Cannki Kicker
Last Updated: October 25, 2024

Privacy Policy

Your privacy is our priority. Learn how we collect, use, and protect your information with complete transparency.

GDPR Compliant
Bank-Level Security
Your Data, Your Control
Introduction

Cannki Kicker ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business formation and compliance services, visit our website at cannkikicker.com, or interact with us in any way. By using our services, you agree to the collection and use of information in accordance with this policy. This policy applies to all users of our services in Pakistan, the United States, and worldwide.

1. Information We Collect

We collect various types of information to provide, maintain, and improve our business formation and compliance services:

1.1 Personal Information You Provide

When you create an account or use our services, you provide:

  • Identity Information: Full name, date of birth, Social Security Number (SSN), Individual Taxpayer Identification Number (ITIN), government-issued ID numbers, passport information, driver's license, and other identification documents required for business formation and tax services
  • Contact Information: Email address, phone number, mobile number, mailing address, physical address, business address, and emergency contact details
  • Business Information: Business name, Employer Identification Number (EIN), Tax ID, business structure type (LLC, Corporation, etc.), industry classification, business address, registered agent details, formation documents, ownership information, member/officer details, and beneficial ownership information
  • Financial Information: Credit/debit card numbers, bank account details, routing numbers, billing address, payment history, tax return information, financial statements, and transaction records
  • Account Credentials: Username, password, security questions and answers, passkey authentication data (WebAuthn), two-factor authentication codes, and session tokens
  • Communication Data: Email correspondence, support tickets, phone call recordings (with consent), chat transcripts, messages sent through our platform, and feedback
  • Documents: Operating agreements, articles of organization/incorporation, bylaws, resolutions, contracts, tax returns, W-9 forms, identification documents, trademark applications, and other business-related files you upload
  • Preferences and Settings: Notification preferences, dashboard configuration, language preferences, timezone, role selections, and permission settings

1.2 Information Collected Automatically

When you access our website or use our services, we automatically collect:

  • Device Information: IP address, browser type and version, device type (desktop, mobile, tablet), operating system, unique device identifiers, mobile network information, and hardware model
  • Usage Data: Pages viewed, time spent on pages, links clicked, features used, search queries, referring/exit pages, clickstream data, navigation patterns, and interaction history
  • Location Data: Approximate location based on IP address, precise location (with permission), timezone, and language/regional preferences
  • Session Information: Login times, session duration, logout times, last login date, concurrent sessions, activity timestamps, and external authentication IDs (from accounts.cannki.com)
  • Cookies and Tracking: Session cookies, persistent cookies, web beacons, pixels, local storage data, and other tracking technologies (see Section 6 for details)

1.3 Information from Third Parties

We receive information about you from third-party service providers that help us deliver our services:

  • Authentication Service (accounts.cannki.com): User authentication data, external user IDs, email verification status, and single sign-on (SSO) session information via our Logto instance
  • Billing Service (billings.cannki.com): Payment information, subscription status, billing history, and external billing customer IDs from our Lago-compatible billing system
  • Identity Verification (Veriff): KYC verification results, document authentication data, facial recognition data, fraud risk assessments, and identity verification status
  • Payment Processors: Transaction confirmation, payment method details, and fraud detection information from Stripe, PayPal, JazzCash, EasyPaisa, Cash App, and banking partners
  • Government Agencies: Public business records, filing confirmations, EIN issuance, trademark status, and compliance status from IRS, state Secretary of State offices, USPTO, and FinCEN
  • Address Verification (Smarty): Validated address information, address autocomplete data, and address standardization from SmartyStreets
  • Tax Services (TaxBandits): Tax filing status, IRS acceptance/rejection notices, and e-filing confirmations
  • Credit Reporting: Business credit scores, payment history, and credit profile information for credit building services

2. How We Use Your Information

We use the information we collect for various legitimate business purposes:

Service Delivery
  • • Process LLC/Corporation formations
  • • File EIN and ITIN applications
  • • Submit documents to government agencies
  • • Provide registered agent services
  • • Prepare and file tax returns
  • • Manage compliance and annual reports
  • • Process BOI filings with FinCEN
  • • Handle trademark applications
Account Management
  • • Create and manage your account
  • • Authenticate via accounts.cannki.com
  • • Process payments via billings.cannki.com
  • • Provide customer support
  • • Send service notifications via email/SMS
  • • Manage subscriptions and renewals
  • • Enable two-factor authentication
  • • Support passkey authentication
Security & Compliance
  • • Verify identity (KYC/AML via Veriff)
  • • Prevent fraud and abuse
  • • Comply with legal obligations
  • • Enforce terms and policies
  • • Protect against security threats
  • • Monitor via Sentry error tracking
  • • Conduct internal audits
  • • Respond to legal requests
Communication
  • • Send transactional emails and SMS
  • • Provide real-time updates via WebSocket
  • • Deliver status notifications
  • • Respond to support tickets
  • • Send service announcements
  • • Share marketing (with consent)
  • • Conduct surveys
  • • Send physical mail via LOB API
Platform Improvement
  • • Analyze usage patterns
  • • Improve service functionality
  • • Develop new features
  • • Personalize user experience
  • • Optimize performance
  • • Test new services
  • • Debug issues
  • • Train staff (aggregated data only)
Business Operations
  • • Process billing and invoicing
  • • Manage vendor relationships
  • • Conduct business analytics
  • • Prepare financial reports
  • • Handle legal proceedings
  • • Maintain business records
  • • Comply with tax obligations
  • • Store documents on AWS S3

AI-Powered Services

We use artificial intelligence services to enhance our platform and provide intelligent features:

  • Document Processing: Google Cloud Vision OCR for extracting data from uploaded documents
  • Intelligent Assistance: OpenAI GPT-4, Anthropic Claude, and Google Gemini for chatbot support and form guidance
  • Content Generation: AI-assisted completion of business documents and filings
  • Tax Assistance: Intelligent tax preparation guidance and recommendations
  • Compliance Monitoring: Automated alerts and deadline tracking

Important: Your data is never used to train third-party AI models. We use enterprise agreements that strictly prohibit data retention and training by AI service providers.

3. How We Share Your Information

We Do Not Sell Your Personal Information

Cannki Kicker does not and will never sell your personal information to third parties for their marketing purposes. We only share your information as described below.

3.1 Service Providers and Partners

We share information with trusted third-party service providers who help us deliver our services:

Authentication:

accounts.cannki.com (Logto) for SSO

Billing:

billings.cannki.com (Lago-compatible)

Payments:

Stripe, PayPal, JazzCash, EasyPaisa, Cash App

Identity Verification:

Veriff for KYC/AML

Cloud Storage:

AWS S3 for secure files

Real-Time Communication:

Laravel Reverb WebSockets

Monitoring:

Sentry for error tracking

Mailing:

LOB API for physical mail

Address Verification:

Smarty (SmartyStreets)

Tax Services:

TaxBandits for IRS e-filing

AI Services:

OpenAI, Anthropic, Google (no training)

OCR Processing:

Google Cloud Vision

3.2 Government Agencies and Legal Requirements

We share information with government agencies as required to provide our services or comply with legal obligations:

  • • State filing offices for LLC/Corporation formations and compliance
  • • Internal Revenue Service (IRS) for EIN/ITIN applications and tax filings
  • • FinCEN for Beneficial Ownership Information (BOI) reporting
  • • USPTO for trademark applications
  • • Law enforcement when required by valid legal process
  • • Regulatory bodies in Pakistan and the United States
  • • Courts, arbitrators, and legal counsel in litigation

3.3 Business Transfers

If Cannki Kicker is involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or your choices regarding your information.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent, such as when you authorize us to share information with your accountant, attorney, or business partners.

3.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, including statistical data about usage patterns, industry trends, and service analytics.

4. Data Security

We implement comprehensive security measures to protect your information:

Encryption
  • • TLS/SSL encryption for data in transit
  • • AES-256 encryption for data at rest
  • • Encrypted database backups
  • • End-to-end encryption for sensitive documents
  • • Secure key management via AWS KMS
Access Controls
  • • Multi-factor authentication (2FA/MFA)
  • • Passkey authentication (WebAuthn)
  • • Role-based access control (RBAC)
  • • Regular access reviews and audits
  • • Principle of least privilege
Infrastructure Security
  • • Secure cloud hosting (AWS)
  • • Firewalls and intrusion detection
  • • DDoS protection
  • • Regular security patches
  • • Isolated production environments
Operational Security
  • • Employee security training
  • • Background checks for staff
  • • Incident response procedures
  • • Regular security audits
  • • Penetration testing

Security Limitations

While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and must notify us immediately of any unauthorized access.

5. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

5 Years
Standard Business Records

Account information, formation documents, compliance records, service history, and customer communications are retained for up to 5 years after account closure or service completion, as required by business record-keeping regulations in Pakistan and the United States.

7 Years
Tax and Financial Records

Tax returns, EIN/ITIN applications, bookkeeping records, invoices, payment records, and other financial documents are retained for 7 years to comply with IRS and tax authority requirements.

90 Days
Usage and Analytics Data

Non-essential usage logs, analytics data, session information, and temporary cache data are typically deleted after 90 days unless needed for security investigations.

30 Days
Deleted Account Data

When you delete your account, most data is immediately removed from active systems. Backup copies may persist for up to 30 days before permanent deletion. Some information may be retained longer if required by law or for fraud prevention.

Indefinite
Legal Hold and Disputes

Information subject to legal holds, litigation, regulatory investigations, or ongoing disputes is retained until the matter is resolved and all retention periods have expired.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Required for basic site functionality. Cannot be disabled.

  • • Authentication and session management
  • • Security and fraud prevention
  • • Load balancing
  • • Site preferences
Analytics Cookies

Help us understand how you use our site.

  • • Page views and navigation
  • • Feature usage tracking
  • • Error monitoring (Sentry)
  • • Performance metrics
Functional Cookies

Enable enhanced functionality and personalization.

  • • Language and region preferences
  • • Dashboard customization
  • • Form auto-fill data
  • • Notification preferences
Marketing Cookies

Used to deliver relevant advertisements (with consent).

  • • Ad targeting and retargeting
  • • Campaign effectiveness
  • • Social media integration
  • • Conversion tracking

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may impact site functionality. Most browsers allow you to:

  • • View and delete cookies
  • • Block third-party cookies
  • • Block all cookies (not recommended)
  • • Clear cookies when closing browser

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

Request a copy of your personal information in a structured, machine-readable format. Download your data through your account dashboard or contact us.

Correction

Request correction of inaccurate or incomplete personal information. Update your profile directly or contact support for assistance.

Deletion

Request deletion of your personal information, subject to legal retention requirements. Some data may be retained for compliance, tax, or legal purposes.

Restriction

Request restriction of processing in certain circumstances, such as while we verify accuracy or assess legitimate grounds for processing.

Object

Object to processing based on legitimate interests or for direct marketing purposes. We'll stop processing unless we have compelling legitimate grounds.

Withdraw Consent

Withdraw consent for processing at any time. This won't affect the lawfulness of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • • Email: support@cannkikicker.com (Subject: "Privacy Rights Request")
  • • Phone: (555) 123-4567
  • • Account Dashboard: Privacy Settings section

We'll respond to your request within 30 days. We may need to verify your identity before processing your request.

8. International Data Transfers

Cannki Kicker operates in Pakistan and the United States. Your information may be transferred to, stored in, and processed in countries other than your own:

Data Processing Locations

  • Pakistan: [REGISTERED ADDRESS - PAKISTAN] - [COMPANY LEGAL NAME - PAKISTAN]
  • United States: [REGISTERED ADDRESS - USA] - [COMPANY LEGAL NAME - USA]
  • Cloud Servers: AWS data centers in US regions
  • Service Providers: Various locations as described in Section 3

Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards:

  • • Standard contractual clauses approved by regulatory authorities
  • • Adequacy decisions where applicable
  • • Binding corporate rules for internal transfers
  • • Encryption during transfer and storage
  • • Compliance with GDPR, CCPA, and local data protection laws

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

10. Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

  • We'll notify affected users within 72 hours of discovering the breach
  • Notification will include the nature of the breach and affected data
  • We'll provide guidance on protective measures you can take
  • We'll notify appropriate regulatory authorities as required by law

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We'll update the "Last Updated" date at the top of this policy
  • Significant changes will be communicated via email to active users
  • Material changes may require your re-consent
  • Continued use after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us About Privacy

Have questions about our privacy practices or want to exercise your rights? We're here to help.

Email

support@cannkikicker.com

Subject: "Privacy Inquiry"

Phone

(555) 123-4567

Mon-Fri, 9 AM - 6 PM EST

Headquarters

New York, NY

United States