Photo of the author, David Revoy with his cat named Noutti while drawing the first episodes of Pepper&Carrot.

Terms of service and Privacy

This document was added to the website in May 2018 in order to assure compliance with the General Data Protection Regulation; a regulation in the European Union on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

It is only available in English.

The websites (for the webcomic Pepper&Carrot) and (for the blog, articles, comments and shop) are both hosted in France and subject to this regulation.

Who we are

My name is David Revoy, founder/author/artist of Pepper&Carrot and I own the two websites published at the addresses and The sources of are available at and distributed under the GPL3.

The data (comments, avatars etc.) are not part of the Pepper&Carrot website, but part of the blog ( website). So, in the repository open-sourced of Pepper&Carrot, you won't find any personal data relative to the comments on the blog. Pepper&Carrot sources only contains this website's "engine".

The contributors to the project (listed here ), have the ability to modify the source code of the translations and engine of the websites, but they do not have access to the data that are collected on (aka "the comment system" of the blog: email, name, (cat)avatar(generated), IPs and logs).

Therefore, I, David Revoy, am the only responsible for managing your data collected on the mentioned websites. (There is an exception to that about "embedded content from other websites", see below.)

You can contact me at to discuss any issue in relation to your data displayed on the websites.

What personal data we collect, why we collect it, and how long we retain it

Comments on the blog

When visitors leave comments on the blog (, I collect the data shown in the comments form, and also the visitor’s IP address. The website also generate automatically a catavatar picture generated after the name of the commenter. The picture is kept on a cached directory that only the website can read.

If you leave a comment, the comment and its metadata are retained indefinitely, saved on a XML file. This is made so the website can recognize and approve any follow-up comments by you automatically instead of holding them in a moderation queue. Removing a comment or editing is not possible for the user via the web interface because the engine of the website PluXML (used for doesn't allow it. In case you want the modification or deletion of a comment, please just add another comment from the same machine (so I can see your IP, this prevents having someone else wanting to edit or delete your message) and ask David Revoy to edit or remove your comment. I'll do it manually as soon as possible.


The website Pepper&Carrot uses a single cookie stored on your webbrowser for one year. This cookie let your webbrowser remember your favorite "bookmark" language, and is totally optional. You can check yourself the content of the cookie by entering this address on the Firefox browser: chrome://browser/content/preferences/cookies.xul, then filter the website by entering peppercarrot. Navigating the website without cookies is not a problem.


The blog ( uses a session ID stored server side and represented by a temporary file named like a hash. This session ID allow continuity in the page you browse on the website and also allows to send data to the next page. It is used when you send a comment, so the next page can save the file and store it on the server in a XML file (the database of is 'flat'; file-based). The session ID expires in less than 24 hours and only have the purpose to be around for a single visit, after that a new one is generated. The comment system doesn't remember your name. If the field to enter a comment already proposes a name or an email, it is done only by your web browser.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. (eg. Embeding a Youtube video player).


I don't use any analytic services, so I can't sell the data of my visitors to anyone (I don't use Google Analytics or any other scripts that track you, you can check the source code of my page at any moment). The website doesn't do any automated decision based on the profile or on the user data. Pepper&Carrot website and Davidrevoy blog looks the same for all visitors. The layout changing of aspect accross devices is only done with 'Media-Queries'; a built-in CSS function that redirect a set of layout rules depending of the size of the monitor detected. I don't have access to this sizes.

Server logs

The hosting company I choosed for the two websites, OVH and domain-name registrar Gandi own respectively the machine where the websites are hosted and their internet addresses. These companies offers me the access to read the logs of the machine. They even proposes an interface to make diagrams with them and read them more easily. I am −David Revoy− the only possessor of the account to access such information. Administrator at OVH and Gandhi might also have access to read this logs, it is their own machine afterall. The graphic you might see me posting online when I speak about my audience, website visits, etc... are based on this data and tools provided by my hosting services and not on a third parties analytic service.

How I protect your data

The data files (email, name, avatar, IP when you leave while commenting; the log of the website) are protected and the files can be accessed only via FTP/SSH with code access of the server. I am the only person with this access right now. It is not possible to access this directories via public access.

What data breach/moderation procedures we have in place

As I don't collect any sensible information about our visitors (only IP and email(optional) for the comment system) a big hack of our database wouldn't affect really our end-user. In the worst case, a leak of emails adresses and IPs can happen. No password can be stolen as no password will ever be asked for leaving a comment on www.peppercarrot or In case of getting evidence of impersonation through the comments by impersonating both email and IP, or in case of the modification of the content of your comment by someone else, I have access to moderate the comment.

Thank you for reading.

Contact information:

Note: the source of this document is the markdown file available at the root of