Privacy & Cookies
How we process data, which cookies we set, and how you can exercise your rights under the EU General Data Protection Regulation (GDPR) and the ePrivacy directive.
Last updated: 9 May 2026.
Data controller
The data controller for personal data processed through this website is Raffaele Battaglia, the editor of KosmoPhysis. You can reach the controller at info@kosmophysis.org for any question regarding this policy or to exercise the rights described below.
What we process, and why
KosmoPhysis is a personal, non-commercial publication. We process the minimum amount of data needed to keep the site working, to deliver content you ask for (newsletter, account-saved cards), and — only with your consent — to understand how readers find and move through the site.
1. Server logs (legitimate interest)
The web server records each request in standard access logs: IP address, timestamp, requested path, HTTP status, user-agent string, referrer header. These logs are used for security, debugging, and traffic accounting. They are kept on the server for up to 14 days and then rotated. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in operating and securing the site.
2. Functional session cookie (strictly necessary)
When you sign in to your reader account or to the editorial admin, we set a session
cookie named kosmophysis_session. It contains a random opaque token that
links to your session record server-side; it does not contain personal data and is not
read by anyone other than this site. It is required for sign-in to work and is
considered strictly necessary under the ePrivacy directive — no consent is
required for this cookie. The cookie expires after 30 days of inactivity (sliding) and
is removed on sign-out.
3. Newsletter (consent)
If you subscribe to the newsletter we store your email address, the date of subscription, the source page, an unsubscribe token, and the date of confirmation. We send a confirmation email (double opt-in) and you can unsubscribe at any time from the link at the bottom of every newsletter, or by writing to the address above. Email delivery is performed by Brevo, an EU-based transactional email provider. Legal basis: consent (Art. 6(1)(a) GDPR).
4. Reader account (contract / consent)
If you create a reader account (via magic link), we store your email address and the cards you save to your library. The account is used solely to keep your saved cards accessible across devices. You can request account deletion by writing to the address above. Legal basis: contract (Art. 6(1)(b) GDPR) for account operation; consent for the newsletter opt-in stored on the account.
5. Card suggestions (legitimate interest)
If you submit a topic via the suggest form, we store the topic, your notes, and an optional contact email solely for editorial review. We do not reply individually. Legal basis: legitimate interest in editorial work.
6. Analytics — Google Analytics 4 (consent)
With your consent, we use Google Analytics 4 (GA4) to understand how visitors find and
move through the site. GA4 sets cookies named _ga and
_ga_X6S82S3EMH in your browser, sends a pseudonymous identifier, the
requested URL, the page title, the referrer, and a derived approximate location to
Google LLC. No advertising features (Google Ads, advertising IDs, signals) are enabled
on this property; we do not use GA for cross-site tracking, profiling, or
remarketing.
Until you click Accept on the cookie banner, GA4 is held in a denied state via Google's Consent Mode v2 — no analytics cookies are set and no identifying hits are sent. Aggregated, anonymous "consent pings" may still be sent in this state to inform modelled traffic estimates, with no individual identification.
Legal basis for analytics: consent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy directive).
Cookies set by this site, in detail
| Name | Set by | Purpose | Duration | Consent required |
|---|---|---|---|---|
kosmophysis_session |
kosmophysis.org | Authenticated session for signed-in readers and admin. | 30 days (sliding) | No (strictly necessary) |
kp_consent |
kosmophysis.org | Records your cookie-banner choice (accepted or denied) so we don't show the banner again. | 12 months | No (strictly necessary) |
_ga |
Google Analytics | Distinguishes unique visitors (pseudonymous client identifier). | 2 years | Yes — set only after you click Accept. |
_ga_X6S82S3EMH |
Google Analytics | Maintains session state for the GA4 property. | 2 years | Yes — set only after you click Accept. |
International transfers
Google Analytics processes data on infrastructure operated by Google LLC, a US company. Transfers outside the European Economic Area rely on the EU–US Data Privacy Framework and on Standard Contractual Clauses where applicable. You can review Google's data handling at policies.google.com/privacy.
Recipients
Personal data are processed by the controller and by the following processors:
- IONOS SE (Germany) — server hosting (VPS infrastructure).
- Sendinblue SAS / Brevo (France) — transactional email delivery for magic links and newsletter messages.
- Google LLC (United States) — Google Analytics 4, only after consent.
Retention
- Server access logs: up to 14 days.
- Newsletter subscribers: until you unsubscribe.
- Reader accounts: until you request deletion.
- Saved cards: until you remove them or the account is deleted.
- Card suggestions: until reviewed and processed; up to 24 months thereafter.
- GA4 events: as configured in the GA4 property (default 14 months).
Your rights
Under the GDPR you have the right to: access your data (Art. 15), rectify inaccurate data (Art. 16), erase your data (Art. 17), restrict or object to processing (Art. 18, 21), portability (Art. 20), and withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3)). You can exercise any of these rights by writing to info@kosmophysis.org.
You also have the right to lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali.
Changing your cookie preferences
You can change your decision at any time. Click the button below to reopen the cookie banner.
You can also block or delete cookies from your browser settings — instructions for the most common browsers are available at aboutcookies.org.
Changes to this policy
When this policy changes, we will update the "Last updated" date at the top. Substantial changes (new processors, new categories of data) will be communicated to newsletter subscribers and account holders.
Contact
Write to info@kosmophysis.org.