Skip to main content

LEGAL

Cookie Policy

Last updated:

What Cookies Are

Cookies are small data files stored on your device by your browser. Similar technologies — local storage, session storage, and pixel tags — serve comparable purposes. This policy uses “cookies” to refer to all of them.

Categories We Use

Strictly necessary

Required for the platform to function. These cannot be turned off.

  • session_id — keeps you signed in.
  • csrf_token — protects against cross-site request forgery.

Preferences

Remember choices you have made.

  • locale_preference — remembers your selected language.

Analytics (opt-in only)

We use PostHog to understand how visitors use the marketing site — pageviews, clicks, scroll depth, and core web vitals. Analytics data is processed on PostHog’s EU Cloud (Frankfurt, Germany); no analytics data is transferred outside the EU.

Analytics cookies — those prefixed with ph_ — are set only after you opt in via the consent banner. Until you accept, no PostHog script loads and no analytics request is sent. You can withdraw consent at any time by opening Cookie settings in the footer and choosing Reject; this stops further collection and clears the ph_ cookies on your device. Withdrawing consent does not affect analytics already collected before withdrawal.

Marketing

Kotao does not run third-party advertising and does not set marketing cookies.

Lawful Basis

Strictly necessary cookies are placed under §25(2) TTDSG and Art. 6(1)(f) GDPR. Analytics cookies require your prior consent under §25(1) TTDSG and Art. 6(1)(a) GDPR. You can change your preferences at any time through the consent banner accessible from the footer.

Managing Cookies

Most browsers let you block or delete cookies through their settings. Blocking strictly necessary cookies will prevent core platform features from working.

Third-Party Cookies

Two of our service providers may set their own cookies on pages where their services are loaded:

  • Edge security provider — security and bot mitigation. See the provider’s privacy notice.
  • Certified payment processors — payment iframes during checkout. See the processor privacy notice shown at checkout.

Further Information

This policy implements the requirements of the ePrivacy Directive and the German TTDSG. For questions, contact privacy@kotao.com.

Legal context

More documents for the same platform.

Kotao connects sales, payments, guests, teams, and websites. That is why privacy, security, terms, and usage rules should be evaluated together.

Separate product and legal

These documents explain terms and responsibilities. Product details, pricing, and roadmap live on the platform pages.

Review regularly

We keep review date, contact points, and scope visible so customers can understand changes.

Read contracts together

Privacy, DPA, Terms, Security, and Acceptable Use should be read together when evaluating Kotao for multiple teams.

Other documents.

Acceptable Use Policy

Activities prohibited on the Kotao platform.

Data Processing Agreement

Kotao's Data Processing Agreement under Art. 28 GDPR.

Imprint

Legal entity information for Kotao GmbH per §5 TMG.

Privacy Policy

How Kotao GmbH collects, uses, and protects your personal data under GDPR.

Security Disclosure

How to report security vulnerabilities to Kotao.

Terms of Service

The terms governing the use of Kotao's platform and services.