25. Kanto – User Data Handling & Privacy Protection Policy

1. Executive Summary

Kanto implements a structured and transparent system for managing user data, protecting privacy, and securing sensitive information.

Our policies align with industry best practices and key principles of international regulations such as GDPR, CCPA, and LGPD, even though no specific legal framework is currently mandated.

This document covers:

Data lifecycle management: collection, storage, usage, and deletion.
Security measures: encryption, access control, incident response.
Compliance alignment: voluntary adherence to privacy rights principles.
Operational governance: CI/CD integration, monitoring, and audits.

2. Data Collection and Storage

2.1 Data Collected

Kanto collects only essential personal and technical information to provide the service:

Category	Data Type	Purpose	Sensitivity
Personal Identifiable Information (PII)	Full name, Email address, Country	Account creation & communication	High
Device & Session Metadata	Device type, Platform, OS, Browser	Security, session tracking, analytics	Medium
Payment Processing	None stored locally; tokenized via processor	Billing	N/A

Note:

Credit card or raw payment information is never stored in Kanto systems.

2.2 Data Storage

Google Cloud SQL and Firebase Firestore for user and operational data.
Cloudflare R2 for media assets and logs.
Data encrypted at rest and in transit.

1. Executive Summary

2. Data Collection and Storage

2.1 Data Collected

2.2 Data Storage

2.3 User Data Lifecycle & Security Flow