Privacy Policy

KAPOWBERRIES.COM PRIVACY POLICY

Effective Date: 10-10-2025

This Privacy Policy describes how KapowBerries.com (“we,” “us,” or “our”) collects, uses, manages, and protects the personal information of consumers in California, New York, Ohio, Pennsylvania, and North Carolina. This policy is designed to comply with all applicable state and federal laws, including the California Consumer Privacy Act (CCPA/CPRA), the California Confidentiality of Medical Information Act (CMIA), and specific cannabis regulations within each state of operation. 

1. Information We Collect

We collect various categories of personal information to provide our services and ensure regulatory compliance: 

  • Identifiers: Name, address, email address, phone number, date of birth, IP address, driver’s license number, or other government ID information.
  • Commercial Information: Purchase history, transaction data, product preferences, and payment information (though we do not store full payment card details).
  • Medical Information (for Medical Patients): State-issued medical marijuana registry ID number and qualifying medical conditions (in OH and PA).
  • Internet Activity: Browsing history, interactions with our website, and device information gathered via cookies and analytics.
  • Geolocation Data: Physical location when using our services for delivery or pickup verification. 

2. How We Use Your Information

We use your information strictly for legally permissible purposes: 

  • Age and Identity Verification: To confirm you are of legal age (21+ for adult use) as required by state law.
  • Fulfilling Orders: To process transactions, manage deliveries/pickups, and maintain accurate inventory tracking systems mandated by state regulators.
  • Compliance and Reporting: To facilitate official duties for state/county/city officials and comply with audits and record-keeping requirements (e.g., maintaining records for 3 years in Ohio).
  • Security and Fraud Prevention: To protect against fraudulent transactions and ensure the security of our premises and online platforms, including video surveillance of transfers. 

3. Sharing and Disclosure of Information

We do not sell your personal information. 

We only share information with third parties under specific, limited circumstances required for our operations or mandated by law: 

  • Service Providers: We share data with contractors who provide services like payment processing, delivery logistics, age verification, and website hosting. These providers are contractually obligated to protect your data and only use it for the contracted purpose.
  • Legal Requirements: We disclose information when legally required by law enforcement, regulatory bodies (like the CA DCC or NY OCM), or in response to a court order.
  • With Your Consent: We only share information beyond the transaction necessity if you provide explicit, written, and dated consent that can be rescinded at any time. 

Specific State Restrictions:

  • California (AB 2402): We cannot disclose a consumer’s personal information to a third party except as necessary to process payments or with explicit consumer consent. We do not discriminate against consumers who refuse to consent.
  • New York: Customer consent is required to retain personal information specifically for marketing or advertising purposes.
  • Ohio: We adhere to strict patient confidentiality rules, treating medical data with heightened security and only releasing records with written patient authorization or to specific authorized personnel/entities (e.g., the certifying physician or the Ohio Division of Cannabis Control). 

4. Your Privacy Rights and Choices

Depending on your state of residence, you may have specific rights regarding your personal information. To exercise these rights, please contact us using the information in Section 7.

  • Right to Know/Access: You have the right to request access to the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (e.g., data retained for legal compliance/transaction records).
  • Right to Opt-Out of Sale/Sharing: While we do not sell data, we provide clear mechanisms for you to opt-out of any data sharing that might fall under “sharing for targeted advertising” as defined by the CCPA/CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. 

5. Data Security and Confidentiality

We secure all personal information against loss, damage, unauthorized access, or disclosure as required by federal and state law. Our security measures include: 

  • Data encryption
  • Secure storage areas
  • User identification and password verification
  • Audit trails of data access by staff 

Medical patient information in states like Ohio is handled with the highest level of confidentiality and may be protected under state equivalents of HIPAA. 

6. Children’s Privacy

Our website and services are strictly age-gated. We do not knowingly collect personal information from individuals under the legal age (21+ in all our operating states). 

7. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us:

  • Email: kapowbsed@kapowberries.com)]
  • Phone: 
  • Mailing Address: California
  • Online Portal: [Link to your dedicated ‘Privacy Rights Request’ web form]