Privacy Policy

Last updated: 15 May 2026

This Privacy Policy explains how Cognitive Wars (operated by Octavio Ortega Esteban) collects, uses, and protects personal data of visitors. We are committed to handling your data responsibly and in compliance with the EU General Data Protection Regulation (GDPR), the Spanish Organic Law on Data Protection and Digital Rights (LOPDGDD), and other applicable privacy regulations.

1. Data controller

• Controller: Octavio Ortega Esteban
• Tax ID (NIF): ES03892442Z
• Address: Concilios de Toledo 2, portal 7 – 4B, 45005 – Toledo, Spain
• Contact email: octavio@kerchak.com

Given the scale of this site, no Data Protection Officer (DPO) is required to be appointed under GDPR Article 37. The controller can be contacted directly for any data protection matter.

2. Principles

The processing of personal data on this website follows these principles:

• Lawfulness, fairness, and transparency
• Purpose limitation — data is collected only for the specific purposes stated below
• Data minimization — only the data strictly necessary is collected
• Accuracy — reasonable steps are taken to keep data accurate and up to date
• Storage limitation — data is retained only for as long as necessary
• Integrity and confidentiality — appropriate technical and organizational measures protect your data

3. What data we collect, why, and on what legal basis

3.1. Contact form

If you send a message through the contact form (or directly by email), we collect:

• Your name
• Your email address
• The content of your message

Purpose: to respond to your inquiry.
Legal basis: consent (GDPR Article 6.1.a) and the steps necessary prior to entering into a relationship at your request (Article 6.1.b).
Retention: for as long as the conversation remains active, plus up to 12 months thereafter for reference. After this period, data is deleted unless ongoing correspondence requires keeping it.

3.2. Comments on articles (if enabled)

If you leave a comment on an article, WordPress collects:

• The name and email you provide
• The website URL you optionally provide
• The content of your comment
• Your IP address and browser user agent string (for spam detection)

Purpose: publication of your comment, moderation, and prevention of spam.
Legal basis: consent (GDPR Article 6.1.a) — given by submitting the comment after reading this notice.
Retention: indefinitely as part of the comment thread, unless you request deletion. Spam comments are automatically deleted after 30 days.

3.3. Server logs

The web server may automatically record technical data when you visit the site, including:

• IP address
• Date and time of access
• URLs requested
• User agent (browser type)
• Referrer URL

Purpose: security, debugging, and basic anonymized analytics on traffic patterns.
Legal basis: legitimate interest (GDPR Article 6.1.f) — operating and securing the website.
Retention: 90 days, after which logs are rotated and deleted.

3.4. Google Search Console

This website is registered with Google Search Console to monitor how it appears in Google search results. Search Console operates server-side and does not place any cookies in your browser. The data Google provides to us is fully aggregated and anonymized (search queries, impressions, clicks, average position).

We do not use Google Analytics or any other JavaScript-based analytics tool that profiles individual visitors.

3.5. What we do NOT collect

To be explicit about what is not happening on this site:

• No advertising networks (no AdSense, no Mediavine, no Ezoic, no programmatic ads)
• No Google Analytics or other JavaScript analytics
• No remarketing or retargeting pixels (no Facebook Pixel, no LinkedIn Insight, no TikTok Pixel)
• No third-party tracking beyond what is described above
• No newsletter or marketing email list at this time
• No sale or sharing of personal data with third parties for commercial purposes

4. Recipients of your data

Your personal data is processed by Octavio Ortega Esteban as the controller. It may also be processed by the following categories of processors, all bound by appropriate data protection agreements:

• Web hosting provider: Cloudi NextGen S.L. — stores the website and database. Located in Spain
• Email provider: Google LTD. — for receiving contact form submissions

No data is sold or shared with advertising networks or third parties for marketing purposes.

5. International data transfers

If any of the processors above is located outside the European Economic Area (EEA), the transfer is covered by an adequacy decision from the European Commission, by Standard Contractual Clauses (SCC), or by other appropriate safeguards under Chapter V of GDPR.

6. Your rights

You have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure («right to be forgotten») — request deletion of your data
• Right to restrict processing — temporarily limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — without affecting prior lawful processing

To exercise any of these rights, email octavio@kerchak.com with the subject line «GDPR request». We will respond within 30 days, as required by GDPR.

If you believe your rights have not been respected, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) at www.aepd.es, or with the supervisory authority of your EU country of residence.

7. Children

This website is not directed at children under 14 years of age (the minimum age for digital consent under Spanish LOPDGDD). We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

8. Security

We implement reasonable technical and organizational measures to protect personal data, including HTTPS encryption for all traffic, secure password storage, regular software updates, and limited access to administrative areas. However, no method of transmission over the Internet is 100% secure, and absolute security cannot be guaranteed.

9. Notification of breaches

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify the Spanish Data Protection Agency within 72 hours of becoming aware of it, in accordance with GDPR Article 33. If the breach poses a high risk, affected users will also be notified directly without undue delay, as required by GDPR Article 34.

10. Notice for California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete it, and the right to non-discrimination for exercising your rights. We do not sell your personal information, and given the limited data collection described above, most CCPA requests can be handled under the same email contact and timelines as GDPR requests.

11. Use of AI in content production

Articles published on this site are produced using a hybrid workflow that combines AI drafting tools with human editorial review. In summary:

• Source compilation is done by the human editor
• Initial drafts are generated with AI tooling (currently AI Content Pro) using compiled sources
• Every article is fact-checked, edited, and approved by a human editor before publication
• The byline reflects editorial responsibility

What this means for you as a reader:

• You may rely on the byline as a signal of editorial accountability — if an article contains errors, the editor is responsible for them
• AI tools do not have direct internet access during drafting and cannot invent citations that pass review (when they occasionally do, they are caught at the human review stage)
• No personal data of readers is sent to AI services during content production. The AI tooling processes only the editor’s briefs and source material
• AI tools are not used in responding to your direct emails or comments — those are handled personally by the editor

If you encounter content that appears to have AI patterns the human review should have caught (fabricated citations, factual errors, generic encyclopedic tone replacing analysis), please report it to octavio@kerchak.com and the article will be corrected with a visible note.

12. Changes to this policy

This Privacy Policy may be updated periodically. The «Last updated» date at the top reflects the latest revision. Material changes will be communicated through a visible notice on the website. Continued use of the website after changes constitutes acceptance of the updated policy.

13. Contact

For any question, request, or concern about this Privacy Policy or how your data is processed:

Email: octavio@kerchak.com
Postal address: Concilios de Toledo 2, portal 7 -4B, 45005 – Toledo, Spain