The Kiziloz Record

Privacy

Privacy Policy

Plain English. No tracking. Minimal data.

Effective date: May 2026. Last updated May 2026.

1. Who we are

This site is operated independently as a public-interest publication. For the purposes of UK GDPR and EU GDPR, the site operator is the data controller.

To contact the data controller, email: privacy at kiziloz-exposed.com

The operator's identity is withheld from the public-facing site for safety reasons (see the About page) but is registered with the relevant authorities where required for data protection purposes.

2. What data we collect

We collect the minimum data necessary to operate the site.

2.1 Data you provide voluntarily

When you submit a rating on the Ratings page, we collect:

  • The six numeric values you submit (one per attribute on the Ratings page)
  • The optional free-text comment, if you choose to submit one (limited to 280 characters)
  • A timestamp of submission

2.2 Data we collect automatically

When you submit a rating, we additionally collect and process your IP address — used only to enforce a per-IP rate limit (one rating per IP per 24 hours). The IP address is not stored in its raw form. We pass it through a one-way cryptographic hash (SHA-256) with a salt before storing the result. The stored hash cannot be reversed to recover your IP. The rate-limit record is automatically deleted after 24 hours.

When you browse the site, our hosting provider processes your IP address (for the purpose of routing traffic), your browser's user agent string, the pages you request, and standard HTTP request metadata. This is technically necessary to serve the site.

2.3 Cookies and tracking

This site does not use cookies for tracking or analytics.

This site does not use Google Analytics, Facebook Pixel, or any third-party tracker. We do not build advertising profiles. We do not sell or share data with third parties for marketing purposes. We have nothing to sell.

3. Lawful basis for processing (UK/EU GDPR)

We process the data described above on the basis of legitimate interest: operating a public rating system that is protected from automated abuse and ballot-stuffing. The data minimisation (hashed IPs, 24-hour TTL) is designed specifically to meet the proportionality requirements of legitimate interest.

You have the right to object to processing on legitimate-interest grounds at any time (see Section 6).

4. How long we keep your data

  • Rating values and optional comments: kept indefinitely as part of the public aggregate. Individual ratings cannot be linked back to you because we do not store any identifier alongside them.
  • Hashed IP addresses: automatically deleted 24 hours after the rate-limit window closes.
  • Server access logs: retained per the hosting provider's policies, typically 30 days, then deleted.

5. Who has access to your data

  • The site operator.
  • Our hosting provider, as a data processor governed by a Data Processing Agreement.
  • No other party. We do not sell, rent, or share data.

We will disclose data to law enforcement or other authorities only when legally compelled by a valid court order or equivalent legal instrument issued by a competent jurisdiction.

6. Your rights

Under UK GDPR, EU GDPR, and similar regimes (e.g. California's CCPA), you have several rights regarding your data:

  • Right of access: request a copy of any data we hold about you.
  • Right to rectification: request that inaccurate data be corrected.
  • Right to erasure: request deletion of data we hold about you.
  • Right to object: object to our processing on legitimate-interest grounds.
  • Right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office.

To exercise any of these rights, email: privacy at kiziloz-exposed.com. We will respond within 30 days.

7. Comments and user-submitted content

The Ratings page allows users to submit an optional text comment with their rating. Please do not include personally identifying information about yourself or any third party in these comments.

We reserve the right to moderate comments — including by deletion — where they contain personally identifying information about a third party, are defamatory beyond what is supported by sourced material elsewhere on this site, contain threats or harassment, are obvious spam, or are illegal in the operator's jurisdiction.

8. Children's data

This site is not directed at children under the age of 16. We do not knowingly collect data from children under 16. If you believe a child has submitted a rating or comment, please contact us at privacy at kiziloz-exposed.com and we will delete any data associated with the submission.

9. International data transfers

The site is hosted on a global edge network. Data may be processed in data centres outside the UK and EU. Appropriate safeguards (Standard Contractual Clauses) apply to international transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be flagged at the top of the page for 30 days.

11. Contact

For all privacy-related inquiries, including requests to exercise your rights under data protection law: privacy at kiziloz-exposed.com