Privacy policy

Privacy Policy

Last updated: October 8, 2025

Kannaco LLC (“Kannaco,” “we,” “us,” “our”) operates the direct-to-consumer retail website https://www.KannacoCBD.com (the “Website”) and related communications, fulfillment, and support channels (collectively, the “Services”).

We design, formulate, and sell professional-grade CBD wellness products directly to individual consumers seeking natural topical options and everyday wellness support.

Plain-English Quick Summary

  • We collect only what we need to process orders, deliver products, provide support, personalize your experience, and improve our Services.
  • We do not sell your personal information for money. Limited analytics/advertising features may constitute “sharing” under certain state laws. You can opt out anytime.
  • Payments are handled by third-party processors; we never store your full card numbers.
  • Our store runs on Shopify, which uses cookies/identifiers for core functionality and analytics. You can manage your preferences.
  • Your rights may include access, deletion, correction, portability, and opt-outs from sale/sharing/targeted ads.
  • We use administrative, technical, and physical safeguards to protect data, though no system is perfectly secure.
  • This website is not intended for patient data or PHI; please do not submit health information.

Notice at Collection

We collect the categories of personal information below and use them for the purposes described. Retention periods vary based on operational, legal, and security needs.

Categories of Personal Information Collected and Disclosed

  • Identifiers (name, email, phone, billing/shipping address, account ID)
    Purpose: account setup, fulfillment, communication, support, and marketing.
    Disclosure: payment, e-commerce, logistics, and marketing partners.
    Retention: life of account or up to 7 years for recordkeeping.
    Opt-out: may be “shared” for advertising analytics; you can opt out.

  • Commercial Information (order history, returns)
    Purpose: fulfillment, support, warranty, forecasting.
    Disclosure: Shopify, carriers, accounting systems.
    Retention: 7 years.

  • Payment Information (billing details, tokenized card data)
    Purpose: secure payments, fraud prevention.
    Disclosure: payment gateways, fraud tools.
    Retention: per processor policy. We never store full card numbers.

  • Internet/Device Data (IP, device/browser, usage)
    Purpose: security, analytics, performance, personalization.
    Disclosure: Shopify, analytics/marketing platforms.
    Retention: 12–24 months. Opt-out available.

  • Support Communications (emails, forms)
    Purpose: customer service, quality, dispute resolution.
    Disclosure: CRM/helpdesk providers.
    Retention: case life + 3 years.

  • Marketing Preferences (subscriptions, engagement)
    Purpose: send updates/offers; manage unsubscribes.
    Disclosure: email/SMS and marketing platforms.
    Retention: until unsubscribe + 24 months.

What We Collect & Why (Detailed)

  1. Information You Provide: contact info; account credentials; order details; communications and feedback.

  2. Automatically Collected Information: usage data via cookies, pixels, SDKs, and logs for functionality, security, analytics, and (where lawful/consented) advertising measurement. Shopify powers our store. See Shopify’s Cookie Policy.

  3. Information from Third Parties: Shopify (hosting/checkout), payment gateways, shipping carriers, analytics/advertising tools.

How We Use Personal Information

  • Fulfillment: process and deliver orders, returns, and refunds.
  • Customer Support: respond to inquiries and provide assistance.
  • Security: detect fraud, abuse, and unauthorized access.
  • Improvement: enhance products, site usability, and customer experience.
  • Compliance: tax, accounting, legal requirements, and recalls.
  • Marketing: send offers and education with your consent where required.
  • Advertising/Analytics: limited cookie-based measurement or retargeting (opt-out available).

We do not use sensitive personal information (e.g., health, precise geolocation, government ID) to infer characteristics about you.

Cookies, Pixels & Your Controls

  • Manage cookies in your browser and via our on-site preferences (where provided).
  • Global Privacy Control (GPC): valid signals are treated as opt-outs of “sale”/“sharing” where required.
  • Universal Opt-Out: state-recognized mechanisms (e.g., Colorado) are honored where applicable.
  • Do Not Track: no uniform standard; we honor legally recognized signals where required.
  • Some cookies are strictly necessary for cart/checkout and security.

When We Disclose Information

  • Service providers and processors: e-commerce/hosting, payments, fraud tools, shipping, CRM/helpdesk, IT/security, analytics/advertising, accountants/auditors.
  • Business partners: where you opt in or instruct us.
  • Authorities and legal: to comply with law, respond to lawful requests, enforce terms, protect rights and safety.
  • Corporate transactions: merger, acquisition, financing, or bankruptcy (data may be transferred).

We do not permit vendors to use your data for their own independent purposes without your consent or a legal requirement.

Sale/Sharing and Advertising Opt-Out

  • We do not sell personal information for money.
  • Certain analytics/advertising features (e.g., Shopify Audiences, Meta, Google Ads) may constitute “sharing.”
  • Opt out via the Your Privacy Choices link on our site, cookie preferences, and by sending a GPC signal.
  • Opt-outs apply per browser/device/session and, if authenticated, to your account.

Payments

Payments are processed by third-party gateways that receive your payment details directly and return a token/confirmation to us. We do not store full card numbers. Please review your payment provider’s privacy notice for more information.

Security

We implement reasonable administrative, technical, and organizational measures (e.g., encryption in transit, access controls, vendor diligence) to protect personal information. No online system is perfectly secure—use strong passwords and contact us promptly about any suspected unauthorized activity.

Retention

 

Data Type Retention Period
Orders / Financial Records 7 years
Site Logs / Analytics 12–24 months
Customer Support Cases Case life + 3 years
Marketing Data Until unsubscribe + 24 months

Your Privacy Rights

  • Access/Know, Delete, Correct, and Portability rights.
  • Opt out of sale/sharing/targeted advertising and certain profiling.
  • Limit use/disclosure of sensitive personal information (where applicable; we already limit such use).
  • Appeal a decision on your privacy request where state law provides an appeal right.

How to exercise your rights: use our Your Privacy Choices link, manage cookies, send a GPC signal, or email hello@kannaco.co with the subject “Privacy Request.” We will verify your identity and respond within required timelines. You may designate an authorized agent with written permission and identity verification.

EEA/UK Addendum (GDPR)

Where EU/UK GDPR applies, Kannaco LLC is the data controller.

  • Legal bases: contract (Art. 6(1)(b)); legitimate interests (6(1)(f)) including security/fraud/analytics; consent (6(1)(a)) for marketing/cookies; legal obligation (6(1)(c)).
  • Transfers: personal data may be transferred to the U.S. using appropriate safeguards (e.g., Standard Contractual Clauses).
  • GDPR rights: access, rectification, erasure, restriction, objection, portability, and complaint to your supervisory authority.

GDPR contact: hello@kannaco.co (subject: “GDPR Request”).

Children & Teens

Our products and Services are intended for adults aged 21 and older. We do not knowingly collect or sell/share personal information of minors under 16. If you believe a child has provided information, contact hello@kannaco.co for deletion.

Third-Party Sites

Our Website may link to third-party services with their own privacy practices. Review their policies. For Shopify’s privacy resources, visit Shopify Privacy.

Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects solely by automated means. Automated fraud/risk tools may be used with human oversight.

Changes to This Policy

We may update this Policy to reflect changes in practices or law. Updates take effect upon posting with a new “Last updated” date. If changes are material, we will provide additional notice or seek consent where required.

Contact Information

Kannaco, LLC
dba Kannaco Wellness / Kannaco CBD
18913 West 158th Street
Olathe, KS 66062
United States
Email: hello@kannaco.co
Website: https://www.KannacoCBD.com