Last updated: 7 May 2026
This page describes how the Kroscloud 3D Viewer handles visitor data when it is embedded on a third-party website. It is intended for both end visitors and for site operators who embed Kroscloud scenes. For an overview of why the viewer can be embedded without a cookie banner, see our consent-free 3D viewer.
For our broader site-wide privacy policy (account holders, marketing pages, contact form, etc.), see our main privacy policy.
The embedded Kroscloud viewer does not set or read any cookies for visitors who are not logged in to a Kroscloud account. The only cookies that may be set on the viewer's domain are strictly-necessary security cookies issued by our content delivery network for bot detection and rate-limiting (see Strictly-necessary cookies below).
Logged-in Kroscloud users (account holders) viewing their own scenes through the main Kroscloud site receive an authentication session cookie from the main app. This authentication cookie is not set by the embedded viewer iframe.
The viewer uses the browser's localStorage to remember a
small set of user preferences that benefit the same visitor on
later visits:
audioMuted — whether the user muted audio narration.
viewme_measurement_display_unit — preferred measurement unit (mm / cm / m).
krosload_<sceneKey> — flag indicating the auto-info dialog has been dismissed for a given scene, so it isn't re-shown on every visit.
These values benefit the same visitor and are not used to identify or track them across scenes. No persistent identifier or visitor ID is stored.
The viewer uses the browser's sessionStorage (tab-scoped,
automatically cleared when the tab closes) for crash detection:
a short opaque nonce is written when the viewer starts loading and
removed when it finishes. If a later load in the same tab finds the
nonce still present, it reports a diagnostic "previous load crashed"
event to Kroscloud's server logs.
The diagnostic includes:
The scene's public key (e.g. ab12c).
The browser family and operating-system family (e.g. Chrome / Windows). The full User-Agent string is not sent.
The browser-reported device memory, if available.
No visitor identifier is stored or transmitted.
Kroscloud collects aggregate usage analytics so that scene owners can see how their content is being used. These analytics are designed to be identifier-free:
No visitor identifier. The viewer creates no visitor identifier of any kind — not even a short-lived one. Each scene load is counted as an anonymous viewing session via a throwaway per-load id that is kept in memory only, never written to any storage, and cannot be used to recognise the same visitor across loads or on a later visit.
No IP address is read or stored by analytics code. The visitor's IP terminates at our standard request pipeline and is not handed to any analytics path.
No fingerprinting. The viewer does not record the User-Agent string, screen dimensions, fonts, WebGL renderer, timezone, or any combination of device characteristics that could identify a returning visitor.
Coarse device kind only. Each session is tagged mobile, tablet, or desktop — three values, no version, no architecture, no model.
Aggregation and short raw retention. Per-event records are kept for at most 30 minutes and are then summarised into per-day, per-scene aggregates. The aggregates do not contain any per-visitor data.
What scene owners see in their dashboard:
Total view count per day per scene.
Total active time per day (excluding idle / background-tab time), with the median distribution.
Counts of common interactions: clicks on scene markers, layer switches, info dialog opens, fullscreen toggles, photo opens.
Per-sub-scene dwell time — for tours that contain multiple panoramas or sub-views, how long visitors spent on each one.
Visitor device-kind split (mobile / tablet / desktop) and origin split (embedded iframe vs. main Kroscloud site).
What scene owners cannot see:
The identity of any individual visitor.
Cross-day "returning visitor" counts (the data does not exist by design).
Cross-scene visitor journeys.
Heatmaps of camera movement attributable to a person.
For a feature overview of what the owner dashboard reports, see Scene Analytics, and the Analytics documentation for how each metric is calculated.
The embedded viewer does not load any third-party scripts — no analytics platforms, no advertising networks, no pixel trackers, no affiliate tracking. All viewer assets are served from Kroscloud's own domain or its content delivery network.
When loaded over our content delivery network, the visitor's browser may receive these cookies, set by the CDN provider for security and rate-limiting purposes:
| Cookie | Purpose | Lifetime |
|---|---|---|
__cf_bm |
Bot detection | 30 minutes |
cf_clearance |
Browser-challenge clearance | 1 year |
_cfuvid |
Per-visitor rate-limiting state | Session |
Under the EU ePrivacy Directive these are considered strictly necessary for the secure operation of the service and do not require consent.
Because the embedded viewer does not set tracking cookies, store
persistent identifiers, or load third-party scripts, embedding a
Kroscloud scene on your website does not require you to obtain
visitor consent for the embed itself, in the same way that a Vimeo
dnt=1 embed does not. We recommend referencing this page
in your own privacy policy.
Suggested copy:
Our website embeds 3D scenes from Kroscloud (https://www.kroscloud.com). The Kroscloud viewer does not set tracking cookies or store persistent identifiers in your browser. See https://www.kroscloud.com/privacy/viewer for details.
For questions about this disclosure or to exercise data-protection rights, contact us by e-mail on adminkroscloud.com or by filling out the contact form available at https://www.kroscloud.com/contact.