Smoke Tokens Logo

Privacy Policy

Effective Date: August 09, 2025

Smoke Tokens, LLC ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, protect, and process personal information through the Smoke Tokens Service. By using the Service, you consent to these practices. Capitalized terms are defined in our Terms of Service.

1. Information We Collect

Personal Information

Name, email, phone number, business address, payment details, and account credentials provided during registration or use.

Usage and Device Information

IP address, browser type, device ID, operating system, access times, and interactions (e.g., kiosk usage).

Cannabis-Related Data

Anonymized or aggregated purchase histories, points balances, redemption data, and loyalty metrics (sensitive under certain laws).

Automatically Collected

Cookies, pixels, and similar technologies for analytics (see Cookie Policy). We do not collect health or medical data.

We collect only what is necessary and with your consent where required.

2. How We Use Your Information

  • To provide and maintain the Service (e.g., points tracking, kiosk functionality, reporting).
  • For compliance and security (e.g., fraud detection, regulatory audits).
  • To improve the Service (e.g., analytics on usage patterns).
  • For marketing and communications (e.g., updates, promotions), with opt-out options.
  • To fulfill legal obligations (e.g., tax reporting).

We do not use data for automated decision-making affecting you significantly.

3. How We Share Your Information

Service Providers

With vendors (e.g., cloud hosts like Vercel, payment processors) bound by confidentiality and data protection agreements.

Legal Requirements

To comply with laws, subpoenas, or government requests (e.g., state cannabis regulators).

Business Transfers

In mergers, acquisitions, or asset sales, subject to similar protections.

Aggregated Data

Anonymized data for research or marketing.

We do not sell personal information as defined under CCPA/CPRA or similar laws. International transfers (e.g., to US servers) comply with adequacy mechanisms.

4. Data Security and Retention

We implement reasonable security measures, including encryption (e.g., SSL/TLS), access controls, and regular audits, to protect against unauthorized access, alteration, or destruction. The Service is hosted on US-based platforms like Vercel, ensuring data remains in the United States. However, no system is impenetrable—we cannot guarantee absolute security. Data is retained only as long as necessary for the purposes above or as required by law (e.g., 7 years for tax records), then securely deleted.

5. Your Rights and Choices

General Rights

  • Access, correct, or delete your data by contacting us.
  • Opt out of marketing via unsubscribe links or settings.

California Residents (CCPA/CPRA)

Rights to know, delete, correct, opt-out of sales/sharing, and non-discrimination. We do not sell data but honor "Do Not Sell" requests. Submit verifiable requests via support@smoketokens.com. Response within 45 days.

Other Jurisdictions

Similar rights under GDPR (if applicable) or state laws.

Cookie Controls

See our Cookie Policy. Withdraw consent anytime, though it may limit Service functionality.

6. Children's Privacy

The Service is not directed to individuals under 21. We do not knowingly collect data from minors. If discovered, we delete it immediately.

7. Changes to This Policy

We may update this Policy periodically. Changes are posted with the new effective date. Continued use constitutes acceptance. For material changes, we notify via email.

8. Contact Information

For questions or requests, email support@smoketokens.com. For CCPA requests, include "CCPA Request" in the subject.

Company: Smoke Tokens, LLC (Arizona registered) | Effective Date: August 9, 2025