Built for an industry where compliance isn’t optional.
Cannabis operators run under intense scrutiny. So we hold the work to a high bar — encrypted, governed, and built on certified infrastructure.
Encrypted, end to end
Every page and API call is served over TLS/HTTPS. Data is encrypted in transit and at rest, and secrets are stored as sensitive, access-controlled environment variables — never in code.
Enterprise-grade infrastructure
Hosted on Vercel and Neon — providers that maintain SOC 2 Type II and ISO 27001 certifications, global DDoS protection, and a 99.95% uptime SLA on our plan tier.
HIPAA-eligible foundation
Our database tier (Neon Scale) is HIPAA-eligible. For engagements that touch protected health information, we can architect on a HIPAA-eligible footing with the appropriate agreements in place.
Compliance-first by design
We build around Metrc and state cannabis rules from day one — with data minimization, least-privilege access, and audit-ready documentation baked into every engagement.
Responsible AI
AI is governed, not unleashed. We define acceptable-use policies, keep humans in the loop on regulated decisions, and never put sensitive data into models without the right controls.
Your data is yours
We collect only what we need to serve you, we never sell your data, and you can request deletion at any time. The “Ask the Regs” tool provides general information, not legal advice.
Honest framing: SOC 2, ISO 27001, and HIPAA certifications referenced above belong to our infrastructure providers (Vercel, Neon). HempAgency builds on that certified foundation and follows compliance-first practices; we’ll scope the specific controls and agreements (e.g., a BAA) appropriate to your engagement. This page is informational and not legal advice.
Have a security or compliance question?
We’re happy to walk your team through how we handle data and stay inside the lines.
Talk to us