Privacy Policy

1. Information We Collect

Consultation Data

When you complete our consultation assessment, we collect your responses including experience level, intention, health history, medication use, and mindset. This information is used solely to generate your personalised report and recommendations.

Account Information

If you create an account, we collect your name, email address, and password (stored as a one-way hash — we cannot read it). We do not collect payment information directly; all payments are processed through PCI-compliant third-party processors.

Order & Delivery Information

We collect a delivery address for fulfilment purposes. For ID verification at delivery, our couriers capture a photograph of your government-issued ID. This image is stored securely and retained only as long as required for compliance purposes.

Technical Data

We collect standard web server logs (IP address, browser type, pages visited, timestamps) for security and performance purposes. We use session cookies necessary for the consultation gate and account functionality. We do not use third-party advertising cookies.

2. How We Use Your Information

• To generate and store your personalised consultation report
• To process and fulfil your orders
• To comply with Colorado Proposition 122 age and identity verification requirements
• To send transactional emails (order confirmation, account creation)
• To send our newsletter, if you have opted in
• To improve our service through anonymised, aggregated analytics

We do not sell your personal data. We do not use your health information for marketing purposes.

3. Data Sharing

We share personal data with third parties only in the following limited circumstances:

• Service providers: Hosting, email delivery, and payment processing vendors operating under data processing agreements.
• Delivery couriers: Delivery address and order details shared only with our vetted intra-Colorado courier partners.
• Legal requirements: We will disclose data if required by a valid court order or applicable law. We will notify you of any such request where legally permissible.

4. Data Retention

Consultation data is retained for 2 years from your last session to support continuity of care. Order records are retained for 7 years as required for financial compliance. You may request deletion of your personal data at any time (see Section 6), subject to legal retention obligations.

5. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage for sensitive fields, and role-based access controls. Our infrastructure is hosted with enterprise-grade cloud providers. No system is perfectly secure; we encourage you to use a strong unique password for your account.

6. Your Rights

You have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Opt out of marketing communications at any time
• Withdraw consent for consultation data storage

To exercise any of these rights, email us at privacy@shroomco.com. We will respond within 30 days.

7. Cookies

We use only functional cookies necessary for the site to operate: age verification, session management, consultation progress, and shopping cart state. We do not use tracking or advertising cookies. You can disable cookies in your browser, but core functionality will be affected.

8. Contact

Privacy questions or data requests: privacy@shroomco.com

ShroomCo Colorado, LLC — Colorado, United States