Privacy Policy

Welcome to Dank PoS. We are committed to safeguarding your privacy and making sure you understand how your data is handled. By using dankpos.site or submitting personal information through our forms, you agree to the practices described in this Privacy Policy. If you do not agree, please refrain from using the site or providing personal data.

This document details our data collection practices, explains why we process information, and outlines the controls and rights available to you. Please review it carefully and contact us if you have any questions.

Information You Provide Voluntarily

We collect personal data that you choose to share via forms and communications on our website. These include:

• Demo Requests: When you request a demo we collect your full name, email address, and company name. This information helps us schedule, tailor, and follow up on your demo.
• Access Key Applications (Role Requests): To apply for access to the Dank PoS platform under roles such as Club Member, Doctor, Manager, or Supplier, we gather your full name, email, phone number, and role-specific information required for verification. Examples include patient or membership IDs for Club Members, medical license numbers for Doctors, business details and security phrases for Managers, and cultivation license numbers with distribution regions for Suppliers. We only request the minimum information required to confirm eligibility.
• Communications: If you contact us directly, we may receive additional information such as the content of your message or other details you choose to provide.

We do not intentionally collect sensitive personal data beyond what is requested in these forms, nor do we knowingly collect personal data from anyone under the age of 18. Please refrain from submitting information we do not ask for.

Data Collected Automatically

When you visit dankpos.site, we gather certain technical details to understand how the site is used and to keep it secure. This includes your IP address, general location derived from the IP, browser type, operating system, device type, referral URL, pages visited, timestamps, and time spent on each page. The data is aggregated and anonymized—we do not build individual profiles or combine this information with your name or contact details.

We use cookies and similar technologies primarily for functionality, analytics, and performance monitoring:

• Essential Cookies: Limited first-party cookies support core functionality such as remembering preferences. These do not store personally identifiable information.
• Analytics and Performance: We rely on Vercel Analytics and Vercel Speed Insights. These privacy-focused tools use short-lived identifiers that reset within 24 hours and do not create persistent profiles. They may set first-party cookies or identifiers solely to power analytics and performance insights for our site.
• No Third-Party Marketing Cookies: We do not use advertising networks, tracking pixels, or social media plugins that place cookies on your device via our site.

On your first visit you can accept or decline analytics cookies through our consent interface. If you opt out—or if your browser sends a Do Not Track signal—we disable analytics tools for your session. You can also manage cookie preferences through your browser settings.

We use collected information for the following purposes:

• Provide and Improve Services: Data you submit helps us fulfill demo requests, evaluate role applications, and configure the correct access within the Dank PoS platform.
• Account Creation and Verification: We create user accounts when access requests are approved, generate secure activation links, and apply anti-abuse checks (including IP-based limits) to protect our systems.
• Communication: We contact you to confirm receipt of requests, share onboarding instructions, and notify you of status updates. We do not send unrelated marketing messages without a separate opt-in.
• Analytics and Performance: Aggregated data helps us understand usage trends, improve site experience, and monitor performance issues without identifying individual visitors.
• Security and Abuse Prevention: IP information and technical logs help detect suspicious activity, enforce submission limits, and maintain service stability.
• Legal Compliance: We may process data to meet legal obligations, especially in relation to regulated cannabis operations.

We rely on consent, contract performance, and legitimate interests as legal bases for processing under GDPR and PDPA. We balance our interests against your rights and honor opt-outs wherever applicable.

We do not sell your personal data. Sharing is limited to the contexts below and always aligned with strict confidentiality expectations:

• Within Dank PoS: Authorized team members access the information required to respond to your demo or access request.
• Service Providers: We partner with trusted processors that support our operations:
  • Vercel hosts our website and provides analytics. They may process IP addresses and usage data solely to deliver their services.
  • Supabase stores form submissions, manages our database, and supports user authentication workflows.
  • Resend delivers transactional emails, such as confirmation links and onboarding communications.
• Business Transfers: If ownership of Dank PoS changes, user data may be transferred provided the new owner upholds equivalent privacy protections and you receive notice before any material changes in data use.
• Legal Requirements and Safety: We may disclose information when required by law or to protect the rights, property, or safety of Dank PoS, our users, or others.

All third parties process data under our instructions and implement robust security and privacy safeguards consistent with GDPR and PDPA standards.

Dank PoS operates globally. Personal data you submit may be stored or processed outside your home country, including in the United States or the European Union, depending on where our service providers host their infrastructure. Vercel, Supabase, and Resend may access data from these regions to deliver hosting, database, and email services.

We use contractual safeguards—such as Standard Contractual Clauses—and rely on our providers’ high compliance standards to ensure your data remains protected. By using our website or submitting information, you acknowledge that your data may be transferred internationally in accordance with this Privacy Policy and applicable law.

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law:

• Demo Requests: Contact details and related notes are kept for roughly 6–12 months, unless further engagement requires longer retention.
• Role Access Applications: Pending requests are stored while evaluations are in progress. Approved applicants’ data becomes part of their Dank PoS account and is retained for as long as the account remains active. Declined applications may be kept for up to one year for audit and anti-abuse purposes before deletion or anonymization.
• Analytics Data: Vercel Analytics discards detailed session data after 24 hours. Aggregated reports without personal identifiers may be retained for trend analysis.
• Logs and Security Data: Web server logs and Supabase platform logs are generally retained for 30–90 days unless security investigations require a longer period.
• Communications: Emails or support correspondence may be stored for one to two years for record-keeping, or longer if required by law.

When retention periods end, we delete or anonymize personal data. Backups may retain data for a short additional period, but the information is inaccessible to our operational systems.

We employ technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption: Data transmitted between your browser and our website uses HTTPS (TLS). Sensitive information stored in our databases is encrypted or hashed where appropriate.
• Access Controls: Only authorized personnel—and authenticated backend services—can access personal data. Supabase service keys and admin credentials are kept secure.
• Third-Party Security: We work with providers that maintain strong security practices and compliance programs.
• Monitoring and Logging: Operational logs and alerts help us detect unusual activity and investigate potential issues promptly.
• Rate Limiting and Anti-Abuse: We enforce IP-based limits and validation rules on submissions to prevent spam and protect our users.
• Regular Updates: We keep software and dependencies current and review code changes that handle personal data.

While no online service can guarantee absolute security, we continuously improve our safeguards. In the unlikely event of a data breach, we will follow legal requirements to notify affected users and relevant authorities.

Under GDPR, PDPA, and other privacy laws, you have the following rights regarding your personal data:

• Right to Access: Request confirmation and a copy of personal data we process about you.
• Right to Rectification: Ask us to correct inaccurate or incomplete information.
• Right to Erasure: Request deletion of your data when it is no longer needed or if you withdraw consent.
• Right to Object: Object to processing based on legitimate interests, including analytics or direct marketing.
• Right to Restrict Processing: Ask us to limit how we use your data while a dispute is being resolved.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format and transfer it to another controller.
• Right to Withdraw Consent: Change your mind about optional processing (such as analytics cookies) at any time without affecting prior lawful processing.
• Right Not to be Subject to Automated Decisions: We do not perform automated decision-making with legal or similar significant effects, but this right remains available to you.

To exercise these rights, contact us using the details below. We may need to verify your identity before fulfilling requests and will respond within the timelines required by law.

We aim to process personal data fairly and transparently. Where consent is our legal basis, we request it explicitly and respect your preferences. You can manage cookie settings via our consent banner or by contacting us, and you may withdraw form-related consent by requesting deletion of your data.

If we introduce new uses for your personal data, we will notify you or seek additional consent as required. We do not currently send marketing communications, but any future marketing program will include clear opt-in and opt-out choices.

Dank PoS services are intended for adults. We do not knowingly collect personal data from individuals under 18 (or the applicable age of majority in your jurisdiction). If we discover that we have unintentionally collected data from a minor, we will delete it promptly. Parents or guardians can contact us to request removal of any such information.

We may revise this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When updates occur, we will post the revised policy here and update the “Last updated” date. Significant changes may prompt additional notices. Continued use of dankpos.site after updates signifies acceptance of the revised policy.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

• Email: privacy@dankpos.site (please use the subject “Privacy Inquiry”).
• Address: [Company Name / Data Protection Officer], [Street Address, City, State/Province, Zip Code, Country].
• Telephone: [Phone Number] (if available for privacy inquiries).

You may also reach us via any contact form on our website. Include your contact information and a detailed description of your request to help us respond promptly. We typically reply within a few business days and no later than the timeframe required by law.