Plain English. No buried clauses. This is what we collect, why we collect it, who we share it with, and how you control it. If anything here isn't clear, email info@cream.online and we'll explain.
When you shop with CREAM — whether in store, online, or via delivery — we collect the information you give us. That includes your name, date of birth, email address, phone number, and (for delivery) a delivery address. At checkout, you'll provide payment information, which is processed by our payment partners and never stored on our servers in full. If you're a NJ MMCP-registered medical patient using your 15%-off discount, we'll record your patient card number to verify eligibility.
If you sign up for CREAM Rewards, you'll provide an email address and (optionally) a phone number for SMS rewards updates. If you submit a question or comment via our contact form, we collect what you write and your contact details so we can reply.
When you visit cream.online, we automatically collect technical information from your browser and device — IP address, browser type, operating system, referring URL, pages viewed, and timestamps. This is standard for any website and helps us keep the site working, secure, and fast.
We use cookies and similar technologies for three purposes: (1) essential site function — keeping you signed in to your cart, remembering your age verification, processing checkout; (2) analytics — understanding which pages people visit, which products they look at, where they come from; and (3) limited marketing personalization for our email and SMS programs. We do not use cookies to build profiles for third-party advertising networks.
New Jersey law requires us to verify that every customer is 21 or older. When you enter our site, we record your confirmation of legal age. When you make a purchase, we verify a government-issued photo ID — in store at the counter, at the door for deliveries. We retain a record of the verification (not a copy of the ID) for compliance.
We use the information we collect to:
We do not sell your personal information to anyone. Period. We do share specific information with specific service providers because it's necessary to run the business — and we want you to know who they are.
As a licensed cannabis retailer, we report transaction data to the New Jersey Cannabis Regulatory Commission (NJ-CRC) and the state's METRC track-and-trace system. This is mandatory and applies to every licensed retailer in the state. We will also disclose information when required by valid legal process — court order, subpoena, or law enforcement request — and will notify you when we are legally permitted to do so.
If CREAM is ever sold, merged, or otherwise restructured, customer information may be transferred to the successor entity. We will post notice of any such transfer on this page and, where required by law, give you the opportunity to opt out before the transfer takes effect.
Cookies are small files our site stores in your browser. We use three categories:
You can control cookies through your browser settings. Most browsers let you block or delete cookies, though doing so will affect how our site works for you.
You have meaningful control over the information we hold about you. Specifically:
To exercise any of these rights, email info@cream.online with the subject line "Privacy request" and tell us what you want. We may need to verify your identity before processing the request.
New Jersey residents: The New Jersey Data Privacy Act gives you specific rights including the right to know, the right to delete, the right to correct, the right to opt out of the sale or sharing of your data, and the right to non-discrimination for exercising these rights. The rights described above implement these protections.
If you are a NJ MMCP-registered medical patient receiving the 15%-off medical discount at CREAM, your patient card number is sensitive health-related information and we treat it accordingly.
CREAM is not a HIPAA-covered entity. Your patient card status is not protected health information under HIPAA when you present it at a dispensary. However, we apply HIPAA-equivalent care to the handling of this data because we believe the trust of medical patients deserves it.
Connections to cream.online use TLS encryption. Passwords (where applicable) are hashed using industry-standard algorithms. Access to customer data within CREAM is limited to staff with a legitimate operational need.
No internet-connected system is 100% secure, and we won't pretend otherwise. If a security incident affects your information, we will notify you and applicable regulators in accordance with New Jersey breach-notification law and any other laws that apply.
We may update this policy from time to time. The effective date at the top of the page indicates when the current version took effect. For material changes — adding new categories of data we collect, new third parties we share with, or changes that meaningfully affect your rights — we will post a prominent notice on this page and, where you have given us your email address, send a notification.
Your continued use of cream.online after an update constitutes acceptance of the updated policy.
For privacy-related questions or to exercise any of the rights described above:
This policy is effective May 4, 2026. CREAM is a recreational cannabis dispensary licensed by the New Jersey Cannabis Regulatory Commission. We comply with all applicable New Jersey and federal laws governing cannabis retail and consumer privacy.