Privacy Policy

Last updated: 8 June 2026

This Privacy Policy explains how Cothons ("Cothons", "we", "us") collects, uses and protects personal data when you use our website and service at cothons.com (the "Service"). We are committed to handling your data lawfully and transparently in line with the EU General Data Protection Regulation (GDPR) and Greek data-protection law.

1. Who we are (Data Controller)

The Service is operated by Thomas Selamsidis, based in Patras, Greece, who acts as the data controller for personal data processed through Cothons. For any privacy question or request, contact us at tomsel1993@gmail.com.

2. What data we collect

• Account data: your email address, optional name, and a securely hashed password (we never store your password in plain text). If you sign in with Google, we receive your basic Google profile email.
• Content you create: the websites you generate and the edits you make, including business details imported from a Google Business Profile you choose to connect.
• Billing data: if you subscribe, your payment is processed by Stripe. We receive your subscription status and plan; we do not store your full card details.
• Waitlist & enquiries: an email address you submit to join a waitlist or contact us.
• Technical data: a limited amount of standard server log information (such as IP address and request times) used for security, rate-limiting and reliability.

3. Google Business Profile data

When you generate a website, Cothons reads publicly available information from the Google Business Profile you provide — reviews, ratings, photos, opening hours and contact details. This information is controlled by the business owner and can be edited or removed before publishing, and at any time afterwards. You confirm that you own or are authorized to represent any business you generate a site for.

4. How and why we use your data

• To create your account, authenticate you, and provide and maintain the Service.
• To generate, edit, host and publish the websites you create.
• To process subscriptions and send essential transactional emails (verification, account and billing notices).
• To respond to enquiries and provide support.
• To keep the Service secure, prevent abuse, and meet our legal obligations.

5. Legal bases for processing

We rely on the following GDPR legal bases:

• Performance of a contract — to deliver the Service you sign up for.
• Consent — for example, when you join a waitlist (you can withdraw it at any time).
• Legitimate interests — to secure the Service, prevent fraud/abuse, and improve the product.
• Legal obligation — to comply with tax, accounting and other applicable laws.

6. Cookies

We use a single essential cookie to keep you signed in (a secure, HTTP-only session cookie). We do not use advertising or third-party tracking cookies. Because it is strictly necessary to provide the Service, it does not require consent.

7. Service providers (sub-processors)

To run Cothons we rely on trusted providers who process data on our behalf, only as needed:

• Supabase — database and storage for your account and websites.
• Stripe — subscription payments.
• Google — Google Business Profile / Maps data and optional Google sign-in.
• Email provider (SMTP / Resend) — sending transactional email.
• Cloudflare — connecting and securing custom domains.
• Google Gemini — generating website content in your chosen language (only the business copy is sent; no payment data).

We do not sell your personal data to anyone.

8. International transfers

Some of the providers above may process data outside the European Economic Area. Where that happens, the transfer is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an equivalent adequacy mechanism.

9. How long we keep your data

We keep your account and content for as long as your account is active. If you delete your account, we remove your personal data and generated sites within a reasonable period, except where we must retain limited records (for example, billing records) to meet legal obligations.

10. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• request deletion ("right to be forgotten");
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, email tomsel1993@gmail.com. You also have the right to lodge a complaint with the Greek supervisory authority, the Hellenic Data Protection Authority (HDPA), at www.dpa.gr.

11. Data security

We apply reasonable technical and organizational measures to protect your data, including password hashing, encryption of stored credentials, and access controls. No method of transmission or storage is perfectly secure, but we work to protect your information.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you.

13. Contact

Questions about this policy or your data? Email tomsel1993@gmail.com.