CuzHens Market

Effective: June 23, 2026 · Version: 2026-06-23

CuzHens LLC ("we") respects your privacy. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the choices you have.

1. Data we collect

Account & profile data

Name (or company / farm name), email, hashed password, role (customer / vendor / admin), phone (optional for customers; required for vendors), ZIP code.
For Vendors: farm name, address, GPS coordinates (for map and distance sorting), product listings, photos, growing practices, business description, business hours, and chat hours.
For Team members: link between your user account and a Farm Store, with role (owner / manager / staff).

Activity data

Favorites, follows, reviews, ratings, broadcasts received, push subscriptions, ZIP searches, page views.
Cart items, order history, pickup choices, delivery addresses, dispute messages, coupon redemptions.
Vendor-side analytics events (impressions, clicks, conversions on listings, featured slots, and sponsored ads).

Device & technical data

IP address, browser type, operating system, referring page, user-agent.
A signed HTTP-only session cookie used for login.
For Web Push (optional): a unique endpoint URL and public keys provided by your browser.
Client-side error events captured by our in-browser error monitor — when JavaScript throws an uncaught exception, a network request fails, or an API call returns 5xx, we persist a short structured record (error type, error message, the route you were on, browser name, operating system, device type, an anonymous session ID, and — if you are logged in — your CuzHens user ID) to our database (app_errors table). This is first-party data, never shared with third parties for their own purposes, and is rate-limited to 25 unique error groups per session to avoid runaway capture. Used solely for engineering bug-triage and uptime monitoring through our internal Error Analytics dashboard.

Payment data (when on-platform payments are enabled)

Last 4 digits of card, brand, expiry, billing ZIP — we receive these from our payment processor (e.g., Stripe). We never store full card numbers.
Order amounts, fees, refunds, payout details for Vendors.

Communication data

The contents of chats, broadcasts, reviews, replies, and emails you send through or to the Service.
Recordings or transcripts of any support call (if and when introduced) are subject to a separate notice at the time.

Marketing & preference data

Whether you have agreed to marketing emails, push notifications, SMS broadcasts, and cookies.
Your terms acceptance version and date.
Your cookie consent decision and date.

2. How we use data

Operate, maintain, secure, and improve the Service.
Authenticate logins and prevent fraud, abuse, scraping, and account takeover.
Personalize search and discovery — for example, show nearby farms based on your ZIP code, recommend products, or surface relevant Featured Products and Sponsored Ads.
Process orders, payments, refunds, coupon redemptions, and payouts.
Send transactional emails (login, password reset, order updates, dispute notices, payout summaries).
Send opt-in marketing communications (email, push, SMS where enabled) and let you opt out.
Provide vendor-facing analytics (impressions, clicks, conversion counts; never with identifying data about an individual customer).
Detect violations of our Acceptable Use, Terms of Service, or law.
Comply with legal obligations and tax requirements.

3. Legal bases (for users in the EU/UK)

Where the GDPR applies we rely on the following bases:

Contract — to provide the Service you signed up for.
Consent — for marketing channels, optional cookies, push notifications, SMS.
Legitimate interest — fraud prevention, basic analytics, defending legal claims.
Legal obligation — tax records, court orders, regulatory requests.

4. How we share data

We do not sell or rent your personal data. We share it only with:

Vendors / Customers you transact or message with. Your name and message body are visible to that counterparty. When you place an order, the Vendor receives the customer's name, contact info, and delivery/pickup details.
Service providers and sub-processors that help us run the platform (named-entity list in §4.1 below).
Authorities when required by law (subpoena, court order, or to protect rights and safety).
Successor entity in the event of a merger, acquisition, or sale of assets — with notice to you where required.
Aggregated, de-identified data — we may publish aggregated statistics (e.g., "1,200 orders fulfilled last month") that cannot be tied back to you.

4.1. Named sub-processors

The list below describes every third party that may receive your personal data, what they receive, why, where they store it, and a link to their own privacy policy. We update this list when sub-processors change.

Stripe, Inc. (United States) — https://stripe.com/privacy

What they receive: Email, name, billing address, phone (if provided), card last-4 + brand + expiry, payment amounts, transaction history, and your CuzHens user ID and farm ID in metadata. For Vendors only: business name, EIN or SSN, bank account number (these are collected by Stripe directly through Stripe Connect hosted onboarding — they never transit our servers).
Purpose: Payment processing, payouts to Vendors, Stripe Tax calculation, and Stripe Radar fraud detection.
Note: Stripe Radar uses aggregate transaction patterns from across the Stripe network for fraud prevention.

Google LLC — Google Analytics 4 (United States, Singapore, EU) — https://policies.google.com/privacy

What they receive: A Google-issued device identifier (the GA4 client ID, separate from your CuzHens user ID), IP-derived approximate location (typically city-level), page-view events, in-app search terms, product interaction events, and purchase event data (transaction ID + value, never card data).
Purpose: Aggregate product analytics — helps us understand which features and listings are working.
Note: GA4 is loaded only after you accept the cookie consent banner, and only if our admin has configured a measurement ID. Decline the banner to disable GA4 entirely.

Microsoft Corporation — Microsoft Clarity (United States, EU) — https://clarity.microsoft.com/terms — https://privacy.microsoft.com/privacystatement

What they receive: A Microsoft-issued device identifier (Clarity user ID, separate from your CuzHens user ID), IP-derived approximate geolocation, anonymized page contents (input field values are automatically masked unless we explicitly opt them in), mouse movements, scroll depth, click coordinates, rage-click and dead-click signals, and JavaScript console errors emitted on the page. Free-text input you type into form fields (search, chat, profile) is automatically masked by Clarity before transmission unless we mark a specific element as safe for capture.
Purpose: Session replay, heatmaps, and frustration-signal analytics so we can find broken or confusing UI and fix it.
Note: Microsoft Clarity is loaded only after you accept the cookie consent banner, and only if our admin has configured a Clarity project ID. Decline the banner to disable Clarity entirely. Microsoft is contractually limited to processing this data on our behalf and does not use it for advertising.

Anthropic, PBC (via Emergent LLM gateway, admin-only use) (United States) — https://www.anthropic.com/legal/privacy

What they receive: Aggregated, de-identified marketplace metrics (funnel counts, error counts, GMV totals, active-farm count, total-user count) plus the admin's plain-English question. The Assistant never receives a customer's name, email, address, payment data, message content, individual order data, or any direct identifier.
Purpose: Power the admin-only AI Analytics Assistant dashboard at /admin/analytics-assistant. The Claude Sonnet 4.5 model receives the aggregate snapshot and returns natural-language insight to the admin operating the platform.
Note: This integration is only triggered when a CuzHens admin actively types a question in the assistant. Customers, vendors, and the general public have no exposure to it. Anthropic is contractually prohibited from training future models on the data we send.

Resend, Inc. (United States) — https://resend.com/legal/privacy-policy

What they receive: Email address, name, and the body content of transactional emails we send to you (e.g., order confirmations, pickup codes, password resets).
Purpose: Reliable transactional email delivery only. Resend acts solely as a processor on our behalf and does not use your data for any other purpose.

Supabase, Inc. (United States — primary region) — https://supabase.com/privacy

What they receive: All data you provide to CuzHens — account, profile, orders, messages, photos, files (vendor verification documents), reviews, etc.
Purpose: Database hosting, authentication, and file storage. Supabase acts solely as a processor on our behalf.

Vercel, Inc. / Emergent (United States — primary region) — https://vercel.com/legal/privacy-policy

What they receive: Server logs (IP, user-agent, request paths) and basic crash and performance telemetry. No message body, no payment data.
Purpose: Application hosting, CDN, and error monitoring.

Zippopotam.us (Public API, no PII transit) — https://zippopotam.us

What they receive: A ZIP code only, with no personal identifiers attached.
Purpose: Convert ZIP codes to city/state for search and tax calculations.

Twilio, Inc. (only when SMS is enabled) (United States) — https://www.twilio.com/legal/privacy

What they receive: Phone number, your name (in message body), and the body content of SMS messages we send to you.
Purpose: SMS delivery for order updates and opt-in broadcasts.

Google LLC — Firebase Cloud Messaging (Android push only) (United States, EU) — https://policies.google.com/privacy

What they receive: An anonymous device push token issued by your Android device and the body of the push notification we send to you.
Purpose: Delivery of push notifications you have opted into.

Each provider above is bound by a data-processing agreement (DPA) or equivalent contractual terms restricting use of your data to the purposes listed.

What we have NOT enabled

No third-party advertising networks. We do not use Google AdMob, Google Ads conversion tags, Meta Pixel, TikTok Pixel, Snapchat Pixel, Pinterest tag, or any cross-site / cross-app advertising SDK. Sponsored placements you may see in the app are sold by us directly to advertisers — see §15.
No Android Advertising ID (AAID) or Apple IDFA. Our Android app does not request the com.google.android.gms.permission.AD_ID permission and does not access either advertising identifier.
No behavioral / interest-based ad targeting. We do not build profiles of you for advertisers. If this ever changes, we will update this Policy and request consent where required.

5. Cookies & similar technologies

See our Cookies Policy for the full list. In short, we use:

a strictly-necessary HTTP-only session cookie for login;
a small number of localStorage keys (ZIP cache, cart, dismissed banners, cookie-consent record);
the Web Push API only after explicit opt-in.

We do not load Facebook Pixel, Google Ads tags, or any third-party cross-site advertising tracker.

6. Your choices

Account profile / preferences — edit at /account/settings.
Account & data deletion — at any time, self-serve at /account/settings (Danger Zone) or by emailing info@cuzhens.com. Full instructions: /account-deletion.
Marketing emails — every marketing email has an unsubscribe link; preferences also live at /account/settings.
Push notifications — toggle in your browser or Android settings, or at /account/settings.
SMS broadcasts — reply STOP to opt out, or toggle at /account/settings.
Location — disable in your browser or Android system settings at any time. ZIP-based search still works without precise location.
Cookies — manage your decision in the cookies banner or by clearing your browser storage.
Marketing data — request restriction by emailing info@cuzhens.com.

7. Your rights

Depending on where you live (e.g., California — CCPA/CPRA; EU/UK — GDPR; certain other US states), you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Port your data in a machine-readable format.
Delete your account and data (subject to legal-retention exceptions).
Opt out of "sale"/"share" — although we do not sell your data.
Withdraw consent for processing based on consent.
Lodge a complaint with a supervisory authority.

To exercise any of these rights, email info@cuzhens.com with your account email and the request. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing the request.

8. Data retention

Active accounts — kept while the account exists.
Closed accounts — soft-deleted immediately; certain financial and audit data retained up to 24 months (or longer if required by law) for fraud-prevention, tax, and dispute reasons.
Order records — retained for at least the period required by tax law (typically 7 years in the US).
Messages — retained while either side of the conversation keeps an account.
Marketing logs — retained for as long as you remain opted in plus a short tail for delivery troubleshooting.
Aggregated / anonymized data — may be retained indefinitely.

9. Children

The Service is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, please email info@cuzhens.com and we will delete the account.

For users between 13 and the age of majority in their state, a parent or guardian's agreement may be required as described in our Terms.

10. Security

Passwords are hashed with bcrypt.
Sessions use HTTP-only signed cookies; session versioning lets users revoke all sessions remotely.
Database access uses Supabase Row-Level Security and service-role keys held only on the server.
HTTPS is enforced everywhere.
We periodically review access controls and dependencies.

No system is perfectly secure. Please use a strong, unique password and report suspected breaches to info@cuzhens.com.

11. International users

The Service is operated from the United States. By using it, you consent to the transfer and processing of your data in the U.S. and the other countries where our service providers operate. Where required, we put in place standard contractual clauses with international processors.

12. Automated decisions

We do not make decisions that have a legal or similarly significant effect on you using fully automated processing. Search ranking, featured-product placement, and ad targeting use rules-based logic that you can review with us if needed.

13. Mobile app (Android / Google Play)

When you install our Android app from the Google Play Store, the app is a Trusted Web Activity — a thin Android shell that loads cuzhens.com. All data collection and processing happens through the same website you use in a browser, so this entire policy applies to the app exactly as it does to the website. In addition:

Push notifications. If you grant notification permission, your Android device shares a unique push token with Google Firebase Cloud Messaging and with us, so we can deliver order updates, restock alerts, and messages. Revoke at any time in Android Settings → Apps → CuzHens Marketplace → Notifications.
Camera & photo library. If you upload a product photo or profile picture from the app, Android may prompt for camera or photo-library access. We only receive the image you choose to upload.
Location. As on the website, we may ask for approximate or precise location to show nearby Community Sellers. You can refuse, change, or revoke this at any time in Android Settings → Apps → CuzHens Marketplace → Permissions.
No advertising IDs. We do not collect the Android Advertising ID (AAID) and we do not load third-party advertising SDKs.
Data deletion. Account and data deletion works exactly the same way on Android as on the web — see /account-deletion.

14. Analytics

We use a layered approach to analytics:

First-party analytics (always on). Page views, click events, search queries, and conversions are recorded in our own database (Supabase) to improve the Service, power the personalized "For You" feed, and give Vendors aggregated insights about their listings. This data is tied to your CuzHens account or anonymous session ID, never sold, and never shared with third parties for their own purposes.

First-party error monitoring (always on). When your browser hits a JavaScript exception, an unhandled Promise rejection, a 5xx API response, or a network failure on our site, our error monitor sends a structured event to our own /api/analytics/errors endpoint (rate-limited to 25 unique error groups per session). The event includes the error type, error message, the route you were on, your anonymous session ID, browser/OS/device type, and — if you are logged in — your CuzHens user ID. This is first-party data used solely to triage bugs in our internal Error Analytics dashboard. It is not shared with third parties for their own purposes.

Third-party analytics (admin-toggled, consent-gated). Two optional third-party services may load only after you accept the cookie consent banner:

Google Analytics 4 (GA4) — measurement of page views, search terms, product interaction events (view_item, add_to_cart, begin_checkout), and purchase events (transaction ID + value, never card numbers or personal information). GA4 receives a Google-issued device identifier separate from your CuzHens user ID, and IP-derived approximate location (typically city-level). GA4 does not receive your name, email address, phone number, billing address, or any other personal identifier from us.
Microsoft Clarity — session replay, heatmaps, and frustration-signal analytics (rage clicks, dead clicks). Clarity records anonymized page content, mouse movements, scroll depth, and click coordinates. Free-text input fields (search boxes, chat boxes, profile fields) are automatically masked by Clarity before transmission, so the text you type is not visible in recordings unless we mark a specific element as safe to capture. Clarity receives a Microsoft-issued device identifier separate from your CuzHens user ID. Microsoft is contractually limited to processing this data on our behalf and does not use it for advertising.

Both GA4 and Microsoft Clarity load only when (a) you have accepted the cookie banner, and (b) our admin has configured a measurement / project ID. Either or both may be disabled at any time by our admin.

AI Analytics Assistant (admin-only, internal). An admin-only dashboard at /admin/analytics-assistant lets CuzHens staff ask plain-English questions about platform performance ("Why did conversion drop on mobile last week?"). When an admin submits a question, we build a small JSON snapshot of aggregated, de-identified metrics — funnel counts, error counts, GMV totals, active-farm count, total-user count — and send it together with the admin's question to Anthropic's Claude Sonnet 4.5 model via the Emergent LLM gateway. The snapshot never includes an individual customer's name, email, address, payment data, message content, individual order, or any direct identifier. Customers, vendors, and the general public have no exposure to this system; it is purely an internal analytics tool for the admin operating the platform. Anthropic is contractually prohibited from training future models on the data we send.

How to opt out of GA4 and Microsoft Clarity.

Web: decline the cookie banner, or change your decision later in the "Cookie Preferences" link in the footer. We also honor the Global Privacy Control (GPC) signal — see §5 of our Cookies Policy.
Android app: the same in-app cookie banner applies because the app is a Trusted Web Activity loading our website.

What we do NOT use. Facebook Pixel, TikTok Pixel, Snapchat Pixel, Pinterest tag, LinkedIn Insight tag, Quora pixel, Reddit pixel, or any cross-site advertising tracker.

15. Advertising and sponsored content

CuzHens Market sells sponsored placements directly to third parties — typically farms, food makers, feed suppliers, restaurants, and other businesses that want to reach local-food shoppers. You may see these placements on the homepage feed, search results, category pages, farm storefronts, product pages, and map / ZIP results. Sponsored placements are clearly labeled with a "Sponsored", "Promoted", or similar badge.

How we currently target ads. Targeting is based on placement context only — for example, an "eggs" ad shown to people viewing the eggs category, or a delivery-zone ad shown to people in a matching ZIP. We do not use your individual profile, purchase history, or device identifiers to personalize ads.

What we do NOT do (today).

We do not load Google AdMob, Google Ads, Meta Ads, or any third-party advertising-network SDK.
We do not collect or share your Android Advertising ID (AAID) or Apple Identifier for Advertisers (IDFA).
We do not build cross-site or cross-app advertising profiles about you.
We do not share, sell, or license your personal information to advertisers. Advertisers buy a placement, not a list of users.

Information advertisers receive. Advertisers receive only aggregated, de-identified performance metrics about their own ads — total impressions, total clicks, click-through rate, and the placements where their ads ran. They never receive your name, email, address, payment info, or any other identifier.

If this changes. If we ever add interest-based targeting that uses your data, or integrate a third-party ad network, we will update this Policy, request your consent where required (GDPR / EU; CCPA / CPRA; etc.), and give you a clear way to opt out from your account settings.

16. Changes

We may update this Policy. When we do, we will change the "Effective" and "Version" markers and, for material changes, notify you by email and / or with an in-app banner. Continued use after a material update means you accept the new Policy.

17. Contact

CuzHens LLC Waycross, GA Email: info@cuzhens.com

Data protection officer / privacy contact: info@cuzhens.com (subject line "Privacy").