Privacy Policy

1. Who We Are

Kwokka (“Kwokka”, “we”, “us”, or “our”) operates the website kwokka.net (the “Site”), a philosophical personality quiz that matches you to one of eighteen thinker types. For the purposes of the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, and the California Consumer Privacy Act as amended by the CPRA (“CCPA”), the data controller is Adam Kesterson, operating Kwokka as a sole trader based in Staffordshire, United Kingdom.

This Privacy Policy explains what personal data we collect about you, how we use it, who we share it with, and what rights you have in relation to it. By using the Site you confirm that you have read and understood this policy.

2. Information We Collect

2.1 Quiz responses, results, and scores

When you complete the Kwokka quiz, we collect and store the following in our own database hosted on our servers:

• Each of your answers to the sixty Likert-scale statements and four binary dilemma questions (submitted as a structured map of question identifier to answer value);
• The resulting thinker type we assign to you (for example, “Rationalist” or “Humanitarian”);
• Your numerical scores across each of the eighteen thinker dimensions;
• A timestamp indicating when the quiz was completed.

This data is stored in a dedicated table (wp_kwokkaquiz_results) as JSON documents and a server-generated numerical identifier. We do not require you to register, log in, or provide your name or email address to take the quiz, and we do not attach your name, IP address, or any direct identifier to these submissions within the quiz results table. However, because each submission is timestamped and could in principle be correlated with other technical information we hold (see section 2.7), these records may constitute personal data under UK GDPR, and we treat them accordingly.

2.2 Hotjar analytics (session recordings, heatmaps, behavioural data)

We use Hotjar, a product analytics service operated by Hotjar Ltd (Malta), to understand how visitors interact with the Site. Hotjar may collect:

• Session recordings: anonymised replays of your interactions with the Site, including mouse movements, clicks, taps, scrolls, and pages visited;
• Heatmaps: aggregated visualisations of where visitors click, tap, and scroll;
• Device and browser data: your IP address (truncated or hashed by Hotjar before storage), browser type and version, operating system, screen size, device type, approximate geographic location (country/region), referring URL, and language preference;
• Event data: custom interaction events we send to Hotjar, such as quiz start, question answered, and quiz completion.

Hotjar suppresses keystrokes in form fields by default and does not capture the content of what you type into inputs such as the newsletter email form. You can read Hotjar’s own privacy documentation at hotjar.com/legal/policies/privacy and opt out of Hotjar tracking on any site at hotjar.com/legal/compliance/opt-out.

2.3 Google Search Console

We use Google Search Console, a service provided by Google Ireland Limited, to monitor how the Site appears in Google Search results. Search Console provides us with aggregated data about:

• Search queries that led visitors to the Site;
• The number of impressions, clicks, and click-through rate for each query and page;
• Average ranking position for each query;
• Technical crawl, indexing, and Core Web Vitals information.

Search Console data is provided to us by Google in aggregated form and does not identify individual visitors. Google may nonetheless process your search query and click data in accordance with Google’s Privacy Policy.

2.4 Newsletter subscription (Brevo)

If you choose to subscribe to our email newsletter, we collect your email address and pass it to Brevo (formerly Sendinblue), operated by Sendinblue SAS (France), which sends our emails on our behalf. Brevo may also collect technical metadata about email deliveries, opens, and clicks. Subscription is opt-in, and every email we send includes a one-click unsubscribe link.

2.5 Anti-spam and anti-bot protection (reCAPTCHA)

Our newsletter form is protected by Google reCAPTCHA v2, which helps prevent automated abuse. reCAPTCHA may collect hardware and software information, including device and application data, and send it to Google for analysis. Its use is subject to Google’s Privacy Policy and Terms of Service.

2.6 Cookies and similar technologies (managed via Complianz)

We use cookies and similar technologies to remember your preferences, measure analytics, and operate certain features of the Site. Our cookie consent is managed by Complianz, which shows you a banner on your first visit and lets you accept, reject, or fine-tune categories of cookies. See section 10 below for more detail.

2.7 Server logs

Like virtually every website, our hosting provider automatically records standard server log information for security and diagnostic purposes. This typically includes your IP address, user-agent string, the URL requested, the response code, and a timestamp. Server logs are retained for a maximum of 30 days unless required for longer to investigate abuse or a security incident.

2.8 Translation (Weglot)

We use Weglot to translate the Site into additional languages. Weglot may record the URL visited and the language selected, but does not process personal data about individual visitors.

3. Legal Basis for Processing

Under the UK GDPR and the EU GDPR we process your personal data on the following legal bases:

• Consent (Art. 6(1)(a)) — for non-essential cookies, session recording, and marketing emails. You can withdraw consent at any time through the Complianz banner or by using the “unsubscribe” link in our emails.
• Legitimate interests (Art. 6(1)(f)) — for aggregated and anonymised analytics (Google Search Console, aggregated Hotjar heatmaps), anti-spam protection, and storing quiz responses in order to compute and display your result. We have balanced these interests against your rights and consider them proportionate.
• Performance of a service (Art. 6(1)(b)) — when you complete the quiz and expect us to return a result.
• Legal obligation (Art. 6(1)(c)) — where we are required to retain data to comply with applicable law.

4. How We Use Your Information

We use the information described above to:

• Compute and display your quiz result, and render your thinker type page;
• Analyse aggregated response patterns across all users (for example, which questions discriminate between types, how long people spend per question) in order to refine the quiz;
• Understand how visitors navigate the Site and identify usability problems via Hotjar;
• Measure how the Site performs in search results and which content resonates (Google Search Console);
• Send the newsletter to subscribers who have opted in;
• Protect the Site from spam, abuse, and security threats;
• Comply with our legal and regulatory obligations.

We do not sell your personal data, share it with advertisers for profiling purposes, or use it to make decisions with legal or similarly significant effects about you.

5. Third-Party Processors

We rely on the following third-party processors. Each processes data only on our instructions and under a contract that meets GDPR Article 28 requirements where applicable.

• Our hosting provider (UK-based) — hosts the Site, the quiz database, and backups;
• Hotjar Ltd (Malta) — session recording and heatmaps;
• Google Ireland Limited (Ireland) — Search Console, reCAPTCHA, and Google Fonts delivery;
• Sendinblue SAS (Brevo) (France) — newsletter delivery and analytics;
• Weglot SAS (France) — translation services;
• Affiliate partners (Bookshop.org, BetterHelp, and others) — only when you click an affiliate link; see our Terms & Conditions for further detail;
• Complianz B.V. (Netherlands) — consent management.

We may also disclose personal data where legally required (for example, in response to a valid court order), where necessary to protect our or others’ rights, or as part of a business transfer (such as a sale or merger), in which case you will be notified.

6. International Data Transfers

Some of our processors are based outside the United Kingdom and European Economic Area, or may process your data on servers located outside those regions. Where that is the case, transfers are protected by one of the following safeguards:

• A UK or European Commission adequacy decision for the destination country;
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner or the European Commission; or
• Any other safeguard permitted by UK GDPR Chapter V or GDPR Chapter V.

You may request a copy of the relevant safeguards by contacting us at the address in section 14.

7. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, subject to the following periods:

• Quiz responses, results, and scores: retained indefinitely in aggregated or pseudonymised form for research and product-improvement purposes. Individual submissions will be deleted upon a verified erasure request (see section 8);
• Hotjar recordings: up to 365 days, after which they are automatically deleted;
• Newsletter email addresses: retained until you unsubscribe, after which they are removed from our active list and suppressed from resending;
• Server logs: up to 30 days;
• Consent records: retained for as long as required to demonstrate compliance, usually up to 3 years.

8. Your Rights (UK & EU Residents)

Under the UK GDPR, the EU GDPR, and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — to ask us for a copy of the personal data we hold about you;
• Right to rectification — to have inaccurate or incomplete data corrected;
• Right to erasure (“right to be forgotten”) — to have your personal data deleted in certain circumstances;
• Right to restriction of processing — to require us to stop processing your data in certain circumstances;
• Right to data portability — to receive your data in a structured, machine-readable format;
• Right to object — to object to processing based on our legitimate interests;
• Right to withdraw consent — at any time, where we rely on consent as the legal basis;
• Right to lodge a complaint — with a supervisory authority. In the UK this is the Information Commissioner’s Office at ico.org.uk.

To exercise any of these rights, email us at adamkesterson@kwokka.net. We will respond within one month, and we will not charge a fee for routine requests.

9. Your Rights (California Residents)

If you are a California resident, the CCPA (as amended by the CPRA) gives you the following additional rights:

• Right to know what categories of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it;
• Right to delete personal information we have collected about you, subject to limited exceptions;
• Right to correct inaccurate personal information;
• Right to opt out of the “sale” or “sharing” of your personal information. We do not sell or share personal information as defined by the CCPA.
• Right to non-discrimination — we will not deny you services, charge you a different price, or provide a different level of service for exercising any of your CCPA rights.
• Right to limit use of sensitive personal information — we do not use or disclose sensitive personal information for purposes that would trigger this right.

To exercise any of these rights, email us at adamkesterson@kwokka.net.

10. Cookies

We use the following categories of cookies:

• Strictly necessary — session cookies, security tokens (including the WordPress REST API nonce we use to authenticate quiz submissions), and consent-preference cookies. These do not require consent.
• Functional — language selection (Weglot), interface preferences.
• Analytics — Hotjar (session recording and heatmaps), Google Search Console related beacons. Set only after you consent.
• Marketing — reserved for any future remarketing pixels. None are active at the time of writing without explicit consent.

You can manage your cookie preferences at any time by clicking the “Cookie preferences” link in the Complianz banner, or by clearing cookies in your browser to trigger the banner again.

11. Children’s Privacy

The Site is not directed at children under the age of 13, and we do not knowingly collect personal data from anyone in that age group. In the European Economic Area and the United Kingdom, the age of digital consent is 13 to 16 depending on jurisdiction, and we do not knowingly collect data from anyone below the applicable age without verifiable parental consent. If you believe a child has submitted personal data to us, please contact us and we will delete it.

12. Data Security

We take reasonable technical and organisational measures to protect your personal data, including TLS encryption in transit, hashed credentials, access controls on the server, and regular backups. The quiz result database sits behind standard WordPress REST-API protections, including nonce verification. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours as required by UK GDPR Article 33, and we will notify affected users where required by Article 34.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page and, for material changes, post a notice on the Site. Your continued use of the Site after such changes constitutes acceptance of the updated policy.

14. Contact

Questions, requests, or complaints about this Privacy Policy can be sent to:

Adam Kesterson
Data Controller, Kwokka
Email: adamkesterson@kwokka.net
Location: Staffordshire, United Kingdom

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint or to your local EU supervisory authority.