Privacy Policy

Effective date: May 13, 2026

This Privacy Policy explains how Dahlia Trackr(“we,” “us,” or “our”) collects, uses, and protects information when you use our website. We are based in California and this policy complies with the California Consumer Privacy Act (CCPA/CPRA).

1. Information We Collect

Information you provide directly

• Account registration: Email address when you create an account to manage price alerts.
• Featured Supplier purchase: Business name (your farm) and tagline. Payment information is collected and stored by Stripe — we never see or store your full card number.

Information collected automatically

• Usage data: Pages visited, search queries, and general interaction patterns, collected through standard server logs.
• Cookies: We use cookies solely for authentication session management (Supabase). We do not use advertising or tracking cookies.

Information we do not collect

We do not collect your name, phone number, physical address, or any sensitive personal information unless you voluntarily provide it to us via email.

2. How We Use Your Information

• To operate and maintain your account and alert subscriptions
• To send price-drop and restock notifications you have opted into
• To process and manage Featured Supplier payments via Stripe
• To display your farm's name and tagline on the homepage (if you purchased a featured slot)
• To communicate with you about your account or subscription
• To comply with legal obligations

We do not sell your personal information. We do not use your data for advertising.

3. Third-Party Services

We share data with the following third parties as necessary to operate the service:

• Supabase — our database and authentication provider. Stores your email address and account data. Privacy policy: supabase.com/privacy
• Stripe, Inc. — payment processing for Featured Supplier subscriptions. Stripe collects and stores your payment details under their own privacy policy: stripe.com/privacy
• Vercel / hosting provider — serves the website and processes server-side requests. Standard server logs may be retained for up to 30 days.

We do not share your personal information with any other third parties for marketing or commercial purposes.

4. Data Retention

• Account data is retained as long as your account is active.
• If you delete your account, your email and preferences are deleted within 30 days, except where retention is required by law (e.g., payment records).
• Stripe retains payment records per their own retention policies.

5. Your Rights (California Residents — CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Delete your personal information (subject to certain exceptions)
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell or share data)
• Non-discrimination — we will not treat you differently for exercising your privacy rights

To exercise any of these rights, email us at hello@dahliatrackr.comwith the subject line “Privacy Request.” We will respond within 45 days.

6. Security

We use industry-standard security measures including HTTPS encryption, row-level security on our database, and we never store payment card details. However, no system is completely secure and we cannot guarantee absolute security.

7. Children's Privacy

Dahlia Trackr is not directed to children under 13. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this policy periodically. We will post the new effective date at the top of this page. For material changes, we will notify account holders by email.

9. Contact Us

Questions or requests regarding this policy: hello@dahliatrackr.com

This policy was drafted for informational purposes. We recommend consulting a licensed privacy attorney for compliance with all applicable laws.