Privacy Policy

Last updated: 16 June 2026 (Farm Notebook now discloses the activity log — short text and voice notes you log about day-to-day farm tasks — as its own personal-data category: what it is, retention matching uploaded documents (kept until you delete it, then hard-deleted 30 days after deletion), and the voice handling (transcribed by our provider, audio deleted immediately, only the text kept). Activities are uncapped and governed by the same Farm Notebook pause, export, and deletion controls. Earlier, 4 June 2026 — Farm Notebook now also provides continuity across chats: when relevant, a few word-for-word excerpts of your own earlier messages may be retrieved into a new conversation — only your messages, only from conversations you haven't deleted, only when Farm Notebook is enabled. Earlier, 11 May 2026 — records-with-AI launch: Farm Notebook now covers uploaded documents in addition to conversation facts; added document storage, retention, AI extraction, and pause-semantic disclosures; linked the records export schema. Earlier: minimum age raised to 18 following Apple age-rating system change; PostHog product-analytics sub-processor disclosure added; Sentry disclosure expanded to cover mobile-app breadcrumb capture; "Send anonymous usage data" toggle clarified as product analytics only.)

FarmAsk ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Account Information

• Email address (or Apple private relay address if you use "Hide My Email")
• Name (optional)
• Password (hashed with bcrypt — we never store your plaintext password)

Age Attestation

At onboarding you confirm that you are 18 or older. We store only a timestamp proving you gave that confirmation. We do not collect or store your date of birth — keeping a DOB would be unnecessary data and we do not need it to enforce the age gate.

Farm Profile

• Country (auto-detected from your device, confirmed by you)
• Region or county (optional)
• Farm type (e.g., Dairy, Crops, Mixed)
• Holding size (optional)
• Livestock details (optional)
• Soil type (optional)

Conversation Data

• Your questions and messages
• AI-generated responses
• Conversation history and timestamps

Farm Notebook (Optional Feature)

If you enable Farm Notebook, we collect three kinds of data:

• Facts extracted from your conversations — short factual statements about your farm (e.g. "150 dairy cows", "200 acres winter wheat", "silty clay soil"), pulled out of what you tell the AI so it can use them in future answers
• Documents you upload — soil tests, field lists, cropping reports, spray plans, scheme agreements, invoices, vet plans, forage analyses, farm maps, and similar farming records. Accepted as photo (JPEG, PNG, WebP, HEIC), PDF, Word, Excel, plain text, or CSV. We also store the structured information our AI extracts from each document (field names and areas, crop types, soil test values, dates, and so on) and a single short prose summary of your farm built from all your documents combined.
• Activity log entries — short text or voice notes you log about day-to-day farm tasks (for example "Dosed pen 4, 40 ewes, Zolvix 2ml" or "Drilled spring barley in Long Meadow today"). Voice entries are transcribed to text and the audio is then deleted — only the transcribed text is kept. Unlike the extracted facts above, these are stored as you write or say them, so they may include details such as a contractor's name, treatments, or prices.

Each fact, document, and activity entry is linked to your account, so it is personal data, not anonymous. For the extracted facts and documents, only farming-related information is stored, and the extraction prompts explicitly exclude names, addresses, financial account details, and personal information about third parties; activity log entries are stored as you log them, so they hold whatever you choose to record. Full details — including limits, retention, AI processing, voice handling, and your controls — are in the Farm Notebook (Optional Feature) section further down this page.

Content Reports

If you report a problematic AI response from the chat screen, we store your user ID, the ID of the reported message, the reason you chose (harmful, inaccurate, offensive, dangerous, privacy, other), any free-text details you provide, the review status, and any admin notes made during review. Reports are retained as part of our safety audit trail and to demonstrate compliance with Apple's App Store content moderation requirements.

Usage Information

• Device type and operating system
• App usage statistics
• Error logs (for bug fixes and improvements)

How We Use Your Information

We use your information to:

• Provide the Service: Generate personalized farming advice based on your questions and farm profile
• Personalize Responses: Use your location (country/region) and farm type to provide relevant, location-specific advice and regulations
• Learn Your Context: If Farm Notebook is enabled, use stored farming facts and information extracted from documents you've uploaded (your fields, crops, soil, schemes) to provide more tailored advice
• Improve the App: Analyze usage patterns to fix bugs and improve features
• Communicate: Send important service updates, subscription information, and support responses
• Regional Intelligence: Collect anonymised, aggregated data on farming conditions to identify regional farming trends
• Comply with Laws: Meet legal obligations and protect against fraud

Farm Notebook (Optional Feature)

Farm Notebook is an opt-in feature that is OFF by default. You enable it from Settings, and you can turn it off again at any time.

What It Does

Farm Notebook is FarmAsk's way of remembering what you tell it about your farm so the advice gets more useful over time. When the feature is on, four things happen:

• Facts from chat: when you mention something about your farm in a conversation ("I run 150 dairy cows", "Bottom 40 is heavy clay"), we extract it as a short fact and save it. Those facts are fed back into the AI on later questions so it doesn't ask you the same things twice.
• Documents you upload: you can attach farming records — soil tests, field lists, cropping reports, spray plans, scheme agreements (SFI, BPS, etc.), vet plans, forage analyses, farm maps, invoices — and we'll read them with AI to pull out structured information (field names and areas, crop types, soil pH and nutrient indices, lab recommendations, scheme details) plus a short summary you can search. The AI uses your records to give answers grounded in your actual farm.
• Continuity across chats: when a new question relates to something you discussed before, FarmAsk may retrieve a few short, word-for-word excerpts of your own earlier messages and show them to the AI alongside your question, so it can pick up where you left off instead of starting cold. Only your own messages are used (never the AI's replies), only the most relevant few, and only from conversations you have not deleted — deleting a conversation removes its messages from this entirely.
• Activity log: you can log day-to-day farm tasks as a short text or voice note ("Wormed the ewes", "Crovected all lambs today"). These are saved to your Activity timeline so you can browse, edit, and delete them, and when a later question relates to one ("what have I treated this year?") the relevant entries may be shown to the AI alongside your question. Voice entries are transcribed to text by our transcription provider and the audio is deleted immediately afterwards (see the Voice Notes section below) — only the transcribed text is stored. There is no fixed limit on how many activities you can log.

File Types and Limits

• Accepted file types: photos (JPEG, PNG, WebP, HEIC), PDF, Word documents, Excel spreadsheets, plain text, and CSV
• Maximum file size: 25 MB per file
• Free plan: up to 3 documents in total over the lifetime of your account
• Pro plan: up to 50 documents per day (rolling) — fair-use cap, designed to be invisible in normal use

What Our AI Does With Your Documents

When you upload a document, it is sent to our AI provider (Anthropic — Claude) so the AI can read the contents and pull out the key information. For images and PDFs this uses vision; for Word and Excel files we extract the text first and then ask the AI to organise it. The structured data we extract is stored against your account and shown to you in the app so you can verify it — the original file is also kept so you can download it later, hand it to a vet or agronomist, or include it in an export.

Every time you upload, edit, or delete a document, we ask the AI to regenerate a short prose summary of your farm based on all your current documents combined. That summary is the "Farm Notebook context" that gets quietly attached to your chat questions so the AI's answers reference your actual fields, crops, and operations rather than generic advice.

Verification — Yours, Not Ours

AI extraction is good but not perfect. We label every newly-extracted document as unverified until you've reviewed it. You can mark it as verified from the document detail screen, add free-text notes, and answer any clarifying questions the AI flagged. You are responsible for checking the extracted data before relying on it for important decisions — particularly anything that drives a regulatory submission, a spend decision, or a chemical application.

Where Documents Live

Uploaded document files are stored in a private Supabase Storage bucket in the EU (Frankfurt). This bucket is separate from the chat-attached-photo bucket described below, with its own retention policy. The bucket is private, namespaced per user, and only readable via short-lived signed URLs generated by our backend (24-hour expiry). No public URLs, no directory listing, no cross-user access.

Retention

• Active documents and activity log entries — kept until you delete them or your account
• Deleted documents (soft delete) — when you delete a document from the app, it is immediately hidden from every read surface (you can't see it, the AI can't use it, it doesn't appear in lists or exports of active records). The underlying file and structured data are then permanently purged from our database and storage within 30 days by a sweep job. The grace period exists so a misclick doesn't lose work permanently — if you contact us in the window, we may be able to recover it; after the sweep, the data is irretrievable.
• Deleted activity log entries (soft delete) — the same way: when you delete an activity entry it is immediately hidden from every read surface, then permanently purged within 30 days by the same sweep job. (Voice audio is not involved — it was already deleted at transcription time; only the transcribed text was ever stored.)
• Account deletion — every document, every fact, and every activity log entry is permanently deleted within 30 days (most within seconds, as described in the Data Storage and Retention section below)

Your Control

• Turn Farm Notebook on or off at any time from Settings
• View every document and every fact in the app
• Edit your notes on any document; mark it verified once you've reviewed it; answer clarifying questions the AI raised at extraction time
• Delete any single document or fact, or delete everything at once
• Download a complete copy of your Farm Notebook data as JSON at any time — see records-export-schema for the format

When You Turn Farm Notebook OFF

The toggle is more than a UI hide — it is an active consent control. When it is off:

• Existing data stays accessible. Your documents, facts, activity log entries, AI summary, and field index remain in the app exactly as they were. You can read, list, download, and export them.
• The AI does not see them. Your chat answers go back to using just your farm profile (country, region, farm type), without your facts, without the Farm Notebook summary attached, and without any excerpts of your earlier conversations.
• No new processing happens. Document uploads are refused with a clear message ("Farm Notebook is paused"). Manual fact entry and editing of existing facts or documents is paused. Logging new activity entries (text or voice) is paused too. The AI does not extract new facts from your conversations. The AI summary is not regenerated.
• Deletion still works. Your right to remove data (delete a document, delete a fact, delete your account) is never paused. This is a separate right under UK / EU data protection law and applies whatever the toggle state.

When you turn the toggle back on, processing resumes immediately and your existing data is available to the AI again — without re-uploading or re-extracting anything.

Privacy Protections

• Only farming-related information is stored. Both the fact-extraction and the document-extraction prompts explicitly exclude names, addresses, financial account details, and personal information about third parties.
• Documents and facts are linked to your account so they are personal data — but they are never sold, never shared outside the sub-processors needed to generate your advice, and always under your direct control.
• Document content is sent to our AI provider only to extract and summarise it. Under Anthropic's commercial API terms, your prompts and document content are not used to train AI models.
• Every document is stored encrypted in transit and at rest in our EU storage bucket; access is via signed URLs only.
• All Farm Notebook data is deleted when you delete your account.

Anonymous Farming Intelligence (Opt-In)

FarmAsk has an optional feature that collects anonymised, aggregated data about farming conditions mentioned in conversations. This helps us identify regional trends in farming.

What We Collect (only if you opt in)

If you enable the feature, when farming topics are discussed in chat we may record:

• Country and region (e.g. "United Kingdom, Oxfordshire" or "Australia, Queensland")
• Category and sub-category of the topic (e.g. fungal crop disease, arthropod pest, frost damage, market price)
• Topic (e.g. "wheat yellow rust", "slug damage on OSR", "store lamb prices at market")
• Primary crop or livestock affected (e.g. wheat, sheep, dairy cattle, oilseed rape)
• Growth stage or life stage (e.g. flowering, grain fill, lambing, finishing)
• Severity and, where stated, quantitative impact (e.g. "mortality rate 7%", "yield loss 15%", "20 acres affected")
• Anonymous aggregate market prices (e.g. "store lamb price £94 per head") — never linked to an identifiable seller or farm
• Interventions tried and their outcomes (e.g. "sprayed fungicide at T1, effective" or "switched to alternative variety, poor yield") — anonymous, never linked to brand preferences of any specific farmer
• Date of report and, where stated, the date the farmer first noticed the issue
• Number of reports (aggregated count per country/region/topic/day)

What We Do NOT Collect

Preventing Duplicate Counting

To ensure data accuracy, we use a one-way cryptographic hash to prevent the same issue being counted multiple times from the same account on the same day. This hash cannot be reversed to identify you — it simply tells our system "this has already been counted today." These hashes are automatically deleted after 7 days.

Why We Collect This

• To identify regional farming trends (e.g. "wheat rust increasing in South East England")
• To understand which crops, livestock, and stages are most affected by seasonal problems
• To track market conditions in aggregate (e.g. average lamb prices by region this month)
• To learn which interventions farmers find effective, improving the advice FarmAsk gives
• To improve the relevance of AI advice for your region

How This Data Is Different

This data is truly anonymous under GDPR (Recital 26). Unlike your farm profile and conversation history, this data:

• Contains no user identifiers of any kind
• Cannot be traced back to any individual, even with full database access
• Is aggregated — individual datapoints are only ever shown or shared when at least 5 reports exist for a given country/topic (or 3 for a specific region), to prevent re-identification
• Is automatically summarised into yearly trends after 12 months — daily detail is deleted but yearly patterns are kept to identify long-term trends (e.g. "wheat rust peaks every April in this region")
• Is based on your explicit, informed opt-in consent — we do not run the extraction at all unless you have enabled it in Settings

Opt-In and Opt-Out

This feature is OFF by default for everyone. To enable it, go to Settings → Privacy → Help improve FarmAsk. To disable it again, turn the same toggle off — this stops any new data being extracted from your future conversations, and takes effect within a few seconds.

Because anonymous intelligence data contains no user identifier of any kind, we cannot retroactively identify or remove data extracted while the feature was enabled. That is inherent to the anonymisation model and is the whole reason the data is anonymous under GDPR. If that trade-off isn't right for you, leave the feature off.

Data Sharing and Licensing

Because anonymous farming intelligence data does not identify any individual farmer or farm — it is not personal data under GDPR Recital 26 once extracted and aggregated — we may:

• Publish aggregated trends in blog posts, newsletters, and in-app features (e.g. "Slug damage reports up 40% this month", "Average store lamb price in South West England: £94/head")
• Share or license aggregated datasets and reports with research institutions, universities, and government agricultural bodies (APHA, Defra, AHDB, USDA, Rothamsted Research, and equivalent bodies in other countries) for agricultural research, policy development, and animal / plant disease surveillance
• License aggregated datasets to commercial partners — including agricultural input companies, insurers, commodity analysts, and research-focused businesses — under appropriate contractual terms. Commercial licensing supports FarmAsk's continued development and may become a source of revenue for the service over time.
• Use aggregated intelligence internally to improve FarmAsk's advice quality and regional insight features

Safeguards applied to every external dataset or publication:

• Minimum-count thresholds — individual data points are only ever shown, shared, or licensed when at least 5 reports exist for a given country and topic (or 10 for a specific region). Cells with fewer reports are suppressed entirely, not shown as "<5".
• Aggregation only — commercial partners receive counts, statistics, and trend visualisations, never row-level data from our database.
• Statistical disclosure control — before any external sharing, we apply generalisation (numeric values rounded into bands, dates grouped into weeks or months), suppression of outliers that could be re-identifiable, and k-anonymity checks at county geographic level or broader.
• No sub-county geography — location is never shared at a more precise level than county or state (for example, "Oxfordshire" not "Thame parish"; "California" not "Sonoma County"). We do not collect or share farm-level coordinates, postcodes, or addresses.
• No children's data — the extraction pipeline explicitly excludes any mention of people under 18.
• No personal financial details — bank information, income, debts, and identifiable transactions are excluded at extraction time.

What we will never do, under any circumstance:

• Sell, share, publish, or license anything that could identify you, your farm, your precise location, your name, your contact details, or a specific transaction you were part of.
• Sell or license your personal data — your account, conversations, farm profile, or Farm Notebook facts — in any form, to any party. Only the anonymous aggregated intelligence layer is eligible for external sharing, and only if you have explicitly opted in.
• Share data with advertisers or ad networks.
• Combine anonymous intelligence with any other dataset in a way that could re-identify an individual farmer.

Your control: You can withdraw your consent to anonymous intelligence collection at any time in Settings → Privacy → Help improve FarmAsk. Withdrawal immediately stops future reports from being extracted from your conversations. Previously-extracted anonymous reports remain in our aggregated dataset because there is no user identifier that would allow them to be found and removed — this is the basis on which the data is classed as anonymous under GDPR Recital 26 and is disclosed above.

Third-Party AI Services

FarmAsk uses third-party AI services to generate farming advice.

What We Send to the AI Provider

Important Privacy Protections

• Your identity is never shared with the AI provider
• Your data is not used to train AI models
• All responses are clearly labeled as "AI-generated"
• The AI provider processes data according to their own privacy policy

AI Provider

We currently use Anthropic's Claude AI service under Anthropic's commercial API terms, which prohibit Anthropic from using your prompts or responses to train their models. For more information about how Anthropic handles data, see Anthropic's Privacy Policy.

AI Content Labelling

Every AI response is delivered to the app with an "AI-generated" flag and is labelled as such in the chat interface. Responses are not presented as the work of a human expert.

Voice Notes

Voice recordings are uploaded from your device directly to our Supabase Storage bucket in the EU (Frankfurt) using a short-lived pre-signed upload URL. Our backend then downloads the file and sends it to OpenAI (Whisper) for transcription. OpenAI does not retain the audio after processing. As soon as transcription succeeds, we immediately delete the raw audio file from our Storage bucket — we only ever hold the raw voiceprint for the seconds it takes to transcribe. Only the resulting transcribed text is retained, as part of your chat message. See OpenAI's Privacy Policy.

Photo Storage

FarmAsk uses two separate private Supabase Storage buckets, both hosted in the EU (Frankfurt), with different retention rules:

• Chat-attached photos — the bucket described in detail below. Photos attached to a chat message land here and are automatically deleted after 30 days.
• Farm Notebook documents — a separate bucket for the documents you upload to Farm Notebook (soil tests, field lists, scheme agreements, etc.). Retention is "kept until you delete the document or your account", with a 30-day grace period after soft-deletion. The full retention policy is in the Farm Notebook section above; the operational details (private bucket, namespaced per user, short-lived signed URLs, encrypted in transit and at rest) are the same as for chat photos.

When you attach a photo to a chat message, the file is uploaded directly from your device to the chat-photos bucket using a short-lived pre-signed upload URL generated by our backend. The raw file does not pass through our application server during upload — your device sends the bytes straight to Supabase.

Retention

• Attached to a message — 30 days: photos are automatically deleted after 30 days from the date the message was created. The message itself (your question, the AI response, timestamps) stays in your conversation history — only the underlying image file is removed. Scrolling back to an older message will show a placeholder where the photo used to be.
• When you delete a conversation — immediately: every photo attached to that conversation is deleted from the Storage bucket as part of the delete request — not queued, not on a delayed schedule.
• When you delete your account — immediately: every photo you have ever uploaded is deleted from the Storage bucket as part of the account deletion. The nightly cleanup job described below remains in place as a backstop.
• Orphaned uploads — within 24 hours: if an upload URL is issued but the message is never sent (for example the app is force-closed before send), the file is automatically deleted from the bucket within 24 hours by a nightly cleanup job. The same job also sweeps any files missed by the immediate deletions above, including voice-note audio that our immediate post-transcription delete failed to remove.

Privacy Protections

• The bucket is private — no public URLs, no directory listing, no anonymous access
• Every file is stored under your user namespace; another user's account cannot list, read, or delete your files
• Photo files are only readable via short-lived signed URLs generated by our backend for legitimate purposes (showing you your own photo, letting Anthropic analyse it for your question). Voice-note audio is downloaded once by our backend, sent to Whisper, and then deleted — it is never served to the app or any third party beyond the transcription call.
• Data is encrypted in transit and at rest

Notifiable Animal Disease Warnings

FarmAsk's AI is instructed to identify symptoms in conversations that could indicate a notifiable animal disease (such as foot-and-mouth disease, avian influenza, bluetongue, bovine tuberculosis, or African swine fever). When this happens, the AI places a prominent warning at the top of the response directing you to your country's statutory veterinary authority:

• England: APHA — 03000 200 301
• Scotland: APHA Scotland field services — 03000 200 301
• Wales: APHA Wales — 0300 303 8268
• Northern Ireland: DAERA — 0300 200 7840
• Republic of Ireland: DAFM — your local Regional Veterinary Office
• United States: USDA APHIS — 1-866-536-7593, or your State Veterinarian
• Canada: CFIA — nearest CFIA district office
• Australia: Emergency Animal Disease Watch Hotline — 1800 675 888
• New Zealand: MPI — 0800 80 99 66
• Elsewhere: your national veterinary authority or OIE-WOAH delegate

This is a safety feature, not legal advice. In most jurisdictions you have a legal duty to report suspected notifiable disease to the statutory authority on suspicion alone, without waiting for a confirmed diagnosis. FarmAsk is not a substitute for statutory notification, and a vet referral alone is not a substitute either. You or your vet must make the statutory notification yourself.

Content Reporting and Moderation

If you believe an AI response is harmful, inaccurate, offensive, dangerous, or violates your or someone else's privacy, you can report it directly from the chat screen using the "Report this response" menu on any AI message. We aim to review all reports within 24 hours. Depending on severity, we may adjust the underlying system prompt, contact you for more information, remove or hide the offending response, update our moderation rules, or escalate to the relevant authority. Repeated bad-faith reporting may result in account suspension.

How We Share Your Information

We NEVER Sell Your Data

We do not sell, rent, or trade your personal information to anyone. Period.

Sub-Processors

We share information only as necessary to provide our service. We have Data Processing Agreements in place with all of the sub-processors below.

Sub-processor	Purpose	Data shared	Location
Anthropic (Claude)	Farming advice, photo analysis, Farm Notebook fact extraction, Farm Notebook document extraction (vision + text), Farm Notebook summary generation, Anonymous Intelligence extraction (opt-in)	Messages, images, farm profile, recent conversation history, uploaded documents (Farm Notebook) and their extracted contents	USA
OpenAI (Whisper)	Voice note transcription	Voice audio (not retained by OpenAI after processing)	USA
Supabase	Database and authentication hosting	All account data	EU (Frankfurt)
RevenueCat	Subscription state and billing reconciliation	Account identifier, purchase events	USA
Brevo	Password reset emails	Email address, reset code	EU
Sentry	Error and performance tracking	Account UUID, request path, error stack traces (passwords, tokens, and uploaded media are scrubbed before transmission)	EU / USA
PostHog (EU)	Product analytics — funnel events such as account registered, onboarding completed, daily limit hit, subscription state changes	Account UUID, country, subscription tier, event metadata. We never send your name, email, phone number, message text, or photos. Captured server-side from our backend, so PostHog does not see your device IP.	EU (Frankfurt)
Apple	Sign in with Apple, App Store payments	Apple ID identity token, purchase identifiers	USA
Farming Trends (anonymous, opt-in)	Not linked to any user	Analytics, app improvement	EU (Frankfurt)

International transfers to US-based processors rely on the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. A copy of the relevant clauses is available on request from privacy@farmask.ai.

Legal Requirements

We may disclose information if required by law or to protect our rights, users' safety, or comply with legal processes.

Error Tracking and Product Analytics — Two Separate Systems

FarmAsk uses two operational data flows that are easy to confuse but legally distinct. We want to be explicit about both.

1. Error tracking (Sentry). When something goes wrong on our servers (an unhandled exception, a 5xx response, a webhook failure), we capture a structured error event and send it to Sentry. Each event includes your account UUID, the request method and path, the error stack trace, and a sample of recent server-side events leading up to the error. Passwords, reset codes, Apple identity tokens, push tokens, and any uploaded media are stripped before the event is transmitted. We also sample approximately 10% of all requests for performance tracing (timing data, no message content). This processing is necessary to keep the service running and secure, so we rely on legitimate interest (GDPR Article 6(1)(f)) as our legal basis. You have the right to object under Article 21, but because error tracking is a security-of-network-and-information-systems function (GDPR Recital 49), we may continue this processing if our overriding legitimate interest in service integrity outweighs your specific objection. If you object, please contact us at privacy@farmask.ai and we will assess and respond within one month.

Mobile app error tracking. Our iOS app uses Sentry's React Native SDK to detect crashes and errors on your device. By default this records short "breadcrumbs" describing the actions immediately preceding an error — which screen you were on, which button you tapped, which network request was in flight. These breadcrumbs are attached to error reports only and are sent to Sentry alongside the crash. We have configured the SDK to scrub form-field values from the breadcrumbs. The same legitimate-interest basis (Article 6(1)(f)) applies as for server-side error tracking.

2. Product analytics (PostHog). Separately, we capture a small set of funnel and usage events — for example, "user registered", "onboarding completed", "daily limit hit", "subscription activated". These help us understand which parts of the app work for new farmers and which need improvement. Each event includes your account UUID, your country, and event-specific metadata (such as which subscription tier was activated); it never includes your name, email, message text, or photo content. We process these events under legitimate interest (GDPR Article 6(1)(f)), balanced against your right to object under Article 21. You can object at any time using the "Send anonymous usage data" toggle in Settings → Privacy. When this toggle is off, we stop generating product analytics events for your account immediately.

What the toggle does and does not cover. The "Send anonymous usage data" toggle controls product analytics (PostHog) only. It does not turn off error tracking (Sentry) — error tracking is required to keep the service running and is processed under separate legitimate interest. It also does not turn off subscription lifecycle records (RevenueCat tier changes, billing issue notifications) or account deletion records, which we keep regardless because they are required to perform the subscription contract you have with us (Article 6(1)(b)) and to demonstrate compliance with your right to erasure (Article 17).

Payments

Subscriptions are managed through Apple's App Store. We do not access your payment details. Subscription status is synced via RevenueCat. See RevenueCat's Privacy Policy.

Data Storage and Retention

How Long We Keep Your Data

• Conversation History: Stored indefinitely until you delete your account or individual conversations
• Farm Profile: Stored while your account is active
• Farm Notebook Facts: Stored until you delete them or your account
• Farm Notebook Documents: Stored in our EU (Frankfurt) Supabase Storage bucket (separate from chat-photos). Active documents are retained until you delete them or your account — we do not auto-expire documents on a fixed schedule because farming records (soil tests, scheme agreements, vet plans) have multi-year reference value. When you delete a document from the app, it is hidden immediately and the underlying file plus extracted data are permanently purged within 30 days. Deleting your account triggers immediate deletion of every document, with the 30-day backstop sweep as a safety net. Structured extraction data (field names, areas, crop types, etc.) and the AI-generated Farm Notebook summary follow the same lifecycle as the document that produced them.
• Photos: Stored in our EU (Frankfurt) Supabase Storage bucket and automatically deleted after 30 days from the date of the associated message. Deleted immediately when you delete the parent conversation or your account. Orphan uploads (no message attached) are deleted within 24 hours by a nightly cleanup job, which also acts as a backstop for any file missed by an immediate deletion.
• Voice-note audio: Held in the same bucket only for the seconds required to transcribe the recording via Whisper, then deleted immediately. We do not retain raw audio. Only the transcribed text is kept, as part of your chat message.
• Password reset emails (Brevo): The reset code is stored as a one-way keyed HMAC-SHA-256 hash in our database for 15 minutes (the key is held only on our server, so a leaked database snapshot would not yield usable reset codes). Brevo retains transactional email logs (sender, recipient, delivery status) for up to 30 days as part of their normal service operation, after which they are automatically purged.
• Server access logs: 14 days (see the Security section below for detail)
• Error tracking logs (Sentry): Up to 90 days, subject to Sentry's retention policy
• Webhook idempotency records: 30 days
• Account Data: All personal data in our own database is permanently deleted within 30 days of your account deletion request — most within seconds

Where We Store Your Data

Data is stored in a Supabase database hosted in the EU (Frankfurt). Encrypted in transit and at rest.

Your Rights and Control

Access Your Data

• View your farm profile anytime in Settings
• View every Farm Notebook fact and every uploaded document in Settings → Farm Notebook
• View conversation history in the app

Edit Your Data

• Update your farm profile anytime
• Edit any stored Farm Notebook fact
• Add notes to any uploaded document, mark it verified after review, and answer clarifying questions the AI raised at extraction time

Delete Your Data

• Delete individual conversations, Farm Notebook facts, or uploaded documents. Deleting a conversation also immediately deletes any photos attached to it from our Storage bucket. (Voice-note audio is already deleted at transcription time, so nothing further is stored.) Deleting a Farm Notebook document hides it immediately; the underlying file and structured data are permanently purged within 30 days.
• Delete all Farm Notebook data at once (both facts and documents)
• Delete your entire account (Settings → Account → Delete Account). This also immediately deletes every photo and every Farm Notebook document you have ever uploaded.
• All personal data in our own database is permanently deleted within 30 days
• Right of erasure is never gated by the Farm Notebook toggle — you can delete data whether the feature is on or off

What happens at third parties when you delete your account: We immediately remove your data from our own database and make a best-effort request to RevenueCat to delete your subscriber record. However, our error-tracking provider Sentry retains error logs that may contain your internal account identifier (a UUID, never your email or name) for up to 90 days after deletion, subject to their retention policy — we cannot individually purge Sentry entries. Transactional email logs at Brevo are similarly subject to their retention policy (up to 30 days). Data sent to Anthropic and OpenAI during AI processing is retained by those providers for a short abuse-monitoring window (typically 30 days) and then purged. All such third-party retention is time-limited and automatic.

Opt-Out Options

• Turn off Farm Notebook without deleting stored facts or documents. New uploads and edits are paused; the AI stops drawing on your Farm Notebook data; existing data stays readable and deletable. See the Farm Notebook section above for the full pause semantic.
• Delete your account to remove all data

Data Portability

Download a complete copy of your data at any time. There are two exports, by design separate so you can request either or both:

• Account-wide export — from Settings → Privacy → Download my data. JSON file containing your account record, conversations, messages, Farm Notebook facts, and any content reports you have filed. Rate-limited to one per hour.
• Farm Notebook records export — from Settings → Farm Notebook → Export. JSON file containing every document you've uploaded (active and recently soft-deleted, with signed download URLs for each original file, valid 24 hours), the structured information our AI extracted from each, the cross-document field index, and the prose summary. The shape is documented at records-export-schema so you can use the data with other tools (re-import into your own systems, hand to a vet, agronomist, or accountant).

Location Data

Auto-Detection

During onboarding, we auto-detect your country using your device's region settings. You can confirm or change this before continuing.

How We Use Location Data

• Provide location-specific farming advice and regulations
• Offer seasonal guidance relevant to your region
• Tailor responses to your country's agricultural practices

Your Control

• Change your country or region anytime in Settings
• Location data is deleted when you delete your account

We do not collect: GPS location, contacts, browsing history, or advertising identifiers.

Children's Privacy

FarmAsk is intended for users aged 18 and over. At onboarding, every user must affirmatively confirm they are 18 or older before they can complete the farm profile and start using the chat. We record only the timestamp of that confirmation — we do not collect a date of birth. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a person under 18, contact us immediately at support@farmask.ai and we will delete it.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information (this is our default policy)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information to anyone. This is built into our service, not an option you need to enable.

To exercise your CCPA rights, contact us at support@farmask.ai.

European Privacy Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR:

Legal Basis for Processing

• Consent: For AI processing of your questions and Farm Notebook (you can withdraw consent anytime)
• Contract: To provide our farming advice service
• Legitimate Interest: To improve the app and prevent fraud

Your GDPR Rights

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format. Two complementary exports — an account-wide JSON (Settings → Privacy → Download my data) and a Farm Notebook records JSON whose schema is documented at records-export-schema. See the Data Portability section above for the difference between the two.
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Turn off AI fact and document processing at any time using the Farm Notebook toggle. Withdrawal takes effect immediately: new uploads, edits, and AI extractions are paused; the AI stops drawing on your Farm Notebook data when answering. Your existing stored data remains available for you to read, export, and delete — pausing processing does not remove your right of access or your right to erasure under data protection law.

Data Controller

Sinden Digital (trading as FarmAsk)
Oxford, United Kingdom
Email: support@farmask.ai

Supervisory Authority

You have the right to lodge a complaint with the ICO if you believe we have violated your privacy rights.

Tracking

We do not use cookies on our website, third-party advertising identifiers, or cross-site tracking. We do not sell or share your data with advertising networks.

We do use a small amount of operational telemetry to keep the service running and improve it, all of which is described in the Error Tracking and Product Analytics section above. The product-analytics portion is opt-out via the in-app toggle.

Security

We use industry-standard security measures to protect your information:

• TLS encryption of data in transit and at rest
• bcrypt password hashing — we never store your plaintext password
• Short-lived signed session tokens with version-based revocation
• Regular security review of dependencies and infrastructure
• Limited employee access to personal data

Server Access Logs

When you use the FarmAsk app or website, our web server (nginx) automatically records the following for each request, for security and abuse-prevention purposes: your IP address, the timestamp, the HTTP method and path, the response status code, and your device's user agent string. These server access logs are retained for 14 days and are then automatically deleted by the system’s log rotation. Access logs are kept in flat files on our server, are not indexed against your user account, and are used only for security monitoring and debugging. Our legal basis for this processing is our legitimate interest in protecting the service from abuse (GDPR Article 6(1)(f)).

Temporary Caching and Rate Limiting

To improve performance and prevent abuse, we temporarily hold some personal data in an in-memory cache (Redis) on our own server:

• Authenticated user data — cached for up to 60 seconds on authenticated requests so we do not have to query the database on every call. Invalidated immediately on any profile change or account deletion.
• Farm Notebook facts cache — cached for up to 5 minutes to speed up chat responses. Invalidated on any edit.
• Rate-limit counters — temporarily record request counts keyed by IP address (unauthenticated routes) or user ID (authenticated routes), with time-to-live typically 60 seconds.
• Failed login tracking — to prevent password-guessing attacks, we temporarily record the count of failed login attempts keyed by email address for up to 15 minutes. This is cleared on successful login and auto-expires otherwise.

Our legal basis for this processing is our legitimate interest in providing a responsive service and preventing account compromise (GDPR Article 6(1)(f)).

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that presents a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 34.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top
• Notify you through the app or via email
• Require re-consent if changes affect how we process your data

Contact

Email: support@farmask.ai
Privacy: privacy@farmask.ai
Website: farmask.ai

We aim to respond to all privacy inquiries within 48 hours. For account deletion or data access requests, we will respond within 30 days as required by law.

---