Overview
This Privacy Policy explains how This Is Why I’m High LLC (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use the High IQ mobile application, the thisiswhyimhigh.com website, and the High IQ API (collectively, the “Services”).
We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.
Last updated: February 2026
When you create an account or use our Services, you may provide:
- Account information — Name, email address, and authentication credentials (managed through our authentication provider, Clerk)
- Profile information — Display name, preferences, and settings you configure in the app
- Stash data — Cannabis strains you add to your stash, including strain names, quantities, prices, dispensary information, ratings, and personal notes
- Order data — Purchase receipts and order history you import or enter manually
- Consumption logs — Session data including strains used, timing, effects experienced, and personal ratings
- Favorites and collections — Strains and content you bookmark or organize
- Label scans — When you use the AI Label Scanner, we process the image to extract strain data. Images are not stored after processing.
- Support communications — Messages you send to our support team
When you use our Services, we automatically collect:
- Device information — Device type, operating system version, app version, and unique device identifiers
- Usage data — Pages visited, features used, search queries, and interaction patterns
- Performance data — App crash reports, error logs, and performance metrics (collected through Sentry)
- Network information — IP address (hashed using SHA-256 for anonymization), connection type, and general geographic region
- Cache data — Temporary data stored on your device to improve app performance
We may receive information from:
- Authentication providers — Clerk provides basic account information when you sign in with Apple or Google
- Analytics services — Aggregated and anonymized usage patterns
We use the information we collect for the following purposes:
Service Delivery
- Providing and maintaining the High IQ app, website, and API
- Generating personalized reports and recommendations based on your consumption data
- Processing label scans and returning extracted strain information
- Syncing your stash, orders, and favorites across devices
- Displaying your stats, badges, and analytics dashboards
Service Improvement
- Understanding how users interact with our Services to improve features and usability
- Identifying and fixing bugs, crashes, and performance issues
- Analyzing aggregate usage patterns to prioritize new feature development
- Training and improving our AI features using anonymized, aggregated data (never individual user data)
Communication
- Sending service-related notifications (e.g., app updates, new features)
- Responding to your support requests and inquiries
- Providing relevant tips and educational content based on your usage
Safety and Compliance
- Detecting and preventing fraud, abuse, and unauthorized access
- Complying with applicable laws and legal obligations
- Enforcing our Terms of Use
We will never use your personal consumption data to target you with advertising. High IQ does not sell advertising space, and your data is not shared with advertisers.
Data Storage and Security
Where Your Data Is Stored
Your data is stored across two primary systems:
| Data Type | Storage Provider | Location | Purpose |
|---|
| Strain data (public) | Supabase (PostgreSQL) | United States | Strain profiles, terpene data, research papers |
| User data (private) | Convex | United States | Stash, orders, reports, favorites, consumption logs |
| Authentication | Clerk | United States | Account credentials and session management |
| Error monitoring | Sentry | United States | Crash reports and error diagnostics |
Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in transit — All data transmitted between your device and our servers uses TLS 1.2+ encryption
- Encryption at rest — Database storage is encrypted using AES-256
- Authentication security — Account access is protected through Clerk’s enterprise-grade authentication with support for Apple Sign-In and Google Sign-In
- IP anonymization — IP addresses collected through the label scanner are hashed using SHA-256 before storage
- Access controls — Internal access to user data is restricted to authorized personnel on a need-to-know basis
- Regular audits — We periodically review our security practices and update them as needed
Data Retention
- Account data — Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Consumption and stash data — Retained as long as your account is active. You can delete individual entries at any time, and all data is deleted with account deletion.
- Label scan images — Not retained. Images are processed in memory and discarded immediately after AI analysis.
- Label scan metadata — Anonymized extraction results (strain data, terpene values) are retained to improve database quality. This data cannot be linked back to you.
- Analytics data — Aggregated, anonymized analytics data may be retained indefinitely for service improvement.
- Error logs — Crash reports and error logs are retained for 90 days through Sentry, then automatically deleted.
We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties. This applies to all categories of personal information we collect.
Service Providers
We share information with third-party service providers who assist in operating our Services:
| Provider | Purpose | Data Shared |
|---|
| Clerk | Authentication | Email, name, sign-in method |
| Convex | User data storage | Stash, orders, consumption data |
| Supabase | Strain data storage | Public strain data (no personal info) |
| Sentry | Error monitoring | Device info, crash data (no personal content) |
| Vercel | Hosting and deployment | Request logs, IP addresses |
| Google (Gemini) | AI label scanning | Label images (not stored by Google per our API agreement) |
| OpenAI | AI report generation | Anonymized consumption patterns for report generation |
| Anthropic (Claude) | AI research summaries | No personal data — used only for public research paper summarization |
Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal process (subpoenas, court orders, or government requests)
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
- Protection of the rights, property, or safety of our users or the public
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.
Your Privacy Rights
All Users
Regardless of your location, you have the right to:
- Access — Request a copy of the personal information we hold about you
- Correction — Request correction of inaccurate or incomplete personal information
- Deletion — Request deletion of your personal information and account
- Data portability — Export your data in a machine-readable format
- Opt-out — Opt out of non-essential data collection and communications
To exercise any of these rights, contact us at privacy@thisiswhyimhigh.com or use the in-app account management features.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Right to Know
You have the right to request that we disclose:
- The categories of personal information we have collected about you
- The categories of sources from which personal information was collected
- The business or commercial purpose for collecting personal information
- The categories of third parties with whom we share personal information
- The specific pieces of personal information we have collected about you
Right to Delete
You have the right to request that we delete your personal information, subject to certain exceptions (such as completing a transaction or complying with legal obligations).
Right to Opt-Out of Sale
We do not sell personal information. However, you have the right to direct us not to sell your personal information if our practices change in the future.
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing or quality of service for making privacy requests.
| Category | Examples | Collected | Sold | Business Purpose |
|---|
| Identifiers | Name, email, device IDs | Yes | No | Account management |
| Commercial information | Purchase records, stash data | Yes | No | Service features |
| Internet activity | Usage data, search history | Yes | No | Service improvement |
| Geolocation | General region (not precise) | Yes | No | Content localization |
| Inferences | Strain preferences, consumption patterns | Yes | No | Personalized recommendations |
How to Submit a CCPA Request
Submit a verifiable consumer request by:
- Emailing privacy@thisiswhyimhigh.com with “CCPA Request” in the subject line
- Using the in-app data management features under Account Settings
We will verify your identity before processing any request. You may also designate an authorized agent to submit a request on your behalf, provided they present written authorization.
We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason.
Children’s Privacy
Our Services are intended for users who are 21 years of age or older. We do not knowingly collect personal information from anyone under the age of 21. If we become aware that we have collected personal information from a person under 21, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a minor, please contact us at privacy@thisiswhyimhigh.com.
Cookies and Tracking
Website
The thisiswhyimhigh.com website may use:
- Essential cookies — Required for site functionality (authentication, preferences)
- Analytics cookies — Help us understand site usage (anonymized)
We do not use advertising cookies or tracking pixels.
Mobile App
The High IQ mobile app does not use cookies. It uses:
- Local storage — Device-side storage for app settings, cached data, and offline functionality
- Sentry SDK — Crash reporting and performance monitoring (can be disabled in app settings)
International Users
Our Services are primarily operated in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
By using our Services, you consent to the transfer of your information to the United States and its processing as described in this Privacy Policy.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the “Last updated” date at the top of this policy
- For significant changes, we will notify you through the app or via email
- Continued use of our Services after changes constitutes acceptance of the updated policy
We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
We aim to respond to all privacy inquiries within 5 business days.
