KotobaInteractive
Legal

Privacy policy

Kotoba Interactive respects your privacy and complies with the General Data Protection Regulation (GDPR, EU Regulation 2016/679) and the amended French Data Protection Act. This page explains what data we process and why.

1. Data controller

Kotoba Interactive, a sole proprietorship represented by Chloé THIEL, 58 rue de Monceau, CS 48756, 75380 Paris Cedex 08, France, publisher of kotobainteractive.com. For any question about your data: contact@kotobainteractive.com.

2. Data we collect

kotobainteractive.com is first and foremost a media outlet (articles and videos). Reading the site requires no account. Creating an account is optional and only powers the community features (commenting, saving favorites, suggesting articles).

Account data

  • Identification: email address, username, display name and, optionally, a profile picture.
  • Authentication: password hashed with bcrypt (never stored in clear text) and last login date.
  • The account relies on a single Kotoba identity shared across the ecosystem (ChineseSRS, EnglishSRS, JapaneseSRS, KoreanSRS), so one account can be used on several platforms in the family.

Content you publish

  • Comments: the text of your comments and replies under articles, with their moderation status (visible, hidden or flagged).
  • Favorites: the list of articles you save to your reading list.
  • Article suggestions: the title and description of topics you propose to the editorial team.

Technical and audience data

  • Preferences: light/dark theme and cookie choices, stored locally on your device and never sent to a server.
  • Security: IP address and connection logs, used for rate limiting and abuse prevention.
  • Audience measurement: only if you consent, via Google Analytics 4 with IP anonymization (page views, traffic source, visit duration).
  • Advertising retargeting: only if you consent, via the Meta, TikTok and X pixels.

3. Purposes and legal bases

  • Providing the service: account management, comments, favorites and suggestions (performance of a contract, art. 6.1.b GDPR).
  • Security: fraud and abuse prevention, moderation (legitimate interest, art. 6.1.f GDPR).
  • Audience and advertising: statistics and retargeting (consent, art. 6.1.a GDPR).

4. Data sharing

We never sell your data. It is only shared with the providers strictly necessary to run the service:

  • OVH SAS: hosting and database (France).
  • Email provider: account and security emails (verification, reset), where applicable.
  • Google Analytics 4: audience measurement (with consent).
  • Meta, TikTok, X: retargeting pixels (with consent).
As of today, audience measurement and retargeting pixels are not active (identifiers not configured). This section describes the processing that will apply once these tools are enabled, always subject to your consent.

5. Data security

  • Passwords hashed with bcrypt (12 rounds).
  • Encrypted HTTPS / TLS connections.
  • Signed sessions stored in an httpOnly cookie.
  • Rate limiting against brute-force attacks.
  • Moderation of public content (comments).

6. Retention periods

Active account
As long as the account exists
Unverified email
Deleted after 30 days
After account deletion
Erased within 30 days
Comments, favorites, suggestions
Deleted with the account
Security logs
90 days
Preferences and consent
6 months
Audience measurement
13 months maximum

7. Your rights

Under the GDPR, you have the following rights at any time:

  • right of access to your data;
  • right to rectification;
  • right to erasure (you can delete your account at any time);
  • right to restriction of processing;
  • right to data portability;
  • right to object;
  • right to withdraw your consent at any time;
  • right to lodge a complaint with the CNIL.

To exercise your rights, write to us at contact@kotobainteractive.com. We respond within one month at most.

8. Protection of minors

Creating an account is reserved for people aged 13 or over. For users aged 13 to 16 living in the European Union, the consent of a holder of parental authority is required (art. 8 GDPR).

9. Breach notification

In the event of a data breach likely to create a risk to your rights, we will notify the CNIL within 72 hours (art. 33 GDPR) and, where the risk is high, inform you directly (art. 34 GDPR).

10. Transfers outside the EU

Google Analytics, Meta, TikTok and X may transfer data outside the European Union. These transfers rely on the European Commission standard contractual clauses and, for the United States, on the Data Privacy Framework.

Useful links

Contact: contact@kotobainteractive.com

Last updated: February 16, 2026.