Privacy Policy

Last updated: February 2026

1. Information We Collect

Account information: When you create an account, we collect your email address, name, date of birth, and location (city, state, country). Your password is stored as a one-way hash and cannot be read by anyone, including us.

Usage data you provide: Session/journal logs (strain name, category, consumption method, amount, duration, effects, mood, notes), stash inventory (strains, THC percentage, amounts), sleep tracking data (rating, quality, hours, notes), liked/disliked strains, consumption goals, tolerance data, saved recipes, and achievement progress.

Automatically collected data: Device type, browser information, and IP address for security and service operation. If you enable push notifications, we store a device token (see Section 6).

We do not collect data without your knowledge or consent.

2. How We Use Your Data

Your data is used to provide the DankLog service: displaying your logs and analytics, powering strain recommendations, syncing across devices, sending notifications you opt into, and generating insights about your consumption patterns. We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Cannabis Consumption Data

DankLog stores detailed cannabis consumption data that you voluntarily enter. We understand this data is sensitive. We want to be clear about how we handle it:

  • Your consumption data is private and visible only to you.
  • We will never share your consumption data with law enforcement, government agencies, employers, or insurers.
  • We will only disclose data if legally compelled by a valid court order, and we will notify you unless prohibited by law.
  • Anonymized, aggregated statistics (such as most popular strains across all users) may be used to improve the service, but these cannot be traced back to any individual.
  • You can delete your consumption data at any time (see Section 9).

4. Data Storage & Security

Your data is stored on secure servers hosted on Amazon Web Services (AWS) in the United States. All data is encrypted in transit using TLS (HTTPS). We use industry-standard security practices including secure password hashing, parameterized database queries, and access controls to protect your information.

5. Smart Features

When you use strain recommendations, strain lookups, strain comparisons, or the recipe generator, anonymized preference data (such as strain names, effects, and vibes — but never your email, name, or other identifying information) is sent to OpenAI to generate results. OpenAI processes this data under their API terms and does not use it for model training.

6. Push Notifications

If you enable push notifications, we store a device token to deliver notifications to your device. On the web, this uses the VAPID web push standard. On the Android app, this uses Firebase Cloud Messaging (FCM), a Google service — see Section 7.

We may send: daily session reminders, streak alerts, T-break check-ins, and weekly or monthly recap summaries. You can configure which notification types you receive or disable notifications entirely in your app settings at any time.

7. Third-Party Services

We use the following third-party services to operate DankLog:

  • Amazon Web Services (AWS): Server hosting and infrastructure. Your data is stored on AWS servers in the US East region.
  • Amazon Simple Email Service (AWS SES): Delivers transactional emails including password resets, email verification, and recap emails. AWS processes your email address for delivery purposes only.
  • OpenAI: Powers strain recommendations, lookups, comparisons, and recipe generation. Only anonymized preference data is sent — no personally identifiable information.
  • Firebase Cloud Messaging (Google): Delivers push notifications to the Android app. Google receives a device token and notification payload. See Firebase Privacy.
  • Stripe: Processes payments for optional Pro and VIP subscriptions. Stripe collects payment information (card number, billing address) directly — we never see or store your full card details. We store only a Stripe customer ID to manage your subscription. See Stripe Privacy Policy.

We do not use third-party tracking cookies, advertising pixels, behavioral analytics tools, or any data brokers.

8. Cookies & Local Storage

DankLog uses minimal cookies required for authentication (JWT tokens). The app also uses browser local storage to cache your data for offline access and faster loading. We do not use third-party tracking cookies.

9. Data Retention & Account Deletion

Your data is retained as long as your account is active. You can export your data at any time from the app settings.

To delete your account and all associated data: Go to Settings in the app and select "Delete Account," or email privacy@danklog.com with your request. Upon deletion:

  • All account data, journal entries, stash items, sleep logs, recipes, likes, goals, achievements, and notification preferences are permanently removed from our servers within 30 days.
  • Push notification tokens are immediately deleted.
  • Data previously sent to third-party services (e.g., Stripe transaction records) may be retained by those services per their own policies.
  • Shared recipe links you created will stop working.

10. Your Rights

You have the right to:

  • Access and export all your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Opt out of push notifications and recap emails
  • Withdraw consent for data processing

You can exercise these rights through the app settings or by contacting us at privacy@danklog.com.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell your personal information
  • The right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact privacy@danklog.com. We will respond within 45 days.

12. Children's Privacy

DankLog is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected data from a child under 13, we will delete it immediately. If you believe a minor is using DankLog, please contact us at privacy@danklog.com.

13. Age Requirement

DankLog is intended for adults of legal cannabis consumption age in their jurisdiction (21+ in the United States, 18+ in Canada and other regions where cannabis is legal). We collect date of birth during registration to verify eligibility.

14. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated through the app or via email. Your continued use of DankLog after changes are posted constitutes acceptance of the updated policy.

15. Contact

DankLog
Indianapolis, Indiana, United States

For privacy-related questions, data requests, or concerns, contact us at privacy@danklog.com. We aim to respond to all inquiries within 30 days.