Privacy policy

• Your farm data (crop plans, harvest logs, customer lists, sales records) belongs to you.
• We collect what we need to operate the platform: your account info, usage telemetry, and the data you create while using PlotsFarm.
• We don't sell your data. We share it only with the subprocessors that operate the platform on our behalf (listed below).
• Cross-farm data aggregation is on by default; you can opt out of any data type at any time, and opting out retroactively removes your past contributions.
• You can export or delete your data at any time. Most rights are self-serve from your account settings; for anything else, email privacy@plots.farm.
• If you're in the EU/UK, California, or another jurisdiction with specific data-protection laws, see sections 9 and 10.

Account information. Email, password hash (we never see your raw password), name, role, the farms you belong to, your timezone preference, the appearance theme you've picked.

Farm operating data. Everything you create while using the platform: fields, beds, crop plans, plantings, tasks, harvests, observations, photos, voice notes, inventory, lots, customers, CSA shares, orders, payments, weather snapshots, soil tests, irrigation runs, expense records, and so on. This is the data the product exists to manage.

Buyer information. When your CSA members or online-store buyers transact through your storefront, we store their name, email, phone (optional), delivery preferences, and payment-method tokens. The actual card number lives only at Stripe; we hold a token (e.g. pm_...) that lets us charge it on your behalf. They're your customers; we hold this information on your behalf and do not market to them ourselves.

Device + usage telemetry. IP address, browser/app version, OS, screen size, the pages and features you use, request latencies, and basic performance metrics. We use this to debug issues, prioritize work, and detect abuse. This data is associated with your account while you're actively using the platform and de-identified after 24 months.

iOS app specifics. If you use the iOS companion app, we additionally collect your APNs push token, your selected push categories, your one-shot GPS coordinates when you tap into walk-the-beds (used to sort beds by distance, never persisted), and photos / voice recordings you explicitly capture. Voice transcription happens on-device (Apple's SFSpeechRecognizer); the transcript and the audio are only sent to our servers when you explicitly save the note.

Diagnostics. When the iOS app encounters an error, we send a small anonymized error report containing the error type, the screen where it happened, your app version, your iOS version, and your device model. No farm data, no buyer information, no audio or photo content, and no message body is included. Used solely to debug crashes and bugs in the wild. Without this we have no way to see what's breaking on real growers' devices short of asking each grower to email support. Self-hosted on our own infrastructure (no Sentry / Crashlytics SDK).

Cookies. We use essential cookies only: a session cookie for Better Auth (so you stay signed in) and a small preference cookie for your appearance theme. We do not use analytics cookies, advertising cookies, or any third-party tracking pixels. There is no cookie consent banner because there is nothing non-essential to consent to. If we add anything optional in the future, we'll add a banner and default it to off.

Blog analytics. On our public blog we collect aggregate, cookieless usage stats (page views, read-throughs, outbound link clicks, newsletter signups) using our own first-party event logging. No cookie is set and no third party is involved. We never store your IP address or a cross-day identifier — readers are counted with a one-way hash that rotates every day, and referrers are kept as a bare host (e.g. google.com), never the full URL.

• Operate the platform. Show you your data, sync between devices, send the right push notification, route a CSA charge on the right day.
• Process payments. Route subscription billing (Stripe Billing) and buyer payments (Stripe Connect) through Stripe under their published privacy commitments.
• Send transactional email. Invitations, password resets, dunning notices, magic links to CSA members, receipts.
• Improve the product. Aggregate usage telemetry tells us what features are used and what's broken.
• Respond to support requests. When you contact us, we look at your account to help you.
• Detect abuse. Rate-limit checks, fraud signals, account-compromise monitoring.
• Comply with the law. Tax records, payment-network rules, lawful data requests from competent authorities.

We do not use your data for behavioral advertising, do not share it with data brokers, and do not enrich it from third-party sources.

We use the following service providers to operate PlotsFarm. Each one has access only to what they need to do their job, under their own published privacy commitments and a data-processing agreement (Article 28 GDPR DPA where applicable; we rely on each subprocessor's standard DPA, which we've reviewed).

We'll update this list as we add or remove providers. Material additions are announced via email to the account owner with at least fourteen (14) days' notice when feasible.

Google API Services: Limited Use. When you connect the optional Google Tasks and Calendar integration, PlotsFarm's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We request only the Google Tasks and Calendar scopes needed to sync your own PlotsFarm tasks to your own Google account. We do not use Google user data for advertising, we do not sell it, we do not transfer it to third parties except as needed to provide or improve this integration at your direction, and we do not allow humans to read it except with your consent, for security or abuse handling, or as required by law. You can disconnect the integration at any time, which revokes our access to your Google account.

The aggregate of crop plans, harvests, and observations across many farms is potentially valuable for trend insights ("growers in your zone hit 28% higher yields when interplanting Sungold with basil") and eventually for training a custom small-scale-farm planning model. Cross-farm aggregation is on by default, granularly per data type, and contributes only as anonymized, zone-level statistics across five or more farms (a k-anonymity floor). No individual farm is ever singled out. You can opt out of any data type at any time from your data-sharing settings; opt-out is one toggle and retroactive: your historical contributions leave the aggregates within 24 hours.

We keep different classes of data for different lengths of time based on what we need to operate the platform and what the law requires.

Deletion requests under GDPR / CCPA accelerate the timeline subject to our legal-retention obligations (we cannot delete a financial record we're required to keep for tax purposes, but we will delete everything else on request).

We encrypt data in transit (TLS / HTTPS everywhere, including internal service-to-service calls) and at rest (managed Postgres with encryption-at-rest, R2 server-side encryption). Authentication uses industry standards (Better Auth, signed JWTs, Sign in with Apple); password hashes use a modern slow-hashing algorithm. We don't handle raw card numbers; Stripe does, and Stripe is PCI DSS Level 1 certified.

Access to production data is restricted to a small number ofPlotsFarm engineers, gated by individual sign-in (no shared credentials), audit-logged, and used only for debugging issues you report. We don't routinely browse customer data.

We don't promise we're unbreakable, but we treat your data the way we'd want our own treated. If we ever discover a security incident affecting your data, we'll notify you without unreasonable delay (within 72 hours where GDPR Article 33 applies) and explain what happened, what data was involved, and what we're doing about it.

Regardless of where you live, you can:

• access the personal data we hold about you,
• correct inaccurate data,
• export your data in a portable format (JSON / CSV),
• delete your data (subject to retention obligations described above),
• opt out of any non-essential processing.

You can do most of this self-serve from /settings/account. For anything else, email privacy@plots.farm.

If you're in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under GDPR (and the UK GDPR / Swiss FADP equivalents):

• Right of access (Article 15): we respond within 30 days of a verified request.
• Right to rectification (Article 16): we correct inaccurate data without undue delay.
• Right to erasure (Article 17): we delete your data within 30 days, except where a legal-retention obligation applies (we'll explain which records we're keeping and why).
• Right to restriction (Article 18): you can ask us to suspend processing while a dispute is resolved.
• Right to data portability (Article 20): your data in a structured, machine-readable format.
• Right to object (Article 21): to processing based on legitimate interests; we'll stop unless we have an overriding lawful basis.
• Right to lodge a complaint with your supervisory authority (the data-protection authority of your member state, the ICO in the UK, the FDPIC in Switzerland).

Legal bases for processing (Article 6): performance of contract (operating the service you signed up for), legitimate interests (product improvement, fraud detection, security, and anonymized cross-farm aggregation, which you may opt out of at any time under your right to object), and compliance with legal obligations (tax, financial-services regulations).

International transfers. PlotsFarm is operated from the United States and several of our subprocessors (Stripe, Cloudflare, Anthropic, OpenAI, Resend, fal.ai, Better Auth) host data in the US. Transfers from the EEA / UK / Switzerland to the US are made under the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, included in each subprocessor's DPA. Where a subprocessor participates in the EU-US Data Privacy Framework, we additionally rely on that adequacy mechanism.

EU representative. PlotsFarm does not currently offer services targeted to EU residents in EU languages, and an Article 27 representative has not yet been appointed. If you're an EU resident using the platform anyway, you can still exercise your rights by emailing privacy@plots.farm.

Data Processing Agreement. If your use of PlotsFarm requires a signed DPA (e.g. you're processing personal data of your CSA members and need a controller-to-processor agreement with us), email privacy@plots.farm and we'll provide our standard DPA.

If you're a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• Right to know what personal information we collect, the sources, the purposes, and the categories of third parties we share it with. The full picture is in sections 2-4 above.
• Right to delete personal information we've collected (subject to legal-retention exceptions).
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information. PlotsFarm does not sell or share personal information for cross-context behavioral advertising. There is no opt-out to exercise because there is no sale; if this changes, we'll add a "Do Not Sell or Share My Personal Information" link to this page.
• Right to limit use of sensitive personal information. We don't use sensitive PI (precise geolocation, payment information beyond what's needed to process the transaction, etc.) for any purpose beyond providing the service you signed up for.
• Right to non-discrimination. Exercising your privacy rights doesn't affect your service or pricing.

To exercise any of these, email privacy@plots.farm with the subject line "California privacy request." We verify your identity by confirming your account email, then respond within 45 days (extendable by an additional 45 days if needed, with notice).

PlotsFarm is a B2B SaaS product for adult growers running farm businesses. We do not knowingly collect personal information from anyone under thirteen (13), and the service is not directed to children. The Children's Online Privacy Protection Act (COPPA) does not apply to our user base.

Workers between 13 and 18 may use the service under the supervision of an adult account owner (e.g. a teen helping out on a family farm). The account owner is responsible for any data created by supervised minor workers and for obtaining whatever parental consent local law requires.

CSA members signing up for a share through a farm's public page must be 18 or older to authorize a payment method. If we learn we've collected personal information from a child under 13, we delete it.

PlotsFarm is operated from the United States; our subprocessors host data in the US and at global edge locations (Cloudflare). By using the service you consent to your data being transferred to and processed in the United States and in the jurisdictions where our subprocessors operate. Section 9 covers the legal mechanisms we rely on for transfers from the EEA / UK / Switzerland.

We'll update this policy as the product evolves and as the law requires. Material changes are emailed to the account owner with a summary; the revised version is posted here with a new effective date. Where required by GDPR / CCPA, we'll obtain fresh consent rather than relying on continued use.

Privacy questions or data-subject requests: privacy@plots.farm. General support: support@plots.farm. See also our Terms of service.