Visitor Privacy and Data Handling
When running a website, you typically want to know how many people visit and which pages are popular; visitors, in turn, care about how their data is used. Kanorio's design principle is to use necessary data to provide and improve services, while allowing site owners to offer a Cookie consent option as needed.
This page explains the relationship between Kanorio's built-in analytics, Cookies, third-party tracking, and infrastructure privacy safeguards. This is not legal advice; if your website has specific regulatory, industry, or cross-border data requirements, please consult with a qualified legal professional.
What Kanorio's Built-in Analytics Tracks
Built-in analytics primarily serve to show overall website usage trends, such as pageviews, visitor sources, popular pages, and button interactions. Its purpose is to help you determine if your website content is effective, not to identify individual visitors.
Raw IP addresses are anonymized. In simple terms, a portion of the directly identifiable information is removed, rather than storing the full raw IP as general analytics data. Some aggregated statistics may still use information like general region, device, or source to help you understand overall traffic.
Cookie Consent and Returning Visitor Identification
Cookies are small pieces of data that websites temporarily store in your browser. If you enable the Cookie Consent Banner on your site, visitors can choose to accept all Cookies or only necessary ones.
When a visitor has not consented to analytics Cookies or has chosen to accept only necessary Cookies, Kanorio will not store analytics identifiers used to recognize returning visitors. The website can still retain anonymous, aggregated traffic statistics, so reports won't completely stop, but these visits won't be treated as identifiable returning visitor data.
The Cookie Consent Banner is a feature that website owners must enable themselves. Whether to enable it depends on your visitors' locations, tracking tools, and data handling practices, and cannot be determined by a single switch for all regulatory scenarios.
Who is Responsible for Third-Party Tracking Tools
You can connect services like Google Tag Manager, Google Analytics, Meta Pixel, or others yourself. These services are not part of Kanorio's built-in analytics and may have their own Cookies, data usage policies, and privacy policies.
Before enabling them, we recommend that you:
- Read the service provider's privacy policy and data usage information.
- Ensure your own privacy policy accurately informs visitors.
- Enable the Cookie Consent Banner based on your visitors' locations and actual usage.
- Avoid including sensitive personal data in tracking events, URL parameters, or tag names.
For setup steps, please read Third-Party Tracking Setup.
Kanorio's Basic Commitment to Personal Data
According to Kanorio's Privacy Policy, we do not sell personal data, nor do we share it for cross-context behavioral advertising. Data may still be processed by contracted service providers for purposes such as service delivery, payment, sending emails, analytics, or security.
This means "not selling" does not imply data will never be processed by any service; rather, data will only be used by the relevant service providers to the extent necessary for providing, maintaining, and protecting services.
Cloudflare's Platform-Level Safeguards
Kanorio's public website is served by Cloudflare. Cloudflare publicly states that its platform has third-party certifications such as SOC 2 Type II and ISO 27001, and offers a Data Processing Addendum (DPA).
- SOC 2 Type II: An independent auditor reviews whether a service provider's security, confidentiality, and availability controls have been consistently operating over a period.
- ISO 27001: An international standard for information security management, requiring organizations to continuously manage risks and security procedures.
- DPA (Data Processing Addendum): Outlines the responsibilities and safeguards for service providers when processing personal data on behalf of clients.
These certifications and commitments belong to the Cloudflare platform and do not mean Kanorio itself holds SOC 2 or ISO 27001 certifications. You can view their public information on the Cloudflare Trust Hub.
GDPR, CCPA, and Your Website
GDPR is the EU's regulation on the protection of personal data; CCPA is California's privacy law in the US. Both require websites to inform users about data usage appropriately and provide choices or rights in certain circumstances.
Even if your primary audience is in Taiwan, you may have international visitors. Whether specific regulations apply will depend on the markets you serve, the data you collect, the third-party tools you use, and your legal status. Kanorio provides tools and information like Cookie consent and privacy policies, but you still need to make informed decisions and ensure compliance based on your specific situation.
Frequently Asked Questions
Kanorio's public website uses Cloudflare infrastructure, which has publicly available certification information. However, this does not mean Kanorio itself holds SOC 2 or ISO 27001 certification. The certifications mentioned in the article belong to the respective service providers.
Not necessarily. Applicability depends on your visitors, business, data usage, and legal status. If your website uses third-party tracking or targets international visitors, it's advisable to understand the relevant regulations and seek assistance from legal professionals if necessary.
If you enable the Cookie Consent Banner, Kanorio will not store analytics identifiers that recognize returning visitors when they do not consent to analytics Cookies. Anonymous, aggregated service statistics may still exist; tracking by third-party tools you've enabled separately will depend on that tool's settings.
No. The banner is a tool to help inform and provide choices; it does not replace privacy policies, data handling decisions, or legal advice.