Privacy Policy

Last updated: February 16, 2026

1. Information We Collect

When you use StrainBrain we may collect the following categories of information:

Account data — email address, username, display name, avatar, and authentication credentials.
Profile data — bio, location (if provided), and preferences you configure in settings.
Content data — posts, comments, reviews, lab results, grow diary entries, and media you upload.
Usage data — pages visited, features used, timestamps, device type, browser, and IP address.
Transaction data — subscription tier, payment method (processed by our payment partners), and billing history.

2. How We Use Your Information

To provide, maintain, and improve the StrainBrain platform.
To personalize your experience — strain recommendations, trending content, feed curation.
To process subscriptions and payments securely via our payment partners (Paddle for web, Apple/Google for mobile).
To communicate important updates, security alerts, and (with your consent) marketing.
To enforce our Terms of Service and protect against fraud or abuse.
To generate aggregate, anonymized analytics that help us improve the product.

3. Data Sharing

We do not sell your personal information. We may share data with:

Service providers — Supabase (database & auth), Paddle (web payments), Qonversion (mobile IAP), Vercel (hosting), Upstash (rate limiting).
Legal obligations — when required by law, subpoena, or to protect our rights.
With your consent — such as when you post public content visible to other users.

4. Your Rights (CCPA / GDPR)

Depending on your jurisdiction you may have the right to:

Access — request a copy of your personal data.
Rectification — correct inaccurate data.
Deletion — request we delete your account and associated data.
Portability — receive your data in a structured format.
Opt-out — withdraw consent for non-essential data processing.

To exercise any of these rights, email us at privacy@strainbrain.com.

5. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. Analytics data is collected via Vercel Analytics in an anonymized, privacy-friendly manner.

6. Data Security

We employ industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, row-level security policies in our database, CSRF protection, rate limiting, and regular security audits. No system is 100% secure — if you discover a vulnerability, please report it responsibly to security@strainbrain.com.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Anonymized aggregate data may be retained indefinitely.

8. Children's Privacy

StrainBrain is intended for users 21 years of age or older. We do not knowingly collect data from anyone under 21. If you believe a minor has provided us personal information, please contact us immediately.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Your continued use of StrainBrain after changes constitutes acceptance of the updated policy.

10. Contact Us

Questions or concerns? Reach us at privacy@strainbrain.com.