CuzHens.
Back home

Privacy Policy

How we collect, use, and protect your personal data.

Effective: June 1, 2026 · Version: 2026-06-01

CuzHens LLC ("we") respects your privacy. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the choices you have.

1. Data we collect

Account & profile data

  • Name (or company / farm name), email, hashed password, role (customer / vendor / admin), phone (optional for customers; required for vendors), ZIP code.
  • For Vendors: farm name, address, GPS coordinates (for map and distance sorting), product listings, photos, growing practices, business description, business hours, and chat hours.
  • For Team members: link between your user account and a Farm Store, with role (owner / manager / staff).

Activity data

  • Favorites, follows, reviews, ratings, broadcasts received, push subscriptions, ZIP searches, page views.
  • Cart items, order history, pickup choices, delivery addresses, dispute messages, coupon redemptions.
  • Vendor-side analytics events (impressions, clicks, conversions on listings, featured slots, and sponsored ads).

Device & technical data

  • IP address, browser type, operating system, referring page, user-agent.
  • A signed HTTP-only session cookie used for login.
  • For Web Push (optional): a unique endpoint URL and public keys provided by your browser.

Payment data (when on-platform payments are enabled)

  • Last 4 digits of card, brand, expiry, billing ZIP — we receive these from our payment processor (e.g., Stripe). We never store full card numbers.
  • Order amounts, fees, refunds, payout details for Vendors.

Communication data

  • The contents of chats, broadcasts, reviews, replies, and emails you send through or to the Service.
  • Recordings or transcripts of any support call (if and when introduced) are subject to a separate notice at the time.

Marketing & preference data

  • Whether you have agreed to marketing emails, push notifications, SMS broadcasts, and cookies.
  • Your terms acceptance version and date.
  • Your cookie consent decision and date.

2. How we use data

  • Operate, maintain, secure, and improve the Service.
  • Authenticate logins and prevent fraud, abuse, scraping, and account takeover.
  • Personalize search and discovery — for example, show nearby farms based on your ZIP code, recommend products, or surface relevant Featured Products and Sponsored Ads.
  • Process orders, payments, refunds, coupon redemptions, and payouts.
  • Send transactional emails (login, password reset, order updates, dispute notices, payout summaries).
  • Send opt-in marketing communications (email, push, SMS where enabled) and let you opt out.
  • Provide vendor-facing analytics (impressions, clicks, conversion counts; never with identifying data about an individual customer).
  • Detect violations of our Acceptable Use, Terms of Service, or law.
  • Comply with legal obligations and tax requirements.

3. Legal bases (for users in the EU/UK)

Where the GDPR applies we rely on the following bases:

  • Contract — to provide the Service you signed up for.
  • Consent — for marketing channels, optional cookies, push notifications, SMS.
  • Legitimate interest — fraud prevention, basic analytics, defending legal claims.
  • Legal obligation — tax records, court orders, regulatory requests.

4. How we share data

We do not sell or rent your personal data. We share it only with:

  • Vendors / Customers you transact or message with. Your name and message body are visible to that counterparty. When you place an order, the Vendor receives the customer's name, contact info, and delivery/pickup details.
  • Service providers that help us run the platform:
    • Supabase — database, authentication, file storage.
    • Resend — transactional email delivery.
    • Vercel / Emergent — hosting, CDN, error monitoring.
    • Stripe (or another payment processor) — when on-platform payments are enabled.
    • Twilio (or another SMS provider) — when SMS broadcasts are enabled.
    • Each provider is bound by data-processing terms and only uses your data to provide their service to us.
  • Authorities when required by law (subpoena, court order, or to protect rights and safety).
  • Successor entity in the event of a merger, acquisition, or sale of assets — with notice to you where required.
  • Aggregated, de-identified data — we may publish aggregated statistics (e.g., "1,200 orders fulfilled last month") that cannot be tied back to you.

5. Cookies & similar technologies

See our Cookies Policy for the full list. In short, we use:

  • a strictly-necessary HTTP-only session cookie for login;
  • a small number of localStorage keys (ZIP cache, cart, dismissed banners, cookie-consent record);
  • the Web Push API only after explicit opt-in.

We do not load Facebook Pixel, Google Ads tags, or any third-party cross-site advertising tracker.

6. Your choices

  • Account profile / preferences — edit at /account/settings.
  • Marketing emails — every marketing email has an unsubscribe link; preferences also live at /account/settings.
  • Push notifications — toggle in your browser or at /account/settings.
  • SMS broadcasts — reply STOP to opt out, or toggle at /account/settings.
  • Location — disable in your browser at any time. ZIP-based search still works.
  • Cookies — manage your decision in the cookies banner or by clearing your browser storage.
  • Marketing data — request restriction by emailing [email protected].

7. Your rights

Depending on where you live (e.g., California — CCPA/CPRA; EU/UK — GDPR; certain other US states), you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Port your data in a machine-readable format.
  • Delete your account and data (subject to legal-retention exceptions).
  • Opt out of "sale"/"share" — although we do not sell your data.
  • Withdraw consent for processing based on consent.
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected] with your account email and the request. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing the request.

8. Data retention

  • Active accounts — kept while the account exists.
  • Closed accounts — soft-deleted immediately; certain financial and audit data retained up to 24 months (or longer if required by law) for fraud-prevention, tax, and dispute reasons.
  • Order records — retained for at least the period required by tax law (typically 7 years in the US).
  • Messages — retained while either side of the conversation keeps an account.
  • Marketing logs — retained for as long as you remain opted in plus a short tail for delivery troubleshooting.
  • Aggregated / anonymized data — may be retained indefinitely.

9. Children

The Service is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, please email [email protected] and we will delete the account.

For users between 13 and the age of majority in their state, a parent or guardian's agreement may be required as described in our Terms.

10. Security

  • Passwords are hashed with bcrypt.
  • Sessions use HTTP-only signed cookies; session versioning lets users revoke all sessions remotely.
  • Database access uses Supabase Row-Level Security and service-role keys held only on the server.
  • HTTPS is enforced everywhere.
  • We periodically review access controls and dependencies.

No system is perfectly secure. Please use a strong, unique password and report suspected breaches to [email protected].

11. International users

The Service is operated from the United States. By using it, you consent to the transfer and processing of your data in the U.S. and the other countries where our service providers operate. Where required, we put in place standard contractual clauses with international processors.

12. Automated decisions

We do not make decisions that have a legal or similarly significant effect on you using fully automated processing. Search ranking, featured-product placement, and ad targeting use rules-based logic that you can review with us if needed.

13. Changes

We may update this Policy. When we do, we will change the "Effective" and "Version" markers and, for material changes, notify you by email and / or with an in-app banner. Continued use after a material update means you accept the new Policy.

14. Contact

CuzHens LLC 2607 Mose Thrift Rd, Waycross, GA 31503 Email: [email protected]

Data protection officer / privacy contact: [email protected] (subject line "Privacy").

CuzHens LLC
2607 Mose Thrift Rd, Waycross, GA 31503
Email: [email protected]