CannaComply

Privacy Policy

Last updated: March 2026

1. What We Collect

When you use CannaComply, we collect the following information:

  • Email address — provided when you request a scan or purchase a report. Used for report delivery and transactional communications.
  • Dispensary website URL — the URL you submit for scanning. Our crawler visits this URL and its subpages to perform the compliance analysis.
  • Business name — provided during scan submission. Used in reports and communications.
  • IP address — automatically collected when you visit our website. Used for security, abuse prevention, and analytics.
  • Scan results — the output of our compliance analysis, including crawled page content, detected violations, and scoring data.

2. How We Use Your Data

  • Deliver reports — generate and deliver compliance reports, PDFs, and dashboard access.
  • Transactional emails — send report delivery confirmations, payment receipts, monitoring alerts, and subscription notifications.
  • Marketing emails — occasionally send compliance tips, regulatory updates, or service announcements. All marketing emails include an unsubscribe link.
  • Improve scanning accuracy — aggregate, anonymized scan data may be used to improve our detection algorithms and reduce false positives.

3. What We Store

Scan results and reports are stored in our database (SQLite). This includes crawled page content, violation findings, scoring data, and generated reports.

Payment records are processed and stored by Stripe. CannaComply does not store credit card numbers, CVVs, or full payment credentials. We retain Stripe customer IDs and transaction references for order fulfillment and support purposes.

4. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing. Subject to Stripe’s Privacy Policy.
  • Resend — transactional and marketing email delivery. Email addresses are shared with Resend solely for the purpose of sending emails on our behalf.
  • Anthropic API — AI-powered contextual analysis of page content for compliance detection. Page content is sent to the Anthropic API for analysis and is processed in accordance with Anthropic’s Privacy Policy. Anthropic does not use API inputs to train its models.

We do not sell your data to third parties. Your information is used solely to deliver and improve the Service.

5. Cookies

CannaComply uses minimal, session-based cookies for core site functionality. We use Google Analytics for anonymous usage statistics. We do not use advertising cookies, tracking pixels, or cross-site tracking.

6. Data Retention

  • Unpaid scan results are retained for 30 days and then automatically deleted.
  • Paid reports are retained indefinitely for your ongoing access.
  • Subscription data is retained while your subscription is active plus 90 days after cancellation.
  • Email addresses are retained until you request deletion or unsubscribe from all communications.

7. Your Rights

You have the right to:

  • Request a copy of the data we hold about you.
  • Request deletion of your data.
  • Unsubscribe from marketing emails at any time.

To exercise any of these rights, email privacy@cannacomply.io. We will respond within 30 days.

8. CAN-SPAM Compliance

All marketing emails sent by CannaComply include a clear unsubscribe mechanism. Unsubscribe requests are processed within 10 business days. We do not use misleading subject lines or false header information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Privacy questions or data requests? Email privacy@cannacomply.io.

Terms of ServiceAccessibility