Privacy Policy

Hempster ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.hempster.shop (the "Site") and engage with our B2B wholesale services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Site.

2.1 Information You Provide Directly

Wholesale Application Form:
When you submit a wholesale distributor application, we collect:

• Full name and business contact information

• Business/company name and legal entity type

• Business license number and/or Tax ID (EIN)

• Business email address and phone number

• Primary business location and state

• Product categories of interest

• Expected monthly order volume

• Additional business information you provide

Account Registration:
When you create a B2B account, we collect:

• Username and password (encrypted)

• Business contact details

• Billing and shipping addresses

• Payment information (processed through secure payment gateways)

• Communications preferences

Customer Service & Support:

• Email correspondence

• Phone call recordings (where applicable and with consent)

• Inquiry details and support tickets

• Product questions and feedback

2.2 Information Collected Automatically

Website Usage Data:

• IP address and geolocation data

• Browser type and version

• Operating system

• Pages visited and time spent

• Referring/exit pages

• Click stream data

• Cookies and similar technologies

Device Information:

• Device type (desktop, mobile, tablet)

• Device identifiers

• Device settings

• Crash data and error logs

2.3 Information from Third Parties

Payment Processors:

• We receive transaction data from payment processors (Stripe, PayPal, etc.)

• We do NOT receive or store full credit card information

Verification Services:

• Business verification data from third-party compliance providers

• State licensing verification information

Analytics Providers:

• Google Analytics data

• Website performance metrics

3.1 Legitimate Business Purposes

We use your information for:

Account Management:

• Creating and maintaining your wholesale account

• Processing orders and shipments

• Billing and payment processing

• Account security and fraud prevention

B2B Communications:

• Responding to wholesale applications

• Sending order confirmations and updates

• Providing customer support

• Product recommendations and catalog updates

• Compliance-related communications

Business Operations:

• Improving our products and services

• Conducting market research

• Optimizing website performance

• Compliance with legal regulations (Farm Bill, state hemp laws)

• Risk management and loss prevention

Marketing & Business Development:

• Sending promotional materials about new products (with opt-in)

• Educational content about hemp cannabinoids

• Wholesale partnership opportunities

• Industry updates and regulatory alerts

Legal & Compliance:

• Verifying business licenses and legitimacy

• Complying with Farm Bill 2018 regulations

• State-by-state hemp legality compliance

• Tax and regulatory reporting

• Fraud detection and prevention

4.1 Security Measures

Hempster implements industry-standard security protocols:

Technical Security:

• SSL/TLS encryption for all data transmissions

• Secure payment gateway processing

• Firewall protection

• Regular security audits and penetration testing

• Data encryption at rest

Administrative Security:

• Limited employee access to personal information

• Employee privacy training and confidentiality agreements

• Secure document storage

• Password protection on systems

Physical Security:

• Secure facilities access

• Locked document storage

• Restricted access to sensitive areas

4.2 Limitations

While we implement robust security measures, no online transmission is 100% secure. We cannot guarantee absolute security of your data. You use the Site at your own risk.

Wholesale Account Data: Retained for duration of business relationship + 7 years (for tax/legal purposes)

Application Data: Retained for 2 years (for recruitment/partnership consideration)

Website Analytics: Retained for 24 months

Payment Records: Retained per PCI-DSS compliance (minimum 1 year, maximum 7 years)

Communications: Retained for 3 years or as required by law

Deleted Data: Securely deleted using industry-standard methods

6.1 We Do NOT Sell Your Data

Hempster never sells, rents, or trades personal information to third parties.

6.2 We May Share Information With:

Service Providers:

• Payment processors (Stripe, PayPal)

• Email service providers (for communications)

• Analytics platforms (Google Analytics)

• CRM systems (Odoo)

• 3PL fulfillment partners (ShipBob, ShipMonk)

• Customer support platforms

Legal Requirements:

• Law enforcement agencies (with legal process/warrant)

• Regulatory bodies (FDA, state cannabis regulators)

• Court orders or legal proceedings

• Compliance with applicable laws

Business Transfers:

• In event of merger, acquisition, or sale of assets

• Data would be transferred with appropriate safeguards

Consent-Based Sharing:

• Only when you explicitly authorize

7.1 Data Processing for Compliance

Your business information is processed to ensure:

• Verification of legal business operation

• Compliance with Farm Bill 2018 (under 0.3% Delta-9 THC)

• State-specific hemp regulations

• License verification and legitimacy checks

7.2 Regulatory Disclosure

We may disclose information to state agricultural departments or federal agencies as required by law for hemp product compliance verification.

8.1 Cookie Usage

We use cookies for:

• Session management (authentication)

• Website functionality (cart, preferences)

• Analytics and performance tracking

• Marketing tracking (with opt-in)

8.2 Cookie Control

You can control cookie preferences through your browser settings:

• Most browsers allow cookie rejection

• Disabling cookies may limit Site functionality

• We respect "Do Not Track" browser signals

8.3 Third-Party Cookies

• Google Analytics (analytics)

• Facebook Pixel (if applicable)

• Stripe (payment processing)

9.1 Email Communications

Marketing Emails:

• Sent only to opted-in business contacts

• Include "unsubscribe" option

• Comply with CAN-SPAM Act

Transactional Emails:

• Order confirmations

• Shipping updates

• Account notifications

• Compliance-required communications

9.2 Opt-Out Rights

You can unsubscribe from marketing communications at any time. Click the "Unsubscribe" link in any marketing email or contact us directly.

10.1 Access Your Data

You have the right to:

• Request a copy of your personal information

• Verify accuracy of collected data

• Understand how your data is processed

10.2 Data Correction

• Request updates to inaccurate information

• Submit corrections through your account dashboard

• Contact us for assistance

10.3 Data Deletion

You may request deletion of your account and associated data, subject to:

• Legal/tax record retention requirements

• Ongoing business obligations

• Fraud investigation needs

10.4 Withdrawal of Consent

For data processing based on consent, you may withdraw consent at any time.

10.5 How to Exercise Rights

Contact us at:

• Email: privacy@hempster.shop

• Mailing Address: [Your Address]

• Phone: [Your Phone Number]

Response time: Within 30 days

11.1 India & International Operations

Hempster operates sales and operations teams in India. Your information may be:

• Processed in India for B2B support and order management

• Transferred internationally as part of normal business operations

• Protected by Standard Contractual Clauses (SCCs) per GDPR/data protection laws

11.2 Data Protection Standards

International transfers comply with:

• EU-U.S. Data Protection Framework (if applicable)

• GDPR requirements for EU customers

• Standard Contractual Clauses

• Adequate safeguards and security protocols

The Site is intended for B2B business use and is NOT directed to children under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a minor, please contact us immediately.

The Site may contain links to third-party websites (payment processors, industry partners, regulatory bodies). We are not responsible for their privacy practices. Please review their privacy policies before providing information.

14.1 Your California Rights

If you are a California resident, you have rights under the California Consumer Privacy Act:

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt-out of data sales (N/A - we don't sell data)

• Right to non-discrimination for exercising rights

14.2 Submitting CCPA Requests

Contact us at: privacy@hempster.shop

Response time: Within 45 days

15.1 Legal Basis for Processing

• Contract: Necessary to fulfill wholesale agreements

• Compliance: Legal obligations under hemp regulations

• Legitimate Interest: Business operations and fraud prevention

• Consent: Where you've provided explicit consent

15.2 Data Protection Officer

For EU data subjects, contact: dpo@hempster.shop

15.3 Your GDPR Rights

• Access, correction, and deletion rights

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right to lodge complaints with supervisory authorities

We may update this Privacy Policy periodically. Changes will be effective immediately upon posting to the Site. We will notify you of material changes via:

• Email notification

• Prominent Site notice

• Updated "Last Modified" date

Your continued use of the Site constitutes acceptance of updated Privacy Policy.