Privacy Policy

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal information we collect may include:

• Contact details (such as name, email address, company name, job title, and phone number)
• Account credentials (such as usernames and passwords)
• Business information (such as company details, locations, and role in the cannabis supply chain)

Sensitive information. We do not intentionally process sensitive personal information such as protected health information, and customers should not submit such information to the Services.

Payment data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by our payment processors (such as Stripe or Payrio). You may find Stripe's privacy notice at https://stripe.com/privacy and Payrio's privacy notice on their website.

Social media login data. We may provide you with the option to register with us using your existing social media account details. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in section 8 below.

Information collected when you use our applications

If you use our application(s), we may collect information you choose to provide or permit us to access, which is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

In short: Some information is collected automatically when you visit, use, or navigate the Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes:

• Log and usage data
• Device data
• Location data, where enabled by you or your device settings

Google API. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We process your personal information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes only with your prior explicit consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including to:

• Provide and maintain the Services
• Manage user accounts and authenticate users
• Respond to inquiries and provide customer support
• Send administrative information and relevant updates
• Develop new features and improve the Services
• Detect, prevent, and address security, fraud, and technical issues
• Comply with applicable legal and regulatory requirements

If you are located in Canada, we may process your information if you have given us specific permission (express consent) or in situations where your permission can be inferred (implied consent). In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, such as for fraud detection and prevention, investigations, legal obligations, or where collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.

Hosting and location of data. We host the Services on infrastructure located in the United States, primarily on Google Cloud Platform. Personal information is stored and processed in the United States unless we expressly agree otherwise in writing.

Retention. We keep personal information for as long as necessary to fulfill the purposes outlined in this Privacy Notice, including providing and securing the Services, complying with our legal obligations, and resolving disputes. In general, Customer account data and Customer Data are retained for up to twelve (12) months after account closure, unless a shorter or longer period is required or permitted by law. We may also anonymize data so that it is no longer associated with an identifiable individual.

Customer control and deletion. For Customer accounts, administrators may be able to delete certain Customer Data directly through the Services. Where deletion is not available self-service, you can request deletion or anonymization of Customer Data by contacting us at help@sparrowhawklabs.com. Subject to our legal obligations and technical limitations, we will honour such requests within a reasonable time.

In short: We may share information in specific situations described in this section and/or with the following third parties.

Service providers and Subprocessors

We use service providers to help us deliver the Services, such as:

• Cloud hosting providers (e.g., Google Cloud Platform)
• Payment processors (e.g., Stripe, Payrio)
• Analytics providers (e.g., Google Analytics)
• Logging and monitoring providers
• Email and communication providers
• Security tools and DDoS protection providers

These service providers may access personal information only to perform services on our behalf, under contracts that require them to protect your information. We may publish an up-to-date list or description of key Subprocessors on our website.

Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Third-party integrations. Our Services may allow you to connect to third-party services such as cannabis technology platforms, logistics providers, or accounting systems. When you enable an integration, we may exchange limited personal information and Customer Data with the third party as instructed by you. The third party's own privacy notice will govern its use of that information, and we are not responsible for their practices.

Google Maps Platform APIs. When we use Google Maps Platform APIs, we may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). We obtain and store on your device ("cache") your location. You may revoke your consent at any time by contacting us.

In short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising. To the extent these online tracking technologies are deemed to be a "sale"/"sharing" under applicable US state laws, you can opt out as described in section 13. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Google Analytics. We may share your information with Google Analytics to track and analyse the use of the Services. To opt out, visit https://tools.google.com/dlpage/gaoptout or other industry opt-out mechanisms.

As part of our Services, we may offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies ("AI Products") for functions such as AI insights, predictive analytics, and natural language processing. All personal information processed using our AI Products is handled in line with this Privacy Notice and our agreements with third parties.

Our Services offer you the ability to register and log in using your third-party social media account details. Where you choose to do this, we will receive certain profile information about you from your social media provider as permitted by that provider's terms and your settings. We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Services. We recommend that you review your social media provider's privacy notice for more details.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. These include encryption of data in transit and at rest, logical separation of Customer Data between organizations, network security controls, logging and monitoring, and periodic penetration testing. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security.

We do not knowingly collect data from or market to children under 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

Depending on your location, you may have rights including access, correction, deletion, restriction of processing, data portability, objection to processing, and withdrawal of consent.

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at help@sparrowhawklabs.com, or by referring to the contact details at the bottom of this document. We will consider and act upon any request in accordance with applicable data protection laws.

For Customer accounts, your organization's administrator may manage some aspects of your account and data directly. Where required by law or by our agreements with Customers, we will assist our Customers in responding to requests from individuals about their personal information.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized, and we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Depending on your US state of residence, you may have specific rights, including rights to know, access, correct, delete, obtain a copy of your data, opt out of certain processing, limit use and disclosure of sensitive personal data, and appeal decisions. To exercise these rights, you can contact us as described above. Under certain US state laws, you can also designate an authorized agent to make a request on your behalf.

California "Shine The Light" law. California residents may request information about categories of personal information we disclosed to third parties for direct marketing purposes and the names and addresses of all such third parties in the preceding calendar year.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.

Yes, we may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes, we may notify you by prominently posting a notice or by sending you a notification. We encourage you to review this Privacy Notice frequently to stay informed of how we are protecting your information.

If you have questions or comments about this notice, you may email us at help@sparrowhawklabs.com or contact us by post at:

Sparrowhawk Labs, Inc.
1605 NW Galveston Ave
Bend, OR 97703
United States

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, please fill out and submit a data subject access request or contact us via the methods above.