Skip to main content

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly — such as your name, email address, and payment information when you create an account or make a purchase. We also collect usage data automatically through cookies and similar technologies, including your IP address, browser type, and pages visited.

2. How We Use Your Information

We use collected information to operate and improve the platform, process transactions, send order confirmations, provide customer support, and communicate updates about our genetics registry. We do not sell your personal data to third parties.

3. Data Sharing & Third-Party Service Providers

We share your data only with service providers necessary to operate the platform. We do not sell your personal information. The following third-party processors may receive limited data in the course of providing their services:

  • Vercel Inc. — hosting, edge delivery, and serverless compute. Receives IP addresses, request metadata, and page content for delivery.
  • Supabase Inc. — database infrastructure and authentication. Stores account data, registry records, and transactional data in encrypted PostgreSQL instances.
  • Stripe Inc. — payment processing. Receives payment card data, billing addresses, and transaction amounts. Stripe is PCI-DSS Level 1 certified. SBI does not store card numbers.
  • BTCPay Server (self-hosted) — cryptocurrency payment processing for USDC/SOL transactions. Transaction data is processed on-chain and through our self-hosted instance.
  • Upstash Inc. — rate limiting and session caching via serverless Redis. Receives anonymized request identifiers.
  • Amazon Associates — affiliate product links on the Supplies page. Amazon may set cookies when you click affiliate links. See Amazon's privacy policy for details.
  • NextAuth.js / Auth.js — authentication framework. Session tokens are stored as encrypted HTTP-only cookies.

We may also disclose information when required by law, court order, or legal process, or to protect our rights, safety, or property.

4. Cookies

We use essential cookies for authentication and site functionality, and optional analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings or our cookie consent banner.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS), secure password hashing, and regular security audits. However, no method of transmission over the Internet is 100% secure.

6. Your Rights

You have the right to access, correct, or delete your personal data. You may also request a copy of your data or opt out of marketing communications at any time by contacting us at privacy@seedbankinternational.com.

7. GDPR — Rights for EU/EEA Residents

If you are located in the European Union or European Economic Area, the following additional rights and information apply under the General Data Protection Regulation (GDPR).

Lawful Basis for Processing

  • Contract performance — processing necessary to fulfil orders, manage your account, and deliver purchased services.
  • Legitimate interests — platform security, fraud prevention, and aggregated analytics to improve the service, where these interests are not overridden by your rights.
  • Consent — marketing emails and optional analytics cookies, which you may withdraw at any time.

Your Data Subject Rights

  • Right of Access — request a copy of the personal data we hold about you.
  • Right to Rectification — request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten") — request deletion of your personal data where there is no legitimate basis for continued processing.
  • Right to Restriction of Processing — request that we limit how we use your data in certain circumstances.
  • Right to Data Portability — receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to Object — object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights

Submit a Data Rights Request to privacy@seedbankinternational.com with the subject line "Data Rights Request". We will respond within 30 days.

Data Protection Officer

Our Data Protection Officer (DPO) can be reached at dpo@seedbankinternational.com.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data in accordance with applicable law.

8. CCPA — Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights regarding your personal information.

Right to Know

You may request that we disclose (a) the categories of personal information we have collected about you, (b) the categories of sources from which it was collected, (c) the business purpose for collection, (d) the categories of third parties with whom we share information, and (e) the specific pieces of personal information collected about you.

Right to Delete

You may request that we delete personal information we have collected from you, subject to certain exceptions (such as information needed to complete an ongoing transaction, detect security incidents, or comply with a legal obligation).

Right to Opt-Out of Sale

We do not sell your personal information to third parties. You therefore do not need to submit an opt-out request; however, if our practices change, we will update this policy and provide a "Do Not Sell My Personal Information" link as required by law.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing as a result of submitting a rights request.

How to Submit a Request

Email privacy@seedbankinternational.com with the subject line "CCPA Rights Request", or use the account settings page if logged in. We will verify your identity and respond within 45 days.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact

For privacy-related inquiries, contact us at privacy@seedbankinternational.com.