Privacy Policy

Seshly operates https://seshly.com. We are an online directory and pass facilitation service for cannabis social clubs and coffeeshops. We adhere to EU General Data Protection Regulation (GDPR) requirements.

We collect the following categories of data:

• Identity & Contact: First name, last name, email address
• Account Data: Login credentials, purchase history
• Usage Data: IP address, browser type, pages visited, timestamps
• Device Data: Mobile OS, unique device identifiers
• Cookies & Tracking: Session cookies, preference cookies, analytics beacons

Data collection relies on GDPR Article 6 legal bases including contract performance, legitimate interest, and consent.

Information is obtained through completed forms at checkout or registration, automated tracking technologies (cookies, analytics), and direct customer-service interactions via email or support chat.

Seshly uses session and persistent cookies for authentication, preference storage, traffic analysis, and service improvement. You may disable cookies through your browser settings; however, some features may become unavailable as a result.

We process your data to:

• Provide the service and deliver your QR pass
• Manage your account and purchase history
• Respond to customer support requests
• Send transactional emails (order confirmation, receipts)
• Send marketing communications where you have opted in
• Perform analytics, detect fraud, and improve the platform
• Comply with legal obligations (tax, anti-money-laundering)

We never sell your personal data.

Data is shared only with: service providers bound by data-processing agreements (payment processors, hosting providers, analytics); authorities when legally required; and successors in the event of a business transfer, with prior notification to users.

Our servers operate within the EU. Where third-party providers operate internationally, we rely on Standard Contractual Clauses or equivalent GDPR-compliant safeguards.

• Account and purchase data: retained for the duration of the active account plus 5 years for tax and legal purposes
• Marketing consent data: retained until consent is withdrawn
• Usage and security logs: retained up to 24 months

You have the right to: access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. You may also file a complaint with the Spanish Data Protection Authority (AEPD).

To exercise any right, contact us at privacy@seshly.com.

We implement HTTPS encryption, firewalls, intrusion detection, and least-privilege access controls. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

Seshly is strictly for users aged 18 or older (21+ where required by local law). We do not knowingly collect data from minors. If you believe a minor has provided us with data, contact us immediately and we will delete it promptly.

Our platform may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their policies independently.

We update this policy periodically. Significant changes will be communicated to registered users via email and a website banner. The “Last updated” date at the top of this page always reflects the current version.

Questions or data requests: privacy@seshly.com