Overview
Phat Sac Score ("we," "our," or "us") is a cannabis consumer companion app operated by PhatSac. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights regarding that information. By using the app, you agree to the practices described here.
This app is intended for adults aged 21 and older. We verify age at first login and do not knowingly collect data from users under the age of 21.
Information We Collect
Account Information
- Email address and username (provided when you register via PhatSac.com)
- Birth year (collected for age gate verification at first login)
- Avatar selection (icon-based, chosen by you)
Product Scoring Data
- Cannabis product details you enter or scan: brand, strain name, THC/CBD percentage, terpene profiles, product category, and weight
- Ratings and scores you assign to products, effects, dispensaries, and budtenders
- Purchase information: price paid, dispensary location, and date of purchase
- Free-text notes and descriptions you optionally add to a submission
Camera and OCR Data
- When you use the label scanner, your device camera captures an image of a product label or receipt
- That image is transmitted to OpenAI's API (GPT-4o-mini / GPT-4o) solely to extract product text — brand, strain, THC%, terpenes — and is not stored by us beyond your submission record
- We do not retain raw camera images; only the extracted data fields are saved to our database
Location Data
- Approximate location (city/region level) used to surface nearby dispensaries and show you geographically relevant sponsored content
- Precise GPS coordinates are used in-session for the dispensary locator and ad targeting; they are not stored permanently on our servers
- You can deny location permission at any time through your device settings
Device Identifiers
- A randomly generated device identifier used to track ad impressions and clicks for sponsored content campaigns, and to enforce per-device rate limits
- Device platform (iOS or Android) and general device type for analytics purposes
Usage and Analytics Data
- In-app events such as pages visited, features used, and actions taken (e.g., scan started, submission completed) — used to understand how the app is used and to improve it
- Session identifiers and timestamps associated with these events
- Push notification tokens (if you grant notification permission) used solely to send deal alerts and app updates
Chat Room Activity
- Burner Rooms use temporary, anonymous identities that reset per room; no messages are stored beyond the active session
- Game scores (correct answers, streaks, points earned) from in-room mini-games are stored against your account
How We Use Your Information
- To provide and operate the core features of the app (scoring, locator, chat rooms, marketplace)
- To compute your contributor points, milestone badges, Pattern Loop insights, and Value Index
- To generate community-level leaderboards and strain rankings (displayed without exposing individual PII)
- To serve geographically relevant sponsored content from dispensary advertisers
- To enforce age verification (21+) and per-user usage limits
- To send push notifications about nearby deals or app updates (only if you opt in)
- To improve OCR accuracy, app performance, and feature quality through aggregated usage analysis
- To comply with applicable law and respond to lawful requests
Third-Party Data Processors
We share data with the following third parties only to the extent necessary to operate the service:
PhatSac.com — User authentication. Your login credentials are verified through PhatSac.com's authentication system. We share your email and account identifiers to establish and maintain your session. See PhatSac.com's privacy policy for how they handle your credentials.
OpenAI, Inc. — OCR / label scanning. Product label images are sent to OpenAI's API for text extraction. OpenAI processes these images under their API usage policies and does not use API data to train models by default. See OpenAI's Privacy Policy.
Replit, Inc. — Cloud hosting. Our servers and database run on Replit's infrastructure. Replit may process data in the ordinary course of providing hosting services. See Replit's Privacy Policy.
We do not sell your personal information to third parties. We do not share your scoring history, terpene preferences, or product data with advertisers — ad targeting uses only your approximate location and device identifier.
Data Retention
- Account data: Retained for the life of your account and deleted within 30 days of an account deletion request
- Submission records: Retained indefinitely to power community features (leaderboards, strain insights); individual records are removed upon account deletion
- Usage/analytics events: Retained for up to 12 months for product improvement purposes
- Ad impression/click logs: Retained for up to 90 days for billing reconciliation
- Chat messages: Not retained — Burner Room messages exist only for the duration of an active session
- Camera images: Not retained by us — images are passed directly to OpenAI for processing and are not stored on our servers
Your Rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your account and associated personal data
- Withdraw consent for location access or push notifications through your device settings at any time
- Opt out of analytics data collection (contact us at the address below)
To exercise any of these rights, please contact us using the information in the Contact section below. We will respond within 30 days.
Children's Privacy
This app is not intended for users under the age of 21. We enforce an age gate at first login and do not knowingly collect personal information from anyone under 21. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.
Security
We use industry-standard measures to protect your information, including encrypted data transmission (HTTPS/TLS), secure credential storage (device SecureStore), and JWT-based authentication with token expiry and rotation. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date below. We encourage you to review this page periodically. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have questions or concerns about this Privacy Policy, or to submit a data request, please contact us at:
Email: vendorsupport@phatsac.com
Website: phatsac.com
Effective date: April 21, 2026