Privacy Policy

Last updated: 23 March 2026

1. Data Controller

This website, zhouzhouzhang.co.uk, is operated by Zhouzhou (JoJo) Zhang. If you have any questions about this privacy policy or your personal data, please contact me at the email address provided on this site.

2. What Data We Collect

We collect the following personal data:

  • Account information: Username, email address, and password (stored as a secure hash) when you register an account.
  • Profile information: Bio and profile photo, if you choose to provide them.
  • Google OAuth data: If you sign in with Google, we receive your name, email address, and profile picture from Google.
  • Session tracking data: For authenticated users who consent, we record session start time, end time, and duration to display your session history.

3. Legal Basis for Processing (GDPR Art. 6)

  • Consent (Art. 6(1)(a)): Session tracking and non-essential cookies are only activated with your explicit consent.
  • Contract (Art. 6(1)(b)): Processing your account data is necessary to provide you with the services you signed up for.
  • Legitimate interest (Art. 6(1)(f)): Essential cookies required for authentication and basic site functionality.

4. Cookies and Local Storage

We use the following storage mechanisms:

  • session_token (cookie, essential) — Keeps you logged in. HTTP-only, expires after 7 days.
  • cookie_consent (localStorage, essential) — Remembers your cookie consent choice.
  • tracking_session_id (sessionStorage, requires consent) — Used for session duration tracking.
  • guest_popup_dismissed (sessionStorage, functional) — Prevents the guest popup from reappearing during a session.
  • announcement_last_read_id (localStorage, functional) — Remembers which announcements you have read.
  • theme (localStorage, functional) — Remembers your light/dark mode preference.

5. Third-Party Services

  • Google OAuth: Used for sign-in. Google receives data according to their own Privacy Policy.
  • Google Fonts: We load the Bebas Neue font from Google Fonts. Google may receive your IP address when the font is loaded. See Google Fonts Privacy.
  • Gmail SMTP: Used to send verification emails to your registered email address.

6. Data Retention

Your account data is retained for as long as your account is active. Session tracking records are retained for up to 12 months. You may request deletion of your account and all associated data at any time from your Account Settings page.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Correct inaccurate personal data.
  • Erasure — Request deletion of your account and personal data ("right to be forgotten").
  • Restrict processing — Ask us to limit how we use your data.
  • Data portability — Receive your data in a structured, machine-readable format.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Withdraw consent at any time for consent-based processing.

To exercise any of these rights, please contact me or use the account deletion feature in your Account Settings.

8. Data Security

We take reasonable measures to protect your personal data. Passwords are stored using secure one-way hashing. Session tokens are HTTP-only cookies to prevent XSS attacks. However, no method of transmission over the internet is 100% secure.

9. International Data Transfers

By using Google OAuth and Google Fonts, some data may be transferred to servers outside the European Economic Area (EEA). Google participates in data protection frameworks to ensure adequate protection of your data.

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.

11. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or with your local EU data protection authority.