Company vs Personal Data

The most important legal distinction for anyone using visitor intelligence is the difference between company-level data (identifying that Acme Corp visited your site) and personal-level data (identifying that Jane Smith at Acme Corp visited). The regulatory treatment of these two categories is fundamentally different.

Company-Level Identification

When Kopimore identifies that "TechCorp Inc, a 200-person B2B software company in Austin, TX" visited your pricing page, this is firmographic data about a legal entity — not personal data about an individual. Under GDPR, personal data is information relating to an identified or identifiable natural person. A company is not a natural person.

This means: company name, domain, industry, employee count, company location, and company technology stack are generally not personal data under GDPR or CCPA.

Where Personal Data Begins

Personal data starts when identification reaches the individual level: an individual's name, their work email address, their IP address if linkable to them personally, and their specific browsing behavior if associated with them individually.

Important nuance: an IP address can be personal data under GDPR if it can be reasonably linked to an identifiable individual. However, IP addresses used purely for company-level identification (mapping an IP to a company's network block) are generally treated differently than IPs retained and linked to individual user behavior.

The B2B Contact Layer

When you use enrichment to append individual contact information (John Smith, VP Sales, john.smith@techcorp.com) to a company record, you've entered the realm of personal data. This is where GDPR legitimate interests assessment, CCPA data categories, and direct marketing regulations become directly relevant.