Privacy Policy

Your privacy is important to us. This Privacy Policy explains how Elevated Compliance ("we", "us", or "our") collects, uses, and protects your information when you use our services. By using Elevated Compliance, you agree to the terms outlined in this policy. We are committed to protecting your personal information and your right to privacy.

We collect information you provide directly to us, including: Account Information: • Full name and username • Email address • Password (encrypted) • Business name and details (for business accounts) • Phone number (optional) Usage Information: • IP address and device information • Browser type and version • Pages visited and time spent • Search queries and interactions • Referral sources COA Data: • Uploaded certificates and documents • Product information and test results • Batch numbers and test dates Cookies and Tracking: • We use cookies to improve functionality and analyze usage • Session cookies for authentication • Analytics cookies to understand user behavior

We use your information to: Provide and Improve Services: • Create and manage your account • Process and display COA information • Enable search and verification features • Provide customer support • Send service-related notifications Analytics and Enhancement: • Understand how users interact with our platform • Identify areas for improvement • Develop new features and functionality • Ensure platform security and prevent fraud Communications: • Send account-related emails • Provide updates about service changes • Send marketing communications (with your consent) • Respond to your inquiries and requests

We do not sell your personal information to third parties. We may share your information only in the following circumstances: With Your Consent: • When you explicitly authorize us to share information • When you make COAs publicly searchable Service Providers: • Cloud hosting providers (AWS, Supabase) • Email service providers • Analytics services (anonymized data) • Payment processors (for premium features) Legal Requirements: • To comply with legal obligations • To respond to lawful requests from authorities • To protect our rights and safety • To prevent fraud or abuse Business Transfers: • In connection with a merger, acquisition, or sale of assets • Your data would be transferred as part of business assets

We take data security seriously and implement industry-standard measures: Technical Safeguards: • End-to-end encryption for data in transit (SSL/TLS) • Encryption at rest for sensitive data • Regular security audits and penetration testing • Secure authentication with password hashing • Two-factor authentication (optional) Operational Safeguards: • Limited employee access to personal data • Regular staff security training • Incident response procedures • Data backup and recovery systems However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

We retain your information for as long as necessary to: • Provide our services to you • Comply with legal obligations • Resolve disputes and enforce agreements • Improve our services Account Data: • Retained while your account is active • Retained for 90 days after account deletion (for recovery) • Permanently deleted after retention period COA Data: • Retained indefinitely for public-facing COAs • Deleted upon request for private COAs • Archived data may be retained longer for compliance Analytics Data: • Aggregated and anonymized data may be retained indefinitely • Individual-level data deleted after 24 months

You have the following rights regarding your personal information: Access and Portability: • Request a copy of your personal data • Download your data in a portable format • Access your COA history and uploads Correction and Update: • Update your account information anytime • Correct inaccurate personal data • Request corrections to uploaded COAs Deletion: • Delete your account and associated data • Request removal of specific information • Opt out of marketing communications Control and Consent: • Manage privacy settings in your account • Withdraw consent for data processing • Opt out of cookies (may limit functionality) To exercise these rights, contact us at privacy@elevatedcompliance.com

Elevated Compliance is not intended for use by individuals under the age of 18 (or 21 in jurisdictions where cannabis products are only legal for adults 21+). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take immediate steps to delete that information. Parents or guardians who believe their child has provided us with information should contact us immediately.

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. We ensure appropriate safeguards are in place for international transfers: • Standard contractual clauses • Privacy Shield certification (where applicable) • Adequacy decisions by regulatory authorities By using our service, you consent to the transfer of your information to the United States and other jurisdictions.

We use cookies and similar tracking technologies to improve your experience: Essential Cookies: • Required for authentication and security • Remember your preferences and settings • Cannot be disabled Analytics Cookies: • Track usage patterns and performance • Help us improve our services • Can be disabled in your browser Marketing Cookies: • Personalize content and advertisements • Measure effectiveness of campaigns • Can be disabled or managed You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

We may update this Privacy Policy from time to time to reflect: • Changes in our practices • Legal or regulatory requirements • New features or services • User feedback and concerns When we make material changes: • We will notify you via email • We will update the "Last Updated" date • We will provide 30 days notice before changes take effect • Continued use of the service constitutes acceptance We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: Privacy Team: Email: privacy@elevatedcompliance.com Address: [Business Address] Data Protection Officer: Email: dpo@elevatedcompliance.com General Support: Email: support@elevatedcompliance.com Help Center: /help We will respond to your inquiry within 30 days.