Legal

Privacy Policy

Last updated: 2026-05-11 · Detected jurisdiction: US state privacy laws

This Privacy Policy describes how Korean Car Blog, LLC (the "Site", accessible from https://thekoreancarblog.com) collects, uses, and shares information about you when you visit the Site, subscribe to our newsletter, or interact with our content. We comply with the General Data Protection Regulation (GDPR) of the EU/EEA/UK, the California Consumer Privacy Act (CCPA/CPRA), the Brazilian LGPD, the South Korean PIPA, and other regional privacy laws applicable to the country you access the Site from.

1. Who we are (Data Controller / Business)

Entity: Korean Car Blog, LLC, LLC
State of incorporation: Texas, United States
Privacy contact: info@thekoreancarblog.com
Data Protection Officer (GDPR Art. 37): info@thekoreancarblog.com

For purposes of GDPR / UK GDPR, Korean Car Blog, LLC is the Data Controller. For purposes of CCPA / CPRA and other US state privacy laws, Korean Car Blog, LLC is the Business. We are also the operator for purposes of CalOPPA.

2. Data we collect

  • Newsletter subscription: email address (when you subscribe). Legal basis: consent (GDPR Art. 6(1)(a)) / opt-in (CAN-SPAM, CASL).
  • Comments & user accounts (optional): if you sign in with Google or another OAuth provider, we receive your email and display name. Comment content is stored in our database and is public on the post once published. Published comments from registered users may also be highlighted on the homepage in the “From the comments” section, shown together with your display name and avatar. This is on by default and you can opt out anytime from your profile settings → Privacy → Feature my comments on the homepage; the change takes effect within a few minutes. Legal basis: contract (GDPR Art. 6(1)(b)) for the comment itself, legitimate interest (GDPR Art. 6(1)(f)) for the homepage feature within the same public context. We never display your email address.
  • Page analytics: aggregated and anonymised stats on which posts are read (no PII directly attributable to you). Legal basis: legitimate interest (GDPR Art. 6(1)(f)) / opt-out (CCPA).
  • Server logs: IP address, browser user-agent, country (via Vercel Edge geolocation). Retained 30 days for security/abuse monitoring. Legal basis: legitimate interest.
  • Cookies: see the dedicated Cookie Policy.

We do not collect: payment information, government IDs, biometric data, precise GPS, health data, children's data (anyone under 16 — GDPR / 13 — COPPA).

3. Cookies & tracking

We use cookies for analytics (Google Analytics 4), advertising (Google AdSense — only after consent in GDPR/UK/EEA/BR/KR jurisdictions), and essential functionality (session, language preference, consent state). See the full cookie list.

4. Third-party processors

  • Vercel (hosting, edge cache, image optimisation) — USA. SCCs in place.
  • Supabase (database, auth) — EU servers (Frankfurt).
  • Resend (newsletter delivery) — USA. SCCs.
  • Upstash Redis (rate-limiting cache) — EU servers.
  • Google Analytics 4 + AdSense (analytics, advertising) — USA. Consent Mode v2 active in GDPR/UK/EEA jurisdictions.
  • Sentry (error monitoring, no PII) — USA. IP anonymised.
  • AI translation services (translation of editorial content only — no user data).

5. Retention

  • Newsletter email: until you unsubscribe (one-click in every email).
  • Comments: published until you delete your account or request removal.
  • Server/analytics logs: 30 days for raw, 26 months aggregated (GA4 default).

6. Your rights (universal)

  • Access: request a copy of personal data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: request deletion of your data (subject to legal retention).
  • Object & restrict: oppose processing for analytics/advertising.
  • Portability: receive your data in a machine-readable format.
  • Withdraw consent: at any time, without affecting prior lawfulness.

To exercise any of these, email info@thekoreancarblog.com. We respond within 30 days (GDPR / CCPA) or 45 days (CCPA, with one 45-day extension allowed).

7. EU / UK / EEA — GDPR specific notice

If you are in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK Data Protection Act 2018 give you additional rights:

  • Right to lodge a complaint with your supervisory authority — e.g. the BfDI (Germany), AEPD (Spain), CNIL (France), ICO (UK), or your local DPA in any other EU/EEA member state.
  • Right to opt out of automated decision-making (we do not perform any).
  • Cross-border transfers: Personal data transferred from the EU/EEA/UK to the United States is protected by Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914), and supplementary measures where required by Schrems II. A copy of the SCCs is available on request at info@thekoreancarblog.com.
  • Cookies and tracking pixels require opt-in consent — Google Consent Mode v2 starts in denied state until you accept via the cookie banner.

8. California — CCPA / CPRA notice

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: categories and specific pieces of personal information we collected, sources, business purposes and third parties with whom we shared it (last 12 months).
  • Right to delete: request deletion of personal information we collected.
  • Right to correct: request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: we do not sell personal information for monetary value, but advertising cookies (Google AdSense) may constitute "sharing" for cross-context behavioural advertising under CPRA. You can opt out anytime via Your Privacy Choices.
  • Right to limit use of sensitive personal information: we do not collect sensitive PI as defined by CPRA.
  • Right of non-discrimination: we will not deny services or charge different prices based on your exercise of these rights.

We honor the Global Privacy Control (GPC) signal as a valid opt-out request from California residents (Cal. Civ. Code § 1798.135).

9. Other US states

Residents of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Virginia (VCDPA), Oregon (OCPA), Montana (MTCDPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (INDPA), Delaware (DPDPA), New Hampshire and New Jersey have comparable rights to access, delete, correct and opt out of targeted advertising / sale. Use the same channels: info@thekoreancarblog.com and Your Privacy Choices.

9.a. Texas — TDPSA notice

Texas residents have specific rights under the Texas Data Privacy and Security Act (TDPSA, Tex. Bus. & Com. Code Ch. 541), which took effect July 1, 2024. The TDPSA applies to entities that conduct business in Texas or produce products or services consumed by Texas residents and process or sell personal data, regardless of revenue. We respect the following Texas-specific notices and rights:

  • Right to know: confirm whether we process your personal data and access it.
  • Right to correct inaccuracies in your personal data, taking into account the nature and purposes of processing.
  • Right to delete personal data provided by or obtained about you.
  • Right to portability: obtain a copy in a portable and, to the extent technically feasible, readily usable format.
  • Right to opt out of (i) targeted advertising, (ii) sale of personal data, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects. We do not sell personal data for monetary value, but cookie-based advertising (Google AdSense) may constitute targeted advertising under TDPSA. You can opt out via Your Privacy Choices or by enabling the Global Privacy Control (GPC) signal in your browser, which we honor as a valid opt-out.
  • Sensitive data notice: NOTICE: We may sell your sensitive personal data. — this notice is required by Tex. Bus. & Com. Code § 541.107(c) when applicable. We do NOT sell sensitive personal data. We also do not sell biometric data. The Site does not knowingly collect sensitive personal data of Texas residents.
  • Sale-of-data notice: NOTICE: We may sell your personal data. — required by § 541.107(b) when applicable. We do NOT sell personal data for monetary consideration. Targeted advertising via cookies may, however, constitute "sale" or "sharing" under the TDPSA's broad definitions; opt out via the link above.
  • Appeal process: if we decline to act on a request, you may appeal within a reasonable time by replying to our response email or writing to info@thekoreancarblog.com with subject "TDPSA Appeal". We will inform you of any action taken or not taken within 60 days. If your appeal is denied, you may contact the Texas Attorney General's Consumer Protection Division to submit a complaint.
  • Authorized agents: Texas residents may designate an agent to submit requests on their behalf. We will require proof of authorization (signed permission, power of attorney, or equivalent).

Texas-specific requests should be sent to info@thekoreancarblog.com with subject "TDPSA Request". We respond within 45 days as required by § 541.105(b), with one 45-day extension allowed upon notice.

10. Brazil — LGPD notice

Brazilian residents have rights under the Lei Geral de Proteção de Dados (Lei nº 13.709/2018), including access, rectification, anonymisation, portability and information about processing. Our Data Protection Officer (Encarregado): info@thekoreancarblog.com. You may also complain to the ANPD.

11. South Korea — PIPA notice

Korean residents have rights under the Personal Information Protection Act (PIPA) including access, rectification, deletion and processing suspension. Cookies and behavioural ads require explicit consent. Our Privacy Officer: info@thekoreancarblog.com. Complaints can be filed with the Personal Information Protection Commission (PIPC).

12. Right of Publicity / use of likeness

Editorial articles may include photographs, names, and likenesses of public figures (drivers, executives, designers, etc.) for newsworthy and commentary purposes consistent with the U.S. First Amendment and the right of publicity laws of applicable U.S. states (e.g. Cal. Civ. Code § 3344, N.Y. Civil Rights Law §§ 50–51). If you are an individual depicted in our content and believe your likeness has been used outside permitted uses, contact info@thekoreancarblog.com with subject "Right of Publicity request" and we will review.

13. Children's privacy (COPPA)

The Site is not directed to children under 13 (COPPA, 15 U.S.C. § 6501) and 16 (GDPR Art. 8). We do not knowingly collect personal data from minors below those ages.

Verifiable parental consent procedure: if we discover we have collected personal data from a child under 13 without verified parental consent, we will delete that data within 30 days. Parents who believe their child has submitted data can email info@thekoreancarblog.com with the subject "COPPA — parental request" and provide:

  • The child's username, email, or other identifier they may have used.
  • Proof of parental relationship (a signed declaration is acceptable).
  • The action requested (access, deletion, refusal of further collection).

We respond within 30 days. We do not condition a child's participation in any activity on disclosing more personal information than reasonably necessary, per 16 CFR § 312.7.

14. Changes to this policy

We may update this policy when our practices or applicable laws change. Material changes are notified via the homepage banner for at least 30 days before taking effect.

15. Contact

Privacy / data subject requests: info@thekoreancarblog.com
Data Protection Officer: info@thekoreancarblog.com
General contact: info@thekoreancarblog.com