can-nabis
🌿--:--:--
Legal

Privacy policy

Last updated: 2026-05-19

Template language describing the data we currently collect and how we treat it. Needs review by a lawyer before going to scale, especially for GDPR (EU visitors) and CCPA (California) compliance.

The short version

We collect the minimum data needed to make the site work. We don't sell your data. We don't serve third-party ads. We don't require an account to read. If you submit user content (pins, chat, grow notes, photos), we keep what you sent us and a persistent ID so you can edit or delete it.

What we collect, and why

  • Self-attested age + region from the first-visit responsibility gate. Stored in browser localStorage. We use it to show jurisdiction-aware content. It never leaves your browser.
  • Anonymous client ID (a random UUID) generated in localStorage when you first post content. Lets you claim a chat handle for 24 hours and edit or delete your own submissions. Not linked to any identity we know.
  • Submitted content: the handle, message, location (lat/lng or region code), and category you provide when you drop a pin, post a chat message, submit a grow method, upload a photo, or apply as an artist. Stored in our Postgres database. Visible publicly once approved.
  • Server logs from Vercel (our hosting provider) including IP address, user agent, and request path. Used for security and debugging. Typically rotated within 30 days.
  • Shop transactions: handled by Stripe. We receive order confirmation data, not payment card details. See Stripe's own privacy policy for their handling.

What we don't collect

  • Real names (unless you put one in your submission).
  • Account passwords (there are no accounts).
  • Third-party advertising profile data.
  • Cross-site tracking cookies.
  • Cannabis purchase history (we don't sell cannabis).

Cookies and similar tech

We use browser localStorage (not cookies) for the age-gate, anonymous client ID, layer-toggle preferences, and chat handle ownership. None of these are tracked across sites. We do not use Google Analytics, Facebook Pixel, or any third-party tracker on this site.

Who we share data with

  • Vercel (hosting). Sees request data necessary to serve the site.
  • Neon (Postgres database, via Vercel Marketplace). Holds submitted content.
  • Stripe (shop checkout). Handles payment processing.
  • OpenStreetMap / MapTiler (map tile providers). Receive tile requests with your IP when you view a tile-based map.

We do not sell or rent personal data to anyone for any purpose.

Your rights (GDPR + CCPA)

If you are in the EU/EEA or California, you have specific data rights. We honor them regardless of where you live:

  • Ask what we have about you.
  • Ask us to delete it.
  • Ask us to correct it.
  • Object to specific uses.

To exercise any of these, email privacy@can-nabis.com from the email address associated with your submissions, or include the anonymous client ID from your browser localStorage so we can find your data.

Data retention

Submitted content stays on the site until you ask us to remove it or it's removed for violating the terms. Server logs are rotated within 30 days at the hosting layer. Stripe retains payment records per their own retention schedule, generally seven years for tax purposes.

Minors

The site is 21+. We do not knowingly collect information from anyone under 21. If you believe a minor has submitted content, email hello@can-nabis.com and we will remove it.

Changes to this policy

We update this page when our data practices change. The “last updated” date above tracks the current version. Material changes will be flagged via a banner on the site for at least two weeks before they take effect.