Your Privacy Matters to Us

Hey High ("we," "us," or "our") is committed to protecting the privacy of our customers and visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our cannabis delivery services, including SMS communications for order updates. This policy complies with the California Consumer Privacy Act (CCPA), the Telephone Consumer Protection Act (TCPA), and other applicable state and federal laws. Due to the sensitive nature of cannabis-related data, we prioritize transparency and security.

1. Information We Collect

We collect personal information necessary to provide our delivery services, verify eligibility (21+), and comply with state regulations, including California’s cannabis laws and Metrc tracking requirements.

1.1 Personal Information You Provide

Contact Information: Name, phone number, email address, delivery address.
Identification: Date of birth, government-issued ID details (for age verification, not stored unless required by law).
Order Information: Purchase history, payment details (processed securely via third-party providers).
SMS Consent: Opt-in confirmation for order-related text messages (e.g., delivery updates, confirmations).

1.2 Automatically Collected Information

Website/App Usage: IP address, browser type, device identifiers, pages visited, and time spent (via cookies or analytics tools).
Transactional Data: Order details and delivery status for compliance with state regulations.

1.3 Information from Third Parties

We may receive data from third-party platforms (e.g., POS systems like BLAZE, delivery apps) for order processing or loyalty programs, as permitted by your consent or our Terms of Use.

2. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: To process orders, coordinate deliveries, and provide customer support.
SMS Communications: To send transactional text messages (e.g., order confirmations, delivery updates) with your explicit consent. These messages are not promotional and comply with TCPA and CTIA guidelines.
Age Verification: To ensure customers are 21+ as required by cannabis regulations.
Compliance: To meet legal obligations, including Metrc reporting and tax record retention (4–7 years as required).
Website/App Improvement: To analyze usage data and enhance our services (e.g., via aggregated, non-identifiable data).
Legal Purposes: To respond to subpoenas, government requests, or protect our legal rights, as permitted by law.

3. SMS Consent and Opt-In Process

We send order-related text messages (e.g., delivery status, confirmations) only with your prior express consent, as required by the TCPA.

Opt-In: You may opt in via our website, app, or during checkout by checking a box. Example: "By checking this box, I consent to receive automated order updates via SMS from Hey High at this number. Consent is not a condition of purchase. Msg/data rates may apply. Reply STOP to unsubscribe; HELP for help."
Message Frequency: Approximately 3-5 messages per order, limited to transactional updates.
Opt-Out: Reply “STOP” to any message to unsubscribe immediately. We confirm opt-outs with: “You’ve been unsubscribed. No more messages.”
Age Verification: We require DOB confirmation (21+) during opt-in to comply with CTIA guidelines for cannabis messaging.

4. How We Share Your Information

We do not sell or share your personal information for marketing purposes. We may disclose information in these limited cases:

Service Providers: With trusted vendors (e.g., SMS platforms like Springbig, payment processors) who comply with privacy laws and are contractually bound to protect your data.
Legal Requirements: To comply with state or federal laws, such as Metrc reporting or responding to lawful subpoenas.
Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred but will remain subject to this policy.
With Your Consent: For example, sharing with delivery partners to fulfill your order.

5. Data Security

We implement reasonable physical, technical, and organizational safeguards to protect your information, including:

Encryption for data transmission and storage.
Restricted access to records containing personal information.
Secure servers located in the United States to minimize risks of foreign access, given cannabis’s federal status.
Regular risk assessments to ensure compliance with CCPA and other laws.

Despite these measures, no system is 100% secure. We notify you promptly of any data breaches as required by law.

6. Your Rights Under CCPA (California Residents)

If you’re a California resident, you have the following rights under the CCPA:

Right to Know: Request details about the personal information we collect, use, or disclose.
Right to Delete: Request deletion of your data, subject to exceptions (e.g., Metrc compliance, tax records).
Right to Opt-Out: Opt out of data sales (not applicable, as we do not sell data).
Right to Non-Discrimination: We won’t discriminate against you for exercising these rights.

To exercise these rights, contact us at care@heyhigh.com or ‭+1 (424) 302-7932‬. We verify requests using your account details and respond within 45 days.

7. Cookies and Tracking

Our website/app uses cookies to improve functionality and analyze usage. Cookies may collect non-identifiable data (e.g., IP address, pages visited). You can disable cookies in your browser, but this may affect site performance. See our Cookie Policy for details.

8. Data Retention

We retain personal information only as long as necessary for the purposes outlined above or as required by law:

Order and tax records: 4–7 years per state and federal requirements.
SMS consent records: At least 4 years to prove TCPA compliance.
Other data (e.g., website analytics): Deleted after 6 months unless needed for analytics or legal purposes.

You may request deletion under CCPA, but we may retain certain data for compliance (e.g., Metrc).

9. Third-Party Links

Our website/app may link to third-party sites (e.g., payment processors). These sites have their own privacy policies, which you should review. We are not responsible for their practices.

10. Children’s Privacy

Our services are restricted to individuals 21 and older. We do not knowingly collect data from anyone under 21, per cannabis regulations. If we learn such data was collected, we will delete it promptly.

11. International Data Transfers

We store data on U.S.-based servers to reduce risks of foreign access, given cannabis’s sensitive nature. If data is transferred internationally (e.g., via cloud services), we ensure compliance with applicable laws.

12. Changes to This Policy

We may update this policy to reflect legal or operational changes. We will notify you via email (if provided) or a website notice 30 days before changes take effect. Continued use of our services after changes indicates acceptance.

13. Contact Us

For questions, complaints, or to exercise your privacy rights, contact our Privacy Officer:

Email: care@heyhigh.com
Phone: ‭+1 (424) 302-7932‬

1. Information We Collect

We collect personal information necessary to provide our delivery services, verify eligibility (21+), and comply with state regulations, including California’s cannabis laws and Metrc tracking requirements.

1.1 Personal Information You Provide

Contact Information: Name, phone number, email address, delivery address.

Identification: Date of birth, government-issued ID details (for age verification, not stored unless required by law).

Order Information: Purchase history, payment details (processed securely via third-party providers).

SMS Consent: Opt-in confirmation for order-related text messages (e.g., delivery updates, confirmations).

1.2 Automatically Collected Information

Website/App Usage: IP address, browser type, device identifiers, pages visited, and time spent (via cookies or analytics tools).

Transactional Data: Order details and delivery status for compliance with state regulations.

1.3 Information from Third Parties

We may receive data from third-party platforms (e.g., POS systems like BLAZE, delivery apps) for order processing or loyalty programs, as permitted by your consent or our Terms of Use.

2. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: To process orders, coordinate deliveries, and provide customer support.

SMS Communications: To send transactional text messages (e.g., order confirmations, delivery updates) with your explicit consent. These messages are not promotional and comply with TCPA and CTIA guidelines.

Age Verification: To ensure customers are 21+ as required by cannabis regulations.

Compliance: To meet legal obligations, including Metrc reporting and tax record retention (4–7 years as required).

Website/App Improvement: To analyze usage data and enhance our services (e.g., via aggregated, non-identifiable data).

Legal Purposes: To respond to subpoenas, government requests, or protect our legal rights, as permitted by law.

3. SMS Consent and Opt-In Process

We send order-related text messages (e.g., delivery status, confirmations) only with your prior express consent, as required by the TCPA.

Message Frequency: Approximately 3-5 messages per order, limited to transactional updates.

Opt-Out: Reply “STOP” to any message to unsubscribe immediately. We confirm opt-outs with: “You’ve been unsubscribed. No more messages.”

Age Verification: We require DOB confirmation (21+) during opt-in to comply with CTIA guidelines for cannabis messaging.

4. How We Share Your Information

We do not sell or share your personal information for marketing purposes. We may disclose information in these limited cases:

Service Providers: With trusted vendors (e.g., SMS platforms like Springbig, payment processors) who comply with privacy laws and are contractually bound to protect your data.

Legal Requirements: To comply with state or federal laws, such as Metrc reporting or responding to lawful subpoenas.

Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred but will remain subject to this policy.

With Your Consent: For example, sharing with delivery partners to fulfill your order.

5. Data Security

We implement reasonable physical, technical, and organizational safeguards to protect your information, including:

Encryption for data transmission and storage.

Restricted access to records containing personal information.

Secure servers located in the United States to minimize risks of foreign access, given cannabis’s federal status.

Regular risk assessments to ensure compliance with CCPA and other laws.

Despite these measures, no system is 100% secure. We notify you promptly of any data breaches as required by law.

6. Your Rights Under CCPA (California Residents)

If you’re a California resident, you have the following rights under the CCPA:

Right to Know: Request details about the personal information we collect, use, or disclose.

Right to Delete: Request deletion of your data, subject to exceptions (e.g., Metrc compliance, tax records).

Right to Opt-Out: Opt out of data sales (not applicable, as we do not sell data).

Right to Non-Discrimination: We won’t discriminate against you for exercising these rights.

To exercise these rights, contact us at care@heyhigh.com or ‭+1 (424) 302-7932‬. We verify requests using your account details and respond within 45 days.

7. Cookies and Tracking

Our website/app uses cookies to improve functionality and analyze usage. Cookies may collect non-identifiable data (e.g., IP address, pages visited). You can disable cookies in your browser, but this may affect site performance. See our Cookie Policy for details.

8. Data Retention

We retain personal information only as long as necessary for the purposes outlined above or as required by law:

Order and tax records: 4–7 years per state and federal requirements.

SMS consent records: At least 4 years to prove TCPA compliance.

Other data (e.g., website analytics): Deleted after 6 months unless needed for analytics or legal purposes.

You may request deletion under CCPA, but we may retain certain data for compliance (e.g., Metrc).

9. Third-Party Links

Our website/app may link to third-party sites (e.g., payment processors). These sites have their own privacy policies, which you should review. We are not responsible for their practices.

10. Children’s Privacy

Our services are restricted to individuals 21 and older. We do not knowingly collect data from anyone under 21, per cannabis regulations. If we learn such data was collected, we will delete it promptly.

11. International Data Transfers

We store data on U.S.-based servers to reduce risks of foreign access, given cannabis’s sensitive nature. If data is transferred internationally (e.g., via cloud services), we ensure compliance with applicable laws.

12. Changes to This Policy

We may update this policy to reflect legal or operational changes. We will notify you via email (if provided) or a website notice 30 days before changes take effect. Continued use of our services after changes indicates acceptance.

13. Contact Us

For questions, complaints, or to exercise your privacy rights, contact our Privacy Officer:

Email: care@heyhigh.com

Phone: ‭+1 (424) 302-7932‬

We respond to inquiries within 30 days and handle complaints per our TCPA and CCPA processes.