Privacy Policy

JointCommerce is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our platform or use our services.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, username, password, date of birth, and location.
• Profile information: bio, experience level, preferred strains and effects, consumption methods.
• Medical information: if you identify as a medical user, we may collect medical card verification status. All medical data is encrypted at rest using industry-standard encryption.
• Order information: delivery address, order history, and dispensary preferences.
• Reviews and content: reviews, ratings, and user-generated content you submit.

1.2 Information Collected Automatically

• Device and browser data: IP address, browser type, operating system, device identifiers.
• Usage data: pages visited, features used, search queries, and time spent on the platform.
• Location data: approximate location derived from IP address for dispensary recommendations and state compliance.

1.3 Information from Third Parties

• Social login providers: if you sign in with Google or Facebook, we receive basic profile information per your authorization.
• Dispensary partners: order confirmation and fulfillment status from dispensary POS systems.

2. How We Use Your Information

• To provide, maintain, and improve our services.
• To verify age eligibility as required by state cannabis regulations.
• To personalize your experience with strain and dispensary recommendations.
• To process orders and route them to dispensaries for fulfillment.
• To display relevant advertising based on location and preferences.
• To send notifications about orders, deals, and account activity.
• To ensure compliance with state and local cannabis regulations.
• To detect, prevent, and address fraud and security issues.
• To analyze platform usage and improve user experience.
• To fulfill legal obligations and protect our rights.

3. Information Sharing

We may share your information with:

• Dispensaries: order details and delivery information necessary for order fulfillment.
• Service providers: payment processors (Aeropay for payment processing), hosting providers (AWS), and analytics services that assist in operating the platform.
• Legal compliance: when required by law, regulation, or legal process, or to protect the rights, property, or safety of JointCommerce, our users, or others.
• Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties. JointCommerce uses first-party tracking only and does not share data with third-party advertising networks.

4. Cookie Policy

JointCommerce uses first-party cookies and tracking technology to measure platform usage, advertising effectiveness, and conversion analytics. We do not rely on third-party advertising cookies.

Our first-party analytics pixels collect aggregated, anonymized data to help businesses understand campaign performance. This data is retained in accordance with our data retention policies, with raw event data aggregated after 90 days and raw records purged.

Cookie Types

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

5. CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA). You have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Access: Request a copy of the personal information we hold about you in a portable, machine-readable format.
• Delete: Request deletion of your personal information, subject to legal retention requirements (e.g., tax records, legal compliance).
• Opt-Out of Sale: We do not sell personal information, but you may exercise this right to ensure your data is never sold.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not be denied services, charged different prices, or receive a different level of service.

How to Exercise Your CCPA Rights

California residents can exercise these rights through the following methods:

• Email us at privacy@jointcommerce.com
• Use the data request buttons below
• Call our privacy hotline at 1-800-JOINT-CA (toll-free)
• Submit a written request to: JointCommerce Privacy Team, 123 Main St, Los Angeles, CA 90001

We will respond to verified requests within 45 days. If we need more time (up to 90 days total), we will notify you of the extension and the reason.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Account data: retained until you request deletion or close your account.
• Order history: retained for 7 years for tax, accounting, and legal purposes, then archived and purged.
• Analytics data: raw event data retained for 90 days, then aggregated. Aggregated data retained indefinitely for business analytics.
• Session data: expires after 24 hours of inactivity.
• Marketing communications: retained until you unsubscribe or 2 years of inactivity.
• Audit logs: retained for 3 years for security and compliance purposes.

7. Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption: All sensitive information is encrypted at rest (AES-256) and in transit (TLS 1.3).
• Medical data protection: Medical information is stored using encrypted database fields with restricted access.
• Access controls: Role-based access control (RBAC) limits employee access to personal data on a need-to-know basis.
• Security audits: Regular third-party security audits and penetration testing.
• Monitoring: 24/7 automated monitoring for suspicious activity and data breaches.
• Incident response: Documented incident response plan for data breaches.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will notify affected users within 72 hours of discovering a data breach.

8. Children's Privacy

JointCommerce is not intended for use by anyone under the age of 18 (or 21 in states where recreational cannabis requires age 21+). We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@jointcommerce.com and we will take steps to delete it within 48 hours.

Age verification is required at multiple points: account creation, age gate on first visit, and at order placement.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this page.
• We will notify registered users via email at least 30 days before the changes take effect.
• We will display a prominent notice on the platform.
• For material changes affecting CCPA rights, California residents will receive additional notice.

Continued use of the platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you may close your account.

10. Contact Information

For privacy-related inquiries, to exercise your rights, or to report a privacy concern, contact us:

• Email: privacy@jointcommerce.com
• Phone: 1-800-JOINT-CA (California residents, toll-free)
• Mail: JointCommerce Privacy Team, 123 Main St, Los Angeles, CA 90001
• Online: Contact Form

We will respond to all inquiries within 5 business days.