Platform Compliance and Privacy
Last updated 49 days ago
What are you looking for?
Kanorio's client websites are hosted on the Cloudflare platform. Cloudflare is a world-class cloud and network security provider whose platform has passed multiple international certifications and complies with major privacy regulations. The following explains what these certifications and commitments mean for you and your visitors.
What are GDPR and CCPA?
Before introducing Cloudflare's commitments, let's quickly understand two major privacy regulations:
- GDPR (General Data Protection Regulation): The EU's General Data Protection Regulation, effective since 2018. It governs how companies collect, process, and store personal data of EU residents, requiring transparency, legality, and clear purpose, while granting individuals the right to access, correct, and delete their personal data. Violators may face hefty fines.
- CCPA (California Consumer Privacy Act): California's Consumer Privacy Act, effective since 2020. It grants California residents the right to know (what data businesses collect), the right to opt-out (of the sale of their data), and the right to deletion, among others. Many US companies adjust their privacy policies for all users nationwide to comply with CCPA.
Even if your visitors are primarily from Taiwan or Asia, complying with GDPR and CCPA signifies a higher standard of privacy protection for the platform, which benefits all users.
Data Processing Addendum (DPA)
DPA (Data Processing Addendum) is a supplementary agreement between a cloud service provider and its clients, clearly stipulating:
- How the service provider processes client data (including visitor data)
- Data storage locations, retention periods, and deletion methods
- Specific commitments to comply with regulations like GDPR and CCPA
- Notification and handling procedures in case of a data breach
Cloudflare provides a DPA, signifying its commitment to process data in compliance with international privacy regulations. Since Kanorio relies on Cloudflare for website hosting, the underlying data processing is protected at a regulatory level.
SOC 2 Type II
SOC 2 (Service Organization Control 2) is an auditing standard for service organizations developed by the American Institute of Certified Public Accountants (AICPA). It assesses the effectiveness of a company's controls in areas such as security, availability, processing integrity, confidentiality, and privacy.
- Type I: Audits whether the control design is reasonable at a specific point in time.
- Type II: Audits whether the controls have been continuously and effectively operating over a period (typically 6-12 months), which is more rigorous.
Cloudflare's attainment of SOC 2 Type II certification means its platform's security and privacy controls have been independently audited by a third party and confirmed to meet industry standards. This audit covers the infrastructure used by both its free and paid plans.
ISO 27001
ISO 27001 is an Information Security Management System (ISMS) certification established by the International Organization for Standardization (ISO). Organizations that achieve this certification must establish and continuously maintain:
- Risk assessment and treatment processes
- Control measures such as access control, password policies, and physical security
- Incident response and business continuity plans
- Regular internal audits and management reviews
Cloudflare's ISO 27001 certification indicates that its cloud infrastructure has systematic security management processes, rather than relying solely on point-in-time technical solutions.
No Sale of Personal Data
Cloudflare explicitly commits: We do not sell personal data. Its privacy policy and business model do not rely on selling user or visitor data. Data is used solely for providing and improving services (such as CDN, security protection, and analytics) and is not resold to advertisers or third parties.
This means your and your visitors' data will not be used by Cloudflare for purposes outside the scope of your services.
Frequently Asked Questions
Yes. Although GDPR and CCPA primarily regulate the EU and California, compliance with these regulations signifies a higher standard of privacy and security for the platform. Furthermore, SOC 2 and ISO 27001 are internationally recognized security certifications that are meaningful to users worldwide.
Kanorio's client websites are hosted on the Cloudflare platform, thus benefiting from Cloudflare's certifications and commitments. Kanorio itself also implements security measures at the application layer (e.g., accounts, editor, database). For details, please refer to Web and Account Protection.