Legal
Privacy Policy
Effective date: March 17, 2026 · Last updated: March 17, 2026
DispensaryExam is operated by SocraticHQ. This policy explains what information we collect, how we use it, and what rights you have over it. We do not sell your data to third parties.
1. Who we are
DispensaryExam is a compliance examination platform for cannabis dispensaries, operated by SocraticHQ. References to "we," "us," or "our" in this policy refer to SocraticHQ and the DispensaryExam platform.
We provide AI-powered scenario-based compliance examinations for dispensary employees and compliance managers in the cannabis industry.
2. Information we collect
We collect information in the following ways:
Information you provide directly:
- Account registration details — name, email address, and password for compliance managers and employees
- Organization details — dispensary name, state, and branding preferences provided during onboarding
- Examination responses — the text responses employees provide during compliance examinations
- Documents and regulatory content — any internal policy documents or employee handbooks uploaded to the platform
- Communications — any messages or feedback you send to us
Information collected automatically:
- Examination session data — timing, exchange counts, and integrity signals (keystroke patterns, tab switching, fullscreen status) collected during examinations
- Usage data — pages visited, features used, and actions taken within the platform
- Device and browser information — browser type, operating system, and IP address
- Log data — server logs including access times and error reports
3. How we use your information
We use the information we collect to:
- Provide and operate the DispensaryExam platform
- Conduct AI-powered compliance examinations and generate assessment feedback
- Allow compliance managers to review employee examination results and transcripts
- Send account-related emails including invitations, session notifications, and system alerts
- Respond to support requests and communications
- Monitor platform performance and fix errors
- Improve the platform based on usage patterns
- Comply with legal obligations
We do not use your examination responses or employee data to train AI models.
4. AI processing and examination data
DispensaryExam uses Anthropic's Claude AI to conduct compliance examinations. When an employee takes an examination, their responses are sent to Anthropic's API for processing. This means examination content is subject to Anthropic's data processing terms in addition to this policy.
Specifically:
- Employee examination responses are transmitted to Anthropic's API to generate examiner follow-up questions and assessments
- Regulatory documents and compliance content uploaded by your organization are used as context for examinations and are transmitted to Anthropic's API during examination sessions
- Full examination transcripts are stored on our servers and are accessible to compliance managers in your organization
You can review Anthropic's privacy policy at anthropic.com/privacy.
We recommend that you do not include personally identifiable information about customers or patients in any documents uploaded to the platform.
5. How we share information
We do not sell your personal information. We share information only in the following circumstances:
- Within your organization — compliance managers in your organization can view examination transcripts, session records, and employee status for employees in their account
- Service providers — we share data with third-party providers who help us operate the platform, including Anthropic (AI processing), our hosting provider (DigitalOcean), and our email provider (Mailgun). These providers are contractually required to protect your data and use it only to provide services to us
- Legal requirements — we may disclose information if required to do so by law, court order, or government authority
- Business transfers — if SocraticHQ is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy
- With your consent — we may share information in other ways if you give us explicit permission to do so
6. Data retention
We retain your information for as long as your account is active or as needed to provide services. Specifically:
- Account information is retained for the duration of your subscription and deleted within 90 days of account closure upon request
- Examination transcripts and session records are retained for the duration of your subscription to support compliance record-keeping
- Uploaded documents are retained until you delete them or close your account
- Server logs are retained for up to 90 days
If you close your account, you may request deletion of your data by contacting us at the address below. Some information may be retained longer if required by law or for legitimate business purposes such as fraud prevention.
7. Security
We take reasonable technical and organizational measures to protect your information against unauthorized access, loss, or misuse. These measures include:
- HTTPS encryption for all data in transit
- Encrypted passwords stored using industry-standard hashing
- Access controls limiting which personnel can access customer data
- Regular security monitoring of our production systems
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.
8. Your rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — the right to request a copy of the personal information we hold about you
- Correction — the right to request that we correct inaccurate or incomplete information
- Deletion — the right to request that we delete your personal information, subject to certain exceptions
- Portability — the right to receive your data in a structured, machine-readable format
- Objection — the right to object to certain types of processing
- Withdrawal of consent — where processing is based on consent, the right to withdraw that consent at any time
To exercise any of these rights, please contact us using the information in the Contact section below. We will respond to your request within 30 days.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined under the CCPA.
9. Cookies
We use cookies and similar technologies to operate the platform. Specifically:
- Session cookies — required for authentication and to keep you logged in during your session
- CSRF tokens — required for security purposes to prevent cross-site request forgery
We do not use third-party advertising cookies or tracking pixels. The cookies we use are strictly necessary for the platform to function. You can disable cookies in your browser settings, but doing so will prevent you from logging in to the platform.
10. Children's privacy
DispensaryExam is intended for use by adults in a professional compliance context. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify account holders by email and update the effective date at the top of this page. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.
We encourage you to review this policy periodically to stay informed about how we protect your information.