weedhurry
Book Demo

Privacy Policy

Last updated: December 1, 2024

1. Data Collection

We collect information that you provide directly to us when you create an account, use our services, or communicate with our support team. This includes:

  • Account information: name, email address, phone number, business name, and business address.
  • Transaction data: sales records, inventory counts, customer purchase history, and payment information processed through our POS system.
  • Employee data: staff names, roles, employee numbers, and PIN codes used for POS authentication.
  • Customer data: names, email addresses, phone numbers, medical card information (if applicable), and loyalty program data.
  • Usage data: log files, device information, IP addresses, browser type, pages visited, and feature usage patterns.
  • Compliance data: METRC tag numbers, package IDs, license numbers, and compliance reporting records.

2. Data Usage

We use the information we collect to:

  • Provide, maintain, and improve our POS, e-commerce, and analytics services.
  • Process transactions and manage your dispensary operations.
  • Generate reports, analytics, and AI-powered business insights.
  • Submit required compliance reports to state regulatory systems such as METRC.
  • Send service-related communications, including updates, security alerts, and support messages.
  • Detect, investigate, and prevent fraudulent or unauthorized activity.
  • Improve our platform through aggregated, anonymized usage analytics.

3. Data Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • Regulatory compliance: We share data with state compliance systems (METRC, BioTrack) as required by law for seed-to-sale tracking.
  • Payment processing: Transaction data is shared with payment processors (e.g., Square) to complete financial transactions.
  • Service providers: We use third-party services for hosting (Digital Ocean), image storage, email delivery, and analytics. These providers are contractually bound to protect your data.
  • Legal requirements: We may disclose information when required by law, subpoena, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

4. Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.2+ (HTTPS).
  • Sensitive data is encrypted at rest using AES-256 encryption.
  • Passwords are hashed using bcrypt with salt.
  • Database access is restricted and monitored with role-based access controls.
  • Regular security audits and vulnerability assessments are conducted.
  • POS session tokens expire after periods of inactivity.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods include:

  • Transaction records: retained for a minimum of 7 years for tax and compliance purposes.
  • Compliance data (METRC records): retained for the period required by state regulations (typically 7 years).
  • Account data: retained until account deletion is requested and processed.
  • Usage logs: retained for 12 months for security and debugging purposes.
  • Backup data: retained for 90 days after deletion from production systems.

6. Your Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You can request a copy of the personal information we have collected about you in the past 12 months.
  • Right to delete: You can request that we delete your personal information, subject to certain exceptions (e.g., compliance records required by law).
  • Right to opt-out: You can opt out of the sale of your personal information. Note: we do not sell personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, contact us at privacy@weedhurry.com. We will respond to verified requests within 45 days.

7. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Weedhurry

Los Angeles, CA 90024

Email: privacy@weedhurry.com