Privacy Policy

Last updated: July 25, 2025

1. Introduction

At Coomerang LTD, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our comic creation and publishing platform.

As a UK company, we comply with UK GDPR and applicable UK data protection laws. By using our Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

Plain-language summary: We only collect what we need to run the platform (account, comics, moderation, security, subscriptions). No ad tech. No behavioral tracking cookies. Minimal third parties (storage & payments).

2. UK Online Safety Act Compliance and Content Standards

IMPORTANT: As a UK-based company operating under a UK TLD, Coomerang LTD strictly complies with the UK Online Safety Act 2023. We have implemented a zero-tolerance policy for illegal adult content to ensure the safety of our users and compliance with UK law, while permitting lawful adult expression for verified adults in our controlled "show mature content" mode.

This policy affects how we collect, process, and monitor content data:

  • Content violating our illegal adult content prohibition is immediately flagged and removed
  • User accounts that violate these standards may be permanently suspended
  • We may retain records of content violations for compliance and enforcement purposes
  • Violation data may be shared with relevant authorities when required by law

3. Information We Collect

3.1 Personal Information

We collect the following personal information:

  • Username and email address (required for account creation)
  • Password (stored as encrypted hash using bcrypt)
  • Profile information you choose to provide
  • Recovery email address for account security
  • Email verification status and tokens
  • Communication data when you contact us via our contact form

3.2 Subscription and Payment Information

  • Subscription plan and status information
  • Subscription start, end, and renewal dates
  • Payment processing is handled by Stripe (we do not store payment card information)
  • Stripe customer ID for subscription management
  • Billing history and transaction records

3.3 Content Information

  • Comics, artwork, and stories you create and upload
  • Comic metadata (title, description, category, type)
  • Images and visual content stored on Cloudflare R2
  • Publishing status and version control information
  • Content moderation status and related actions
  • Content violation records and enforcement actions
  • Image processing data for optimization and storage

3.4 Usage and Analytics Information

  • Device information (browser type, operating system, IP address)
  • Page views and comic views metrics
  • User interactions (likes)
  • Rate limiting and security monitoring data
  • Error logs and performance metrics

3.5 Cookies and Local Storage

We use cookies, local storage, and similar technologies to enhance your experience, maintain user sessions, and analyze usage patterns. See our Cookies Policy for detailed information.

4. How We Use Your Information

We use the collected information for the following purposes:

  • Providing and maintaining our Service and its features
  • Creating and managing your user account
  • Processing and storing your comics and content on Cloudflare R2
  • Managing subscription services and payment processing via Stripe
  • Sending account-related communications and notifications
  • Providing customer support and responding to inquiries
  • Implementing content moderation and safety measures
  • Enforcing our zero-tolerance policy for illegal adult content while permitting lawful mature content
  • Preventing fraud and ensuring platform security
  • Enforcing our Terms of Use and community guidelines
  • Complying with legal obligations and responding to legal requests

4.1 Lawful Bases (UK GDPR)

  • Contract: Account creation, providing core features, subscription management.
  • Legitimate Interests: Security logging, fraud prevention, platform integrity, content moderation efficiency.
  • Legal Obligation: Tax/VAT records, responding to lawful requests.
  • Consent: Where required for optional communications (currently limited; if marketing added we will request explicit consent).
  • Vital Interests / Public Task: Rare; only if necessary to report imminent threats or abuse per law.

5. Information Sharing and Disclosure

5.1 Public Content

Content you choose to publish on Coomerang (comics, profile information, likes) becomes publicly visible to other users and visitors to our platform. Published comics are accessible to anyone with the link.

5.2 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our platform:

  • Cloudflare R2: For cloud storage and content delivery of images and media
  • Stripe: For payment processing and subscription management
  • Database hosting: PostgreSQL hosting providers for data storage
  • Email services: SMTP providers for transactional emails
  • Infrastructure providers: For hosting and server management

5.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Coomerang, our users, or others. This includes responding to valid legal processes and investigations.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such transfer and any choices you may have regarding your information.

5.5 Content Moderation

Information about reported content and moderation actions may be shared with our administrative team for review and enforcement purposes.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal information:

  • Encryption of sensitive data both in transit (HTTPS) and at rest
  • Secure password storage using bcrypt hashing with salt
  • JWT-based authentication with secure token management
  • Rate limiting to prevent abuse and unauthorized access
  • Regular security assessments and updates
  • Access controls and administrative authentication
  • Secure cloud storage with Cloudflare R2
  • Input validation and sanitization
  • Security headers and CORS protection

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Clarification: JWTs are cryptographically signed (not encrypted) and transmitted only over HTTPS.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account information: Until you delete your account or request deletion
  • Published content: As long as it remains published on our platform
  • Subscription data: For the duration of your subscription plus 7 years for tax purposes
  • Communication records: Up to 3 years for support and legal purposes
  • Security logs: Up to 1 year for security monitoring
  • Moderation records: Up to 5 years for policy enforcement

We may retain certain information longer if required by law or for legitimate business purposes.

When data is no longer required we delete or irreversibly pseudonymize it (e.g., stripping direct identifiers from logs).

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information and account
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing in certain circumstances
  • Subscription management: Modify or cancel your subscription at any time

To exercise these rights, please contact us through our Contact page or email [email protected].

Request Handling: We respond within one month (extendable by 2 further months for complex requests). We may request proof of identity to protect your data. There is no fee unless requests are manifestly unfounded or excessive.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child under 13 has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 13, we will take steps to delete such information from our systems promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including through our use of Cloudflare R2 and other international service providers. As a UK company, we ensure that such transfers are conducted in accordance with UK GDPR and applicable data protection laws and implement appropriate safeguards to protect your information.

Where required by law, we use standard contractual clauses or other approved transfer mechanisms to ensure adequate protection of your personal information.

Current subprocessors (core categories): cloud object storage (Cloudflare R2), infrastructure (hosting), payment processing (Stripe), email transport (SMTP provider). Updated list available on request.

11. Third-Party Links and Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

This includes our payment processor Stripe, which has its own privacy policy governing the collection and use of payment information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our platform and updating the "Last updated" date.

For significant changes, we may also provide additional notice through email or prominent notices on our platform.

We maintain a change log (available on request) noting material updates.

13. Company Information

Coomerang is operated by:

Coomerang LTD
71-75, Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom

As a UK company, we are subject to UK GDPR and are committed to complying with all applicable UK data protection laws.

Supervisory Authority: You may lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your rights have been violated. See: ico.org.uk.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving any privacy-related concerns promptly and transparently.

Version v1.1 – Effective August 2025.

Your privacy is important to us. We are committed to protecting your personal information and being transparent about our data practices.