LEGAL
Cookie Policy
Last updated:
What Cookies Are
Cookies are small data files stored on your device by your browser. Similar technologies — local storage, session storage, and pixel tags — serve comparable purposes. This policy uses “cookies” to refer to all of them.
Categories We Use
Strictly necessary
Required for the platform to function. These cannot be turned off.
session_id— keeps you signed in.csrf_token— protects against cross-site request forgery.
Preferences
Remember choices you have made.
locale_preference— remembers your selected language.
Error Monitoring (cookie-free)
- Sentry — minimal error and crash monitoring (EU ingest). This tier sets no cookies and neither reads nor writes local storage on your device; only technical error data without a user profile is transmitted. It therefore does not fall under the consent requirement of §25 TDDDG.
Analytics (consent only)
- PostHog — product analytics, EU-hosted. Sets
ph_*cookies and uses local storage. Loaded exclusively after your consent; without consent no analytics take place. - Sentry (extended telemetry) — performance measurement and extended diagnostics, likewise only after consent.
Marketing
Kotao does not run third-party advertising and does not set marketing cookies.
Lawful Basis
Strictly necessary cookies are placed under §25(2) TDDDG and Art. 6(1)(f) GDPR; no consent is required for them.
The minimal error monitoring does not access your device (§25 TDDDG does not apply) and rests on our legitimate interest in operating a stable, secure website (Art. 6(1)(f) GDPR). Analytics technologies (PostHog, extended Sentry telemetry) rest on your consent (§25(1) TDDDG, Art. 6(1)(a) GDPR); as long as no consent has been given, they are not loaded. We will provide a consent interface (preference center) as soon as we re-enable analytics technologies.
Managing Cookies
Most browsers let you block or delete cookies through their settings. Blocking strictly necessary cookies will prevent core platform features from working.
Third-Party Cookies
Two of our service providers may set their own cookies on pages where their services are loaded:
- Edge security provider — security and bot mitigation. See the provider’s privacy notice.
- Certified payment processors — payment iframes during checkout. See the processor privacy notice shown at checkout.
Further Information
This policy implements the requirements of the ePrivacy Directive and the German TDDDG. For questions, contact legal@kotao.com.
Legal context
Other documents.
Privacy, security, terms, and usage rules should be read together when evaluating Kotao for multiple teams.
-
Acceptable Use Policy
Activities prohibited on the Kotao platform.
-
Data Processing Agreement
Kotao's Data Processing Agreement under Art. 28 GDPR.
-
Illegal Content Reports (DSA)
Notice-and-action mechanism under Art. 16 DSA and Kotao GmbH's points of contact.
-
Imprint
Legal entity information for Kotao GmbH per § 5 DDG.
-
Kotao Payments Terms
Supplementary terms for the integrated payment processing on the Kotao platform.
-
Privacy Policy
How Kotao GmbH collects, uses, and protects your personal data under GDPR.
-
Security Disclosure
How to report security vulnerabilities to Kotao.
-
Sub-processors
Kotao's published, versioned list of sub-processors under Art. 28 GDPR.
-
Terms of Service
The terms governing the use of Kotao's platform and services.