This Privacy Policy explains how GreenState Group (“GreenState,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit greenstategroup.com (the “Site”), contact us, book an appointment, or otherwise engage with our services. This policy is drafted for California residents and reflects rights afforded under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”).
This policy should be reviewed and approved by qualified legal counsel before publication. It is written as a starting framework consistent with standard California privacy practice for B2B consulting firms and is not a substitute for legal advice.
This policy applies to personal information we collect through the Site, through forms you complete (including contact, booking, newsletter signup, and retainer intake forms), through email and telephone communication with us, and through cookies and similar technologies placed on the Site. It applies to all three GreenState engagement tiers — Tier 1 Licensed (project consulting), Tier 2 Educated (the per-seat Education Suite platform), and Tier 3 Compliant (monthly retainer). It does not apply to personal information processed by third parties operating independent services, including any referral partners or counsel with whom we coordinate.
When you contact us, book a call, request a scope, complete an intake form, subscribe to a mailing list, or otherwise interact with the Site, you may provide us with: your name, company or entity name, role, email address, telephone number, mailing address, cannabis license numbers and classifications, jurisdictional interest, engagement description, and any other information you choose to share in free-form text fields or attachments.
If your organization subscribes to the GreenState Education Suite (Tier 2 · Educated — our per-seat platform service, distinct from our Tier 1 Licensed and Tier 3 Compliant consulting engagements), we additionally process per-seat employee data submitted by your organization or by employees themselves: employee name and work email, role and department, training pathway assignments, module completion records, certificate issuances and expirations, recertification status, and assessment scores. This per-seat data is processed on behalf of your organization as the data controller for workforce-compliance purposes under 4 CCR § 15042.
We and our service providers automatically collect: IP address, browser type and version, operating system, device identifiers, pages visited, time on page, referring URL, and general geolocation inferred from IP address. This information is primarily used in aggregated form to operate and improve the Site.
We may receive information from analytics providers, advertising platforms (where used), referral partners, and publicly-available regulatory databases (such as the California Department of Cannabis Control public license records) that we use to verify licensure status during intake.
We share personal information with vendors that perform services on our behalf under written contracts that limit their use of the information to our instructions — including hosting, analytics, customer-relationship management, email delivery, calendaring, electronic signature, document management, and professional services administration.
We may disclose personal information where required by subpoena, court order, regulatory inquiry, or other legal process, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of GreenState, our clients, or the public.
If GreenState is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred as part of that transaction, subject to continuing confidentiality obligations.
With your instruction, we share engagement-related information with attorneys you have retained. Those communications are governed by the attorney-client relationship between you and your counsel, not by GreenState.
We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising.
We use strictly-necessary cookies (to operate the Site), analytics cookies (to understand aggregated usage), and functional cookies (to remember preferences). You can disable non-essential cookies through your browser settings or through a cookie-preference control if one is offered on the Site. Disabling strictly-necessary cookies may prevent parts of the Site from functioning correctly.
If you are a California resident, you have the following rights with respect to the personal information we hold about you:
To exercise any of these rights, email us at privacy@greenstategroup.com with sufficient detail to verify your identity and the nature of your request. We will acknowledge receipt within ten business days and substantively respond within forty-five calendar days, with a one-time extension of up to forty-five additional days where reasonably necessary.
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations (including records associated with consulting engagements), to resolve disputes, and to enforce our agreements. Engagement records are retained for at least seven years consistent with professional services-records practices and California cannabis recordkeeping rules under 4 CCR § 15037.
We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. No method of electronic transmission or storage is perfectly secure; we cannot guarantee absolute security.
This Site is intended for operators, investors, counsel, and industry professionals involved in California licensed commercial cannabis activity. Commercial cannabis activity in California is restricted to persons twenty-one (21) years of age or older. The Site is not directed at children and we do not knowingly collect personal information from anyone under the age of eighteen.
The Site contains links to external websites, including regulator websites, legal resources, and industry databases. We are not responsible for the privacy practices or content of those third-party sites. Review the privacy policy of any third party before providing personal information to it.
We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page reflects the effective date of the current version. Material changes will be noted through reasonable means, which may include a prominent Site notice or direct email to recent contacts.
Questions, requests, and complaints about this Privacy Policy may be directed to:
GreenState Group Attn: Privacy privacy@greenstategroup.com
