← Back to Home

Grafted Roots Farms LLC (“we,” “us,” or “the Farm”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data when you use graftedrootsfarms.com or purchase our products and services.

1. Information We Collect

1.1 Information you provide directly

When you sign up for our CSA, make a purchase, join our newsletter, submit a contact form, or create an account, we collect:

• Name (first and last)
• Email address
• Phone number (optional in some cases)
• Mailing or pickup address (when relevant)
• Payment information (processed by Stripe; we do not store full card numbers)
• CSA preferences (share size, pickup day, dietary notes, household size)
• Any message content you send us through forms or email

1.2 Information collected automatically

When you visit our website, we automatically collect limited technical information, including:

• IP address and approximate location
• Browser type, device type, and operating system
• Pages viewed, referring URL, and time spent on the site
• Cookies and similar tracking technologies used for essential site functionality (cart, login session) and analytics

2. How We Use Your Information

We use the information we collect to:

• Process orders, CSA memberships, and payments
• Send pickup reminders, membership updates, and transactional emails
• Respond to inquiries submitted through our contact form
• Send newsletters and marketing emails to subscribers who have opted in (you can unsubscribe at any time)
• Improve our website, products, and services
• Comply with legal obligations and protect against fraud

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with trusted service providers that help us operate the Farm:

• Stripe — payment processing. Stripe maintains its own privacy policy at stripe.com/privacy.
• Supabase — database and hosting infrastructure for customer records and orders.
• Resend — transactional and newsletter email delivery.
• Netlify — website hosting and serverless functions.
• Google Analytics — anonymous website usage analytics (if enabled).

We may disclose information if required by law, court order, or to protect our legal rights.

4. Email Communications

We send two types of emails:

• Transactional emails — order confirmations, pickup reminders, payment notifications, and account updates. These are required for our services and cannot be unsubscribed from while you have an active membership or order.
• Marketing emails — newsletters, seasonal updates, and promotional offers. You can unsubscribe at any time using the link in any marketing email or by contacting us.

5. Cookies and Tracking

We use cookies and similar technologies for:

• Essential functionality — keeping you signed in, remembering cart contents
• Analytics — understanding how visitors use the site to improve it

Most browsers allow you to block or delete cookies through their settings. Blocking essential cookies may affect site functionality.

6. Data Retention

We retain your information for as long as needed to provide our services and comply with legal obligations:

• Active members — for the duration of your membership plus 7 years for tax and accounting records
• Marketing subscribers — until you unsubscribe
• Contact form inquiries — up to 2 years

7. Your Rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications
• Request a copy of your data in a portable format

To exercise any of these rights, email hello@graftedrootsfarms.com. We will respond within 30 days.

8. Children’s Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, please contact us and we will delete it.

9. Security

We use industry-standard safeguards to protect your information, including encrypted connections (HTTPS), secure payment processing via Stripe, and access controls on our database. However, no method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent changes. Material changes will be communicated by email to active members and subscribers.

11. Contact

Questions about this Privacy Policy? Contact us at:

Grafted Roots Farms LLC
5 Chestnut Hill Rd, Southborough, MA 01772
hello@graftedrootsfarms.com