This Privacy Policy applies to the US Cannabis License Directory ("the Site") operated at shannon-goddard.github.io/us-cannabis-license-directory and poweredby.ci/us-cannabis-license-directory.
1. Information We Collect
1.1 GitHub Authentication
When you log in via GitHub OAuth, we receive your GitHub username and avatar URL (public profile image). We request read:user scope only. We do not access your repositories, email, or any private data.
1.2 Community Edits
When you submit an edit, we store:
- Your GitHub username
- Timestamp of the edit (UTC)
- The business record identifier (license number)
- The column edited, old value, and new value
- The business name (for context)
This data is stored in AWS DynamoDB and is publicly visible in the Edit Ledger.
1.3 Automatically Collected Information
The Site is hosted on GitHub Pages and uses AWS API Gateway. These services may automatically collect IP addresses, browser type, referring URLs, and access timestamps. We do not control or access GitHub Pages server logs.
2. Information We Do NOT Collect
- Email addresses (unless publicly displayed on your GitHub profile)
- Passwords or authentication tokens (used transiently, not stored)
- Payment information
- Location data beyond what is publicly available in the dataset
- Cookies for tracking or advertising
3. How We Use Information
- GitHub username and avatar: Displayed in the Edit Ledger to attribute contributions
- Edit data: Stored as an immutable audit trail for data integrity
- Server logs: Debugging and abuse prevention only
4. Data Storage
| Data | Location | Retention |
|---|---|---|
| Edit ledger | AWS DynamoDB (us-east-1) | Indefinite |
| GitHub OAuth tokens | Browser memory only | Session |
| Server logs | GitHub Pages / AWS | Per provider policies |
5. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| GitHub | Authentication, hosting | github.com/privacy |
| AWS | API and data storage | aws.amazon.com/privacy |
6. Data Sharing
We do not sell, rent, or share personal information with third parties. Edit data (including GitHub usernames) is publicly visible by design — the ledger is a transparency mechanism.
7. Your Rights
- Access: The Edit Ledger is public. You can see all data associated with your username.
- Deletion: To request removal of your edits, contact legal@loyal9.app.
- Opt out: Don't log in. The directory is fully usable without authentication.
8. Children's Privacy
The Site is not directed at individuals under 13. We do not knowingly collect information from children.
9. Changes to This Policy
We may update this policy as the Site evolves. Changes will be reflected in the "Last Updated" date above. Continued use constitutes acceptance.
10. Contact
Loyal9 LLC · Riverside, CA · legal@loyal9.app