Back to app

Ohio420.ai Privacy Policy

Effective date: June 13, 2026.

Privacy contact: mailto:privacy@ohio420.ai. Support contact: mailto:support@ohio420.ai.

This Privacy Policy explains how Ohio420.ai handles information used by the public website, account features, document review workflow, AI chat, intake forms, approval-gated marketing workflows, and the focused LinkedIn/X social publishing integrations.

Ohio420.ai provides source-grounded informational compliance support for Ohio cannabis operators and professionals. This policy covers the public website, account features, document review workflow, AI chat, intake forms, approval-gated marketing workflows, and social publishing integrations operated by Ohio420.ai.

Data used to operate the service may include account name, business name, contact name, email address, phone number, subscription status, seat assignment, usage-credit activity, feedback, support/deletion requests, security logs, and documents intentionally submitted for admin review.

We use this data to provide and secure the service, manage subscriptions and usage, respond to support and deletion requests, review uploaded documents before indexing, improve source quality, prepare approved outreach, and measure high-level product and marketing performance.

Chat prompts are sent to the configured AI provider to produce answers. Chat prompts, answers, and feedback are retained in a private, access-controlled, tenant-isolated record system for service operations, quality review, and security, and they are not exposed to other users. Public adaptive-memory transcript reuse remains disabled by default unless it is explicitly enabled for an approved retention need. Chat and feedback records may be used for model training, evaluation, or product improvement only to the extent allowed by the applicable organization and user policy settings. AI responses are informational only and should be confirmed against cited sources, qualified counsel, or the regulator before acting.

Customer-uploaded documents stay in a pending review queue and are not added to the shared knowledge base unless an administrator approves them. Customers should not upload privileged legal, medical, payment-card, or unnecessary personal information.

For LinkedIn, Ohio420.ai uses OAuth authorization and the LinkedIn API only after the owner connects the Ohio420.ai LinkedIn Company Page. The app may request organization social scopes needed to read organization social status and publish owner-approved Company Page posts, plus optional organization admin scopes when the owner wants Ohio420.ai to discover administered Company Pages inside the dashboard. We do not ask for or store LinkedIn passwords, session cookies, or personal profile credentials.

The LinkedIn integration is used to publish owner-approved educational Company Page posts from the Ohio420.ai admin dashboard after LinkedIn app access, Page admin permission, and compliance review are confirmed. We store only operational configuration and audit records needed to run the connected page, such as OAuth tokens, organization id, page URL, approval status, published post URLs, timestamps, and error logs. Ohio420.ai does not sell LinkedIn API information or use it for hidden engagement automation.

For X, Ohio420.ai uses OAuth authorization or an owner-controlled access token only after the owner connects the Ohio420.ai X account. The integration is used only for owner-approved posts from the admin dashboard after compliance review. We store only operational configuration and audit records needed to run the connected account, such as OAuth tokens, approval status, posted URLs, timestamps, and error logs. Ohio420.ai does not sell X API information or use it for hidden engagement automation.

Third-party service providers may process limited data for hosting, email delivery, payments, AI responses, security logging, analytics, and social-platform API publishing. These providers are used to operate Ohio420.ai and are not permitted by us to use customer data for their own independent marketing.

Production deployments should use dedicated public-app storage, HTTPS, secure cookies, least-privilege admin access, encryption for account state and review storage, access logging, and a private knowledge root that is separate from any personal NAS or private files.

We retain personal and operational data only as long as needed for the purposes described above, unless a longer period is required for security, billing, fraud prevention, legal compliance, dispute handling, or audit integrity. Access tokens can be revoked by disconnecting the relevant platform or contacting us.

Users can request account and associated data deletion at /account/delete. Some limited records may be retained when needed for security, billing, fraud prevention, legal compliance, or dispute handling.