# FarmScope Privacy Policy **Effective Date:** March 30, 2026 **Last Updated:** March 30, 2026 **Company:** FarmScope Inc. (contact@farmscope.eu, +216 54 471 650) --- ## 1. Introduction This Privacy Policy explains how FarmScope Inc. ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our FarmScope platform ("Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the GDPR (EU), POPIA (South Africa), NDPA (Nigeria), PDPL (Gulf countries), and other regional regulations. By using FarmScope, you consent to the practices described in this policy. --- ## 2. Data We Collect ### 2.1 Personal Data You Provide - **Account information:** Name, email address, phone number (optional) - **Farm details:** Farm name, location (country, region), farm size (hectares/acreage) - ** communications:** Support requests, feedback, survey responses ### 2.2 Farm Data (Agricultural Data) You retain full ownership of all farm data you enter into the Service, including: - Livestock records (herd, health, breeding) - Crop records (planting, harvesting, yields) - Inventory data (seeds, feed, chemicals, equipment) - Financial records (expenses, revenue, budgets) - Task schedules and worker assignments - Photos and documents uploaded by you **Important:** Farm data is not considered personal data unless it contains information about identifiable individuals (e.g., employee names, contact details). We treat all farm data as your intellectual property. ### 2.3 Technical Data Automatically Collected - **Usage data:** Features used, login times, session duration - **Device information:** IP address, browser type, operating system, device ID - **Cookies & tracking:** See Section 4 below - **Error logs & analytics:** To improve Service reliability --- ## 3. How We Use Your Data We process your personal data based on one or more of the following legal grounds: ### 3.1 Contractual Necessity Data needed to provide the Service: - Create and maintain your account - Process subscriptions and payments (via Paddle) - Provide customer support - Send service-related notifications (billing, security, account changes) - Generate invoices and receipts ### 3.2 Explicit Consent (Where Required) For jurisdictions that require consent (e.g., UAE, Oman, GDPR for marketing): - Sending educational and promotional emails (you can unsubscribe anytime) - Processing optional data for analytics features (separate opt-in) - Sharing anonymized aggregate data for industry benchmarking (opt-out available) ### 3.3 Legitimate Interests Where not prohibited by local law: - Improving the Service based on usage analytics - Preventing fraud and securing the platform - Communicating about product updates and new features (transactional emails) ### 3.4 Legal Compliance - Complying with tax and financial record-keeping requirements - Responding to lawful requests from authorities (only with proper legal process) --- ## 4. Cookies & Tracking ### 4.1 Cookies We Use - **Essential cookies:** Session management, authentication, security (cannot be disabled) - **Analytics cookies:** Google Analytics / similar (used to understand usage patterns) – you may opt out via cookie banner - **Preference cookies:** Remember your settings and preferences ### 4.2 Third-Party Tracking - We use Paddle.com for payment processing; Paddle may set cookies during checkout (see Paddle's privacy policy) - We may use email service providers (SendGrid, Resend) that track email opens/clicks – you can opt out of marketing emails to disable ### 4.3 Cookie Consent Upon first visit, you will see a cookie banner. You can: - Accept all cookies - Accept only essential cookies - Customize preferences --- ## 5. Data Sharing & Disclosure ### 5.1 We DO NOT Sell Your Data Your farm data and personal information are not sold to third parties for their marketing purposes. ### 5.2 Service Providers (Processors) We share data with trusted third parties who assist in operating our Service: - **Paddle.com:** Payment processing and subscription management (Merchant of Record) - **Cloud hosting:** AWS, DigitalOcean, or similar (data storage and compute) - **Email services:** SendGrid, Resend, or Google (transactional/communication emails) - **Analytics:** Google Analytics (with IP anonymization enabled) - **Customer support:** Zendesk or similar (if implemented) All processors are contractually bound to protect your data and use it only for the purposes we specify. ### 5.3 Legal & Regulatory Disclosures We may disclose your data if required by law, regulation, or legitimate governmental request. We will: - Notify you of such requests when legally permissible - Limit disclosure to the minimum necessary - Challenge overly broad or unlawful requests ### 5.4 Business Transfers If FarmScope Inc. undergoes a merger, acquisition, or asset sale, your data may be transferred as part of the business. We will notify you beforehand and give you the option to delete your account if you choose. --- ## 6. International Data Transfers ### 6.1 Data Localization Commitment We store and process data in accordance with regional data protection laws: - **European users:** Data is stored in EU/EEA data centers or under Standard Contractual Clauses (SCCs). - **African users:** Data is stored in Africa where infrastructure exists; for regions without local data centers, we use providers with SCCs/adequacy decisions. **Ethiopian users:** Data is stored exclusively in Ethiopia (mandatory localization). - **Gulf users:** Data is stored in approved jurisdictions (e.g., Saudi Arabia, UAE). International transfers only with explicit consent and adequacy safeguards. ### 6.2 Your Consent to Transfers By using the Service, you consent to the transfer of your data to our service providers as described above, subject to the protections in this policy. --- ## 7. Data Security We implement industry-standard security measures: - **Encryption:** TLS/SSL for data in transit; AES-256 for data at rest - **Access controls:** Role-based permissions, strong authentication, principle of least privilege - **Monitoring:** 24/7 security monitoring, intrusion detection, log analysis - **Backups:** Regular encrypted backups with secure off-site storage - **Vulnerability management:** Regular security assessments, prompt patching - **Employee training:** All staff trained on data protection and security best practices We follow the principle of **"Security by Design and by Default."** --- ## 8. Data Breach Response If a personal data breach occurs: - **Notification:** Affected users will be notified within **72 hours** (or as required by local law) - **Remediation:** We will take immediate steps to contain, investigate, and remediate the breach - **Guidance:** You will receive clear guidance on protective measures to take - **Authorities:** We will notify relevant Data Protection Authorities as required - **Liability:** We accept full liability for breaches caused by our negligence --- ## 9. Your Data Rights You have the following rights regarding your personal data: | Right | What It Means | How to Exercise | |------|---------------|-----------------| | **Access** | Request a copy of all personal data we hold about you | Email privacy@farmscope.eu | | **Correction** | Fix inaccurate or incomplete data | Update in Account settings or request assistance | | **Deletion** ("Right to be forgotten") | Request erasure of your personal data (with exceptions) | Email privacy@farmscope.eu | | **Restriction** | Limit how we process your data | Email us with specific restrictions | | **Portability** | Receive your data in a machine-readable format (CSV, JSON) | Request via Account or email | | **Object** | Opt out of certain processing activities | Use account settings or email us | | **Withdraw Consent** | Revoke previously given consent (where processing is consent-based) | Click unsubscribe or email us | **Response Time:** We will respond to your request within **30 days** (or 60 days for complex requests, with notice). No fee for reasonable requests, except manifestly unfounded or excessive requests (may incur administrative fee). --- ## 10. Data Retention ### 10.1 Active Accounts While your account is active, we retain your data until you delete it or close your account. ### 10.2 Deleted Data (User-Initiated) - Removed from active systems within **7 days** - May remain in encrypted backups for up to **90 days** - Permanently deleted after **90 days** - Not recoverable after 90 days ### 10.3 Closed Accounts - Upon account closure, you have **30 days** to request data export - After 30 days, we may delete all data - You may reactivate within 30 days to restore data ### 10.4 Legal & Compliance Holds We may retain data longer if required by law (e.g., tax records, compliance audits). --- ## 11. Marketing & Communications ### 11.1 Transactional Emails (No Opt-Out) These are essential for using the Service: - Billing receipts and invoices - Account security alerts - Subscription renewal notices - Customer support responses - Service disruption notifications ### 11.2 Marketing Emails (Opt-In Required) With your consent, we may send: - Product updates and educational content - Industry insights and best practices - Promotional offers and early-bird discounts - Event invitations (webinars, training) **You can unsubscribe** from marketing emails at any time via the "unsubscribe" link in any email or by emailing privacy@farmscope.eu. --- ## 12. Children's Privacy FarmScope is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you become aware that a child has provided us with personal data, please contact us immediately so we can delete that information. --- ## 13. Third-Party Links Our Service may contain links to third-party websites (e.g., Paddle checkout, payment processors). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any information. --- ## 14. Updates to This Policy We may update this Privacy Policy from time to time. If we make material changes: - We will notify you via email and/or in-app notice at least **30 days** before the effective date - The "Last Updated" date at the top will be revised - Continued use after changes constitutes acceptance For minor changes (non-material), we may update without individual notice, but the updated policy will be accessible on our website. --- ## 15. Contact & Data Protection Officer **Privacy Inquiries / Data Subject Requests:** Email: **privacy@farmscope.eu** Subject line: "Data Protection Request" Include: Your name, email, and specific request **General Support:** Email: **contact@farmscope.eu** Phone: **+216 54 471 650** **Data Protection Officer (DPO):** If you have unresolved concerns, our DPO can be reached at: Email: **dpo@farmscope.eu** **For EU residents:** You may also lodge a complaint with your local Data Protection Authority. **For South African residents:** Information Regulator (complaints@inforegulator.org.za) **For Nigerian residents:** Nigeria Data Protection Bureau (compliance@ndpb.gov.ng) **For Ethiopian residents:** Federal Data Protection Agency --- ## 16. Regional Compliance Summary | Region | Applies To | Key Features | |--------|------------|--------------| | **EU/UK** | GDPR, ePrivacy | Strong consent requirements, 72-hour breach notification, 30-day response to rights requests | | **South Africa** | POPIA | No international transfers without consent, mandatory Data Protection Officer | | **Nigeria** | NDPA | Data localization preferred, NDPA registration, consent for international transfers | | **Ethiopia** | 2024 Proclamation | **MANDATORY DATA LOCALIZATION** – all Ethiopian personal data stored within Ethiopia only | | **Gulf (SA/UAE/OM)** | PDPL Laws | Strict consent requirements (especially Oman, UAE), data localization preferred | We design our privacy practices to meet or exceed the strictest applicable standard globally. --- ## 17. How to Exercise Your Rights To make a data subject request: 1. **Email:** privacy@farmscope.eu 2. **Subject:** "Data Subject Request" or "GDPR Request" 3. **Include:** Your full name, email address associated with account, and clear description of your request (e.g., "Please delete all my personal data", "Please export my data in JSON format") 4. **Verification:** We may need to verify your identity before fulfilling the request (to prevent unauthorized access) 5. **Timeline:** We will respond within 30 days. Complex requests may take up to 60 days (we will inform you). All requests are processed free of charge, unless manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse). --- ## 18. No Discrimination You will not be discriminated against for exercising your data protection rights. We will not: - Deny service - Charge different prices - Provide a different level of quality - Threaten or intimidate --- **Last Updated:** March 30, 2026 **FarmScope Inc.** | contact@farmscope.eu | +216 54 471 650