Privacy Policy

Last updated: 26 April 2026 (raised minimum age to 18 following Apple age-rating system change; added PostHog product-analytics sub-processor disclosure, expanded the Sentry disclosure to cover mobile-app breadcrumb capture, and clarified that the in-app "Send anonymous usage data" toggle controls product analytics only)

FarmAsk ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Account Information

• Email address (or Apple private relay address if you use "Hide My Email")
• Name (optional)
• Password (hashed with bcrypt — we never store your plaintext password)

Age Attestation

At onboarding you confirm that you are 18 or older. We store only a timestamp proving you gave that confirmation. We do not collect or store your date of birth — keeping a DOB would be unnecessary data and we do not need it to enforce the age gate.

Farm Profile

• Country (auto-detected from your device, confirmed by you)
• Region or county (optional)
• Farm type (e.g., Dairy, Crops, Mixed)
• Holding size (optional)
• Livestock details (optional)
• Soil type (optional)

Conversation Data

• Your questions and messages
• AI-generated responses
• Conversation history and timestamps

Farm Notebook Facts (Optional Feature)

If you enable Farm Notebook:

• Short factual statements about your farm extracted from your conversations (e.g. "150 dairy cows", "200 acres winter wheat", "silty clay soil")
• Each fact is linked to your account so future advice can reference it — it is personal data, not anonymous
• Only farming-related information is stored; the extraction prompt explicitly excludes names, addresses, financial details, and personal information about third parties

Content Reports

If you report a problematic AI response from the chat screen, we store your user ID, the ID of the reported message, the reason you chose (harmful, inaccurate, offensive, dangerous, privacy, other), any free-text details you provide, the review status, and any admin notes made during review. Reports are retained as part of our safety audit trail and to demonstrate compliance with Apple's App Store content moderation requirements.

Usage Information

• Device type and operating system
• App usage statistics
• Error logs (for bug fixes and improvements)

How We Use Your Information

We use your information to:

• Provide the Service: Generate personalized farming advice based on your questions and farm profile
• Personalize Responses: Use your location (country/region) and farm type to provide relevant, location-specific advice and regulations
• Learn Your Context: If Farm Notebook is enabled, use stored farming facts to provide more tailored advice
• Improve the App: Analyze usage patterns to fix bugs and improve features
• Communicate: Send important service updates, subscription information, and support responses
• Regional Intelligence: Collect anonymised, aggregated data on farming conditions to identify regional farming trends
• Comply with Laws: Meet legal obligations and protect against fraud

Farm Notebook (Optional Feature)

Farm Notebook is an opt-in feature that is OFF by default.

What It Does

When enabled, FarmAsk learns farming-related facts from your conversations to provide more personalized advice. For example, if you mention you have 150 dairy cows, we'll remember this for future conversations.

Your Control

• Turn on/off anytime from Settings
• View all stored facts (Settings → Farm Notebook)
• Edit any individual fact
• Delete individual facts or all facts at once
• When turned off, facts remain accessible but won't be used in responses or added to

Privacy Protections

• Only farming-related information is stored (crops, livestock, equipment, practices, etc.)
• The extraction prompt explicitly excludes names, addresses, financial details, and information about third parties
• Facts are linked to your account so they are personal data — but they are never sold, never shared outside the sub-processors needed to generate your advice, and always under your direct control
• Facts are used only to personalize your farming advice
• All data is deleted when you delete your account

Anonymous Farming Intelligence (Opt-In)

FarmAsk has an optional feature that collects anonymised, aggregated data about farming conditions mentioned in conversations. This helps us identify regional trends in farming.

What We Collect (only if you opt in)

If you enable the feature, when farming topics are discussed in chat we may record:

• Country and region (e.g. "United Kingdom, Oxfordshire" or "Australia, Queensland")
• Category and sub-category of the topic (e.g. fungal crop disease, arthropod pest, frost damage, market price)
• Topic (e.g. "wheat yellow rust", "slug damage on OSR", "store lamb prices at market")
• Primary crop or livestock affected (e.g. wheat, sheep, dairy cattle, oilseed rape)
• Growth stage or life stage (e.g. flowering, grain fill, lambing, finishing)
• Severity and, where stated, quantitative impact (e.g. "mortality rate 7%", "yield loss 15%", "20 acres affected")
• Anonymous aggregate market prices (e.g. "store lamb price £94 per head") — never linked to an identifiable seller or farm
• Interventions tried and their outcomes (e.g. "sprayed fungicide at T1, effective" or "switched to alternative variety, poor yield") — anonymous, never linked to brand preferences of any specific farmer
• Date of report and, where stated, the date the farmer first noticed the issue
• Number of reports (aggregated count per country/region/topic/day)

What We Do NOT Collect

Preventing Duplicate Counting

To ensure data accuracy, we use a one-way cryptographic hash to prevent the same issue being counted multiple times from the same account on the same day. This hash cannot be reversed to identify you — it simply tells our system "this has already been counted today." These hashes are automatically deleted after 7 days.

Why We Collect This

• To identify regional farming trends (e.g. "wheat rust increasing in South East England")
• To understand which crops, livestock, and stages are most affected by seasonal problems
• To track market conditions in aggregate (e.g. average lamb prices by region this month)
• To learn which interventions farmers find effective, improving the advice FarmAsk gives
• To improve the relevance of AI advice for your region

How This Data Is Different

This data is truly anonymous under GDPR (Recital 26). Unlike your farm profile and conversation history, this data:

• Contains no user identifiers of any kind
• Cannot be traced back to any individual, even with full database access
• Is aggregated — individual datapoints are only ever shown or shared when at least 5 reports exist for a given country/topic (or 3 for a specific region), to prevent re-identification
• Is automatically summarised into yearly trends after 12 months — daily detail is deleted but yearly patterns are kept to identify long-term trends (e.g. "wheat rust peaks every April in this region")
• Is based on your explicit, informed opt-in consent — we do not run the extraction at all unless you have enabled it in Settings

Opt-In and Opt-Out

This feature is OFF by default for everyone. To enable it, go to Settings → Privacy → Help improve FarmAsk. To disable it again, turn the same toggle off — this stops any new data being extracted from your future conversations, and takes effect within a few seconds.

Because anonymous intelligence data contains no user identifier of any kind, we cannot retroactively identify or remove data extracted while the feature was enabled. That is inherent to the anonymisation model and is the whole reason the data is anonymous under GDPR. If that trade-off isn't right for you, leave the feature off.

Data Sharing and Licensing

Because anonymous farming intelligence data does not identify any individual farmer or farm — it is not personal data under GDPR Recital 26 once extracted and aggregated — we may:

• Publish aggregated trends in blog posts, newsletters, and in-app features (e.g. "Slug damage reports up 40% this month", "Average store lamb price in South West England: £94/head")
• Share or license aggregated datasets and reports with research institutions, universities, and government agricultural bodies (APHA, Defra, AHDB, USDA, Rothamsted Research, and equivalent bodies in other countries) for agricultural research, policy development, and animal / plant disease surveillance
• License aggregated datasets to commercial partners — including agricultural input companies, insurers, commodity analysts, and research-focused businesses — under appropriate contractual terms. Commercial licensing supports FarmAsk's continued development and may become a source of revenue for the service over time.
• Use aggregated intelligence internally to improve FarmAsk's advice quality and regional insight features

Safeguards applied to every external dataset or publication:

• Minimum-count thresholds — individual data points are only ever shown, shared, or licensed when at least 5 reports exist for a given country and topic (or 10 for a specific region). Cells with fewer reports are suppressed entirely, not shown as "<5".
• Aggregation only — commercial partners receive counts, statistics, and trend visualisations, never row-level data from our database.
• Statistical disclosure control — before any external sharing, we apply generalisation (numeric values rounded into bands, dates grouped into weeks or months), suppression of outliers that could be re-identifiable, and k-anonymity checks at county geographic level or broader.
• No sub-county geography — location is never shared at a more precise level than county or state (for example, "Oxfordshire" not "Thame parish"; "California" not "Sonoma County"). We do not collect or share farm-level coordinates, postcodes, or addresses.
• No children's data — the extraction pipeline explicitly excludes any mention of people under 18.
• No personal financial details — bank information, income, debts, and identifiable transactions are excluded at extraction time.

What we will never do, under any circumstance:

• Sell, share, publish, or license anything that could identify you, your farm, your precise location, your name, your contact details, or a specific transaction you were part of.
• Sell or license your personal data — your account, conversations, farm profile, or Farm Notebook facts — in any form, to any party. Only the anonymous aggregated intelligence layer is eligible for external sharing, and only if you have explicitly opted in.
• Share data with advertisers or ad networks.
• Combine anonymous intelligence with any other dataset in a way that could re-identify an individual farmer.

Your control: You can withdraw your consent to anonymous intelligence collection at any time in Settings → Privacy → Help improve FarmAsk. Withdrawal immediately stops future reports from being extracted from your conversations. Previously-extracted anonymous reports remain in our aggregated dataset because there is no user identifier that would allow them to be found and removed — this is the basis on which the data is classed as anonymous under GDPR Recital 26 and is disclosed above.

Third-Party AI Services

FarmAsk uses third-party AI services to generate farming advice.

What We Send to the AI Provider

Important Privacy Protections

• Your identity is never shared with the AI provider
• Your data is not used to train AI models
• All responses are clearly labeled as "AI-generated"
• The AI provider processes data according to their own privacy policy

AI Provider

We currently use Anthropic's Claude AI service under Anthropic's commercial API terms, which prohibit Anthropic from using your prompts or responses to train their models. For more information about how Anthropic handles data, see Anthropic's Privacy Policy.

AI Content Labelling

Every AI response is delivered to the app with an "AI-generated" flag and is labelled as such in the chat interface. Responses are not presented as the work of a human expert.

Voice Notes

Voice recordings are uploaded from your device directly to our Supabase Storage bucket in the EU (Frankfurt) using a short-lived pre-signed upload URL. Our backend then downloads the file and sends it to OpenAI (Whisper) for transcription. OpenAI does not retain the audio after processing. As soon as transcription succeeds, we immediately delete the raw audio file from our Storage bucket — we only ever hold the raw voiceprint for the seconds it takes to transcribe. Only the resulting transcribed text is retained, as part of your chat message. See OpenAI's Privacy Policy.

Photo Storage

When you attach a photo to a chat message, the file is uploaded directly from your device to a private Supabase Storage bucket hosted in the EU (Frankfurt), using a short-lived pre-signed upload URL generated by our backend. The raw file does not pass through our application server during upload — your device sends the bytes straight to Supabase.

Retention

• Attached to a message — 30 days: photos are automatically deleted after 30 days from the date the message was created. The message itself (your question, the AI response, timestamps) stays in your conversation history — only the underlying image file is removed. Scrolling back to an older message will show a placeholder where the photo used to be.
• When you delete a conversation — immediately: every photo attached to that conversation is deleted from the Storage bucket as part of the delete request — not queued, not on a delayed schedule.
• When you delete your account — immediately: every photo you have ever uploaded is deleted from the Storage bucket as part of the account deletion. The nightly cleanup job described below remains in place as a backstop.
• Orphaned uploads — within 24 hours: if an upload URL is issued but the message is never sent (for example the app is force-closed before send), the file is automatically deleted from the bucket within 24 hours by a nightly cleanup job. The same job also sweeps any files missed by the immediate deletions above, including voice-note audio that our immediate post-transcription delete failed to remove.

Privacy Protections

• The bucket is private — no public URLs, no directory listing, no anonymous access
• Every file is stored under your user namespace; another user's account cannot list, read, or delete your files
• Photo files are only readable via short-lived signed URLs generated by our backend for legitimate purposes (showing you your own photo, letting Anthropic analyse it for your question). Voice-note audio is downloaded once by our backend, sent to Whisper, and then deleted — it is never served to the app or any third party beyond the transcription call.
• Data is encrypted in transit and at rest

Notifiable Animal Disease Warnings

FarmAsk's AI is instructed to identify symptoms in conversations that could indicate a notifiable animal disease (such as foot-and-mouth disease, avian influenza, bluetongue, bovine tuberculosis, or African swine fever). When this happens, the AI places a prominent warning at the top of the response directing you to your country's statutory veterinary authority:

• England: APHA — 03000 200 301
• Scotland: APHA Scotland field services — 03000 200 301
• Wales: APHA Wales — 0300 303 8268
• Northern Ireland: DAERA — 0300 200 7840
• Republic of Ireland: DAFM — your local Regional Veterinary Office
• United States: USDA APHIS — 1-866-536-7593, or your State Veterinarian
• Canada: CFIA — nearest CFIA district office
• Australia: Emergency Animal Disease Watch Hotline — 1800 675 888
• New Zealand: MPI — 0800 80 99 66
• Elsewhere: your national veterinary authority or OIE-WOAH delegate

This is a safety feature, not legal advice. In most jurisdictions you have a legal duty to report suspected notifiable disease to the statutory authority on suspicion alone, without waiting for a confirmed diagnosis. FarmAsk is not a substitute for statutory notification, and a vet referral alone is not a substitute either. You or your vet must make the statutory notification yourself.

Content Reporting and Moderation

If you believe an AI response is harmful, inaccurate, offensive, dangerous, or violates your or someone else's privacy, you can report it directly from the chat screen using the "Report this response" menu on any AI message. We aim to review all reports within 24 hours. Depending on severity, we may adjust the underlying system prompt, contact you for more information, remove or hide the offending response, update our moderation rules, or escalate to the relevant authority. Repeated bad-faith reporting may result in account suspension.

How We Share Your Information

We NEVER Sell Your Data

We do not sell, rent, or trade your personal information to anyone. Period.

Sub-Processors

We share information only as necessary to provide our service. We have Data Processing Agreements in place with all of the sub-processors below.

Sub-processor	Purpose	Data shared	Location
Anthropic (Claude)	Farming advice, photo analysis, Farm Notebook extraction, Anonymous Intelligence extraction (opt-in)	Messages, images, farm profile, recent conversation history	USA
OpenAI (Whisper)	Voice note transcription	Voice audio (not retained by OpenAI after processing)	USA
Supabase	Database and authentication hosting	All account data	EU (Frankfurt)
RevenueCat	Subscription state and billing reconciliation	Account identifier, purchase events	USA
Brevo	Password reset emails	Email address, reset code	EU
Sentry	Error and performance tracking	Account UUID, request path, error stack traces (passwords, tokens, and uploaded media are scrubbed before transmission)	EU / USA
PostHog (EU)	Product analytics — funnel events such as account registered, onboarding completed, daily limit hit, subscription state changes	Account UUID, country, subscription tier, event metadata. We never send your name, email, phone number, message text, or photos. Captured server-side from our backend, so PostHog does not see your device IP.	EU (Frankfurt)
Apple	Sign in with Apple, App Store payments	Apple ID identity token, purchase identifiers	USA
Farming Trends (anonymous, opt-in)	Not linked to any user	Analytics, app improvement	EU (Frankfurt)

International transfers to US-based processors rely on the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. A copy of the relevant clauses is available on request from privacy@farmask.ai.

Legal Requirements

We may disclose information if required by law or to protect our rights, users' safety, or comply with legal processes.

Error Tracking and Product Analytics — Two Separate Systems

FarmAsk uses two operational data flows that are easy to confuse but legally distinct. We want to be explicit about both.

1. Error tracking (Sentry). When something goes wrong on our servers (an unhandled exception, a 5xx response, a webhook failure), we capture a structured error event and send it to Sentry. Each event includes your account UUID, the request method and path, the error stack trace, and a sample of recent server-side events leading up to the error. Passwords, reset codes, Apple identity tokens, push tokens, and any uploaded media are stripped before the event is transmitted. We also sample approximately 10% of all requests for performance tracing (timing data, no message content). This processing is necessary to keep the service running and secure, so we rely on legitimate interest (GDPR Article 6(1)(f)) as our legal basis. You have the right to object under Article 21, but because error tracking is a security-of-network-and-information-systems function (GDPR Recital 49), we may continue this processing if our overriding legitimate interest in service integrity outweighs your specific objection. If you object, please contact us at privacy@farmask.ai and we will assess and respond within one month.

Mobile app error tracking. Our iOS app uses Sentry's React Native SDK to detect crashes and errors on your device. By default this records short "breadcrumbs" describing the actions immediately preceding an error — which screen you were on, which button you tapped, which network request was in flight. These breadcrumbs are attached to error reports only and are sent to Sentry alongside the crash. We have configured the SDK to scrub form-field values from the breadcrumbs. The same legitimate-interest basis (Article 6(1)(f)) applies as for server-side error tracking.

2. Product analytics (PostHog). Separately, we capture a small set of funnel and usage events — for example, "user registered", "onboarding completed", "daily limit hit", "subscription activated". These help us understand which parts of the app work for new farmers and which need improvement. Each event includes your account UUID, your country, and event-specific metadata (such as which subscription tier was activated); it never includes your name, email, message text, or photo content. We process these events under legitimate interest (GDPR Article 6(1)(f)), balanced against your right to object under Article 21. You can object at any time using the "Send anonymous usage data" toggle in Settings → Privacy. When this toggle is off, we stop generating product analytics events for your account immediately.

What the toggle does and does not cover. The "Send anonymous usage data" toggle controls product analytics (PostHog) only. It does not turn off error tracking (Sentry) — error tracking is required to keep the service running and is processed under separate legitimate interest. It also does not turn off subscription lifecycle records (RevenueCat tier changes, billing issue notifications) or account deletion records, which we keep regardless because they are required to perform the subscription contract you have with us (Article 6(1)(b)) and to demonstrate compliance with your right to erasure (Article 17).

Payments

Subscriptions are managed through Apple's App Store. We do not access your payment details. Subscription status is synced via RevenueCat. See RevenueCat's Privacy Policy.

Data Storage and Retention

How Long We Keep Your Data

• Conversation History: Stored indefinitely until you delete your account or individual conversations
• Farm Profile: Stored while your account is active
• Farm Notebook Facts: Stored until you delete them or your account
• Photos: Stored in our EU (Frankfurt) Supabase Storage bucket and automatically deleted after 30 days from the date of the associated message. Deleted immediately when you delete the parent conversation or your account. Orphan uploads (no message attached) are deleted within 24 hours by a nightly cleanup job, which also acts as a backstop for any file missed by an immediate deletion.
• Voice-note audio: Held in the same bucket only for the seconds required to transcribe the recording via Whisper, then deleted immediately. We do not retain raw audio. Only the transcribed text is kept, as part of your chat message.
• Password reset emails (Brevo): The reset code is stored as a one-way keyed HMAC-SHA-256 hash in our database for 15 minutes (the key is held only on our server, so a leaked database snapshot would not yield usable reset codes). Brevo retains transactional email logs (sender, recipient, delivery status) for up to 30 days as part of their normal service operation, after which they are automatically purged.
• Server access logs: 14 days (see the Security section below for detail)
• Error tracking logs (Sentry): Up to 90 days, subject to Sentry's retention policy
• Webhook idempotency records: 30 days
• Account Data: All personal data in our own database is permanently deleted within 30 days of your account deletion request — most within seconds

Where We Store Your Data

Data is stored in a Supabase database hosted in the EU (Frankfurt). Encrypted in transit and at rest.

Your Rights and Control

Access Your Data

• View your farm profile anytime in Settings
• View all Farm Notebook facts in Settings → Farm Notebook
• View conversation history in the app

Edit Your Data

• Update your farm profile anytime
• Edit any stored Farm Notebook fact

Delete Your Data

• Delete individual conversations or Farm Notebook facts. Deleting a conversation also immediately deletes any photos attached to it from our Storage bucket. (Voice-note audio is already deleted at transcription time, so nothing further is stored.)
• Delete all Farm Notebook data at once
• Delete your entire account (Settings → Account → Delete Account). This also immediately deletes every photo you have ever uploaded.
• All personal data in our own database is permanently deleted within 30 days

What happens at third parties when you delete your account: We immediately remove your data from our own database and make a best-effort request to RevenueCat to delete your subscriber record. However, our error-tracking provider Sentry retains error logs that may contain your internal account identifier (a UUID, never your email or name) for up to 90 days after deletion, subject to their retention policy — we cannot individually purge Sentry entries. Transactional email logs at Brevo are similarly subject to their retention policy (up to 30 days). Data sent to Anthropic and OpenAI during AI processing is retained by those providers for a short abuse-monitoring window (typically 30 days) and then purged. All such third-party retention is time-limited and automatic.

Opt-Out Options

• Turn off Farm Notebook without deleting stored facts
• Delete your account to remove all data

Data Portability

Download a complete copy of your data at any time from Settings → Privacy → Download my data. The download is a JSON file containing your account record, conversations, messages, Farm Notebook facts, and any content reports you have filed. Exports are rate-limited to one per hour.

Location Data

Auto-Detection

During onboarding, we auto-detect your country using your device's region settings. You can confirm or change this before continuing.

How We Use Location Data

• Provide location-specific farming advice and regulations
• Offer seasonal guidance relevant to your region
• Tailor responses to your country's agricultural practices

Your Control

• Change your country or region anytime in Settings
• Location data is deleted when you delete your account

We do not collect: GPS location, contacts, browsing history, or advertising identifiers.

Children's Privacy

FarmAsk is intended for users aged 18 and over. At onboarding, every user must affirmatively confirm they are 18 or older before they can complete the farm profile and start using the chat. We record only the timestamp of that confirmation — we do not collect a date of birth. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a person under 18, contact us immediately at support@farmask.ai and we will delete it.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information (this is our default policy)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information to anyone. This is built into our service, not an option you need to enable.

To exercise your CCPA rights, contact us at support@farmask.ai.

European Privacy Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

Legal Basis for Processing

• Consent: For AI processing of your questions and Farm Notebook (you can withdraw consent anytime)
• Contract: To provide our farming advice service
• Legitimate Interest: To improve the app and prevent fraud

Your GDPR Rights

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Stop AI processing or Farm Notebook anytime

Data Controller

Sinden Digital (trading as FarmAsk)
Oxford, United Kingdom
Email: support@farmask.ai

Supervisory Authority

You have the right to lodge a complaint with the ICO if you believe we have violated your privacy rights.

Tracking

We do not use cookies on our website, third-party advertising identifiers, or cross-site tracking. We do not sell or share your data with advertising networks.

We do use a small amount of operational telemetry to keep the service running and improve it, all of which is described in the Error Tracking and Product Analytics section above. The product-analytics portion is opt-out via the in-app toggle.

Security

We use industry-standard security measures to protect your information:

• TLS encryption of data in transit and at rest
• bcrypt password hashing — we never store your plaintext password
• Short-lived signed session tokens with version-based revocation
• Regular security review of dependencies and infrastructure
• Limited employee access to personal data

Server Access Logs

When you use the FarmAsk app or website, our web server (nginx) automatically records the following for each request, for security and abuse-prevention purposes: your IP address, the timestamp, the HTTP method and path, the response status code, and your device's user agent string. These server access logs are retained for 14 days and are then automatically deleted by the system’s log rotation. Access logs are kept in flat files on our server, are not indexed against your user account, and are used only for security monitoring and debugging. Our legal basis for this processing is our legitimate interest in protecting the service from abuse (GDPR Article 6(1)(f)).

Temporary Caching and Rate Limiting

To improve performance and prevent abuse, we temporarily hold some personal data in an in-memory cache (Redis) on our own server:

• Authenticated user data — cached for up to 60 seconds on authenticated requests so we do not have to query the database on every call. Invalidated immediately on any profile change or account deletion.
• Farm Notebook facts cache — cached for up to 5 minutes to speed up chat responses. Invalidated on any edit.
• Rate-limit counters — temporarily record request counts keyed by IP address (unauthenticated routes) or user ID (authenticated routes), with time-to-live typically 60 seconds.
• Failed login tracking — to prevent password-guessing attacks, we temporarily record the count of failed login attempts keyed by email address for up to 15 minutes. This is cleared on successful login and auto-expires otherwise.

Our legal basis for this processing is our legitimate interest in providing a responsive service and preventing account compromise (GDPR Article 6(1)(f)).

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that presents a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 34.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top
• Notify you through the app or via email
• Require re-consent if changes affect how we process your data

Contact

Email: support@farmask.ai
Privacy: privacy@farmask.ai
Website: farmask.ai

We aim to respond to all privacy inquiries within 48 hours. For account deletion or data access requests, we will respond within 30 days as required by law.

---