Privacy Policy

Effective date: May 27, 2026 · Last updated: May 27, 2026

This Privacy Policy describes how CannaVault™ ("CannaVault," "we," "us," or "our") collects, uses, and protects information in connection with the CannaVault software platform and related services (the "Service").

By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

From dispensary operators (our customers):

Business name and dispensary name
Contact name, email address, and phone number
Ethereum wallet address (provided during onboarding)
State of operation and license information
Transaction records including POS reference numbers, sale amounts, and timestamps
Login credentials (email address — passwords are hashed and never stored in plaintext)

From demo request submissions:

Name, dispensary name, email address, phone number (optional), state, and any notes provided

From the Ethereum blockchain (public information):

Transaction hashes, wallet addresses, and on-chain transaction data associated with payments processed through the CannaVault smart contract
This information is publicly available on the Ethereum blockchain and is not private by nature

We do NOT collect from customers (dispensary end-customers):

No personal identity information
No name, email, phone, or physical address
No payment card data
Wallet addresses are pseudonymous and not linked to identity by CannaVault

2. How We Use Information

We use the information we collect to:

Provide, operate, and maintain the Service
Process and record cryptocurrency transactions on your behalf
Generate transaction reports and CSV exports for your accounting purposes
Respond to demo requests and onboard new dispensary clients
Send operational communications including transaction notifications and service updates
Comply with applicable legal obligations
Improve and develop the Service

We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

3. Data Storage and Security

Your data is stored securely using Supabase, a PostgreSQL database platform with enterprise-grade security. All data is encrypted in transit using TLS and encrypted at rest. Access to your data is protected by row-level security policies — your transaction records are only accessible to authenticated users associated with your account.

Authentication is handled via Supabase Auth with industry-standard JWT tokens. Passwords are hashed using bcrypt and are never stored in plaintext or accessible to CannaVault staff.

While we implement reasonable security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials and your crypto wallet private keys.

4. Blockchain Data

Transactions processed through CannaVault are recorded on the Ethereum blockchain, which is a public, immutable ledger. Blockchain transaction data — including wallet addresses, transaction amounts, and timestamps — is publicly accessible to anyone and cannot be deleted or modified. This is an inherent property of blockchain technology, not a choice made by CannaVault.

CannaVault does not link on-chain wallet addresses to personal identities. However, if a customer's wallet address is publicly linked to their identity through other means (such as a KYC exchange), that linkage exists outside of CannaVault's control.

5. Third-Party Services

We use the following third-party services to operate the platform:

Supabase — database, authentication, and real-time data (supabase.com)
Vercel — web hosting and deployment (vercel.com)
Resend — transactional email notifications (resend.com)
Coinbase API — live cryptocurrency price feeds (coinbase.com)
Uniswap Protocol — on-chain cryptocurrency swaps (uniswap.org)
Ethereum Network — blockchain infrastructure (ethereum.org)

Each of these services has its own privacy policy. We encourage you to review them. We select third-party services that meet high standards for security and data protection.

6. Data Retention

We retain your account and transaction data for as long as your account is active and for a reasonable period thereafter for legal and accounting purposes. Transaction records may be retained for up to 7 years to comply with standard business record-keeping requirements.

Demo request data is retained until the request is resolved or you request deletion. Pending transaction records that do not result in a confirmed payment are automatically deleted within 10 minutes.

7. Your Rights

You have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and associated data (subject to legal retention requirements)
Export your transaction records at any time via the CSV export feature in your dashboard
Opt out of non-operational communications

To exercise any of these rights, contact us at support@cannavault.app.

8. Children's Privacy

The Service is intended for use by licensed cannabis retail businesses and their adult employees. We do not knowingly collect information from anyone under 21 years of age. If you believe we have inadvertently collected information from a minor, contact us immediately at support@cannavault.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address with at least 30 days notice before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

Questions or concerns about this Privacy Policy should be directed to:
support@cannavault.app
cannavault.app