Privacy Policy
How Knowledge Commons handles personal data on the platform, in line with the EU General Data Protection Regulation (GDPR).
Overview
This policy explains what personal data Knowledge Commons collects, why we collect it, how long we keep it, and the rights you have over it under the EU General Data Protection Regulation (GDPR).
Data controller
The controller of personal data processed through the platform is identified on the Impressum page.
What we collect
We collect the minimum data needed to operate the platform: account information for editors and contributors, request logs for security and abuse prevention, and (optionally) analytics signals required to keep the service accessible and performant.
Lawful basis
Personal data is processed on the basis of legitimate interest (operating a public-interest archive), contract (for participating organisations and editors), or consent (for optional analytics and newsletter subscriptions).
Subprocessors
A complete, versioned list of every third party we engage to process personal data — including any large-language-model providers used by the public assistant — is published at /subprocessors.
Retention
Operational logs are retained for the minimum period required for security and compliance. Editorial records are retained for the life of the contribution. Specific retention periods are listed in the relevant sub-policies linked from this page.
Your rights
You have the right to access, correct, port, and erase your personal data, and to lodge a complaint with the supervisory authority for data protection. See /rights for the two verified paths we offer to exercise these rights — we never disclose personal data based on email alone.
Contact
For privacy questions, contact the data-protection address listed on the Impressum page.