CannaBias
Privacy policy

Your Privacy is Our priority

Last updated: January 2025

Cyber essentials aligned

UK government-backed cybersecurity for your health data

You control your data

Choose what to share and with whom

No Data Selling

We never sell your information to third parties

Introduction

Welcome to CannaBias ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using CannaBias, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Email address, username, and profile information
  • Health Information: Cannabis usage logs, wellness tracking data, symptoms, and effects (sensitive personal data under UK GDPR)
  • Communication Data: Messages, posts, and interactions within our community
  • Payment Information: Billing details for premium services (processed securely through third-party payment processors)

Automatically Collected Information

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, features used, time spent on platform
  • Cookies and Tracking: We use cookies to enhance your experience and analyze platform usage

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Personalize your experience and provide relevant community content
  • Communicate with you about updates, features, and support
  • Ensure platform security and prevent fraud
  • Analyze usage patterns to improve our platform
  • Comply with legal obligations and enforce our terms

Cyber Essentials Alignment

CannaBias aligns with the requirements of Cyber Essentials, the UK government-backed cybersecurity standards. Your health information is considered sensitive personal data under UK GDPR and is subject to strict security and privacy protections:

  • All sensitive data is encrypted both in transit (256-bit SSL) and at rest (AES-256)
  • Access to personal data is strictly limited to authorised personnel on a need-to-know basis
  • We maintain detailed audit logs of all data access
  • Regular security assessments and vulnerability testing are conducted
  • Data Processing Agreements (DPAs) are in place with all third-party service providers
  • Compliance with the five technical controls of Cyber Essentials

Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Your Consent: We share information when you explicitly authorize us to do so
  • Service Providers: With trusted third-party vendors who assist in operating our platform (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Safety and Security: To protect the rights, property, or safety of CannaBias, our users, or others

Your Rights and Choices

Under GDPR and UK data protection law, you have the following rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Portability: Request a machine-readable copy of your data
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Restrict Processing: Request limitation on how we use your information

To exercise these rights, contact us at privacy@cannabias.co.uk

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will permanently delete your personal data within 30 days, except where we are required by law to retain certain information.

Security Measures

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for all data transmission
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication options
  • Secure data centers with physical access controls
  • Employee training on data protection and privacy
  • Incident response and breach notification procedures

Children's Privacy

CannaBias is not intended for users under the age of 21 (or the legal age in their jurisdiction). We do not knowingly collect personal information from anyone under this age. If we become aware that we have collected information from a user under the required age, we will promptly delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that any such transfers comply with applicable data protection laws and that your information receives adequate protection through appropriate safeguards such as Standard Contractual Clauses.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will also send you an email notification. We encourage you to review this policy periodically.

Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@cannabias.co.uk

Mail: CannaBias Privacy Team

27 Old Gloucester St, London, WC1N 3AX, United Kingdom

Cookies on CannaBias

We use essential cookies to make this site work. We'd also like to use analytics cookies to understand how you use our site and help us improve it.

Learn more