Privacy Policy
Your privacy and data security are fundamental to how we operate. Here is exactly how we collect, protect, and respect your information.
Last Updated: February 2026
This policy is effective as of February 13, 2026. By using Spliff, you consent to the practices described here.
Bank-Grade Encryption
AES-256 for all data at rest and in transit
Secure Data Centres
Your data is protected with industry-standard security
Privacy Compliant
Full compliance with applicable privacy law
Information We Collect
Personal Information
Name, email address, phone number, date of birth, and government-issued ID for age verification as required by applicable cannabis regulations.
Order Information
Purchase history, payment details (encrypted), delivery addresses, and product preferences to provide personalized service.
Account Data
Login credentials, account preferences, Spliff Rewards data, and communication history.
Automatic Information
Device information, IP address, browser type, and website usage data collected through cookies and analytics tools.
How We Use Your Information
Service Delivery
Process orders, arrange deliveries, provide customer support, and maintain your account securely.
Legal Compliance
Verify age and identity as required by applicable regulations, maintain records for auditing, and comply with cannabis laws in relevant jurisdictions.
Communication
Send order confirmations, delivery updates, promotional offers (with consent), and important service announcements.
Improvement
Analyze usage patterns, improve our website and services, develop new features, and enhance customer experience.
Information Sharing & Disclosure
Service Providers
Trusted third-party services for payment processing, delivery logistics, customer support, and website analytics under strict confidentiality agreements.
Legal Requirements
Government authorities when required by law, court orders, or regulatory compliance, including applicable cannabis industry reporting requirements.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity with equivalent privacy protections.
What We Never Share
We never sell, rent, or share your personal information for marketing purposes without explicit consent.
Data Security & Protection
Encryption
All sensitive data is encrypted in transit (SSL/TLS) and at rest using industry-standard AES-256 encryption protocols.
Access Controls
Strict employee access controls, multi-factor authentication, and regular security audits protect your information.
Secure Storage
Data is stored in secure data centers with physical security, redundant backups, and 24/7 monitoring.
Incident Response
Comprehensive security incident response plan with immediate notification procedures for any potential data breaches.
Your Privacy Rights
Access Rights
Request a copy of all personal information we hold about you, including how it's being used and who it's shared with.
Correction Rights
Update or correct any inaccurate personal information in your account or request corrections through customer support.
Deletion Rights
Request deletion of your personal information, subject to legal retention requirements applicable to your jurisdiction.
Communication Control
Opt-out of marketing communications while still receiving essential service-related messages about your orders.
Contact Our Privacy Team
Questions about your data? Reach out directly — we respond within 2 business days.
Related Policies
Other documents that define how we work