Kannaco, LLC Wholesale Privacy Policy

Last updated: October 8, 2025
Who we are: Kannaco LLC (“Kannaco,” “we,” “us,” “our”)
Scope: This policy covers personal information we collect through our wholesale site https://www.wholesale.kannacocbd.com, related sub‑pages, and our communications, fulfillment, and support channels (collectively, the “Services”).

We provide wholesale products to licensed health & wellness professionals and their associated business. The Services are not intended for consumers/patients.

Plain-English Quick Summary

• Data Collection: Personal and business information is collected only as needed to verify professional accounts, process orders, provide support, and improve our services.
• Sale or Sharing: Information is not sold for money; however, limited data may be “shared” for advertising or analytics, as defined by certain U.S. state privacy laws. Opt-out options are always available, including honoring Global Privacy Control (GPC) signals where required.
• Verification: License or certification details may be collected to confirm eligibility for wholesale purchasing.
• Payment Security: Payments are managed by third-party processors. Full card numbers are never stored by us.
• Use of Shopify: The store is powered by Shopify, which uses cookies and online identifiers. For further details about platform-specific cookie practices, refer to Shopify’s disclosures.
• Your Rights: Individuals have the right to access, delete, correct, and opt out of sale/sharing/targeted advertising features, as well as additional rights depending on region. An appeals process is provided.
• Data Security: Reasonable administrative, technical, and physical safeguards protect data, though no system can guarantee complete security.
• HIPAA Disclaimer: This site is not intended for patient data or protected health information (PHI); do not submit patient information through the site.

“Notice at Collection” (California & similar jurisdictions)

We collect the following categories of personal information and use them as described. Retention is based on the periods below or as required by tax, accounting, fraud‑prevention, and legal obligations.

Categories of Personal Information Collected and Disclosed

We disclose the following categories of personal information for our business purposes:

Identifiers
We collect and use identifiers (name, business email, phone, address, account ID) for account setup, verification, fulfillment, support, and compliance. These may be disclosed to our e-commerce, payment, and logistics partners. We do not sell these for money, but they may be shared for advertising purposes unless you opt out. Retention is for the account’s duration plus up to seven years.

Professional or Business Information
We collect business credentials (license number, NPI, business/tax documentation) to verify wholesale eligibility and regulatory compliance. Disclosure may occur to third-party verification and compliance partners. Not sold or shared for advertising. Retained until verification and audits are complete (up to seven years).

Commercial History
Information about orders, refunds, and invoices is collected for fulfillment, accounting, warranty, and forecasting, and disclosed to e-commerce and logistics providers. Not sold or shared for advertising. Retained for seven years.

Payment Information
Payment data (tokenized card details, billing information) is collected for secure payments and fraud prevention and disclosed to payment gateways and fraud prevention providers. Not sold. Full card numbers are never stored; tokenized data retained per processor’s policy.

Internet or Device Data
IP address, browser/device type, and site usage data may be collected to enhance site security, analytics, personalization, and consent management. Disclosed to hosting, analytics, and advertising providers. May be shared for targeted advertising unless you opt out. Retained 12–24 months.

Support Content
Support-related information (emails, forms, call notes) is used for case resolution, training, quality assurance, and legal claims and may be disclosed to CRM providers and legal advisors when necessary. Not sold or shared for advertising. Retained for the case life plus three years.

Marketing Preferences
Marketing data (subscriptions, open/click activity) is used to send relevant updates and manage unsubscribes. May be disclosed to marketing, email/SMS, and analytics providers. May be shared for advertising unless you opt out. Retained until unsubscribe plus 24 months.

You have the right to opt out of cross‑context behavioral advertising—for details, see our “Do Not Sell or Share My Personal Information” section.

“Sale” and “Share” are defined by state privacy laws. We do not sell your personal information for money. Where our use of advertising/analytics is considered a “share” (or “sale” under broad definitions), you can opt out via Your Privacy Choices and/or by using a recognized browser signal (e.g., GPC). We honor required opt‑out signals where applicable (e.g., CA/CO). (California DOJ)

What We Collect & Why (Details)

1) Information you provide

• Account & identity: name, business contact details, password, role/title.
• Professional verification: license/certification, NPI (if applicable), tax/reseller certificates, business identifiers.
• Orders & fulfillment: shipping/billing info, purchase details, communications.
• Support & surveys: content of messages, feedback, and forms.

2) Information from devices/cookies

We automatically collect Usage Data (IP, device/browser, pages viewed, events, referral, and similar) through cookies, pixels, SDKs, and logs for security, functionality, analytics, and (if you allow/where lawful) ad measurement. Our store is powered by Shopify. For cookies specific to Shopify services, see Shopify’s Cookie Policy. (Shopify)

3) Information from third parties

• E‑commerce & hosting providers (Shopify)
• Payment & fraud prevention
• Professional verification services
• Shipping/logistics
• Analytics & advertising partners (as configured)
• Marketing tools (email/SMS)
  Where we use Shopify Audiences or similar services, you can opt out of “sale”/“sharing” for targeted ads as required by state law; Shopify provides controls to help merchants honor such requests. (Shopify Help Center)

How We Use Personal Information

• Provide the Services (account setup, professional verification, orders, shipping/returns, support).
• Security, fraud & abuse prevention (account integrity, risk scoring, abuse detection).
• Business operations (forecasting, product improvement, debugging, training, quality assurance).
• Compliance (tax, accounting, legal claims, recalls).
• Communications (transactional emails/SMS; service announcements).
• Marketing (with your consent where required): send updates; tailor content; measure performance.
• Advertising/analytics: limited use of cookies/identifiers for reach/measurement or cross‑context behavioral advertising only where lawful and with required opt‑outs.

We do not use or disclose “sensitive” personal information (e.g., government ID, precise geolocation, health data) for the purpose of inferring characteristics about you.

Cookies, Pixels & Your Controls

• Manage cookies in your browser and via our on‑site preferences panel (where provided).
• Global Privacy Control (GPC): When we detect a valid GPC signal, we treat it as an opt‑out of “sale”/“sharing” for the specific browser/session as required by applicable law. (California DOJ)
• Universal Opt‑Out (Colorado): We honor state‑recognized universal opt‑out mechanisms for “sale”/targeted advertising where required (Colorado recognizes GPC). (IAPP)
• Some strictly necessary cookies are required to provide the Services (security, authentication, cart/checkout).
• For Shopify‑specific cookies used to power stores, refer to Shopify’s Cookie Policy. (Shopify)

Do Not Track (DNT): Industry standards for DNT are not uniform; however, we honor recognized GPC/universal signals where the law requires. (California DOJ)

When We Disclose Information

We disclose personal information to:

• Service providers & processors (e‑commerce/hosting, payments, fraud tools, shipping, CRM/helpdesk, IT/security, analytics/advertising, accountants/auditors).
• Business partners (e.g., where you instruct or consent, such as integrations you enable).
• Affiliates (intra‑group processing, subject to this Policy).
• Authorities & legal (to comply with law, respond to lawful requests, enforce terms, protect safety/rights).
• Corporate transactions (merger, acquisition, financing, or bankruptcy—your data may be transferred).

We do not allow vendors to use your information for their own independent purposes unless you consent or it’s required by law.

“Sale”/“Sharing” and Targeted Advertising

• No sale for money.
• We may “share” identifiers and internet activity with advertising/analytics partners to measure performance or show relevant ads across sites (cross‑context behavioral advertising). Where the law treats this as a “sale” or “sharing,” you can opt out via our Your Privacy Choices link, cookie settings, and by sending a GPC signal. We apply opt‑outs to the browser/device, and—if authenticated—to your account. (California DOJ)
• Shopify Audiences: If enabled, we will configure customer opt‑out controls consistent with state privacy laws (e.g., CA/CO/CT/VA/NJ). (Shopify Help Center)

Professional Accounts, Verification & Restricted Data

The wholesale Services are intended for licensed professionals. We may collect and verify professional credentials (e.g., license/certification numbers, business identifiers, tax/reseller certificates). Do not upload patient/consumer health information (PHI). This site is not a HIPAA‑covered service.

Payments

Payments are processed by our third‑party payment processors, who receive your payment information directly and provide us with a token and confirmation. We do not store full card numbers on our servers. (Processor‑specific privacy notices govern their handling.)

User‑Generated Content (UGC)

If you post reviews or other content on areas of the Services that are public to other wholesale account holders, that information may be visible to those users.

Security

We use reasonable and appropriate technical and organizational measures to protect personal information (e.g., access controls, encryption in transit, least‑privilege practices, vendor diligence). No security program is perfect; please keep your account credentials secure and notify us immediately of any suspected unauthorized access.

Retention

We keep personal information only as long as necessary for the purposes described above, including:

• Orders/financial records: 7 years (tax & accounting)
• Logs/analytics: 12–24 months
• Support records: case life + 3 years
• Verification records: until verified + audit period (up to 7 years)
  We may retain data longer as required by law or to establish/exercise/defend legal claims.

Your Privacy Rights

Depending on where you live, you may have some or all of the following rights (subject to verification and legal limits):

• Access / Know what we have about you and how we use it
• Delete personal information
• Correct inaccurate information
• Portability (receive in a portable format)
• Opt out of sale/sharing/targeted advertising (and of certain profiling)
• Limit the use/disclosure of sensitive data (where applicable; we already limit such use)
• Restrict/object to certain processing (region‑dependent)
• Withdraw consent (where processing is based on consent)
• Appeal a decision on your privacy request

How to exercise your rights

• Use Your Privacy Choices on our site (for sale/sharing/targeted ad opt‑outs).
• Use our cookie preferences tool and/or send a GPC signal in your browser. (California DOJ)
• Email us: wholesale@kannaco.co (subject: “Privacy Request”)
• We will verify your identity and respond within the timelines required by law. You may designate an authorized agent (CA) or authorized representative (other states) using a signed permission and identity verification.

Appeals process (VA/CO/CT/NJ and similar)

If we decline a request, reply to our decision email with “Privacy Appeal” in the subject line. We will review and respond within the timeframe required by your state law, with reasons and further recourse where applicable.

State coverage note: U.S. state privacy laws continue to expand (e.g., CA, VA, CO, CT, UT, and many others). We aim to apply required rights and opt‑outs where those laws apply to us and to you. For a current picture of enacted state privacy laws, see the IAPP’s state tracker. (IAPP)

EEA/UK Addendum (GDPR)

Where the EU/UK GDPR applies, Kannaco LLC is the data controller for the Services.
Legal bases: contract (Art. 6(1)(b)); legitimate interests (6(1)(f)) such as security/fraud/analytics; consent (6(1)(a)) where required (e.g., certain cookies/marketing); legal obligation (6(1)(c)).

Transfers: We may transfer personal data to the U.S. and other countries using appropriate safeguards (e.g., Standard Contractual Clauses).

Your GDPR rights: access, rectification, erasure, restriction, objection, portability, and complaint to your supervisory authority.

Contact: wholesale@kannaco.co (subject: “GDPR Request”).

Children & Teens

Our Services are not for children under 21 and not directed to minors. We do not knowingly “sell” or “share” personal information of individuals under 16. If you believe a minor has provided data to us, contact wholesale@kannaco.co for deletion.

Third‑Party Sites & Services

Links or integrations may lead to third‑party sites/services with their own privacy practices. Review their policies. For Shopify‑specific cookies and services powering our store, see Shopify’s Cookie Policy and related resources. (Shopify)

Automated Decision‑Making

We do not make decisions that produce legal or similarly significant effects solely by automated means. We may use automated tools for fraud prevention and account protection with human oversight available upon request.

Changes to this Policy

We may update this Policy to reflect changes in our practices or the law. We’ll post updates with a new “Last updated” date. If changes are material, we’ll provide additional notice as required.

Contact

Kannaco LLC
18913 West 158th Street, Olathe, KS 66062, United States
Email: wholesale@kannaco.co

Privacy Policy FAQ