Privacy

We Respect Your Privacy

Most companies treat privacy policies as a legal checkbox — pages of dense text designed to obscure what they're actually doing with your data. We take a different approach.

KAOS is built on the principle of digital sovereignty. The same philosophy that drives our platform — companies should own their infrastructure, not rent it — extends to how we treat your visit. We don't use cookies. We don't store personal data. We don't sell, share, or monetize your information. Any processing we perform is pseudonymized and exempt from consent requirements under GDPR.

Our analytics are powered by Umami, a self-hosted, open-source tool that collects only anonymous, aggregated metrics — nothing more. The only reason we collect this data is to make the experience better for you.

Self-Hosted

Privacy-First Analytics

Self-hosted Umami. No third-party scripts. Your data never leaves our infrastructure.

None

Zero Cookies

No cookies, no consent banners, no client-side storage. Our processing is exempt from consent requirements under GDPR.

Zero PII

Pseudonymized Only

No names, emails, or raw IP addresses are ever stored. Network identifiers are transiently hashed with a daily-rotating salt.

EU Only

EU Data Residency

All analytics data is stored in AWS eu-central-1 (Frankfurt). Your data never leaves the European Union.

Legal

GDPR Compliance

Under Article 6(1)(f) of the GDPR and Greek Law 4624/2019, we process pseudonymized analytics data based on legitimate interest. Our processing qualifies for the consent exemption through Privacy by Design measures including daily salt rotation and zero client-side storage.

Analytics Tool

Umami — self-hosted, open-source

Data Controller

Novelcore IKE, Mavromichali 104, Athens 114 72, Greece

Processing Activity

Transient processing of network identifiers to generate unique, salted cryptographic hashes.

Personal Data Status

Pseudonymized. No raw IP addresses are stored. No PII (names, emails) is ever processed.

Terminal Access

Minimal reading of HTTP headers (User Agent) solely for aggregate browser/OS statistics. No client-side storage used.

Legal Basis

Legitimate Interest (Art. 6(1)(f) GDPR). This processing is strictly limited to first-party audience measurement with zero impact on user privacy.

Data Storage & Residency

Self-hosted infrastructure in AWS eu-central-1 (Frankfurt). No data transfers outside the EEA.

Data Retention

12 months rolling. Salt rotation every 24 hours to prevent long-term tracking.

Your Rights

You have the right to access, rectify, or request deletion of any data we might hold. Since we do not store PII, please provide your IP address and approximate visit time for us to locate any hashed records.

Supervisory Authority

Hellenic Data Protection Authority (www.dpa.gr)

Contact

fiotakis@novelcore.eu

Last updated: February 2026

Questions?

If you have questions about how we handle data, we'd love to hear from you.

fiotakis@novelcore.eu