
Privacy Policy
Effective date: July 6, 2026
This Privacy Policy explains how The Open Row ("The Open Row," "we," "us," or "our") collects, uses, and shares information when you use The Open Row — our tools and websites that help cottage-food and farm-stand vendors run their stand and sell in person and online (the "Service").
The Open Row is operated as a sole proprietorship at https://theopenrow.com. We may reorganize under a different entity type (such as an LLC) in the future; if we do, this policy will continue to apply to the Service.
The Service is available at https://theopenrow.com, https://app.theopenrow.com, vendor storefronts at {name}.theopenrow.shop, and optional custom domains connected by vendors.
The Service has two kinds of users:
- Vendors — the sellers who create accounts to list products, run checkout, and manage their stand.
- Shoppers — customers who buy from a vendor's stand or online storefront, usually without creating an account.
This policy covers both. Where a practice applies to only one group, we say so.
1. Information We Collect
From Vendors
- Account and profile. Name, email address, and password when you register, or your email and basic profile details if you sign in with Google. Your stand name, stand location/address, business hours, and contact details.
- Business content. Products, prices, units, product and gallery photos, recipes, inventory levels, expenses, and receipt images you upload. Some of this content (product listings, photos, hours, storefront pages) is published publicly on your storefront.
- Payment and payout information. To accept card payments, you connect a Stripe account through Stripe Connect. Stripe collects and verifies your payout and identity details directly; we receive limited connection status and transaction metadata, not your full financial credentials. If you subscribe to Stand Plus, our payment processor processes those charges.
- Community price contributions. When you save catalog items, we derive anonymous, region-level list-price observations that feed aggregated market insights. Only aggregated bands (for example, a 25th–75th percentile price range) are shown to others — never your individual identity or stand-level figures.
From Shoppers
- Order information. The items you purchase, order totals, and pickup or delivery details, including a delivery address and fulfillment schedule where applicable.
- Payment information. Card payments are processed by Stripe on the vendor's behalf; we do not store full card numbers. If you pay by Cash App, Venmo, PayPal, or cash, that payment is handled directly between you and the vendor through those services or in person.
- Optional contact details. An email address if you request a receipt or opt in to a vendor's email updates ("Drops"), and a phone number if you use a vendor's loyalty rewards.
- Gift card purchases. If you buy a digital gift card, the purchaser's email address and, if you send the card to someone else, the recipient's email address, along with the gift-card transaction and redemption history we keep to maintain the balance.
- Stock reports. If you flag an item as low or empty at checkout, we record that report.
Automatically, from everyone
- Device and log data. IP address, browser type, operating system, device identifiers, referring pages, and timestamps.
- Usage and analytics data. How the Service is used — pages and features visited, session activity, and similar metrics.
- Cookies and similar technologies. Used to keep you signed in, remember preferences, measure usage, and — after you consent — measure advertising (see Section 5).
- Location data. Vendor stand and pickup addresses; address autocomplete via Google Maps; and shopper delivery addresses where provided.
2. How We Use Information
We use information to:
- Provide, operate, and improve the Service and vendor storefronts;
- Create and secure accounts and process sign-in;
- Process orders, payments, payouts, receipts, and order-status updates;
- Operate optional features you or a vendor enable, such as loyalty rewards, digital gift cards, and email Drops;
- Issue and manage digital gift cards and maintain their balances;
- Generate aggregated, anonymous community market insights;
- Provide AI-assisted features (see Section 3);
- Analyze usage and produce vendor reports and dashboards;
- Measure and improve our own advertising and understand how visitors arrive at the Service, using the tools described in Section 5 and only after you consent;
- Detect, prevent, and address fraud, abuse, and security issues; and
- Comply with legal obligations.
3. AI-Assisted Features
The Service offers optional AI-assisted tools — for example, drafting product descriptions, extracting recipe details from pasted text, and reading uploaded expense-receipt photos (OCR) to pre-fill amounts and dates. To provide these features, the relevant content you submit is sent to our AI provider (OpenAI) for processing and returned to you for review before saving. Do not upload content to these features that you are not authorized to share.
4. How We Share Information
We do not sell your personal information for money. We share it only as described here, including the advertising and analytics sharing described in Section 5:
- Between vendors and shoppers. A vendor's storefront and listings are public. When you place an order, your order details are shared with the vendor fulfilling it so they can complete and support your purchase.
- Service providers (subprocessors). We share data with vendors who process it on our behalf under contract, including:
- Stripe / Stripe Connect — payment processing, vendor payouts, and subscription billing;
- Resend — transactional emails (receipts, order status, opt-in confirmations, gift-card delivery) and email Drops delivery;
- OpenAI — AI-assisted product copy, recipe extraction, and receipt OCR;
- Google — vendor sign-in (OAuth
emailandprofilescopes), address autocomplete (Google Maps), and analytics, tag management, and advertising conversion measurement (Google Analytics, Google Tag Manager, and Google Ads); - Meta Platforms, Inc. — advertising and conversion measurement through the Meta (Facebook) Pixel;
- Railway — hosting, database, and image/object storage.
- Alternative payment services. Cash App, Venmo, and PayPal payments occur directly between shopper and vendor and are governed by those services' own privacy policies.
- Legal reasons. When required by law or legal process, or to protect the rights, safety, or property of The Open Row, our users, or the public.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets.
- With consent or at your direction.
5. Cookies, Analytics, and Advertising
We use cookies and similar technologies to keep vendors signed in, remember preferences, and understand how the Service is used so we can improve it.
We also use Google Tag Manager to manage analytics and advertising tools on our marketing site and on our sign-up and public storefront pages. These currently include Google Analytics, the Meta (Facebook) Pixel, and Google Ads conversion tracking. These tools may set cookies and collect information such as the pages you visit, the actions you take (for example, completing a sign-up), your device and browser, and advertising click identifiers passed in a link (for example, Meta's fbclid). We use this to measure how our advertising performs, attribute sign-ups to specific campaigns, and build and measure advertising audiences, and this information may be shared with Meta Platforms, Inc. and Google LLC in their roles as our advertising and analytics providers.
These advertising and analytics tools do not load until you accept cookies. We use consent controls that keep them off by default and enable them only after you consent; if you decline, these tags do not fire and this information is not collected or shared for advertising. You can also opt out through Meta's and Google's own ad-settings controls, and you can control cookies through your browser settings, though some features may not work without them. We honor Global Privacy Control (GPC) signals where required by law.
6. Community and Aggregated Market Data
Vendor catalog activity contributes anonymized list-price observations to region-level market insights. A region's insights unlock only after enough distinct vendors have contributed, and outputs are limited to aggregated statistics (such as price bands). We design these features so individual vendors and their specific figures are not identifiable in the shared output.
7. Loyalty Rewards
If a vendor enables loyalty rewards, shoppers identify themselves with a phone number only — there is no login or SMS verification. Please be aware that, by design in the current version, anyone who knows a phone number could view or redeem the balance tied to it. Provide a phone number for loyalty only if you are comfortable with this.
8. Email Updates ("Drops") and Marketing
Shoppers can opt in to a vendor's email Drops on the storefront or after checkout, using a double opt-in confirmation. Every Drops email includes an unsubscribe link, and messages include a postal address as required by anti-spam law (CAN-SPAM). Vendors are responsible for the content and consent basis of their own Drops.
9. Data Retention
We retain personal information for as long as an account is active or as needed to provide the Service, process transactions, comply with legal and tax obligations, resolve disputes, and enforce our agreements. Aggregated and anonymized data may be retained indefinitely. When information is no longer needed, we delete or anonymize it.
10. Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect information, including encrypted connections and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Your Choices and Rights
- Vendors can access and update account, stand, and business information in the dashboard. In Settings → Account & data, vendors can download a copy of their data, schedule account closure (with a 30-day grace period), and choose either anonymized closure with retained financial records or a full data wipe. You can also contact us at hello@theopenrow.com for help or escalations.
- Shoppers can unsubscribe from Drops using any Drops email, decline to provide optional email or phone details, and contact us at hello@theopenrow.com to request access to or deletion of information we hold about them. Requests about a specific order, gift-card balance, or loyalty balance may be directed to the vendor.
- Everyone can control cookies and location permissions through their browser or device settings, and can opt out of advertising cookies by declining cookies or sending a Global Privacy Control (GPC) signal.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; to request access, correction, or deletion; and to opt out of the "sale" or "sharing" of personal information. We do not sell your personal information for money, but our use of advertising cookies (see Section 5) may be considered "sharing" for cross-context behavioral advertising under California law; you can opt out by declining cookies, using the controls described in Section 5, or sending a Global Privacy Control (GPC) signal, which we honor. You will not be discriminated against for exercising these rights. To make a request, contact us at hello@theopenrow.com; we will verify your request before responding. You may use an authorized agent.
13. Children's Privacy
The Service is intended for vendors who are adults and for general shopping; it is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have done so, we will delete it. Contact us at hello@theopenrow.com with any concerns.
14. Third-Party Links and Services
The Service links to and integrates third-party services (such as payment apps and storefront links). We are not responsible for their privacy practices; review their policies directly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date and, where appropriate, notify vendors. Continued use of the Service after changes take effect constitutes acceptance.
16. Contact Us
The Open Row (sole proprietorship)
Website: https://theopenrow.com
Email: hello@theopenrow.com