Cookie Policy — CANONIA
Last updated: 18 May 2026 · Version: 1.1
This English version is provided for information only. In case of divergence, the French version prevails.
Preamble
This Cookie Policy describes, transparently and in full, the use of cookies and similar technologies (collectively "Cookies") on the CANONIA platform at https://canonia.online and its subdomains.
CANONIA is a brand and service operated by GOLDENSEAL OÜ (Tallinn, Estonia).
This policy complies with:
- the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679;
- the revised ePrivacy Directive 2002/58/EC;
- the CNIL guidelines (France) of 17 September 2020 on cookies and other trackers;
- the Estonian electronic communications protection directive.
Guiding principle: GOLDENSEAL OÜ has chosen a privacy by design and data minimisation approach for CANONIA. No non-strictly-necessary cookie is placed without the User's prior, free, informed, specific and unambiguous consent.
1. What is a cookie?
A Cookie is a small text file placed on the User's device (computer, smartphone, tablet) by the browser when visiting a website. It allows the site to recognise the device, remember information or track activity.
This policy also applies to similar technologies:
- Local storage / Session storage;
- Invisible pixels / web beacons;
- Digital fingerprinting — not used by CANONIA;
- Server-side identifiers tied to a session.
2. Cookie categories used by CANONIA
CANONIA enforces a strict policy: only cookies strictly necessary to operate the Service are placed without consent. All others require prior explicit consent.
2.1 Strictly necessary cookies (exempt from consent)
These cookies are indispensable to the Service. Without them, the Service cannot be provided. Pursuant to article 82 of the French Data Protection Act and article 5(3) of the ePrivacy Directive, placing them does not require consent.
| Name | Issuer | Purpose | Duration |
|---|---|---|---|
canonia_session | CANONIA / GOLDENSEAL OÜ (1st party) | Maintain the authenticated user session | Session |
canonia_csrf | CANONIA / GOLDENSEAL OÜ (1st party) | Protection against CSRF attacks | Session |
canonia_consent | CANONIA / GOLDENSEAL OÜ (1st party) | Remember the user's cookie choice | 6 months |
canonia_rate_limit | CANONIA / GOLDENSEAL OÜ (1st party) | Prevent abuse and spam on the Diagnostic | 24 hours |
canonia_lang | CANONIA / GOLDENSEAL OÜ (1st party) | Remember the chosen display language | 12 months |
__cf_bm | Cloudflare (CDN / security) | Distinguish humans from bots, DDoS protection | 30 minutes |
None of these cookies contain an advertising identifier or behavioural data.
2.2 Analytics cookies (consent required)
CANONIA uses a privacy-friendly analytics solution, configured to strict CNIL requirements.
| Name | Issuer | Purpose | Duration |
|---|---|---|---|
_plausible_* | Plausible Analytics (self-hosted EU) | Anonymous aggregated usage statistics | No persistent cookie — anonymous daily fingerprints |
Characteristics of our analytics:
- Exclusively European hosting (Germany);
- No third-party sharing;
- No IP address stored (proxy-level anonymisation);
- No persistent unique identifier;
- No cross-database matching;
- Compliant by default with the CNIL consent exemption — out of abundance of caution, CANONIA still asks for explicit consent.
2.3 Payment cookies (placed only during a transaction)
When a payment is made, payment providers place cookies strictly necessary to secure the transaction. These cookies are subject to the privacy policies of the providers concerned:
| Provider | Privacy policy |
|---|---|
| Stripe | https://stripe.com/privacy |
| Paystack | https://paystack.com/privacy |
| Flutterwave | https://flutterwave.com/privacy |
These cookies are placed only when the User initiates a payment.
2.4 Cookies that CANONIA does NOT use
By ethical commitment and strict compliance, CANONIA does NOT use:
- ❌ Advertising cookies of any kind;
- ❌ Retargeting cookies;
- ❌ Social network cookies (embedded "Share" buttons with tracking);
- ❌ Google Analytics;
- ❌ Google Tag Manager;
- ❌ Meta Pixel (Facebook);
- ❌ TikTok Pixel;
- ❌ LinkedIn Insight Tag;
- ❌ Behavioural profiling cookies;
- ❌ Emotional engagement measurement cookies;
- ❌ Fingerprinting;
- ❌ Unique advertising identifiers (IDFA, AAID);
- ❌ Cross-site tracking;
- ❌ No third-party cookie with a commercial purpose.
3. Collecting consent
3.1 Consent banner
On the first visit, a banner is displayed presenting clearly:
- the exhaustive list of non-essential Cookies envisaged;
- the purpose of each category;
- the retention period;
- the issuers concerned.
The User has three choices equivalent in visibility and effort (per CNIL guidelines):
- "Accept all" — accept all non-essential cookies;
- "Reject all" — refuse all non-essential cookies (only strictly necessary cookies are placed);
- "Customise my choices" — tick category by category.
No non-essential cookie is placed until the User validates their choice. No cookie is pre-ticked by default. Closing the banner without choosing counts as a refusal.
3.2 Changing consent
The User can change or withdraw their consent at any time:
- via the "Manage my cookies" link in the footer of every page;
- via their account settings (if registered);
- via their browser settings (see section 5).
Withdrawing consent immediately deletes the cookies concerned.
3.3 Validity period
Consent is valid for 6 months maximum. After that, the banner is shown again to request fresh consent, per CNIL recommendations.
4. Data transfers
4.1 Hosting and location
- CANONIA servers: Germany (Frankfurt) via Supabase EU + Cloudflare EU;
- Analytics: Germany via self-hosted Plausible;
- No personal data is transferred outside the European Union for cookies.
4.2 Processors and recipients
Strictly necessary Cookies are managed only by GOLDENSEAL OÜ and its hosting provider Cloudflare (for security). No behavioural data is shared with third parties.
4.3 Transfer outside the EU
For network security and anti-DDoS purposes, Cloudflare may temporarily process technical metadata (IP, user-agent). Cloudflare is GDPR-certified and applies the European Commission's Standard Contractual Clauses (SCCs) for its international processing.
5. Browser settings
Independently of CANONIA's consent system, the User can configure their browser to block or delete cookies at any time:
- Chrome — Settings → Privacy and security → Cookies and other site data;
- Firefox — Settings → Privacy & Security → Cookies and Site Data;
- Safari — Preferences → Privacy → Cookies and website data;
- Edge — Settings → Cookies and site permissions;
- Brave / Opera / Vivaldi — equivalent sections in privacy settings.
Warning: blocking strictly necessary cookies may prevent the Service from working.
5.1 Do Not Track / Global Privacy Control
CANONIA automatically respects the following browser signals:
- DNT (Do Not Track) — if active, equivalent to a refusal of all non-essential cookies;
- GPC (Global Privacy Control) — recognised as a valid expression of refusal.
If either signal is detected, the banner does not display "Accept all" as a default option, and only strictly necessary cookies are placed.
6. User rights
Under GDPR, the User has the following rights regarding data collected via Cookies:
- Right of access — know what data has been collected about them;
- Right of rectification — correct inaccurate data;
- Right to erasure (right to be forgotten);
- Right to restriction of processing;
- Right to object;
- Right to data portability;
- Right to withdraw consent at any time, without affecting the lawfulness of prior processing;
- Right to lodge a complaint with a supervisory authority:
- Estonia: Andmekaitse Inspektsioon — https://www.aki.ee
- France: CNIL — https://www.cnil.fr
- Any other European authority depending on country of residence.
To exercise these rights: dpo@canonia.online
Response time: 30 days maximum (extendable by 2 months in complex cases, with notice to the User).
7. Cookie security
GOLDENSEAL OÜ applies the following security measures to CANONIA cookies:
Secureattribute — transmission only over HTTPS;HttpOnlyattribute — protection against JavaScript access for session cookies;SameSite=StrictorLaxattribute depending on purpose;- Regular rotation of session identifiers;
- Immediate invalidation on logout or suspected compromise.
8. Minors
CANONIA is not intended for minors. If use of the Service by a minor is detected:
- non-essential cookies are immediately invalidated;
- collected data is erased;
- the account (if any) is deleted.
If a parent or legal guardian notices that their minor child has used the Service, they may contact dpo@canonia.online to request immediate deletion.
9. Changes to this policy
GOLDENSEAL OÜ reserves the right to amend this Cookie Policy to reflect changes in:
- applicable law;
- recommendations of supervisory authorities;
- technologies used by the Platform.
Any material change will be:
- notified via a banner visible on the Platform 15 days before it takes effect;
- communicated by email to registered Users;
- accompanied by a fresh consent collection where necessary.
Version history is available on request at dpo@canonia.online.
10. Contact
Data Protection Officer (DPO) — dpo@canonia.online Postal address — GOLDENSEAL OÜ — [Tallinn address to be completed] — Estonia General contact — contact@canonia.online
Annex — Summary table
| Category | Consent required | Purpose | Cookies used | Max retention |
|---|---|---|---|---|
| Strictly necessary | No | Operation, security, session | canonia_session, canonia_csrf, canonia_consent, canonia_rate_limit, canonia_lang, __cf_bm | 12 months |
| Analytics | Yes (out of caution) | Anonymous statistics | _plausible_* | No persistent cookie |
| Payment | Implicit (during a transaction) | Securing payment | Stripe / Paystack / Flutterwave provider cookies | Per provider policy |
| Advertising / social networks / fingerprinting | NOT USED | — | — | — |
By clicking "I accept" in the consent banner, you acknowledge having read and understood this Cookie Policy.
CANONIA is a service operated by GOLDENSEAL OÜ — Tallinn, Estonia — dpo@canonia.online