and country. This helps distinguish ordinary readership from automated or anomalous traffic.
These lookups are performed by a third-party service, ip-api.com. To carry out a lookup, the visitor IP address is sent to that service. Each address is queried at most once and the result is cached on our own server, so the same address is not sent repeatedly. The location produced is approximate and city-level at best; it is not precise and is not GPS data.
If you would prefer your IP address not be processed this way, you may request deletion of your visit records (see Section 14).
08Third Parties & Service Providers
The Site relies on a small number of external providers. Each receives only what it needs to perform its function:
| Provider | Function | What it may receive |
|---|---|---|
| Web host / registrar | Serves the Site and stores its files and logs | All request data necessary to deliver pages, including IP address |
| ip-api.com | Approximate IP geolocation for analytics | Visitor IP addresses, as described in Section 7 |
| Google Fonts | Delivers the typefaces used for the Site’s design | Your IP address and browser, sent to Google when fonts load |
We do not use advertising networks, social-media tracking pixels, data brokers, or analytics products that build cross-site profiles. We have no financial relationship under which any personal information is exchanged.
09When Information Is Shared
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only in these limited situations:
- Service providers. To the providers in Section 8, strictly to perform the functions described.
- Legal requirements. Where disclosure is required by valid law, subpoena, court order, or other lawful process, or to establish, exercise, or defend legal claims.
- Protection of rights and safety. Where reasonably necessary to protect the rights, property, or safety of the Site, its operator, its users, or the public, and to investigate abuse or security incidents.
- With your direction. Where you have asked us to share information or have made it public yourself.
Because the Site concerns an active legal matter, information may be retained and used as part of the records of that matter, consistent with Section 6.
10International Data Transfers
The Site is operated from, and its servers are located in, the United States. The geolocation provider may process IP addresses on infrastructure in other countries. If you access the Site from outside the United States, information about you will be transferred to and processed in the United States and possibly elsewhere, where data-protection laws may differ from those of your home country.
Where such transfers involve personal data protected by the GDPR, we rely on appropriate safeguards — such as Standard Contractual Clauses or an equivalent lawful transfer mechanism — or on a derogation permitted by law, including the necessity of the transfer for the establishment, exercise, or defense of legal claims.
11How Long We Keep It
We keep information only as long as there is a genuine reason to, then delete or anonymize it.
| Category | Retention |
|---|---|
| Page-visit logs | Up to 24 months, then deleted; reviewed periodically and purged earlier where no longer needed |
| Viewer-agreement records (incl. email) | For the duration of the related legal proceedings and any applicable limitation period, after which they are deleted |
| Contact messages | For as long as needed to handle your enquiry and any follow-up, then deleted |
| Geolocation cache | Kept while useful for analytics; contains location data keyed to an IP address and no name or contact detail |
| Security / audit logs | Retained as needed for security and integrity, and to evidence compliance with this Policy |
You may ask us to delete information about you sooner — see Sections 13 and 14.
12How We Protect It
We apply reasonable technical and organizational measures appropriate to a site of this kind, including:
- Encryption in transit — the Site is served over HTTPS/TLS.
- Log directories shielded from public web access at the server level.
- Session cookies hardened with
Secure,HttpOnly, andSameSite=Strict. - Administrative access protected by a credential, brute-force lockout, session timeout, and an audit log.
- Automated-traffic filtering and per-address rate limiting.
- Data minimization — we collect and keep as little as practical.
No website can promise perfect security. If we become aware of a breach affecting personal data, we will act promptly and will notify affected people and regulators where the law requires.
13Your Privacy Rights
Depending on where you live, you have some or all of the following rights. We honor these rights for all users wherever we reasonably can, regardless of location.
13.1 If you are in the EEA or the UK (GDPR)
Access
Obtain confirmation of whether we process data about you and a copy of it.
Rectification
Have inaccurate or incomplete information about you corrected.
Erasure
Have your personal data deleted where there is no overriding reason to keep it.
Restriction
Ask us to limit how we use your data while a question about it is resolved.
Portability
Receive data you provided in a structured, machine-readable format.
Object
Object to processing based on legitimate interests, on grounds relating to your situation.
Withdraw consent
Withdraw consent at any time, without affecting earlier processing.
Complain
Lodge a complaint with your local data-protection supervisory authority.
13.2 If you are in California (CCPA/CPRA)
California residents have the right to know what personal information is collected and how it is used and disclosed; the right to access and to delete it; the right to correct inaccurate information; and the right not to be discriminated against for exercising these rights. Because we do not sell or share personal information for cross-context behavioral advertising, there is no “opt-out of sale” to exercise — but you may still confirm this with us.
13.3 Everyone else
If you are elsewhere, you may still contact us to ask what we hold about you, to correct it, or to request its deletion, and we will respond in good faith.
14Exercising Your Rights
To make any request, email pattonsignature@gmail.com and tell us, as specifically as you can, what you would like.
- To delete visit records, it helps to tell us the IP address and the approximate dates.
- To delete agreement or contact records, tell us the email address you used. On request we can erase every record tied to that address.
We may need to verify your request — for example, by confirming control of the email address involved — so that we do not act on someone else’s data. We will respond within the time the applicable law requires (generally within 30 days under GDPR, or 45 days under California law, with one extension where permitted). Exercising your rights is free; we may charge a reasonable fee or decline only where a request is manifestly unfounded or excessive, and we will explain if so.
A request to delete data does not override our ability to retain information where the law requires it, or where it is necessary for the establishment, exercise, or defense of legal claims connected to the matter this Site documents. Where that applies, we will tell you.
15Children’s Privacy
The Site is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided information through the Site, contact us and we will delete it promptly.
16Automated Decisions
We do not make decisions that produce legal or similarly significant effects about you using solely automated processing or profiling. The automated bot-filtering and rate-limiting described in this Policy are security measures; they do not evaluate you as an individual.
17Do Not Track
Some browsers send a “Do Not Track” signal. There is no common industry standard for how sites must respond. Because the Site does not perform cross-site tracking or behavioral advertising in the first place, our practices are consistent with a Do Not Track preference regardless of whether the signal is sent.
18External Links
The Site links to external pages, documents, and resources. Once you follow a link away from pattonsignature.com, this Policy no longer applies. We do not control and are not responsible for the privacy practices of other sites; review their policies before providing information to them.
19Changes to This Policy
We may update this Policy from time to time — for example, if the Site’s features or service providers change. When we do, we will revise the “Last updated” date at the top and increment the version number. Material changes will be made clear on the Site. Your continued use of the Site after an update means you are aware of the current Policy.
20Contact Us
For any question, request, or concern about privacy or this Policy, please get in touch. We treat privacy correspondence seriously and will respond.