Privacy Policy

1. Overview

This Privacy Policy explains how GreenLync collects, uses, shares, retains, and protects information when you visit our website, create an account, start a trial, use the GreenLync dashboard, install the GreenLync prompt, upload data, connect integrations, use "Talk to Your Data," or otherwise interact with GreenLync.

GreenLync is designed as a business-to-business SaaS platform for dispensaries. Our goal is to help dispensary operators understand shopper behavior and improve their online menu experience without intentionally collecting direct shopper identifiers such as names, email addresses, phone numbers, or home addresses through the GreenLync prompt. However, privacy laws can define personal information broadly. Anonymous IDs, device data, browser data, usage data, behavioral events, and inferences may still be considered personal information in some jurisdictions if they can reasonably be linked to a person or household.

2. Our role

Depending on the context, GreenLync may act as:

1. A business or controller for information we collect directly through our own website, sales process, support process, billing process, and account administration.
2. A service provider, processor, or vendor for data we process on behalf of a dispensary or business customer through the GreenLync platform, prompt, dashboard, integrations, or reports.

Our business customers are responsible for their own privacy notices, consumer notices, consent banners, cookie disclosures, and legal bases for using GreenLync on their websites.

3. Information we collect

3.1 Business account information

We may collect information from business users, account owners, administrators, employees, contractors, agencies, and referral partners, including: name; business name; work email address; phone number; job title or role; login credentials; account settings; billing information; subscription plan information; communications with GreenLync; support tickets and feedback; and referral partner information.

3.2 Website and marketing information

When you visit our website, we may collect: IP address; device type; browser type; operating system; pages viewed; referring pages; approximate location derived from IP address; cookies and similar technologies; form submissions; email engagement data; and ad or campaign attribution data, if applicable.

3.3 Platform usage information

When you use GreenLync, we may collect: login activity; dashboard activity; feature usage; questions asked through "Talk to Your Data"; reports generated; exports requested; configuration changes; integration activity; and system, error, and security logs.

3.4 Customer Data uploaded or connected by dispensaries

Our business customers may upload or connect data such as: product catalog data; menu data; product names, descriptions, categories, prices, inventory, images, potency, strain, brand, and related attributes; CSV exports; POS data; order data; sales data; basket data; product performance data; promotion data; inventory data; store location data; and ecommerce analytics data. Customers should not upload sensitive personal information unless legally permitted and agreed to by GreenLync in writing.

3.5 Shopper interaction data collected through the GreenLync prompt

If a dispensary installs the GreenLync prompt, we may collect shopper interaction data such as: anonymous or pseudonymous visitor/session ID; product page viewed; category page viewed; time on page; prompt shown; prompt response selected; reaction chip selected; follow-up response selected; clicks on GreenLync prompt elements; general device and browser data; referral or campaign context; approximate session behavior; and free-text responses, if enabled by the dispensary.

GreenLync is designed not to intentionally collect shopper names, emails, phone numbers, home addresses, payment information, government IDs, or medical records through the prompt. If free-text responses are enabled, GreenLync may use automated filters designed to detect and remove certain direct identifiers such as emails, phone numbers, and URLs before storage. These filters are not perfect. Dispensaries should avoid asking shoppers to provide sensitive personal information through the prompt.

4. Information we do not intentionally collect through the prompt

The GreenLync prompt is not designed to intentionally collect: shopper names; shopper email addresses; shopper phone numbers; shopper home addresses; payment card numbers; government ID numbers; Social Security numbers; medical records; diagnosis information; precise geolocation; biometric identifiers; or information from children. If we discover that such information has been submitted through the prompt, we may delete, redact, restrict, or anonymize it.

5. How we use information

We may use information to: provide, operate, maintain, and secure GreenLync; create and manage accounts; provide dashboards, reports, charts, summaries, recommendations, and insights; power "Talk to Your Data"; generate Fix / Do / Stop suggestions and action lists; process CSV uploads and integrations; troubleshoot errors and support requests; improve product features, user experience, reliability, and security; monitor usage, abuse, performance, and system integrity; process billing and subscriptions; communicate about product updates, support, security, account notices, and commercial information; comply with legal obligations; enforce agreements and protect rights; and develop aggregated or de-identified insights that do not identify a specific store, shopper, or individual.

6. AI, model providers, and data use

GreenLync may use AI systems, machine learning models, analytics systems, and third-party model providers to deliver features such as "Talk to Your Data," natural-language summaries, suggested actions, categorization, analysis, and dashboard explanations. Unless otherwise stated in a signed agreement:

1. GreenLync does not sell Customer Data.
2. GreenLync does not share identifiable Customer Data with other dispensaries.
3. GreenLync does not use identifiable Customer Data to train models for other customers.
4. GreenLync may process Customer Data through vetted service providers as needed to provide the service.
5. GreenLync may use aggregated, de-identified, or anonymized data for product improvement, reliability, generalized benchmarking, and industry-level insights.

If we materially change how we use Customer Data for AI training or model development, we will provide notice and obtain consent where required by law or contract.

7. How we share information

We may share information with: cloud hosting providers; database, storage, and infrastructure providers; AI model and analytics providers; payment processors; email, CRM, sales, support, and communication providers; security, monitoring, logging, and fraud prevention providers; professional advisors such as lawyers, accountants, auditors, and insurers; government, regulatory, law enforcement, or legal authorities when required or permitted by law; successors in connection with a merger, acquisition, financing, sale of assets, reorganization, or similar transaction; and other parties with your direction or consent.

We do not sell shopper interaction data. We do not share identifiable store-level Customer Data with other dispensaries. We do not use one dispensary's identifiable data to power another dispensary's account.

8. Cookies, tracking, and consent mode

GreenLync may use cookies, local storage, pixels, tags, SDKs, and similar technologies for website functionality, analytics, security, session management, performance, attribution, and product features. For the shopper-facing prompt, GreenLync may support a strict consent mode that waits for a consent management platform or equivalent signal before collecting certain data. This may be useful for dispensaries that operate in jurisdictions with stricter privacy, cookie, tracking, or consent rules. Business customers are responsible for determining whether consent is required on their websites and for configuring GreenLync accordingly.

9. Data retention

We retain information for as long as reasonably necessary to provide the service, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, and support backups. Specific retention periods may vary depending on the type of data, account status, subscription status, legal requirements, and customer settings. If your trial ends or your account is cancelled, GreenLync may retain certain account data for a limited period so you can reactivate or export your data. Some information may remain in backups, logs, billing records, legal records, security records, or de-identified datasets for a longer period.

10. Security

GreenLync uses administrative, technical, and organizational safeguards designed to protect information. These may include access controls, authentication, encryption in transit, tenant separation, monitoring, logging, restricted employee access, and vendor controls. No system is perfectly secure. GreenLync cannot guarantee that unauthorized access, security incidents, outages, data loss, or misuse will never occur. You are responsible for securing your account credentials, limiting user permissions, managing employee access, and promptly removing access for people who no longer need it.

11. Your privacy choices

Depending on your location and relationship with GreenLync, you may have rights to request access, correction, deletion, portability, opt-out, restriction, or other privacy choices. Business account users may contact aus@greenlync.ai to request access, correction, deletion, or account-related privacy help. Shoppers interacting with a dispensary's website should usually contact the dispensary directly because GreenLync processes shopper interaction data on behalf of that dispensary. Where required, GreenLync will help our business customers respond to lawful privacy requests related to data we process for them.

12. California privacy notice

This section applies to California residents where the California Consumer Privacy Act, as amended, applies. Depending on context, GreenLync may collect the following categories of personal information:

1. Identifiers, such as business user names, work emails, account IDs, IP addresses, and device identifiers.
2. Commercial information, such as subscription records and business account activity.
3. Internet or electronic network activity information, such as website activity, dashboard activity, prompt interactions, and session data.
4. Geolocation information, limited to approximate location inferred from IP address, if applicable.
5. Professional or employment-related information, such as job title or role.
6. Inferences, such as product-interest patterns, hesitation signals, or preferences generated from shopper interaction data.

We use these categories for the purposes described in this Privacy Policy. We do not knowingly sell personal information. We do not knowingly sell or share personal information of individuals under 16. If GreenLync uses advertising, analytics, or tracking technologies that may be considered "sharing" for cross-context behavioral advertising under California law, GreenLync will provide applicable opt-out mechanisms where required. California residents may have the right to know, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights. To submit a request, contact aus@greenlync.ai.

13. Children and minors

GreenLync is not directed to children or minors. GreenLync is not intended for use by anyone under the legal age required to access cannabis-related content or purchase cannabis products in their jurisdiction. GreenLync does not knowingly collect personal information from children through the GreenLync website or platform. If we learn that we have collected personal information from a child where parental consent is required, we will take appropriate steps to delete it. Business customers are responsible for age-gating and preventing unlawful access to cannabis-related content on their own websites.

14. International users

GreenLync is operated from the United States. If you access GreenLync from outside the United States, you understand that your information may be processed in the United States and other countries where our service providers operate. If you use GreenLync in a jurisdiction with specific privacy requirements, you are responsible for ensuring your use of GreenLync is lawful and for entering into any required data processing agreement with GreenLync.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the website, dashboard, email, or another reasonable method. We will not materially expand how we use Customer Data for AI training, third-party sharing, or unrelated purposes without appropriate notice and any consent required by law or contract.

16. Contact

Questions about this Privacy Policy may be sent to: GreenLync Inc. — aus@greenlync.ai.