Privacy Policy

Last Updated: 23 March 2025

1. Data Storage & Retention

CannaCuriosity stores user data, including account information and subscription details, in Firebase, a secure cloud database service provided by Google. Our data is stored on servers located in the European Union to ensure compliance with European data protection regulations. User authentication information, chat logs, and subscription details are retained for the duration of your relationship with us, and up to 12 months after account inactivity to ensure continuity of service if you return.

2. Personal Information

When you create an account or make a purchase, we collect necessary information such as:

  • Name
  • Email address
  • Account login credentials (securely stored)
  • Payment information (processed through PayPal, not stored directly on our servers)
  • Subscription details

This information is used solely for:

  • Account authentication and management
  • Processing payments
  • Providing access to subscription content
  • Service-related communications

We do not use your personal information for marketing purposes without explicit consent, nor do we sell or share it with third parties except as outlined in Section 4.

3. GDPR & BDSG Compliance

We comply with both the General Data Protection Regulation (GDPR) and Germany's Federal Data Protection Act (BDSG). Users in the European Economic Area (EEA) and the UK have the following rights:

  • Right of Access – Request a copy of your personal data.
  • Right to Erasure – Ask us to delete your personal data.
  • Right to Rectification – Correct inaccuracies in your personal information.
  • Right to Restrict Processing – Temporarily limit the use of your data.
  • Right to Object – Object to our processing of your data.
  • Right to Data Portability – Receive your data in a structured, commonly used format.

To exercise any of these rights, please contact us at gdpr@cannacuriosity.com.

4. Third-Party Services & Data Sharing

We utilize the following third-party services to operate our website:

Firebase (Google)

We use Firebase for user authentication and data storage. When you create an account or log in, your information is processed according to Google's Privacy Policy.

PayPal

We use PayPal to process payments. When making a purchase, you will be redirected to PayPal's platform, and your payment information is subject to PayPal's Privacy Policy.

Google Analytics

With your consent, we use Google Analytics to understand website usage patterns. This service uses cookies to collect anonymous information about how you interact with our site. See Section 6 for more details on controlling these cookies.

Flowise Chatbot

Our "Herbal Advisor" chatbot service temporarily stores conversation history on secure servers in Germany. Chat logs are automatically deleted after 6 months. We do not use chatbot conversations for marketing or profiling purposes.

We do not sell or rent your personal data to third parties. Data sharing is limited to the third-party processors mentioned above and only to the extent necessary to provide our services.

5. Security Measures

We implement appropriate technical and organizational security measures to protect your data, including:

  • Secure authentication systems
  • Data encryption
  • Regular security assessments
  • Access controls and monitoring

However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Cookies & Local Storage

Our website uses the following types of cookies:

Essential Cookies

These cookies are necessary for the website to function properly, enabling core features such as user authentication, shopping cart functionality, and access to secure areas. These cookies do not track you or collect personal information and cannot be disabled.

Analytics Cookies

With your consent, we use Google Analytics cookies to collect anonymous information about how visitors use our website. This helps us improve our site and user experience.

Payment Cookies

When you interact with PayPal payment buttons or services, PayPal may set cookies necessary for payment processing, fraud prevention, and security. These are controlled by PayPal and subject to their Cookie Policy.

Authentication Cookies

We use Firebase authentication cookies to remember your login status and maintain your session securely.

Cookie Consent Management

You can control non-essential cookies through our cookie consent banner. Essential cookies required for basic site functionality cannot be disabled. Your preferences will be remembered for 90 days, after which you'll be asked to confirm them again.

You can also manage or delete cookies through your browser settings at any time.

7. Firebase Authentication & Data Storage

We use Firebase for user authentication and data storage. When you create an account, your email address and a securely hashed version of your password are stored in Firebase Authentication. Your subscription status and account details are stored in Firebase Firestore. All data transmission between your browser and Firebase is encrypted.

8. Contact Us

If you have any questions, requests, or concerns about this policy or your data, please contact us at gdpr@cannacuriosity.com. We will address your inquiry promptly and in compliance with applicable privacy laws.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you through our website or via email if we have your contact information.

10. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Germany, without giving effect to any principles of conflicts of law.