Privacy Policy

Grandma’s Pot Shop 

Privacy Policy 

Last Revised: November 16, 2022 

Here at Grandma’s Pot Shop LLC (“Grandma’s Pot Shop”, also referred to herein as  “We”, “Us”, or “Our”), protecting your privacy is our priority. For this reason, we collect  and use personal information only as it might be needed for us to provide our users (collectively our “Users”) access to our website and its features (the “Site”), to improve  the user experience for you and other Users of the Site, and to provide Users with  opportunities to learn new information and to discover and interact with each other (collectively the “Services”). 

Our Privacy Policy is intended to describe what data we collect, how we collect it, and  how, when, and why we use your personal data. It also describes options we provide for  you to access, update, or otherwise assume control of your personal data that we  process. 

By providing us with your personal information, you are consenting to the terms and  conditions of this Privacy Policy. Please read it carefully. If you have any questions about  our data collection or use practices or want to better understand your rights under this  Privacy Policy, please contact our Data Protection Officer (“DPO”) at

Compliance Statement 

We at Grandma’s Pot Shop strive to uphold the highest standards of data and privacy  protections. Regardless of where our customers are, we strive to adopt the principles and  safeguards of both the General Data Protection Regulation (GDPR) and the California  Consumer Privacy Act of 2018 (CCPA). Your individual rights may be determined by the  laws and regulations of the state and country in which you reside. 

While we strive to materially comply with all federal, state, and local laws, you are  personally responsible for ensuring that your use of the Site and our Services complies  with all laws of the jurisdiction in which you reside. 

How and why we collect your personal information 

We at Grandma’s Pot Shop are defined by the General Data Protection Regulation  (GDPR) as a “data controller”. This means that we collect your personal information for  our own use in order to provide you full access to the Site and to provide our Services to 

you or for your benefit. Most of the personal information we collect is provided directly by  you when you create an account through the Site or when you otherwise provide  information to us when registering for our Services. For example, we may collect your  email address if you register for our mailing list. This information is used to send you  emails via a general mailing list which you are voluntarily subscribing to. As another  example, we may collect your name, email address, your chosen username and  password, payment information, and verification of your age. This information is used to  create your user account, to verify your eligibility to receive the Services, and to provide  you with the Services. As another example, we may collect your location data to allow us  to comply with federal, state, and local laws, to improve the Site, and to tailor future design  implements to our Users’ unique needs. As one final example, we may collect information  pertaining to your unique interests to tailor default behaviors of the Site and the  information the Site displays to you by default. 

Information you might be expected to provide includes, without limitation: 

  • Full Name 
  • Username 
  • Password 
  • Age range 
  • Email Address 
  • Medical or other health-related conditions 
  • Credit card or other payment information 

We collect your personal information for the limited purpose of providing the Services to  you and our other Users. We also collect your personal information to allow us to tailor  our current and future Services to better meet your needs and preferences, as well as to  better understand how you and others use the Site so as to refine it and create an ever 

improving user experience. Lastly, we may collect your personal information to provide  targeted advertisements to you based on criteria provided by selected advertisers. We do  not market or sell your personal information to advertisers or to other third parties. 

Information Collected Automatically 

As you use and access the Site, we (including any third parties providing web design,  hosting, and related services to us) may use a variety of technologies to automatically  collect information, including, without limitation: 

  • Usage Information. The Site collects usage data such as the source address  from which a page request originates (i.e., your IP address, domain name, type 

of computer), date and time of the page request, the referring web site (if any),  and other parameters in the URL (e.g., search criteria). We use this data, for  example, to better understand the Site usage in the aggregate so that we know  what areas of our Site users prefer based on the number of visits to those areas.  This information is stored in log files and is used for aggregated and statistical  reporting. It is not attributed to you as an individual – meaning log files are not  associated with any particular user, computer, or browser. 

  • Location Information. We collect and process general information about the  location of the device from which you are accessing the Site (e.g., your  approximate geographic location as inferred from your IP address). This  information may be used to, without limitation, verify your legal eligibility to use  the Site or otherwise receive the Services. 
  • Cookies and Browser Information. The Site uses cookies for a variety of  purposes as further described below and in our Cookie Policy. 
  • Web Beacons. Web beacons (also known as “web bugs”) are small strings of  code that provide a method of delivering a graphic image on a web page or in an  e-mail message for the purpose of transferring data. We may use web beacons  (or clear GIFs) on our Site or include them in the e-mail messages we send you  for many purposes, including site traffic reporting, unique visitor counts,  advertising e-mail auditing and reporting, and personalization. Information  gathered through web beacons may be linked to your Personal Information. 
  • IP Addresses and Log Files. An Internet Protocol (“IP”) address is a number  assigned to each computer on a network to identify your computer every time  you log on to the Internet. We may keep track of IP addresses to troubleshoot  technical concerns and to maintain the safety and security of our Site (e.g., by  reviewing your IP address in combination with your Personal Information for  credit fraud protection and risk reduction.) In addition, we may use IP addresses  to analyze trends, administer the Site, track traffic patterns, and gather  demographic information for aggregate use. 

Health Insurance Portability and Accountability Act (HIPAA) 

The HIPAA Privacy Rule establishes standards to protect individuals' medical records  and other personal health information. The Site has appropriate safeguards in place to  protect the privacy of personal health information covered by HIPAA and sets limits and  conditions on the uses and disclosures that may be made of such information without  prior patient authorization.

Use of Cookies 

Our website may use “cookies” to help personalize and enhance your online experience.  Cookies are small text files, generally made up of letters and numbers, that are placed on  your computer, tablet, mobile phone, or other device when you visit a web page. Cookies  are uniquely assigned to you and can only be read by a web server in the domain that  issued the cookie to you. 

When you visit a webpage and enter personal information (e.g., your name, email  address, etc.), that information is packaged into a cookie which is then sent to your  browser and saved for later use. On subsequent visits to the same website, your browser  will send that cookie back to the web server that issued it, thus identifying you and the  information you already provided to that website on previous visits. Cookies exist largely  as a convenience feature, though websites and internet-based services may use cookies  for purposes such as tracking customer use of their services and providing targeted  advertising to customers based on the data contained in cookies. 

You have the ability to accept or decline cookies by activating the setting on your web  browser that allows for you to refuse some or all cookies. Most web browsers  automatically accept cookies by default, but almost all web browsers allow for limiting  cookies to select websites or declining cookies altogether. If you choose to decline  cookies issued by our website or by all websites, you may not be able to fully experience  the interactive features of our website, including the ability to “log in” and remain logged  in as a registered user. 

For more information, please refer to our Cookie Policy. 

Certain disclosures not covered by this Privacy Policy 

This list of personal information and our Privacy Policy does not include or contemplate information you voluntarily disclose through responses or replies to any blog or public  forum that we may decide to implement in the future or that is provided by a User on their  own website or other venue. When you make such disclosures, you are providing your  personal information to any user or other third party with access to those features,  including, potentially, the general public. Any use of such information by third parties is  beyond our ability or responsibility to control. 

We encourage you to review the privacy policies of websites you choose to visit so that  you can understand how those other websites collect, use, and share your information. Here at Grandma’s Pot Shop, we take commercially reasonable steps to ensure that our 

data processing partners handle your personal information responsibly and in compliance  with all applicable laws and regulations. However, we are not responsible for the privacy  policies or other content of websites unrelated to or uncontrolled by Grandma’s Pot Shop. 

How and why we use your personal information 

We strongly believe in using personal information only as necessary to provide you with  our Services and with the best possible user experience. To that end, we may use your  personal information to provide you with Services, to allow you to discover and reach out  to other Users, to tailor our current and future Services to your needs by offering more  relevant Services in the future, and to understand how you and others use our Site so  that we can improve it and provide a better user experience for you and others. 

We may share your data with our trusted partners, considered by the General Data  Protection Regulation (GDPR) to be “data processors”, to help facilitate payments,  perform statistical analysis, send you email or postal mail, or provide technical support.  Any third parties with whom we share your personal information are prohibited by contract  from using your personal information for any purpose other than to provide these services  to us or to you on our behalf, and such third parties are required by contract to maintain  the confidentiality of your personal information. 

In order to tailor our services to your needs, we may use your personally identifiable  information to inform you of other products or services available from us and our affiliates,  including, potentially, other Users. We may also contact you via surveys to conduct  research about your opinion on our current Services or potential new products or services  that we may offer. We respect your privacy and give you an opportunity to opt-out of  receiving these communications. You may, at any time, opt out of receiving any or all  marketing communications from us by writing to us at

We will disclose your personal information, without notice, if required to do so by law or  in the good faith belief that such action is necessary to (a) conform to the edicts of the  law or comply with legal processes to which Grandma’s Pot Shop may become a party;  (b) protect and defend Grandma’s Pot Shop’ rights under the law; and (c) act under  exigent circumstances to protect the personal safety of our other users or the general  public. For example, if a visitor to our website submits a comment or inquiry through our  website’s built-in contact form expressing an intent to cause physical harm to themselves  or others, we may proactively inform law enforcement to protect the public interest. 

Security of your Personal Information

We take great effort to secure your personal information and justify the trust you have  placed in us. Our website and other data processes meet or exceed industry standards  and include the use of at least 256-bit Secure Sockets Layer (SSL) protection. The use  of SSL technology encrypts data transmitted between you and our website and other web  services. When we transmit your personal information to other websites or web-based  services (e.g., payment processors), it is similarly encrypted. 

General Data Protection Regulation (GDPR) 

The General Data Protection Regulation (GDPR) provides rights to citizens and residents  of the European Union (EU) to control their data. We encourage you to learn more about  GDPR and, if applicable, better understand your rights by visiting the GDPR Portal at The GDPR addresses our responsibilities in handling your  personal data (also referred to in this Privacy Policy as your personal information). 

Under GDPR and this Privacy Policy, you have the following rights: 

  1. Right to Access Personal Data. You have the right to access your personal data that has been collected by us. To exercise this right, please contact our Data  Protection Officer at We will respond to any such  request within thirty (30) days. 
  2. Right to Rectification. You have the right to request modification of your personal  data to correct any errors or to update incomplete or inaccurate information. 
  3. Right to Erasure. You have the right to request that we stop using the personal  data we collect from you, stop transmitting it to third-party data processors, and  erase it from our records and databases. In most cases, we will simply grant this  request. In some limited circumstances, such as when we are contractually  required to provide Services to you and need the personal information we have  collected to do so, we may delay granting your request until such time as it is  feasible for us to stop using your personal data and erase it. We may also deny  your request if your personal data is the subject of a valid law enforcement request  or preservation and/or disclosure of your personal data is required by law or by  order of a court of law. 
  4. Right to Restrict Data Processing. You have the right, in any of the following  circumstances, to request that all processing of your personal data be stopped:
  5. you wish to contest the accuracy of your personal data, in which case, we will  suspend processing of your personal data for a period while we verify its  accuracy; 
  6. you believe the processing of your personal data is unlawful but you oppose  the erasure of your personal data and request the restriction of its use  instead; 
  7. you believe we no longer need your personal data for our business purposes,  but the personal data must be preserved for the establishment, exercise, or  defense of legal claims; or 
  8. you have objected to our continued processing pursuant to Article 21 of the  GDPR, in which case we will suspend processing of your personal data  unless our legitimate need to continue processing it overrides your objection. 
  9. Right to be Notified. You have the right to be notified of any use of your personal  data in a clear and simple manner. This Privacy Policy serves as notification to you  of how we intend to collect and use your personal data. If you feel your rights are  being impeded, you may contact our Data Protection Officer at to have your concerns addressed. In the event of any  rectification or erasure of your personal data, we will provide you written notice  within seventy-two (72) hours. Furthermore, in the event of a data breach that  includes your personal data, we will inform you and the relevant legal authorities  within seventy-two (72) hours after we are made aware of the breach. 
  10. Right to Data Portability. You have the right to request that your personal data  be sent electronically to a third party of your choosing. The personal data must be  provided by us in a commonly used, machine readable format if doing so is  technically feasible. 
  11. Right to Object. You have the right to object to any denial by us of your request  that we stop processing your data per your Right to Restrict Data Processing. 
  12. Right to Reject Automated Individual Decision-Making. You have the right to  refuse the automated processing of your personal data to make decisions about  you if such decisions significantly affect you or produce legal effects concerning  you. 

Data Retention Policy

We may retain personal information collected from you or from third parties as described  elsewhere in this Privacy Policy for an indefinite period of time unless you choose to  exercise your Right to be Forgotten. 

California Consumer Privacy Act of 2018 

If you are a California resident, you are afforded special protections under the CCPA,  which include: 

  1. The right to request disclosure of our data collection and sales practices as they  may apply or pertain to your data, including the categories of personal information  we collect, the source of that information, our use of the information, and, if the  information is to be or has been disclosed or sold to third parties, the categories of  personal information that may be or was disclosed or sold to third parties and the  categories of third parties to whom such information may be (or was) disclosed or  sold (a “Personal Information Request”); 
  2. The right to request a copy of the specific personal information collected about you during the twelve (12) months immediately prior to your request (also a “Personal  Information Request”); 
  3. The right to have any such information deleted, with limited exceptions; 4. The right to request that your personal information not be sold to third parties; and 
  4. The right not to be discriminated against because you choose to exercise any of  your newly afforded rights under the CCPA. 

Personal Information Requests 

To submit a Personal Information Request or to request the erasure of your personal  information per the terms of the CCPA, please contact us by using the form on our  website’s “Contact Us” page or by emailing our Data Protection Officer at Please note that the CCPA only affords California residents  the right to make Personal Information Requests twice in a rolling 12-month period, we  may require you to provide additional information to verify your identity prior to complying  with any such request, and we will respond to any such request within forty-five (45) days  of receiving it. 

Categories of Personal Information

Grandma’s Pot Shop has collected the following categories of information within the past  twelve (12) months or may reasonably expect to collect such information in the future: 

  • Identifiers (e.g., your name, contact information, cookies) 
  • Information protected against security breaches (e.g., your name, financial  account information, username, and password) 
  • Commercial information 
  • Internet/electronic activity 
  • Geolocation 
  • Audio/video data 
  • Professional or employment related information 
  • Education information 
  • Biometrics 
  • Inferences from the foregoing 

We have not sold any such information within the past twelve (12) months and do not  have any plans to sell such information in the future. 

We have disclosed within the past twelve (12) months or reasonably expect to disclose  in the future, for purposes of providing the Services and/or other business purposes as  defined by the CCPA: identifiers, information protected against security breaches,  protected classification information, commercial information, internet/electronic activity,  geolocation, and inferences from the foregoing. We do not anticipate disclosing biometric  data. 

Sale of Personal Information; Opt-Out Process 

The CCPA requires that any business which provides access to or discloses Personal  Information to third parties for monetary or other valuable consideration must provide  California residents with a web-based means of opting out of any such sale or disclosure.  We at Grandma’s Pot Shop do not sell or otherwise provide such Personal Information to  third parties except as otherwise required for us to provide the Services as otherwise  described in this Privacy Policy. If we, in the future, decide to sell or otherwise provide  third parties access to Personal Information, we will update this Privacy Policy to include  an opt-out process. 

Voluntary Disclosure 

We at Grandma’s Pot Shop cannot control the spread or dissemination of any personal  information you voluntarily disclose to third parties, whether through the Site or otherwise. 

While your rights remain effective as to our collection and use of any such information,  we cannot and will not act on your behalf in making any requests, whether under the  CCPA or otherwise, to any other parties to whom you voluntarily disclosed your personal  information. 

Persons under Eighteen 

We do not knowingly collect personally identifiable information from children under the  age of thirteen (13) years. We may collect personally identifiable information from children  under the age of eighteen (18) years only with written permission from their parents or  legal guardians and in the performance of Services. 

Changes to this Privacy Policy 

We will occasionally update this Privacy Policy based on user feedback and changes to  the legal and regulatory requirements imposed on us. For example, this latest iteration of  our Privacy Policy has been updated to comply with the General Data Protection  Regulation (GDPR), better explain how we collect and use your data, and inform you of  your rights to control your data. While we try to inform our users when we make changes  to this Privacy Policy, we encourage you to regularly review it. 

Contact Information 

We welcome your questions or comments regarding this Privacy Policy. If you have  suggestions, if you believe we may have violated this Privacy Policy, or for general  inquiries, please contact us at