Privacy Policy

Introduction

CollectiveCrop LLC ("CollectiveCrop," "we," "our," or "us") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how CollectiveCrop LLC collects, uses, discloses, and safeguards your data when you visit our website at collectivecrop.com. It applies to all visitors, users, and anyone who submits information through our site.

By using our website, you acknowledge you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of our site.

1. Information We Collect

Information You Provide

• Newsletter Signup: Your email address when you subscribe to launch notifications.
• The Collective Waitlist: When you join The Collective (our premium content layer in preview), we collect your email, optional name, buyer/grower interest, the page you joined from, and (if present in the URL) UTM attribution and state code. We also log your IP address at signup for abuse prevention and rate-limit enforcement, retained for 90 days. This data powers the Charter Member onboarding emails and helps us understand which content drives sign-ups. You can unsubscribe from any email with one click.
• Seller Application: Your name, email address, location, product descriptions, and seller type when you apply to sell on our platform.
• Contact Form: Your name, email address, subject, inquiry type, and message content when you reach out to us.

Information Collected Automatically

• Analytics Data: We use Google Analytics to collect anonymized usage data including pages visited, time on site, scroll depth, and general location (city/region level). This data is not personally identifiable.
• Log Data: Standard server logs including IP addresses, browser type, and referring URLs. These are used for security monitoring and retained for a limited period.
• Cookies and Tracking Technologies: Session cookies, analytics cookies, and reCAPTCHA-related data. See Section 8 for full details.

2. How We Use Your Information

• To send you launch notifications and important platform updates (newsletter subscribers).
• To deliver The Collective Charter Member onboarding sequence (welcome email, first briefing, and a one-question survey), and to send ongoing Weekly Best Buys or Monthly Grower Briefing issues if you've opted into them.
• To process seller applications and communicate about onboarding opportunities.
• To respond to your inquiries submitted through our contact form.
• To improve our website experience and understand how visitors interact with our content.
• To detect and prevent spam, abuse, and fraudulent activity.
• To comply with applicable legal obligations.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for collecting and processing your personal data depends on the context:

• Consent: For newsletter subscriptions and optional analytics cookies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Contractual Necessity: To process seller applications and respond to contact form submissions.
• Legitimate Interests: For security monitoring, fraud prevention, and analytics to improve our service, balanced against your privacy rights.
• Legal Obligation: To comply with applicable laws and regulations.

4. Third-Party Services

We use the following third-party services that may process your data:

• Google reCAPTCHA (v2 and v3): Used to protect our forms from spam and abuse. reCAPTCHA collects hardware and software information and sends it to Google for analysis. See Google's Privacy Policy.
• Google Analytics: Used to understand site usage patterns. We implement Google Consent Mode v2 — analytics cookies are only loaded after you provide explicit consent. IP anonymization is enabled. See Google's Privacy Policy.
• Mailgun: Used to send transactional emails. See Mailgun's Privacy Policy.
• Microsoft Azure: Used to securely store form submissions. See Microsoft's Privacy Statement.
• Sentry: Used for error monitoring to improve site reliability. See Sentry's Privacy Policy.

Each third party operates under its own privacy policy. We are not responsible for their practices. In the event of a business sale, merger, or acquisition, your data may be transferred to new ownership with appropriate safeguards and prior notice to you.

5. Data Storage & Security

Your data is stored securely on Microsoft Azure infrastructure with encryption at rest and in transit. We implement industry-standard security measures including HTTPS encryption, security headers, request size limiting, and correlation-based monitoring.

While we take strong precautions to protect your data, no security system is completely impenetrable. We cannot guarantee the absolute security of your personal information. Use of our service is at your own risk.

Data Breaches: In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities promptly, as required by law, within the timeframes specified by those laws.

6. Data Retention

• Newsletter subscriptions: Retained until you unsubscribe or request deletion.
• The Collective waitlist: Retained until you unsubscribe via the one-click link in any Collective email (or request deletion). Unsubscribed records are marked inactive and removed from send queues immediately; we retain a minimal suppression record so we don't re-add the email by mistake.
• Seller applications and contact submissions: Retained for the duration needed to fulfill the purpose of the inquiry, then archived or deleted.
• Server logs: Retained for up to 90 days for security purposes.
• Analytics data: Retained in anonymized form per Google Analytics default retention settings (up to 14 months).

Data no longer needed for its original purpose is securely deleted or anonymized. We retain only what is necessary to operate our platform, fulfill legal obligations, and support legitimate interests.

7. International Data Transfers

Our servers are based in the United States. If you access CollectiveCrop from outside the U.S., your data may be transferred to and processed in the U.S. By using our site, you acknowledge and consent to this transfer. We take steps to ensure that any international transfers comply with applicable data protection laws, including the use of appropriate safeguards where required.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to provide site functionality and understand how our service is used. These fall into two categories:

• Essential Cookies: Required for site functionality, security, and session management. Always enabled and do not require consent.
• Optional Cookies: Used for analytics (Google Analytics) and are only activated with your explicit consent via our cookie banner. You may decline or withdraw consent at any time without affecting site functionality.

You can manage cookie preferences through the cookie banner displayed when you first visit our site, or through your browser settings. Clearing your browser cookies will reset your preferences and prompt the banner again on your next visit.

Do Not Track: Our site does not currently respond to browser "Do Not Track" (DNT) signals. We rely on our cookie consent mechanism to honor your analytics preferences instead.

9. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correct: Request correction of any inaccurate or incomplete data.
• Delete (Right to Erasure / Right to be Forgotten): Request deletion of your personal information from our systems, subject to certain legal exceptions.
• Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Object: Object to processing based on our legitimate interests.
• Data Portability: Receive a copy of your data in a structured, machine-readable format where technically feasible.
• Withdraw Consent: Withdraw consent for any processing based on your consent at any time, without affecting the lawfulness of prior processing.
• Unsubscribe: Opt out of our newsletter at any time via the unsubscribe link in any email.
• Lodge a Complaint: File a complaint with a data protection authority in your jurisdiction if you believe your rights have been violated.

To exercise any of these rights, contact us at CollectiveCropTeam@gmail.com. We will respond within 30 days. We may request verification of your identity before fulfilling your request.

10. California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the preceding 12 months, including the purposes for collection and any third parties with whom it was shared.
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, security, legal compliance).
• Right to Correct: You may request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: CollectiveCrop does not sell or share your personal information for cross-context behavioral advertising. You have this right, but there is nothing to opt out of.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA.
• Right to Non-Discrimination: We will not deny you service, charge different prices, or provide a different quality of service because you exercised your California privacy rights.

To exercise your California rights, contact us at CollectiveCropTeam@gmail.com. We will respond within 45 days as required by law.

11. Children's Privacy

Our service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe we have collected such data, please contact us at CollectiveCropTeam@gmail.com and we will take immediate action.

12. Limitation of Liability

While we implement strong security practices, we cannot guarantee the absolute security of your personal information against unauthorized access, interception, or data breaches. To the extent permitted by applicable law, CollectiveCrop's liability arising out of or related to this Privacy Policy or any data incident is limited as set forth in our Terms of Service. CollectiveCrop shall not be liable for any data security incidents caused by events beyond our reasonable control, including failures of third-party services or infrastructure, natural disasters, government actions, or other force majeure events.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date at the top. For significant changes that materially affect how we handle your personal information, we will provide notice via email (for newsletter subscribers) or a prominent notice on our website prior to the change taking effect. We encourage you to review this page regularly. Your continued use of the site after any changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Entity: CollectiveCrop LLC
• Email: CollectiveCropTeam@gmail.com
• Website: collectivecrop.com/contact

A postal mailing address for written correspondence is available upon request via email.

Related: Terms of Service