Who We Are

RothIRAHub (rothirahub.com, "the Site") is an educational publication operated by Certified SysAdmin LLC, a Kansas limited liability company (formed October 25, 2018). In this policy, "we," "us," and "our" refer to Certified SysAdmin LLC. References to the "Site" refer to rothirahub.com and any subdomains we operate.

Privacy contact: privacy@rothirahub.com

This policy explains what information we collect when you use the Site, how we use it, the legal bases on which we process it, how long we keep it, and the rights you have over it under the EU/UK General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the CPRA ("CCPA"), and other applicable laws.

Summary

We run a static reference site. We do not sell, rent, or trade personal information. We do not currently use advertising networks, and we do not build behavioral profiles. Most visitors can use the entire Site without providing any personal data. The only identifying information we collect is (a) standard server logs required to operate the Site, (b) Google Analytics data (loaded by default in opt-out regions including the United States, requiring explicit consent in opt-in regions like the EEA / UK / CH; honors GPC; opt out anytime), and (c) any information you voluntarily send us through our contact form or email.

Information We Collect

Server logs (automatically collected). Like all web servers, our hosting provider records basic technical information when you visit a page, including your IP address, user agent string, the pages requested, the referring URL, and a timestamp. These logs are retained for up to 30 days for security, debugging, and abuse prevention, then deleted. Logs are processed on our behalf by our hosting provider (see "Service Providers" below).

Analytics — region-aware. We use Google Analytics 4 ("GA4") to understand aggregate traffic patterns. The legal model we apply depends on the country your request originates from (determined at the network edge from your IP address; not stored): in the EEA, United Kingdom, Switzerland, Iceland, Liechtenstein, and Norway, GA4 is loaded only after you give explicit consent via the cookie banner. In the United States and the rest of the world, GA4 is loaded by default — you can opt out at any time via the slim notice on first visit or from the cookie settings link in the footer; opt-out takes effect immediately. We honor the Global Privacy Control browser signal in all regions as a binding opt-out. GA4 is configured with IP-anonymization enabled and with all advertising features and Google Signals turned off; data collected is limited to pseudonymous information including approximate geographic location (city-level, derived from IP and then discarded by Google), device and browser type, pages viewed, time on page, and referring source.

Contact form and email. If you email us or submit a correction, question, or suggestion through the contact page, we receive the name, email address, and message you provide. We use this only to respond to your inquiry and to maintain a record for audit purposes.

What we do NOT collect. We do not ask for or store Social Security numbers, account numbers, passwords, payment information, health information, or any other sensitive identifiers. Our calculators and tools run entirely in your browser — the numbers you type never leave your device and are not transmitted to our servers.

How We Use Information

We use the information described above only for the following purposes:

  • Operating and securing the Site — serving pages, preventing abuse, investigating security incidents (server logs).
  • Understanding aggregate usage — seeing which articles are useful, which are broken, and how to improve them (analytics; loaded by default in opt-out regions, with explicit consent in opt-in regions, never when GPC is signaled).
  • Responding to inquiries — answering your emails and corrections (contact data).
  • Legal compliance — complying with legal obligations, responding to lawful requests, enforcing our Terms of Service.

We do not use your information for advertising, profiling, automated decision-making that produces legal effects, or for any purpose materially different from the purpose for which it was collected.

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6(1) GDPR:

  • Consent (Art. 6(1)(a)) — for analytics cookies and any optional tracking. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — for server logs, security monitoring, and responding to the inquiries you send us. Our legitimate interest is operating a secure, functional website and answering correspondence. You may object to this processing as described under "Your Rights" below.
  • Legal obligation (Art. 6(1)(c)) — where we must retain records to comply with law.

Cookies and Similar Technologies

The Site uses only the minimum cookies required for it to function. No cross-site tracking cookies are set. See our Cookie Notice for the full list, purposes, and retention periods of each cookie, and instructions for managing your preferences.

Service Providers (Data Processors)

We use a small number of third-party services that process data on our behalf under contracts that require them to protect your information and use it only for the purposes we specify:

  • Vercel Inc. — static hosting and content delivery. Vercel processes request logs on our behalf. See Vercel's privacy policy.
  • Google LLC (Google Analytics 4) — aggregate analytics. Loaded by default in opt-out regions (United States and rest of world); loaded only with explicit consent in opt-in regions (EEA / UK / CH / IS / LI / NO). Honors the Global Privacy Control browser signal. See Google's privacy policy.
  • Microsoft Corporation (Microsoft 365 / Microsoft Graph) — when you email us or use our contact form. Inbound mail is delivered to Microsoft 365 shared mailboxes (privacy@, editor@, corrections@, dmca@, legal@). Contact-form submissions are delivered to those mailboxes via the Microsoft Graph API. See Microsoft's privacy statement.

We do not share your information with any third party for their own marketing purposes.

International Data Transfers

We are based in the United States. If you access the Site from outside the United States, information we collect will be transferred to and processed in the United States. Where we transfer personal data of EEA, UK, or Swiss residents to the U.S. or another jurisdiction without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses and, where available, participation in the EU-U.S. Data Privacy Framework by our service providers.

Data Retention

Server logs: retained up to 30 days, then deleted or anonymized.
Analytics data: GA4 event-level data is retained for 14 months, after which it is deleted or aggregated beyond recognition. Aggregated reports with no individual identifiers may be retained longer for historical analysis.
Contact correspondence: retained for up to 3 years to maintain a record of corrections and feedback, then deleted unless a longer retention is required by law.

Your Rights

If you are in the EEA, UK, or Switzerland, you have the following rights under GDPR:

  • Right of access (Art. 15) — to obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — to have inaccurate data corrected.
  • Right to erasure (Art. 17) — to have your data deleted, subject to limited legal exceptions.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20) — to receive your data in a machine-readable format.
  • Right to object (Art. 21) — particularly to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint with a supervisory authority in your country of residence.

If you are a California resident, you have the following rights under the CCPA/CPRA:

  • Right to know — the categories and specific pieces of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to delete — your personal information, subject to legal exceptions.
  • Right to correct — inaccurate personal information.
  • Right to opt out of sale or sharingwe do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. Because we do not sell or share, there is no opt-out required, but you may still exercise this right by contacting us.
  • Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by the CCPA.
  • Right to non-discrimination — we will not deny service, charge a different price, or provide a different quality of service because you exercised any CCPA right.

How to exercise your rights. Send a written request to our privacy contact at the email address above, with enough information for us to verify your identity and locate any data we hold. We will respond within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA, extendable once if necessary). There is no fee for reasonable requests.

Children's Privacy

The Site is directed to adults and is not intended for children under 13 (under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

Security

We take reasonable technical and organizational measures to protect the information we hold, including HTTPS encryption for all traffic to and from the Site, hosting on security-audited infrastructure, and access controls on any data we retain. No system is perfectly secure, and we cannot guarantee against all possible breaches. If a breach affects your personal data and is reportable under applicable law, we will notify you and the relevant supervisory authority as required.

"Do Not Track" Signals

We honor your browser's Do Not Track signal by not loading non-essential analytics or tracking scripts on that session, regardless of any banner state.

Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The "Effective Date" at the top of this page shows when the policy was last revised. For material changes we will post a notice on the Site or, where we have your email, notify you directly. Continued use of the Site after the effective date of a revised policy constitutes acceptance of the revised policy.

Contact Us

For any privacy question, rights request, or concern, please write to:

Privacy Contact
Certified SysAdmin LLC (d/b/a RothIRAHub)
Privacy inquiries: privacy@rothirahub.com
General contact: editor@rothirahub.com