Skip to main content
Strain Database logo
StrainDB

Best

View all categories
AnxietySleepPain ReliefDepressionCreativityEnergyBeginnersHigh THC

Tools

Medical FinderFind strains for conditions
Climate ZonesMatch strains to your climate
CompareSide-by-side strain comparison
Strain FinderMatch a strain to your goal + setup
Strain QuizFind your perfect strain

Quick Access

Indica
Sativa
Hybrid

Privacy Policy

Last updated: March 2, 2026

Privacy First

We are committed to protecting your privacy. We collect minimal data, do not use third-party tracking services, and never sell your information.

1. Data Controller

CannAI UG (haftungsbeschränkt)

Represented by: Jacques

Email: privacy@strain-database.com

Website: strain-database.com

CannAI UG is the data controller responsible for your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. What We Collect

2.1 Data We Do NOT Collect

  • We do not require user accounts or registration
  • We use Google Analytics 4 with IP anonymization for aggregated traffic insights (see Section 2.5)
  • We do not create advertising profiles or sell data to third parties
  • We do not use tracking cookies or social media pixels

2.2 Hosting & CDN (Cloudflare)

Our website is delivered through Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare may process the following data for security and performance purposes:

  • IP address (temporarily, for DDoS protection and bot detection)
  • Browser type and version
  • Referring URL
  • Time of access

This processing is based on our legitimate interest in providing a secure and performant website (Art. 6(1)(f) GDPR). Cloudflare is certified under the EU-US Data Privacy Framework. See Cloudflare's Privacy Policy.

2.3 Anonymous Analytics

We collect anonymous, aggregated analytics data that cannot identify individual users:

  • Anonymized search queries (what strains users search for)
  • Page view counts and navigation patterns
  • Anonymous session duration metrics
  • Technical error logs (no user data included)

This data is used exclusively to improve our database, enhance user experience, and identify popular strains. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

2.5 Google Analytics 4

We use Google Analytics 4 (provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to understand how visitors use our website. GA4 collects aggregated, anonymous usage data including page views, session duration, and traffic sources. IP addresses are anonymized before processing.

Google is certified under the EU-US Data Privacy Framework. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). See Google's Privacy Policy.

2.6 Session Replay (OpenReplay, self-hosted)

We use OpenReplay to record anonymous session replays — mouse movements, clicks, scrolling, and page navigation — so we can identify usability issues and improve the site. Crucially, our OpenReplay instance is self-hosted on our own server in the EU(replay.strain-database.com); recordings never leave our infrastructure and are not shared with any third party.

What is captured:

  • Mouse movements, clicks, scroll position, viewport size, browser/OS
  • Page URLs visited and the order of navigation
  • Anonymous session ID (random UUID, not linked to any account)

What is not captured (masked by default):

  • Text inside input fields (passwords, search queries, form values)
  • Email addresses and dates in inputs
  • Any content on /admin, /login, /signup, /settings, /account — these paths are skipped entirely

We respect the browser Do Not Track (DNT) signal — if your browser sends DNT, no recording is started. Only 25% of sessions are sampled. Sessions are retained for a maximum of 30 days, then permanently deleted.

Legal basis: legitimate interest in website improvement (Art. 6(1)(f) GDPR), with privacy-preserving defaults (input masking, DNT respect, sampling, no third-party transfer). See OpenReplay's privacy documentation.

2.7 User-Submitted Content

When you voluntarily submit content (reviews, strain corrections, suggestions), we store:

  • Display name (you choose, can be anonymous)
  • Review text and ratings
  • Submission timestamp

Legal basis: consent (Art. 6(1)(a) GDPR). You can request deletion of your submitted content at any time by contacting us.

3. Cookies

We use only essential cookies required for the website to function:

  • Language preference — stores your selected language (EN/DE)
  • Theme preference — stores light/dark mode selection
  • Cloudflare security — __cf_bm cookie for bot protection

We do not use marketing, advertising, or tracking cookies. Essential cookies do not require consent under GDPR as they are strictly necessary for the Service.

4. Data Sharing

We do not share, sell, or rent personal data to third parties. Data may be disclosed only:

  • To comply with legal obligations (court orders, law enforcement requests)
  • To our hosting providers (Cloudflare, Vercel) as necessary to operate the Service

5. AI & Data Processing

We use artificial intelligence to generate and enhance strain descriptions, categorize strain data, and improve search results. Anonymous, aggregated usage data may be used to improve our AI models. No personally identifiable information is used for AI training.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of your personal data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion of your data
  • Right to restrict processing (Art. 18) — limit how we use your data
  • Right to data portability (Art. 20) — receive your data in a standard format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time

To exercise any of these rights, contact us at privacy@strain-database.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for us is: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany.

7. Data Retention

Anonymous analytics data is retained indefinitely as it cannot be linked to individuals. User-submitted content (reviews, corrections) is retained until you request its deletion. Cloudflare server logs are retained according to Cloudflare's retention policy (typically 72 hours).

8. International Data Transfers

Some of our service providers (Cloudflare, Vercel) are based in the United States. These transfers are protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) in accordance with GDPR requirements.

9. Children's Privacy

This Service is intended for adults of legal age in their respective jurisdictions. We do not knowingly collect data from children under the age of 16. If you believe a child has submitted personal data, please contact us for immediate removal.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will provide prominent notice on the website.

For any privacy-related questions or concerns, please contact: privacy@strain-database.com

0/4