Last updated: April 2, 2020
Welcome to Leafly.com Leafly.ca, Leafly.de, LeaflyMarket.com, and related sub-domains (together, the “Site”), mobile and/or software applications, provided by Leafly Holdings, Inc., and its affiliates, subsidiaries, parent company and other related companies, including Leafly Canada, Ltd., LMarket, LLC, and Leafly Holdings GmbH (“Us”, “We”, or Leafly). This Leafly Privacy Notice (“Notice”) describes the information we collect, use, and disclose about you when you use the Site, mobile applications, and related services (together, the “Services”) and how we use, process, and disclose that information. We may supplement this Notice with other notices. This Notice applies to Services that display or reference this Notice, but it does not apply to any services that display or reference a different privacy statement.
The information we collect depends on how you interact with us, the Services you use, and the choices you make.
We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, third-party data sources, and information we infer or generate from other data.
Provided By You Directly. You may provide us with additional information by filling in forms on the Services or by corresponding with us by phone, text, email, live chat, or otherwise. If you create an account, we may collect the following types of information from you:
Information Collected Automatically. When you use the Services, se automatically collect information about you, for example:
Our web pages may also contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those websites, and gather usage and performance data. We also include web beacons in our promotional email messages or newsletters to determine whether you open and act on them.
We, together with our third-party analytics service providers and advertising partners, use these technologies in our Services to collect personal information (such as the cookies stored on your browser, the advertising identifier on your mobile device, or the IP address of your device) when you visit our Services. We and our partners may also use these technologies to collect personal information about your online activities over time and across different Web sites. This information is used to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.
The third-party analytics and advertising providers we use on our websites include:
|Company/Service||Purpose(s)||Privacy Notices||Manage Settings (opt-out)|
|DoubleClick (Google)||Advertising, analytics||https://policies.google.com/privacy||See association links below.|
|Google Tag Manager||www.google.com/policies/privacy/partners||https://policies.google.com/technologies/partner-sites|
|Facebook Audiences||Advertising||https://www.facebook.com/privacy/explanation||https://www.facebook.com/settings?tab=ads See association links below.|
|Facebook Connect||https://www.facebook.com/privacy/explanation||See association links below.|
|StackAdapt||Advertising||https://www.stackadapt.com/privacy||See StackAdapt’s Privacy Notice|
|MiQ||Advertising||https://www.wearemiq.com/privacy-policy/||See MiQ’s Privacy Notice|
To learn about the privacy practices of these third parties and how to opt-out from their use of cookie data for targeted advertising purposes, click on the links above.
Many of these companies are also members of associations, which provide a simple way to opt out of analytics and ad targeting, which you can access at:
The California Consumer Protection Act (“CCPA”) requires us to disclose categories of personal data sold to third parties and how to opt-out of future sales. The CCPA defines personal information to include online identifiers, including IP address, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties in some cases. We let advertising and analytics providers collect IP addresses, cookie IDs, mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information.
If you do not wish for us or our partners to “sell” your personal data to third parties for advertising purposes, you can make your Do Not Sell Request by emailing firstname.lastname@example.org.
Note that although we will not “sell” your personal data after we receive your email, we will continue to share some personal information with our partners (acting as our service providers) to help us perform advertising-related functions such as, but not limited to, measuring the effectiveness of our ads, managing how many times you may see an ad, reporting on the performance of our ads, ensuring services are working correctly and securely, providing aggregate statistics and analytics, improving when and where you may see ads, and/or reducing ad fraud. Further, emailing us will not necessarily opt you out of the use of previously sold personal information or stop all interest-based advertising. If you access this site (or app) from other devices or browsers, visit the link below from those devices or browsers to ensure your choice applies to the data collected when you use those devices or browsers.
Other information related to your right to opt-out from sales of personal data is contained in the California Privacy Rights section of this Notice.
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
Email web beacons. Most email clients have settings which allow you prevent the automatic downloading of images, which will disable web beacons in the email messages you read.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
Information obtained from third-party sources. We also obtain information from third parties. We protect information obtained from third parties according to the practices described in this Notice, plus any additional restrictions imposed by the source of the information. These third-party sources include, for example:
|Third Party Sources||Categories of Personal Data|
|Third party partners. Third party applications and services, including social networks you choose to connect with or interact with through our services. For example, if you create an account using, or otherwise connect your account to, a social networking services account (e.g. Twitter or Facebook), we may also collect information provided to us by such social networking service.||Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Co-Branding/Joint Partners. Partners with which we offer co-branded services or engage in joint marketing activities||Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.||Contact information, demographic data, payment information, content and files, and device information, geolocation data, usage data, inferences|
|Publicly available sources. Public sources of information such as open government databases.||Contact information, demographic data, content and files, geolocation data.|
Information created or generated. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your city, state, and country location based on your IP address.
When you are asked to provide information, you may decline. And you may use app or device controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.
The Leafly Services may allow you to connect and share your actions, comments, content, profile, and information publicly or with other people. Depending on what domain your account is on and what type of account you have created, you may be able to control some of the categories of personal information shared via your profile from the account settings menu on the Site. Please be mindful of your own privacy needs as you choose who to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others.
We use the information we collect for purposes described in this Notice or otherwise disclosed to you. For example, Leafly generally uses your information to:
|Purposes of Use||Categories of Personal Data|
|Product and Service Delivery. To provide and deliver our Services, including creating accounts on, securing, troubleshooting, improving, and personalizing those Services.||Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Business Operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, and detecting and protecting against fraudulent or illegal activity.||Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Product and Service Improvement, Development, and Research. To improve our Services, develop new products or features, and conduct research.||Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Personalization. To understand you and your preferences to enhance your experience and enjoyment using our Services.||Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences|
|Customer Support. To provide customer support and respond to your questions.|
|Communications. To send you information about your use of the Services, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.||Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data.|
|Marketing. To communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other information about our products and those of our selected partners (see the Information Choices section of this Notice for how to change your preferences for promotional communications).|
|Advertising. To display advertising to you (see the Cookies and Similar Technologies section of this Notice for information about personalized advertising and your advertising choices).|
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
We may also use your information to verify your geographic location. We may use your geographic location data to personalize our Service, to recommend content, determine whether the information you have requested is available in your location, or to determine whether Service offerings are available in your location. If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Leafly may use it for any business purpose.
We may share your information as follows:
Third party analytics and advertising companies also collect personal information through our Services including, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies and Similar Technologies section of this Notice.
We may also share aggregated and anonymized data with our partners, advertisers, and other third parties as authorized by law.
Please note that some of our products include references or links to products provided by third parties whose privacy practices differ from ours. If you provide information to any of those third parties, or consent to our sharing information with them, that information is governed by their privacy statements.
Leafly uses various safeguards designed to protect personal information submitted to us, including, where appropriate, encryption of data stored and encrypting information in transit. Where Leafly uses third party providers to store and transmit personal information, Leafly utilizes the security tools offered by these providers that are designed to protect personal information. In addition to use of certain security tools made available by third party providers, Leafly takes reasonable and appropriate steps to help protect your Information against loss, misuse, and unauthorized access, or disclosure. No company can fully prevent security risks, however. While we strive to protect your personal information, we cannot guarantee its absolute security. To help protect yourself and your information, choose a unique password for our Services and do not use a password on our Services that you would use on any other website or online service.
The information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States where our servers are located. We have chosen this location to operate efficiently and improve performance. That information may then be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how it is stored by us. These countries (including the United States) may not necessarily have the data protection laws as comprehensive or protective as those in your country of residence; however we take steps designed to ensure that the information we collect under this Notice is processed according to the provisions of this Notice and applicable law wherever the information is located.
Accordingly, we transfer personal data from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
We retain information for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
Access, correction, and deletion. If you wish to request access to, or correction or deletion of, information about you that we hold, you may email your request to email@example.com.
To the extent permitted by applicable law, we reserve the right to charge a fee or decline requests that are unreasonable or excessive, where providing the information would be prohibited by law or could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the information relates.
Communication Preferences. You may opt out of receiving marketing/promotional emails from Leafly by following the instructions in those emails or by reviewing the settings in your account, depending on what type of account you have. You may opt out of receiving marketing/promotional text messages from Leafly at any time by replying STOP to a marketing/promotional text message. If you opt out of receiving marketing/promotional emails and/or text messages, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
Choices for Cookies and Similar Technologies. See the Cookies and Similar Technologies section for choices about cookies and other analytics and advertising controls.
Many third-party tracking companies are also members of associations, which provide a simple way to opt out of analytics and ad targeting, which you can access at:
Mobile advertising ID controls. Apple and Android mobile devices each generate an advertising identifier that can be accessed by apps and used by advertisers in much the same way that cookies are used on websites. Each operating system provides options to limit tracking and/or reset the advertising ID.
You may decline to share certain data with Leafly, in which case we may not be able to provide you with some of the features and functionality of the Site or Service. You may have the right to know what personal information Leafly has about you and to correct any inaccuracies. Please direct any such requests by email to firstname.lastname@example.org. or by one of the other means listed at the end of this notice.
If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:
To make such request, contact us at the contact information set forth below. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
Right to Know. You have a right to request that companies provide you with the following information:
You may make such a “request to know” by contacting us at email@example.com.. Note that we have provided much of this information in this Notice.
Right to Request Deletion. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us at firstname.lastname@example.org..
Right to Opt-Out. You have a right to opt-out from future “sales” of personal information. To do so, please visit our “Do Not Sell My Info” page in the Cookies and Similar Technologies section of this Notice.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. Finally, you have a right to not be discriminated against for exercising rights set out in the CCPA.
Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by e-mailing email@example.com. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated e-mail address.
From time to time, we may revise this Notice to reflect changes in our Services, how we use information, or applicable law. To help you stay current of any changes, we note the date the Privacy Notice was last updated above. If we make material changes to the Notice, we will provide notice or obtain consent regarding such changes as may be required by law.
Please contact Leafly with any questions, concerns, complaints, or comments about this Notice, your information, our third-party disclosure practices, or your consent choices:
Leafly Holdings, Inc. Attention: Privacy Officer 333 Elliott Ave W. Seattle, WA 98119 Email: firstname.lastname@example.org
Leafly Canada Ltd. Attention: Privacy Officer 50 Carroll St. Toronto, ON M4M 3G3 Email: email@example.com
Our data protection representative for the European Economic Area and Switzerland is:
Leafly Holdings GmbH Attention: Privacy Officer Kemperplatz 1 10785 Berlin Email: firstname.lastname@example.org