top of page

PRIVACY POLICY

 

Dank City Privacy Policy

 

Effective date: April 20, 2025

Applies to: DankCityDelivery.com and the Dank City mobile apps (iOS/Android)

 

Dank City (“Dank City,” “we,” “us,” or “our”) operates an online platform that allows eligible adults and qualifying medical patients in California to browse, order, and receive delivery of licensed cannabis products. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our apps (together, the “Services”).

 

Regulatory note (California): Adult-use cannabis may be sold only to customers 21+ with valid government ID, and medical cannabis may be sold only to customers 18+ with a valid physician’s recommendation; we must verify age and ID. We are also required to record certain sales and delivery information in California’s track-and-trace system and maintain business records. 

 

If you do not agree with our policies and practices, please do not use the Services. You can contact us at (916) 304-5313 or dcdtreesac@gmail.com with any questions.

 

 

1) Who we are & scope

 

This Privacy Policy covers personal information we collect about customers and site/app visitors. It does not cover data collected by third-party retailers, brands, marketing partners, or platforms we do not control. If we link to third-party sites or tools, their privacy practices govern their use of your data.

 

HIPAA notice: Cannabis retailers typically aren’t “covered entities” under HIPAA, so your information is protected by state consumer privacy laws (like the CCPA/CPRA), not HIPAA, unless a separate HIPAA-covered relationship exists. 

 

 

2) Information we collect

 

a) Information you provide

  - Identifiers (name, email, phone, date of birth, delivery address)

  - Government ID data for age/identity verification (e.g., driver’s license number, ID photos/video as required by law)

  - Medical status details (for medical patients/caregivers: physician recommendation number, expiration date, and related documentation)

  - Order & payment info (cart details, delivery instructions, tip; we use payment processors and do not store full card numbers)

  - Account credentials (passwords, security tokens)

  - Support content (messages, call recordings where permitted, survey responses)

  - Preferences and consents (marketing/text consent, cookie preferences)

 

b) Information we collect automatically

  - Device & usage data (IP address, device IDs, app version, browser type, pages viewed, referring URLs, crash logs)

  - Approximate or precise location (if you allow location services) to determine service availability and delivery

  - Cookie/SDK data for session management, analytics, fraud prevention, and (where allowed) ads measurement

 

c) Information from third parties

  - Identity/age-verification providers (verification result, fraud signals)

  - Payment processors (payment status, limited card metadata)

  - Delivery & logistics tools (ETA, successful handoff confirmation)

  - Analytics & marketing partners (aggregated engagement metrics)

 

 

3) How we use your information

 

We use personal information to:

  - Provide the Services (account creation, shopping, delivery, customer support)

  - Verify eligibility and comply with age/ID rules and medical requirements where applicable 

  - Process payments and prevent fraud/abuse

  - Fulfill legal obligations, including track-and-trace entries for delivery sales and required business recordkeeping 

  - Communicate about orders, service updates, and—with your consent—promotions (email/SMS/push)

  - Maintain safety and security (detect, investigate, and prevent incidents)

  - Improve and personalize the Services, including analytics and quality assurance

  - Support lawful marketing/advertising (where permitted) including measuring campaign performance and limiting frequency

 

 

4) California “Notice at Collection” (CCPA/CPRA)

 

Below are the categories of personal information we may collect, purposes, and typical retention periods. We keep data only as long as necessary for the stated purposes or as required by law (for many cannabis business records, at least 7 years). 

 

Category        Examples       Purposes       Typical Retention

Identifiers      Name, email, phone, account ID   Provide Services, communicate, security, marketing (with consent)       While account active + up to 7 yrs for compliance

Gov’t ID & Age/ID data (Sensitive PI) ID number, images/video, date of birth Legal age/ID verification, fraud prevention  Usually 1–3 yrs; longer if law/regulators require

Medical patient info (Sensitive PI)      Recommendation number, expiration   Verify medical eligibility  While active + regulatory period

Commercial data  Orders, cart, preferences       Fulfillment, customer support, analytics       7 yrs (compliance/tax)

Geolocation (Sensitive PI if precise)   GPS or derived address Service availability, delivery routing, fraud prevention        While necessary for delivery + audit period

Internet/technical  IP, device IDs, logs Security, debug, analytics, personalization         24 months (typical)

Inferences      Predicted preferences    Personalization (where permitted) 24 months (typical)

 

Your rights (California): access/know, correct, delete, portability, opt-out of sale/sharing, and limit use/disclosure of sensitive personal information to what’s necessary to provide requested services. We also honor Global Privacy Control (GPC) signals for “Do Not Sell or Share.” 

 

We do not knowingly sell personal information. Some analytics/ads tools may constitute “sharing” under CPRA for cross-context behavioral advertising; you can opt out (see Section 9). 

 

 

5) Cookies, SDKs, and tracking technologies

 

We use first- and third-party cookies/SDKs for:

  - Essential functions (sign-in, cart, fraud prevention)

  - Analytics & performance

  - Ads measurement and limited personalization (where allowed)

 

Your browser may send a GPC signal; where we “sell” or “share” data under CPRA, we treat that as a valid opt-out request. You can also manage cookies in our preference center and in your browser/app settings. 

 

 

6) How we disclose information

 

We disclose information to:

  - Service providers/processors performing services on our behalf (identity verification, payment processing, cloud hosting, customer support, analytics, security)

  - Delivery and logistics partners to fulfill your order

  - Compliance and law enforcement when required by law, court order, or to protect rights, safety, and property

  - Business transfers (e.g., merger, acquisition)

  - With your direction or consent, including to medical caregivers or loyalty/marketing programs you join

 

We require recipients to protect the data and use it only for the disclosed purposes.

 

 

7) Sensitive Personal Information (SPI)

 

We may process SPI—such as government ID details, precise geolocation, or medical patient eligibility—only as necessary to provide the Services, verify eligibility, meet legal obligations, ensure security, and prevent fraud. You may request to limit certain SPI uses not required for those purposes (see Section 9). 

 

 

8) Regulatory recordkeeping & track-and-trace

 

California requires delivery retailers to record delivery sales in the state’s track-and-trace system and to retain business records for specified periods (often 7 years). We maintain required transaction logs, inventory data, and related records to comply with these obligations. 

 

 

9) Your privacy choices & rights (California)

 

You (or an authorized agent) can exercise the following:

  - Right to Know/Access: What we collect, use, disclose, and (if applicable) sell/share

  - Right to Delete: Ask us to delete personal information (subject to legal exceptions)

  - Right to Correct: Ask us to fix inaccurate information

  - Right to Portability: Receive a portable copy

  - Right to Opt-Out of Sale/Sharing: Opt out of sharing for cross-context behavioral advertising (web and app)

  - Right to Limit SPI: Limit certain uses/disclosures of Sensitive Personal Information to what’s necessary to provide services you requested

 

How to exercise:

Email dcdtreesac@gmail.com, call (916) 304-5313, or use our in-app/web privacy links: “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Information.” We will verify your request consistent with CPRA regulations and respond within statutory timelines. We honor GPC signals for applicable opt-outs. 

 

We will not discriminate against you for exercising your rights.

 

10) Marketing communications & SMS

 

With your consent, we may send promotional emails, text messages, and push notifications. You can:

  - Email: Click “unsubscribe” or contact us

  - SMS: Reply STOP to opt out; message/data rates may apply

  - Push: Disable in your device settings

 

Transactional messages (e.g., order confirmations) will still be sent.

 

 

11) Location data

 

If you enable location services, we may collect precise location to check service availability, calculate delivery windows, and prevent fraud. You can disable location at any time in your device settings; however, we may need your address to complete delivery.

 

 

12) Payments

 

We use third-party payment processors. We do not store full payment card numbers. Payment processors handle your payment data under their own privacy policies and PCI-DSS obligations.

 

 

13) Data retention

 

We retain personal information only as long as needed for the purposes described above, including legal, tax, accounting, and regulatory requirements (for cannabis business records, typically 7 years), dispute resolution, and fraud prevention. We may keep backup archives for a limited time. 

 

 

14) Security

 

We implement administrative, technical, and physical safeguards designed to protect your information (encryption in transit, access controls, logging, least-privilege practices, and regular reviews). No system is perfectly secure; please protect your account credentials and let us know immediately of any suspected unauthorized activity.

 

 

15) Children & minors

 

Our Services are intended only for:

  - Adult-use customers: 21+ with valid ID

  - Medical patients/caregivers: 18+ with valid physician recommendation

 

We do not knowingly collect personal information from anyone under these age thresholds. If you believe a minor provided data to us, please contact us so we can delete it where required. 

 

 

16) International users

 

Our Services are intended for California markets and operated in the United States. If you access the Services from outside the U.S., you understand your data will be processed in the U.S., where laws may differ from those in your country.

 

 

17) Financial incentives

 

From time to time, we may offer loyalty, referral, or promotional programs that could be considered “financial incentives” under California law (e.g., discounts in exchange for an email address). Participation is optional, and terms will describe the material aspects, including how to opt out.

 

 

18) Changes to this Privacy Policy

 

We may update this Policy to reflect operational or legal changes. We’ll post the updated Policy with a new effective date, and in some cases we may provide additional notice (e.g., email or in-app). Your continued use of the Services means you accept the updated Policy.

 

 

19) Contact us

 

Dank City – Privacy Team

Phone: (916) 304-5313

Email: dcdtreesac@gmail.com

bottom of page