Flood Gates

Privacy Policy

Last updated: March 4, 2026

TL;DR

  • We collect only what is needed to run the platform
  • Your cultivation and financial data is never sold or shared with third parties
  • AI features use Anthropic (Claude) -- your data is not used to train models
  • Metrc integration data stays between you and the state
  • You can export or delete your data at any time

1. Information We Collect

We collect information you provide directly when creating an account and using the platform. This includes:

Account Information

When you create a Flood Gates account, we collect your email address, name, and organization name. This information is used for authentication, account management, and communication about the service.

Cultivation Data

You may enter data about your cannabis cultivation operations, including parcel information, plant batches, harvest events, soil tests, and growing conditions. This data is used solely to provide platform functionality and is never shared with third parties.

Financial Data

If you use our financial management features, we store information about sales, payments, vendors, buyers, budgets, and cost-of-goods-sold entries. This data is encrypted at rest and accessible only to authorized members of your organization.

Compliance Data

We may store your state cannabis license information and Metrc credentials to facilitate compliance tracking and automated reporting. License numbers and API keys are encrypted and never exposed to other users.

Usage Data

We collect basic usage analytics including page views, feature usage patterns, and error reports. This data is used to improve platform performance and user experience. We use Sentry for error tracking -- no personally identifiable information is included in error payloads.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Operating and maintaining the Flood Gates platform
  • Providing AI assistant responses and insights about your operations
  • Monitoring compliance status against state regulations
  • Generating analytics, reports, and financial summaries
  • Managing your account and organization settings
  • Communicating about service updates, security alerts, and support

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their own purposes.

3. Third-Party Services

Flood Gates integrates with the following third-party services to provide platform functionality:

Supabase (Database & Authentication)

Your data is stored in a Supabase-hosted PostgreSQL database with row-level security. Authentication is handled through Supabase Auth. Data is encrypted at rest and in transit.

Anthropic / Claude (AI Processing)

Our AI assistant uses Anthropic's Claude model to process your queries and provide insights. Your data sent to Claude is used only to generate responses and is not used to train Anthropic's models. Anthropic's data retention policies apply to API interactions.

Mapbox (Mapping)

We use Mapbox for satellite imagery and geocoding services. No personally identifiable information is sent to Mapbox -- only geographic coordinates and search queries for location data.

Vercel (Hosting)

The Flood Gates application is hosted on Vercel's infrastructure. Vercel processes HTTP requests and may collect standard access logs including IP addresses and request metadata.

Sentry (Error Tracking)

We use Sentry to monitor application errors and performance. Error reports include stack traces and browser information but do not include personally identifiable information or your cultivation/financial data.

4. Metrc Integration

If you connect your Metrc account, Flood Gates syncs data from your state cannabis tracking system. This data includes plant tags, package information, transfers, and harvest data as reported to your state regulatory agency.

Metrc data is used exclusively for compliance features within your organization. We never share your Metrc data with other Flood Gates users, third parties, or competing operations. Your Metrc API credentials are encrypted and stored separately from other application data.

5. Data Storage & Security

We take the security of your data seriously. Our security measures include:

  • Row-level security (RLS) ensuring data isolation between organizations
  • Encryption at rest for all stored data
  • TLS encryption for all data in transit
  • Regular security audits of infrastructure and application code
  • Role-based access control within organizations (owner, admin, member, viewer)

Data is hosted on Supabase infrastructure in the United States. We do not transfer data to other countries without appropriate safeguards.

6. Cookies & Local Storage

Flood Gates uses the following browser storage mechanisms:

  • Supabase auth session cookie -- Essential for authentication. This is a functional cookie, not a marketing or tracking cookie.
  • localStorage: theme preference -- Stores your dark/light mode selection locally on your device.
  • localStorage: site selection -- Remembers your last-selected site for convenience.

We do not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies. Analytics tracking may be added in the future and will be disclosed in an updated version of this policy.

7. Your Rights

You have the following rights regarding your personal data:

  • Access -- You can request a copy of all data we hold about you and your organization.
  • Export -- You can export your cultivation, financial, and compliance data at any time through the platform.
  • Deletion -- You can request complete deletion of your account and all associated data.
  • Correction -- You can update or correct your information through your account settings or by contacting us.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your data, and the right to opt out of the sale of your personal information. We do not sell personal information.

EU Residents (GDPR)

If you are located in the European Union, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, and port your data, as well as the right to object to or restrict certain processing. Our legal basis for processing is contract performance (providing the service you signed up for).

8. Data Retention

We retain your data as follows:

  • Active accounts -- Data is retained for the duration of your active account.
  • Deleted data -- When you delete specific records or your account, data is removed from our production systems within 30 days.
  • Backups -- Deleted data is purged from backup systems within 90 days.
  • Legal requirements -- We may retain certain data longer if required by law or regulatory obligations.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notification at least 30 days before the changes take effect. Your continued use of Flood Gates after the effective date constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

hello@floodgates.us