Sign in Subscribe

Privacy Policy

Last updated: 4 May 2026

This Privacy Policy explains how Aleksandr Kosenko (“I”, “me”, the operator of ksnk.media) collects, uses, and protects your personal data when you visit ksnk.media or subscribe to the newsletter. This policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

Aleksandr Kosenko
Operating ksnk.media as an individual publisher.
Contact: [email protected]

I am responsible for the personal data processed through this website. There is no separate Data Protection Officer (DPO) appointed because the scale of processing does not require one under Article 37 GDPR.

2. What data I collect

2.1 You provide directly

  • Email address — when you subscribe to the newsletter or create a member account.
  • Name (optional) — when you complete your member profile.
  • Payment data — if you upgrade to a paid plan. Card details are processed by Stripe; I never see or store them.
  • Comments and replies — if you reply to a newsletter or write to me directly.

2.2 Collected automatically

  • Technical data: IP address, browser type, operating system, referrer URL, pages visited, time spent.
  • Cookies: see section 7 below.
  • Email open/click events: when you read newsletter emails (via tracking pixel and link wrapping).

3. How I use your data and legal basis

PurposeLegal basis (GDPR Art. 6)
Send the newsletter you subscribed toConsent (Art. 6(1)(a))
Provide access to paid contentContract (Art. 6(1)(b))
Process paymentsContract (Art. 6(1)(b))
Detect abuse, prevent fraud, secure the siteLegitimate interest (Art. 6(1)(f))
Comply with legal obligations (tax records, etc.)Legal obligation (Art. 6(1)(c))
Measure traffic and improve content (Google Analytics)Consent (Art. 6(1)(a))

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Who I share data with (data processors)

I do not sell your data. I share it only with service providers who help operate the site, under data processing agreements that meet GDPR requirements:

  • Ghost Foundation Ltd. — CMS hosting (UK; adequacy decision in force).
  • Mailgun Technologies, Inc. — transactional and newsletter email delivery (USA; transfers under Standard Contractual Clauses).
  • Stripe Payments Europe Ltd. — payment processing (Ireland, EU).
  • Google Ireland Ltd. — Google Analytics 4 traffic measurement (Ireland; data anonymised by default).
  • Cloudflare, Inc. — CDN, DNS, DDoS protection (USA; transfers under SCCs).
  • Cloudinary Ltd. / Cloudflare R2 — image storage and delivery.

I may also disclose data when required by law (court order, criminal investigation).

5. International data transfers

Some processors are located outside the European Economic Area (EEA), specifically in the United States and the United Kingdom. Transfers are protected by:

  • The European Commission’s adequacy decision for the UK and the EU–US Data Privacy Framework where applicable;
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Additional safeguards documented in each processor’s sub-processor list.

6. Retention

  • Newsletter subscribers: until you unsubscribe (one-click link in every email) or request deletion.
  • Paid members: for the duration of your subscription plus 6 years for tax records (Spanish General Tax Law).
  • Server logs: 30 days, then deleted automatically.
  • Analytics data: aggregated and retained for 14 months (Google Analytics 4 default).

7. Cookies

This site uses three categories of cookies:

  • Strictly necessary (no consent required): session, member login, CSRF token, language preference.
  • Analytics (consent required): Google Analytics 4 (_ga, _ga_*) — load only after you accept the cookie banner.
  • Functional: theme preference (light/dark), set only after you choose.

You can refuse non-essential cookies in the banner shown on your first visit, change your choice anytime by clearing cookies or using browser settings, or block third-party cookies entirely in your browser.

8. Your rights under GDPR

You have the following rights regarding your personal data:

  • Access (Art. 15) — obtain a copy of the data I hold about you.
  • Rectification (Art. 16) — correct inaccurate data.
  • Erasure / right to be forgotten (Art. 17) — request deletion.
  • Restriction (Art. 18) — pause processing while a dispute is resolved.
  • Portability (Art. 20) — receive your data in a machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interest.
  • Withdraw consent at any time, free of charge.
  • Not be subject to automated decision-making with legal effects (Art. 22) — not applicable here, but stated for completeness.

To exercise any right, email [email protected]. I will respond within 30 days. Identity verification may be requested for sensitive operations.

9. Right to lodge a complaint

If you believe your data has been mishandled, you may file a complaint with the Spanish Data Protection Agency:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6 — 28001 Madrid, Spain
Phone: +34 901 100 099 — www.aepd.es

EU residents may also contact the supervisory authority of their country of habitual residence.

10. Children

This site is not directed at children under 14 (Spanish digital consent age under LOPDGDD). I do not knowingly collect data from minors. If you believe a child has subscribed, contact [email protected] and the data will be deleted.

11. Security

I apply technical and organisational measures appropriate to the risk: HTTPS everywhere, encrypted databases, access restricted to me, third-party processors selected for ISO 27001 / SOC 2 compliance. No system is perfectly secure; in case of a personal data breach affecting your rights, I will notify the AEPD within 72 hours and you without undue delay (GDPR Art. 33–34).

12. Changes to this policy

I may update this policy as the site evolves. The “Last updated” date at the top reflects the most recent change. Material changes will be announced via newsletter at least 30 days before they take effect.

13. Contact

Questions, requests, or complaints:
[email protected]