← Back to MaryJaneLounge

Privacy Policy

Last updated: April 2026

1. Introduction

MaryJaneLounge (“we”, “us”, “our”) is committed to protecting the privacy of our users and their customers. This Privacy Policy describes how we collect, use, store, and share information when you use our compliance management platform.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Name, email address, organization name, role. Collected at registration.
  • Customer Check-In Data: First name, last name, date of birth, ID type. ID numbers are hashed (bcrypt) before storage — we never store raw ID numbers.
  • Consumption Records: Product name, category, quantity, THC content, consumption method, timestamps. Required for regulatory compliance tracking.
  • Air Quality Readings: CO2, PM2.5, PM10, VOC, temperature, humidity, air changes per hour. Collected from connected sensors.
  • Usage Data: IP address, browser type, pages visited, timestamps. Used for security and service improvement.
  • Payment Information: Processed by Stripe. We do not store credit card numbers on our servers.

3. How We Use Your Information

  • Provide and maintain the compliance management service
  • Track consumption limits and generate compliance reports as required by law
  • Monitor air quality and send alerts when readings exceed thresholds
  • Process payments and manage subscriptions
  • Send transactional emails (verification, password reset, alerts)
  • Detect and prevent fraud and unauthorized access
  • Maintain audit logs for regulatory compliance

4. Data Retention

Consumption records and audit logs are retained for the duration required by applicable state and local cannabis regulations (typically 5-7 years). Account information is retained while your account is active and for 90 days after deletion. Air quality readings are retained for 1 year. You may request data export at any time.

5. Data Security

We implement industry-standard security measures including: encrypted data in transit (TLS), hashed passwords (bcrypt), hashed customer ID numbers, httpOnly session cookies, rate limiting, input validation, and role-based access controls. Access to production data is restricted to authorized personnel.

6. Third-Party Services

We share data with the following service providers:

  • Railway — database hosting (PostgreSQL)
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Sentry — error tracking (no PII is sent)
  • Airthings / Awair — sensor data APIs (only when you connect a sensor)

We do not sell your data to third parties. We do not use your data for advertising.

7. Your Rights

Depending on your jurisdiction, you may have the right to: access your personal data, correct inaccurate data, delete your data (subject to regulatory retention requirements), export your data in a portable format, and opt out of non-essential data processing. To exercise these rights, contact us at the address below.

8. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children. Customer check-in features enforce a minimum age of 21.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 30 days before changes take effect.

11. Contact Us

For privacy-related questions or to exercise your data rights, contact: privacy@maryjanelounge.com

See also: Terms of Service