Privacy Policy
Last updated: March 29, 2026
1. Introduction
Cogito Libris ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our digital library.
We comply with the EU General Data Protection Regulation (GDPR) and Hong Kong's Personal Data (Privacy) Ordinance (PDPO).
2. Data We Collect
We collect minimal data to provide you with the best reading experience:
- Anonymous usage analytics (page views, reading duration)
- Hashed IP addresses (retained for 2 years for vote system abuse prevention)
- Browser type and device information
We do not collect personally identifiable information unless you voluntarily provide it through comments or feedback.
3. How We Use Your Data
Your data is used solely for:
- Improving our website and user experience
- Preventing abuse of our voting system
- Understanding reading patterns to curate better content
- Security and fraud prevention
4. Legal Basis for Processing (GDPR)
Under GDPR Article 6, we process your data based on the following lawful bases:
- Consent (Art. 6(1)(a)) - For optional features like comments or feedback
- Legitimate Interest (Art. 6(1)(f)) - For analytics, security, and service improvement
- Legal Obligation (Art. 6(1)(c)) - Where required by applicable law
Under the PDPO, we collect personal data for purposes directly related to our library functions and use only what is necessary.
5. Data Retention
We retain your data only for as long as necessary:
- Hashed IP addresses: 2 years from last vote
- Analytics data: 25 months (Plausible default)
- Voluntary submissions (comments/feedback): Until deletion is requested
6. Data Storage and International Transfers
All data is stored securely on Cloudflare Pages infrastructure. Cloudflare provides adequate safeguards for international data transfers through Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs).
Data may be transferred outside Hong Kong and the European Economic Area with appropriate safeguards in place as required by GDPR Chapter V and PDPO Section 33.
7. Third-Party Services
We use the following third-party data processors (all GDPR-compliant):
- Cloudflare Pages - Website hosting and security (Data Processing Agreement in place)
- Plausible Analytics - Privacy-focused, cookieless analytics (GDPR-compliant, no personal data stored)
8. Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure ("right to be forgotten") (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time (Art. 7(3))
Under the PDPO, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Ascertain our policies and practices regarding personal data
To exercise these rights, contact us at legal@cogitolibris.com
You also have the right to lodge a complaint with your local supervisory authority:
- EU residents: Your national Data Protection Authority
- Hong Kong residents: Office of the Privacy Commissioner for Personal Data (www.pcpd.org.hk)
10. Children's Privacy
Our Website is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are under 13, please do not provide any personal data to us.
If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information.
11. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this privacy policy or our data practices, please contact us at:
Email: legal@cogitolibris.com
We will respond to all requests within 30 days as required by GDPR and PDPO.