Privacy Policy

The California Water Data Consortium is located at:

555 Capitol Mall, Suite 1155, Sacramento, CA 95814

This Privacy Policy (Policy) tells you what personal data and non-personal data the California Water Data Consortium (hereafter “we”) may collect from you as you use this website and its services. It describes how the data is collected, protected, and in some limited cases, shared with other parties. You can make requests to access, change and delete personal data that has been collected.

We do not share, sell, or rent your information to third parties. The following privacy policy is an attempt to provide you with transparency in how data are collected and used. Please email us if you have any additional questions. You can reach us at

We may change this Policy from time to time. Please check this page occasionally to ensure that you are aware of any changes to the Policy. By using our services, you agree to be bound by this Policy.

Our website contains links to other websites that are operated by third parties. We provide those links to share and promote the work of our partners or for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. We are not responsible for websites that are not operated by the California Water Data Consortium, and we recommend that you review those sites’ privacy statements.

Data Collection

Legal basis for collecting and processing your personal and non-personal data

When you load a page on, data is collected in order to facilitate the technical operation of the website, such as security protocols that detect malicious activity that could lead to defacement or a data breach. We thereby have a legitimate interest in monitoring the site’s performance in order to provide a secure and positive experience for visitors. The legal basis for other data collection, such as names and email addresses you submit when signing up for a newsletter, is based on the consent you provide when you elect to join the mailing list, use a contact form, or engage in other direct interaction.

We Collect Your Personal Data in the Following Ways

Automatic Collection

We automatically receive certain information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, as well as the name of the website you visit when you leave our website, if any; your Internet service provider’s name; your web browser type; the type of mobile device you use to visit our website; the computer operating system you use to visit our website; and data about your browsing activity when using our website. We use this information to analyze trends among our users and to help improve our website.


If you choose to add a comment to any published post, the name and email address you enter with your comment will be saved to this website’s database, along with your Internet Protocol (IP) address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective post and is not passed on to any of the third-party data processors.

Your comment and its associated personal data will remain on this site until we 1) remove the comment or 2) remove the post. Should you wish to have the comment and its associated personal data deleted, please email us at using the email address with which you made the comment.

If you are under 16 years of age you must obtain parental consent before posting a comment on the site.

NOTE: You should avoid entering personally identifiable information to the actual comment field of any post comments that you submit on this website.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website, and it is not controlled by us or our website.

These other websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Contact Forms

Our contact form asks for your consent to transmit personal information such as your email address and name in order to facilitate communication. That data and your email content is stored in our database as well as collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL), meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we suggest that you always consider email as an insecure medium and not include confidential or sensitive information within an email.

Email Newsletters

If you choose to subscribe to our listserv, the email address that you submit to us will be forwarded to MailChimp, who provides us with email marketing services. We consider MailChimp to be a third-party data processor. The email address that you submit to MailChimp will not be stored in’s database. We are not responsible for the security of MailChimp’s database.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can unsubscribe using the links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

NOTE: If you are under 16 years of age you must obtain parental consent before joining our email newsletter.

Event Registration

When you register to attend one of our events through Eventbrite, we will see the name and email address you registered with. That data is transmitted by Eventbrite via email to our administrators, but is not stored in’s database.


Our website uses Google Analytics to collect information about the use of our website, but not to collect any personal data. When you load the site, your IP address is anonymized so that it cannot be used to trace you as an individual while still letting us gather information about how users interact with our site. Google Analytics will still place cookies on your computer to track items like visit duration, but it does so without including personal information.

All activity falls within the bounds of the Google Analytics Terms of Service. We are not responsible for the security of Google Analytics. For more information on how Google collects and processes your data, visit: Or to opt-out of Google Analytics across all websites, consider using the tool at


We use security plugins like Wordfence to prevent hacks, break-ins, etc. Those plugins necessarily look at your IP address to ensure that you are not engaged in malicious activity. These plugins also block IP addresses that violate security rules. Wordfence does analyze the activity of IP addresses to look for larger security trends and risks across the internet, and as such we consider Wordfence and their parent company, Defiant, Inc., to be a third-party data processor.

Data Integrity


This site is hosted by SiteGround, based in the United States. Any data originating or stored on the site, including any personal information submitted by users, will be stored and/or processed in the United States. Data is hosted from a secured environment, and backups are only accessible by the site owner and administrator.

We use Secure Sockets Layer (SSL) software to encrypt the information you enter on our Site in order to protect its security during transmission to and from our Site.

Data Breaches

In the unlikely event of a data breach, we will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Internal Data Retention

If you leave a comment, we retain the comment and its metadata indefinitely. This is so that we can recognize and approve any follow-up comments automatically, instead of holding them in a moderation queue.

Third Party Processors

We use several third parties to process personal data on our behalf. These third parties are based in the USA and are EU-U.S Privacy Shield compliant:

We will not sell or rent your information to third parties.

Your Rights

When using our website and submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data and whether any particular privacy law applies to you, you may have some, all, or none of the following rights:

  • You may have the right to be informed about the personal data we collect from you, and how we process it.
  • You may have the right to get confirmation that your personal data is being processed and you may have the ability to access your personal data.
  • You may have the right to have your personal data corrected if it is inaccurate or incomplete.
  • You may have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
  • You may have a right to ‘block’ or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.
  • You may have the right to request and receive a copy of your personal data that you provided to us and use it for your own purposes. You may also request that we remove that data from our records here.

All that said, there are some circumstances when we may be legally required to disclose your Personal Data to a third party regardless of any privacy laws that may apply. These may include the following:

  • We are required to do so by subpoena, law, or other legal process.
  • Disclosure is necessary to assist law enforcement officials or government enforcement agencies.
  • Disclosure is necessary to investigate violations of or otherwise enforce our Legal Terms.
  • Disclosure is necessary to protect us from legal action or claims from third parties, including you and/or other users or members.
  • Disclosure is necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.

If you have privacy-specific questions or comments, please contact us at

If you feel that you need to file an unaddressed complaint about how your personal data is handled, you have the right to contact regulatory or judicial authorities about the matter.

Online Policy Only

This online privacy policy applies only to information collected through our website and not to information that we may collect offline.