Privacy Policy

1. Who we are

DaTreehouse ("we," "us," or "our") operates the website, applications, and related services (collectively, the "Platform") that help consumers discover licensed cannabis retailers, browse menus, and in many cases place or initiate orders. The entity responsible for personal information collected through the Platform is identified in our Terms of Service. When you interact with a retailer or delivery operator through the Platform, that business may also collect and use your information as an independent controller—see Section 6.

2. Scope

This policy describes our practices when you visit the Platform, create or use an account, verify age or identity, place or attempt to place orders, subscribe to vendor or supply tools, contact support, or otherwise interact with us online. It does not govern third-party sites or apps that we link to; their policies apply there.

3. Categories of personal information we collect

Depending on how you use the Platform, we may collect or receive the following categories of information:

• Identifiers and contact data: name, email address, phone number, postal address, account username or user ID, and similar identifiers you provide or that are assigned to your account.
• Account and authentication data: credentials, session tokens, and security-related signals associated with sign-in (for example through our authentication provider).
• Commercial information: orders, carts, favorites, deal interactions, and related transaction metadata needed to operate the marketplace.
• Financial or payment-related data: when you pay through the Platform, payment card and bank details are typically collected and processed by our payment partners. We may receive limited transaction identifiers, amounts, status, and fraud-prevention signals—not full card numbers where our partners tokenize or host that data.
• Age and identity verification: date of birth, government ID images or numbers, selfie or liveness checks, and verification outcomes, where required or offered to comply with law or retailer policies.
• Internet or network activity: IP address, device type, browser, approximate location derived from IP, pages and features used, referring URLs, and timestamps.
• First-party usage and analytics events: events such as listing views, searches, map interactions, clicks (for example phone, website, directions), and similar interactions may be logged in our systems to operate the product, measure performance, and support retailers.
• Geolocation: precise location only where you enable it in your device or browser and we request it for features such as delivery eligibility or store discovery.
• Communications: messages you send to us (for example support tickets, vendor inquiries) and associated metadata.
• Professional or business information: for retailers, brands, or supply accounts—business name, license identifiers, service areas, staff contacts, and onboarding materials you submit.
• Inferences: preferences or propensities derived from your use of the Platform (for example product interests), where we generate them.

4. Sources

We collect personal information from:

• You, when you provide it directly or when your device sends it as part of using the Platform;
• Retailers, delivery operators, or partners involved in fulfilling a transaction you start on the Platform;
• Service providers that host infrastructure, process payments, verify age or identity, send communications, or help detect fraud and abuse; and
• Automatically, through cookies, local storage, SDKs, and similar technologies necessary for sign-in and core functionality.

5. How we use personal information

We use the categories above for purposes such as:

• Providing, maintaining, and improving the Platform and its features;
• Creating and securing accounts, authenticating users, and troubleshooting;
• Connecting you with licensed retailers or delivery services and relaying order-related information;
• Verifying that you meet minimum age requirements and, where applicable, identity or eligibility rules;
• Processing payments and refunds in coordination with payment partners;
• Customer support, safety, fraud prevention, and enforcing our Terms of Service and acceptable use rules;
• Analytics and product measurement, including first-party event data stored in our environment;
• Communicating transactional messages (for example order status) and, where permitted, marketing—see Section 10;
• Complying with law, responding to lawful requests, and defending legal claims; and
• Corporate transactions such as a merger or asset sale, subject to applicable law.

Where the GDPR, UK GDPR, or similar frameworks apply, we rely on appropriate legal bases such as performance of a contract, legitimate interests (balanced against your rights), compliance with legal obligations, and consent where required (for example for certain cookies or marketing).

6. Retailers and other independent businesses

Licensed retailers and delivery operators you order from may collect the same or additional information directly from you (for example at the door, through their POS, or their own apps). They use that information under their own privacy policies and as separate controllers. We encourage you to read their notices before you complete a purchase. We are not responsible for their independent practices, though we may facilitate data flows needed to complete an order you request.

7. Disclosure of personal information

We may disclose personal information to:

• Service providers and processors who perform functions on our behalf—for example cloud hosting and databases (including authentication and storage), payment processing, email or SMS delivery, verification vendors, customer support tooling, and security monitoring—subject to contractual confidentiality and use restrictions where required by law;
• Retailers and fulfillment partners to the extent needed to display menus, confirm eligibility, complete delivery or pickup, and provide support for orders you place or initiate through the Platform;
• Professional advisors, insurers, and auditors where reasonably necessary;
• Law enforcement, regulators, or other parties when we believe disclosure is required by law, legal process, or to protect rights, safety, or security; and
• Successors in a merger, acquisition, financing, reorganization, or sale of assets, in line with applicable law.

8. Sale, sharing, and targeted advertising

We do not sell your personal information for money in the traditional sense. Some U.S. state laws define "sale" or "share" broadly—for example, making personal information available to third-party advertising partners for cross-context behavioral advertising. Our primary analytics are first-party and service-provider driven (for example events stored in our database to understand product usage). If we engage partners whose activities could be characterized as a "sale" or "sharing" under applicable state law, we will describe that activity here and provide any opt-out mechanisms required by law.

You may use industry opt-out tools where available (for example browser-based Global Privacy Control signals where we are required to honor them) and contact us as below to exercise rights.

9. Sensitive personal information

Certain data we process may be treated as sensitive or special under state or other privacy laws—for example government ID used for verification, account credentials, or precise geolocation when you enable it. We use sensitive personal information only for reasonably expected purposes compatible with why it was collected (such as compliance, security, and fulfillment) and, where required, in accordance with limitations under applicable law.

10. Marketing and promotional communications

We may send promotional emails or messages where permitted. You can opt out of marketing by using the unsubscribe link in those messages or by contacting us. Transactional and account-related messages may continue even if you opt out of marketing.

11. Cookies and similar technologies

We and our service providers use cookies, local storage, pixels, and similar technologies that are necessary for authentication, preferences, security, and basic analytics. You can control many cookies through your browser; blocking strictly necessary cookies may affect sign-in or checkout.

12. Retention

We retain personal information for as long as needed to provide the Platform, meet the purposes described in this policy, resolve disputes, enforce agreements, and satisfy legal, accounting, and reporting requirements (including record-keeping tied to regulated cannabis sales where applicable). Retention periods vary by data category and context; verification images may be kept for shorter periods than transactional records, for example. When retention ends, we delete or de-identify information where feasible, subject to legal holds or technical limitations.

13. Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

14. Age restriction and children

The Platform is intended only for adults who meet the minimum legal age to purchase cannabis in their jurisdiction (for example 21+ where that is the rule). We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will take appropriate steps to delete it.

15. U.S. state privacy rights

Depending on where you live, you may have rights to access, delete, correct, obtain a copy of, or opt out of certain processing of your personal information, including in some states opt-out of sale or sharing and limit use of sensitive personal information. We will not discriminate against you for exercising privacy rights afforded by law.

To submit a request, email us at the addresses below. We may need to verify your identity before responding and may decline requests where permitted by law (for example if we cannot verify you or if an exception applies). California residents may designate an authorized agent under applicable rules; we may require proof of the agent's authority.

Nevada residents: Nevada law may allow you to submit a verified request directing us not to sell certain personal information we might sell under that statute's definition. We do not currently sell covered information as defined by Nevada law; you may still contact us with questions.

16. International visitors

We operate primarily in the United States. If you access the Platform from outside the United States, you understand that your information may be processed in the U.S. and other countries that may not provide the same level of data protection as your home country. Where required, we use appropriate safeguards for cross-border transfers.

17. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on you without human review, except where permitted by law and disclosed at the point of collection.

18. Changes to this Privacy Policy

We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where required, we will provide additional notice (for example by email or a prominent banner on the Platform).

19. How to contact us

For privacy questions or to exercise your rights, contact us at privacy@datreehouse.com. For general support, you may also use support@datreehouse.com. For postal correspondence, email us first so we can provide the correct address and any reference identifiers.

Related documents: Terms of Service, Compliance disclosures, Help, Contact.