The House Of Gremory Consulting

privacy





Privacy Policy | The House of Gremory Consulting



Privacy Policy

Last updated: September 2025

Notice at Collection (California)

This Notice describes the categories of personal information we collect at or before the time of collection, the purposes for which we use it, whether we “sell” or “share” it for cross-context behavioral advertising, and how long we retain it.

  • Categories collected: identifiers and contact details; commercial information; internet/technical data; geolocation (coarse); professional/license information; government ID and other sensitive personal information (only from consulting clients and job applicants as needed for cannabis licensing, background checks, or compliance).
  • Purposes: respond to inquiries; provide consulting services; perform age and identity checks where required by law or our clients; prepare and submit licensing/compliance materials; security and fraud prevention; analytics; marketing with your consent; legal and regulatory obligations.
  • Sale/Sharing: We do not sell personal information for money. We may share limited identifiers and internet data with analytics/advertising partners for cross-context behavioral advertising via cookies. You can opt out below and we honor the Global Privacy Control signal.
  • Retention: We keep personal information only as long as necessary for the stated purposes (see Retention).
Your California Privacy Rights
Do Not Sell or Share My Personal Information
Limit Use of My Sensitive Personal Information

Who We Are and Scope

The House of Gremory Consulting (“Gremory,” “we,” “us,” or “our”) is a California-based consulting firm that helps cannabis businesses navigate licensing, compliance, inspections, METRC onboarding, and operational readiness. This Privacy Policy explains how we handle personal information collected through our website houseofgremory.com, our contact channels, and in the course of providing services to prospective and current clients and their personnel.

We are a “business” under the California Consumer Privacy Act as amended by the CPRA (collectively, “CCPA”). For some activities, we act as a “service provider” or “contractor” to our clients—when that is the case, we process personal information under our client’s instructions and our client’s privacy policy applies.

Information We Collect

Category (CCPA) Examples Sources Business/Commercial Purposes
Identifiers & Contact Name, email, phone, address, IP address, device identifiers. You (forms, calls, email), cookies/analytics, publicly available records. Respond to inquiries; provide services; verify identity/eligibility; prevent fraud; analytics; marketing.
Professional/License Info Business ownership/role, DCC/DCR account details, license application data. You or your business; regulators (with authorization). Prepare and submit licensing/compliance materials; represent you with regulators; project management.
Commercial Information Service history, proposals, invoices, communications, notes. You/your business; our systems. Client relationship management; accounting; legal compliance.
Internet / Technical Data Log files, cookie IDs, pages viewed, browser/device info, approximate location. Your device; analytics and security tools. Website operation; security; analytics; improve and market our services.
Geolocation (coarse) Approximate city/region from IP address. Analytics and security tools. Website security; understand site usage; comply with territory restrictions.
Sensitive Personal Information Government IDs (e.g., driver’s license), Social Security or EIN (for licensing disclosures), date of birth (age verification), financial interest disclosures, background-check results (where required by law or client). You; your business; authorized third-party verification vendors; regulators (with authorization). Meet cannabis licensing and compliance requirements; verify identity and eligibility; due diligence and background checks; legal obligations. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA.
Job Applicant Data Resumes, contact details, work history, references, optional demographic info you choose to provide. You; references you authorize. Recruiting, hiring, and compliance with employment laws.

We do not intentionally collect biometric data, precise (GPS-level) geolocation, or protected health information through this website. We do not request medical information and are not a health-care provider or HIPAA covered entity.

Cookies, Analytics & Advertising

We use first-party and third-party cookies and similar technologies to operate the site, keep it secure, measure audience engagement, and—where allowed—improve or advertise our services. You can control cookies in your browser settings. If you enable a Global Privacy Control (GPC) signal in your browser, we treat it as a valid request to opt out of sale/sharing for that browser.

How We Disclose Personal Information

We disclose personal information to the following categories of recipients for the purposes described above:

  • Service Providers/Contractors who process data under written contracts, including web hosting, cloud storage, email and productivity tools, CRM/project management, analytics, age/ID-verification vendors, background-check vendors (when authorized), e-signature providers, accounting and billing providers, and security vendors.
  • Regulatory Agencies (e.g., LA DCR, CA DCC) when you engage us to assist with applications, inspections, or compliance, and only with your authorization or as required by law or your contract with us.
  • Advisors and Professional Services such as attorneys, auditors, and insurers, as needed for our legitimate business purposes and legal obligations.
  • Business Transfers in connection with a merger, acquisition, or similar event.
  • Law Enforcement or Government when we believe disclosure is required or appropriate to comply with law, court order, or protect rights, safety, and compliance.

Sale/Sharing: We do not sell personal information for money. We may share limited identifiers and internet activity with advertising/analytics partners for cross-context behavioral advertising; you may opt out (see below).

Cannabis-Specific Disclosures

  • Age Limitation: Our site and services are intended for adults 21+ (or 18+ with valid physician recommendation where applicable under state law). We do not knowingly collect personal information from individuals under 16 years of age and do not knowingly sell or share personal information of consumers under 16.
  • Licensing & Compliance: When you hire us for licensing or compliance, we may collect and prepare sensitive disclosures (e.g., government ID numbers, ownership/financial interest information, background documentation) solely to meet city and state requirements. We store such materials securely and disclose them only to you, your authorized designees, our service providers, and the applicable regulators.
  • METRC & Operational Systems: If you authorize us to access systems such as METRC, POS, or security platforms, we act as your service provider and access only what is reasonably necessary to perform the requested services.
  • Federal Law Notice: Cannabis remains illegal under U.S. federal law. We do not assist with interstate transport of cannabis or other federally prohibited conduct. We may disclose information as needed to comply with applicable laws and licensing conditions.

Retention

We retain personal information for no longer than necessary for the purposes described in this Policy, unless a longer period is required by law, contract, or to establish/defend legal rights. Typical periods are:

  • General inquiries and website logs: 12–24 months.
  • Client files (including licensing records): for the term of the engagement plus at least 4 years, or longer where required by regulator record-keeping rules or our contracts.
  • Billing and tax records: 4–7 years.
  • Job applicant materials: up to 3 years (longer if hired or required by law).

Your California Privacy Rights

Subject to certain exceptions, California residents may exercise the following rights:

  • Right to Know/Access & Portability: Request the categories and specific pieces of personal information we collected about you, the sources, purposes, categories of third parties, and whether we sold or shared information.
  • Right to Delete: Ask us to delete personal information, subject to legal exceptions (e.g., required recordkeeping, security, or exercising legal claims).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: Opt out of the sale or sharing of personal information for cross-context behavioral advertising.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: We use sensitive personal information only for permitted purposes (e.g., to perform services you requested, detect security incidents, or comply with law). If you believe we use it beyond those purposes, you may request limitation.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.

How to Submit a Request

Verification & Agents: We will verify your request by matching information you provide (e.g., email, phone, recent interaction details) with our records. Authorized agents must provide proof of authority; we may require you to verify your identity directly.

Timing: We aim to respond within 45 days; we may extend by 45 days when reasonably necessary and will notify you.

Opt Out of Sale/Sharing

To opt out of sale/sharing of personal information for cross-context behavioral advertising:

  • Use your browser’s Global Privacy Control (GPC) signal (we honor it), and
  • Contact us via the methods above and indicate “CCPA Opt-Out.”

Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information (e.g., access controls, encryption in transit, least-privilege practices, and vendor diligence). No system is perfectly secure, and we cannot guarantee absolute security. If we discover a security incident affecting your information, we will notify you and/or regulators when required by law.

Do Not Track & International Users

Our site does not respond to non-standard “Do Not Track” signals. We recognize the Global Privacy Control as described above.

Our services are intended for use in the United States. If you are accessing from outside the U.S., you understand your information may be processed in the U.S. and other jurisdictions with different data-protection laws.

California “Shine the Light”

California Civil Code §1798.83 allows customers to request details about personal information we disclose to third parties for their direct marketing. We do not share information with third parties for their own direct marketing purposes. You may still contact us with questions.

Changes to This Policy

We may update this Policy from time to time. The “Last updated” date at the top indicates the effective date. Material changes will be posted on this page and, where appropriate, we will notify you by additional means.

Contact Us

If you have questions about this Policy or our privacy practices, contact:

The House of Gremory Consulting
Los Angeles, California, USA

This Privacy Policy is provided for general informational purposes and does not constitute legal advice. Cannabis regulations vary by jurisdiction; you are responsible for complying with the laws that apply to you.

© The House of Gremory Consulting