Global Privacy & Data Compliance
This article covers how Sienna itself handles data under GDPR — specifically that it doesn’t collect any. It does not cover your site’s broader GDPR obligations (consent management, data subject rights, legal basis for processing, etc.). GDPR compliance for your site depends on your own data practices.
At Sienna, we believe privacy and accessibility go hand-in-hand. You shouldn’t have to sacrifice your visitors’ data to make your website accessible.
Zero-Tracking Architecture
Most accessibility overlays track users cross-site to build “accessibility profiles” — often sold as product analytics. Sienna doesn’t do this. No tracking, no cookies, no fingerprints.
No Registration Required
Deploying Sienna requires no account. We don’t have your name, email, or payment info unless you purchase a Pro license — and even then, we have no visibility into your visitors.
No Cookies or Pixels
The widget runs entirely inside your visitor’s browser (client-side). Nothing is sent to our servers. No cookie banner is required to use Sienna under GDPR, because we don’t process personal data.
jsDelivr: Privacy-Compliant CDN
We serve the script through jsDelivr, a global public CDN. By its nature, the CDN temporarily processes IP addresses to route traffic efficiently. However:
- GDPR compliant — jsDelivr does not set tracking cookies or build user profiles.
- Privacy-safe — visitor IPs are anonymized and not retained for analytics.
- Publicly auditable — you can view real usage statistics at jsdelivr.com.
GDPR Compliance Checklist
| Requirement | Sienna Status |
|---|---|
| No personal data collected | ✅ Zero PII |
| No cookies set | ✅ Cookie-free |
| No cross-site tracking | ✅ Client-side only |
| Data processor agreement needed | ✅ Not required (no data processed) |
| Third-party CDN GDPR compliant | ✅ jsDelivr compliant |
| Self-hosting available | ✅ Yes, free option |
Worldwide Regional Privacy Laws
Because Sienna operates strictly on the client-side and processes no Personal Identifiable Information (PII), it automatically aligns with the data minimization requirements of major global privacy frameworks without any additional configuration required from your end:
- CCPA / CPRA (California): We do not collect, “sell”, or “share” personal information. No opt-out links for our widget are required.
- PIPEDA (Canada): Zero data collection means no consent management requirement for the widget itself.
- LGPD (Brazil): Fully compliant as no user data is processed or transferred internationally.
- APPI (Japan): No handling of personal information databases.
- Act on the Protection of Personal Information (Various): We do not deploy fingerprinting or device identification technologies.
Final Note
Using Sienna means you’re adding an accessibility layer without a privacy liability. You don’t need consent banners for the widget itself, and you don’t need to include Sienna in your third-party data processor disclosures.