Privacy Policy
Last updated: May 28, 2026
DATA PRIVACY AND JURISDICTIONAL STATEMENT: Grow & Tell operates in strict alignment with consumer protection and transparency frameworks, including applicable statutes within the State of Iowa. This Privacy Policy details our explicit data collection thresholds, internal algorithmic usage models, and the comprehensive data subjects' rights extended to all registered users.
This Privacy Policy (“Policy”) describes how Grow & Tell (“Platform”, “we”, “us”, or “our”) collects, secures, processes, and shares personal data, tracking logs, and agricultural metadata generated by users (“User”, “you”, or “your”) accessing our web endpoints, software suites, or community databases. By interacting with the Platform, you assent to the processing architectures detailed in this Policy.
1. Categories of Data Collected
We limit our information gathering to specific data streams required to maintain the structural and operational viability of our informational tools. We collect the following categories of data:
Account Credentials and Identifiers: We collect your email address, an encrypted hash of your chosen password, system roles (e.g., grower, breeder, or administrator), registration join dates, and a mandatory unique public handle. Public handles are strictly restricted by alphanumeric rules: they must comprise lowercase letters, numerical digits, dashes, or underscores, spanning between three (3) and thirty (30) characters. Your handle operates as your persistent public identity throughout the site (visible on comment bylines, Grow Journal attribution, and profile routing URLs), while your registered email address remains strictly masked from public view.
User-Generated Content and Agricultural Metadata: We store and render comprehensive Grow Journal text blocks, weekly cultivation logs, structured cultivation setup data, environmental telemetry logs (including temperature ranges, ambient humidity, solution pH levels, nutrient PPM concentrations, and lighting spectrum schedules), and uploaded images. We process community data including comment text, threaded comment replies, 'Helpful' engagement reactions, journal-owner content pins, breeder endorsements, programmatic handle-based @-mentions, and photographic comment attachments. We also collect community contribution records, including user-submitted strain corrections, bookmarked listings, account follows, and discretionary breeder administrative profile fields.
Proprietary First-Party Usage Logging: To safeguard user behavior data, we gather platform usage analytics recorded through our own database. Collected logs cover aggregate page views, specific cannabis strain lookups, interactive lineage graph paths, registration funnel steps, user-driven follows, comment interactions, journal updates, and outbound redirect destination clicks (tracking which breeder or third-party web storefront hyperlinks were visited). This behavioral log is stored entirely within our proprietary local databases and is never shared with, or transmitted to, any third-party analytics services.
Systemic In-App Notifications: The Platform generates internal event notifications tied to your account identity or UGC actions (including alerts for new entries on followed journals, comments posted to your journal, comment interactions such as pins, replies, or @-mentions, Verified Breeder commentary, profile or journal follows, and automated calendar reminders regarding weekly updates or harvest metrics). These notifications reside exclusively within your account profile data and are structurally hidden from other users.
Tokenized Transaction Records: All financial considerations and premium transactions are cleared through our designated merchant processor, Stripe. The Platform never sees, processes, or stores your unencrypted credit card numbers, banking credentials, or card security codes. We retain exclusively a unique, tokenized Stripe Customer ID string and your premium subscription status code to enable active account privileges.
Local Technical Records and Security Cookies: Upon authentication, the Platform deploys a secure session cookie (configured with HttpOnly and Secure flags) along with a transient cookie to manage two-factor authentication sequences. Where automated security blocks are deployed, the Cloudflare Turnstile bot protection service may execute automated browser integrity checks and install its own verification cookies. We persist your 21+ age verification confirmation and your specific cookie-consent selection directly within your browser’s localStorage registry. We strictly ban the integration of third-party tracking cookies, tracking pixels, or external behavior-profiling analytics engines; Cloudflare Turnstile represents the only third-party code segment executed on our data-entry forms.
2. Explicit Prohibitions on Data Accumulation
To establish maximum transparency, the Platform enforces an absolute contractual ban on several predatory data collection methods common across the internet. We guarantee the following parameters:
No Third-Party Analytics Engines: The Platform operates without third-party tracking or aggregation tools. We do not incorporate Google Analytics, Meta Pixels, Mixpanel scripts, Plausible tracking, or equivalent telemetry integrations. All behavioral analytics are confined inside our proprietary infrastructure.
No Real-Time Geolocation Tracking: We do not read, log, monitor, or capture your mobile device's GPS hardware coords, IP-based physical paths, or localized geographical routes.
No Commercial Advertising Profiling: We do not build algorithmic consumer profiles, track cross-site consumer habits, or compile psychological behavioral files to sell target advertising spaces.
Absolute Ban on Data Commercialization: We do not sell, rent, lease, trade, or distribute your private account information, email records, or behavioral metrics to third-party brokers, marketing clearinghouses, or commercial networks under any circumstances.
Automated Metadata Sanitization: Every image uploaded to our cloud network is programmatically modified server-side. This automated process re-encodes the image file and strips out all embedded EXIF metadata, removing smartphone GPS coordinates, camera models, and time stamps prior to storage. Your localized phone data is permanently unlinked from the resulting asset.
3. Purposes of Processing and Data Utilization
We process your personal information strictly under lawful bases to fulfill core functional features, including:
Core Platform Administration: Managing basic profile verification, rendering personal Grow Journals, processing threaded communications, and generating the systemic in-app notifications detailed in Section 1.
Internal Platform Enhancement: Reviewing system metrics, traffic congestion points, registration success rates, and tracking which specific cannabis strain profiles or lineage nodes are explored, enabling our engineering team to upgrade performance features.
Rendering Anonymized Public Aggregates: Generating public statistical counts, including weekly trending strain tables, cumulative strain lookup counters, and total numbers of growers actively cultivating a specific genetic profile. These datasets are purely mathematical totals and never expose individual choices.
Providing Aggregate Breeder Analytics: Presenting Verified Breeders with generalized dashboards tracking engagement metrics on their own strains (such as total outbound purchase hyperlink clicks, strain profile view totals, and basic sign-up attribution logs if a user registered after clicking their profile). These reporting dashboards display aggregate math only, hiding user identities and private browsing paths.
Transactional Communication Routing: Forwarding system emails regarding account verification, secure password resets, and admin moderation alerts. We strictly prohibit marketing or advertising newsletters without your unambiguous opt-in consent.
Statutory Compliance Backstops: Satisfying lawful subpoenas, judicial warrants, or formal regulatory oversight requests where required by applicable state or federal law.
4. Approved Data Processors and Service Sharing
We do not monetize your data through hidden third-party integrations. Data sharing is limited to the following essential infrastructure processors:
- Stripe, Inc. — Manages secure e-commerce clearing, premium subscription processing, and tokenized billing accounts.
- Resend — Executes secure delivery of transactional system emails, account validation paths, and system alerts.
- Microsoft Azure — Provides secure cloud server hosting, relational database infrastructure, and encrypted blob storage for photo assets.
- Cloudflare, Inc. — Acts as our Content Delivery Network (CDN) edge network proxy to accelerate load speeds and provides Turnstile programmatic bot detection challenge fields on data entry forms.
5. Core Privacy Rights & Self-Deletion Architecture
The Platform provides standard self-service privacy rights, enabling users to maintain control over their data footprint:
Right of Complete Access: You may request an unredacted copy of all information tied to your account identity. Upon receipt of an email verification request, our team will deliver a structured compilation of your profile metrics.
Right of Deletion (Cascade Purge): You may permanently delete your account at any time via your dashboard. Executing this command triggers an automated cascade-delete query across our active production databases, completely wiping your personal Grow Journals, comments, following relationships, bookmarks list, and internal notification entries. Legal strain modifications or reference data you contributed are retained for platform integrity but are entirely anonymized and stripped of your personal identifiers. Re-encoded image copies may persist briefly within localized blob storage backups and CDN cache servers before final erasure.
Right of Direct Correction: You may update, edit, or modify your primary account fields, user profile bio, and breeder listings directly through the administrative dashboard. For systemic changes, you may submit a request to our data compliance team.
Right of Portability: You may request a machine-readable export of your personal data. Upon a verified request, we will deliver an unredacted JSON export containing your profile metrics, structured garden logs, and comment entries.
6. Protecting Minor Access Policies
The Platform restricts access exclusively to adult users. We do not permit registration, data logging, or profile creation for individuals under twenty-one (21) years of age, or the legal age of majority in your jurisdiction. In the event our administration discovers that an account profile has been created by a minor, we will execute an immediate, non-reversible deletion command to purge all associated entries from our database systems.
7. Corporate Data Security Safeguards
We enforce rigorous technical safeguards designed to protect user information. Passwords are encrypted using robust server-side hashing algorithms before storage, ensuring they are never readable in plaintext. All active cookies are locked with HttpOnly and Secure configuration flags to prevent client-side script cross-site interception. All uploaded image files are systematically processed through a re-encoding pipeline to strip out hidden metadata strings. Furthermore, we maintain strict rate-limits on all public data-entry endpoints to prevent automated script abuse, brute-force attacks, and scraping attempts. While no cloud network is completely impenetrable, our engineering team monitors these firewalls to safeguard database integrity.
8. Updates and Material Revision Controls
The Platform reserves the right to modify or adjust this Privacy Policy at our discretion. When material changes are implemented, we will publish a prominent advisory notice across our primary user dashboards or deliver a transmission to your email address on file. Your continued interaction with our endpoints following the publication of an updated Policy version constitutes your formal contractual acceptance of the revised data processing rules.
9. Data Compliance Contact Information
For any questions regarding this Privacy Policy, your personal data logs, or to execute a formal request for information access or portability, please contact our data compliance desk at: support@growandtell.net.
See also: Terms of Service · DMCA / Takedown