Skip to main content

LEGAL

Cookie Policy

Last updated:

What Cookies Are

Cookies are small data files stored on your device by your browser. Similar technologies — local storage, session storage, and pixel tags — serve comparable purposes. This policy uses “cookies” to refer to all of them.

Categories We Use

Strictly necessary

Required for the platform to function. These cannot be turned off.

  • session_id — keeps you signed in.
  • csrf_token — protects against cross-site request forgery.

Preferences

Remember choices you have made.

  • locale_preference — remembers your selected language.
  • Sentry — minimal error and crash monitoring (EU ingest). This tier sets no cookies and neither reads nor writes local storage on your device; only technical error data without a user profile is transmitted. It therefore does not fall under the consent requirement of §25 TDDDG.
  • PostHog — product analytics, EU-hosted. Sets ph_* cookies and uses local storage. Loaded exclusively after your consent; without consent no analytics take place.
  • Sentry (extended telemetry) — performance measurement and extended diagnostics, likewise only after consent.

Marketing

Kotao does not run third-party advertising and does not set marketing cookies.

Lawful Basis

Strictly necessary cookies are placed under §25(2) TDDDG and Art. 6(1)(f) GDPR; no consent is required for them.

The minimal error monitoring does not access your device (§25 TDDDG does not apply) and rests on our legitimate interest in operating a stable, secure website (Art. 6(1)(f) GDPR). Analytics technologies (PostHog, extended Sentry telemetry) rest on your consent (§25(1) TDDDG, Art. 6(1)(a) GDPR); as long as no consent has been given, they are not loaded. We will provide a consent interface (preference center) as soon as we re-enable analytics technologies.

Managing Cookies

Most browsers let you block or delete cookies through their settings. Blocking strictly necessary cookies will prevent core platform features from working.

Third-Party Cookies

Two of our service providers may set their own cookies on pages where their services are loaded:

  • Edge security provider — security and bot mitigation. See the provider’s privacy notice.
  • Certified payment processors — payment iframes during checkout. See the processor privacy notice shown at checkout.

Further Information

This policy implements the requirements of the ePrivacy Directive and the German TDDDG. For questions, contact legal@kotao.com.