Hemp Food logo Hemp Food

Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy explains what information Hemp Food ("we", "us") collects from visitors to this website, how we use it, and the choices you have. We aim to collect as little personal information as practical and to keep what we do collect secure.

1. Information we collect

Information you provide

We only receive personal information from you when you actively send it:

  • Contact form: if you message us through our contact page, we receive your name, email address, subject, and message. We use this only to reply to you.
  • Account registration: if you create a directory account to list a business, we collect your email, password (stored as a one-way hash), and the business details you submit.
  • Payment information: if you purchase a promoted listing, payment is processed by a third-party payment provider. We do not store your full card details on our servers.

Information collected automatically

  • Standard server logs: IP address, browser user-agent, request URL, and timestamp. These are retained for security and abuse-prevention purposes and rotated after a short period.
  • Session cookies: a single first-party cookie keeps you signed in if you have an account. The cookie is HTTP-only, same-site Lax, and is deleted when you close your browser.
  • Anti-abuse data: our contact form uses simple bot-detection signals (timing, hidden honeypot field, submission rate). No personally identifying information is collected by these mechanisms.

What we do NOT do

  • We do not sell your personal information to anyone.
  • We do not load third-party advertising or tracking scripts on these pages.
  • We do not build behavioural profiles for ad targeting.
  • We do not require an account to read articles or browse the directory.

2. How we use information

  • To reply to contact messages.
  • To operate the directory: display business listings, process listing submissions, and manage promoted placements.
  • To improve the site (aggregated, non-identifying analysis of which articles are read).
  • To detect and prevent abuse, spam, and fraudulent listings.
  • To comply with legal obligations.

3. Cookies

We use a minimal number of first-party cookies:

  • Session cookie (required): keeps you signed in.
  • CSRF token cookie (required): protects against forged form submissions.
  • Flash message storage (required, short-lived): displays one-time confirmation or error messages.

We do not use third-party cookies on these pages. If you embed external content (for example a YouTube video on an article), that provider may set its own cookies governed by its own policy.

4. Third parties

We use a small number of essential third-party services:

  • Web hosting for serving the site and storing the database.
  • Email delivery for the contact form and account notifications.
  • Payment processing (only if you purchase a promoted listing) — payment data is handled directly by the payment provider, not by us.
  • Search engines may index public pages, including business listings. This is the same behaviour as any public website.

Each service receives only the data needed for the function it performs.

5. Data retention

  • Server logs: typically rotated within 30 days.
  • Contact form messages: retained in our inbox; deleted on request.
  • Account and listing data: retained while the account is active. You may request deletion at any time via the contact form.
  • Payment records: retained as long as required by tax and accounting law.

6. Your rights

Depending on your jurisdiction (including under Canada's PIPEDA, the EU's GDPR, the UK GDPR, and California's CCPA where applicable), you may have the right to:

  • Request a copy of personal information we hold about you.
  • Ask us to correct inaccurate information.
  • Ask us to delete information about you, subject to legal retention requirements.
  • Withdraw consent to optional processing.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, use our contact form. We will respond within 30 days.

7. Security

We use TLS (HTTPS) for all pages, hash passwords with a strong one-way algorithm, store data on hosting infrastructure with industry-standard protections, and limit administrative access to a small number of accounts. No system is perfectly secure; if you suspect a security issue, please contact us promptly.

8. Children

This website is intended for adults. We do not knowingly collect personal information from children under 13 (or under 16 where applicable). If you believe a child has provided information to us, contact us and we will delete it.

9. International transfers

Our servers and our third-party services may be located in Canada, the United States, or other jurisdictions. By using the site, you consent to your information being processed in those locations.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page indicates when the most recent change occurred. Material changes will be highlighted on this page for a reasonable period.

11. Contact

Questions about this Privacy Policy, or requests relating to your personal information, can be sent via the contact form.

This Privacy Policy is provided in plain language for clarity. It is not a substitute for legal advice. For advice about your specific obligations or rights, please consult a qualified lawyer in your jurisdiction.