Privacy Policy

1. Data We Collect

1.1 Account & Profile Data

When you create a Farmer Copilot account, we collect your name, email address, farm name, and geographic region. Profile data helps us personalise weather forecasts, breed recommendations, and regional benchmarks. This data is stored in our secure cloud database (Google Cloud Platform, with AES-256 encryption at rest).

1.2 Farm & Agricultural Data

Farm data includes animal records (species, breed, tag numbers, health events, production metrics), crop fields, feed inventories, and financial transactions. This is the most sensitive data we handle. By default, all farm data is stored locally on your device and is NOT synced to our servers unless you explicitly enable Cloud Sync in Settings → Data Management.

1.3 Device & Usage Data

With your consent, we collect anonymised usage metrics such as which features you use most frequently, session duration, and crash reports. This data has no personal identifiers and is used purely to improve app stability and prioritise development. You can disable this in Settings → Privacy → Analytics.

1.4 Location Data

Location is used exclusively to provide accurate hyper-local weather forecasts for your farm. We request approximate location (nearest 5km). Precise GPS coordinates are never transmitted to our servers without explicit consent. Location data is processed on-device and discarded after the weather request is fulfilled.

1.5 Communication Data

If you contact our support team, submit a ticket, or communicate via in-app chat, we retain that conversation history to provide effective support and to improve our knowledge base. Support communications are stored for up to 3 years.

1.6 Hardware Integration Data

When you pair Bluetooth devices (scales, EID readers, activity sensors), the pairing credentials and last-synced readings are stored locally on your device. No Bluetooth device data is transmitted to our servers.

2. How We Use Your Data

2.1 Core Agricultural Services

Your farm data is used to power Farmer Copilot's core features: animal health tracking, breeding calendar automation, feed formulation, crop planning, financial reporting, and AI-powered health predictions. These services process your data entirely on your device using local AI models (TensorFlow Lite) and do not require an internet connection.

2.2 Weather & Environmental Services

Your approximate location and farm size are shared with our weather data providers (Open-Meteo and NOAA) to deliver field-level weather forecasts. Only your general region (not farm boundaries) is transmitted. We do not share your identity with these providers.

2.3 AI & Machine Learning (Federated Learning)

If you opt in to "Community Learning" in Privacy Settings, your on-device AI model improvements (not your raw data) may contribute to our federated learning system. Under federated learning, your device trains a local model improvement on your data, and only the mathematical gradient update (with differential privacy noise, ε ≤ 1.0) is shared. Your raw animal records, financial data, or personal information is NEVER transmitted under this scheme. A minimum of 10 farms must contribute before any aggregate model is updated, preventing individual farm identification.

2.4 Benchmarking & Community Insights

If you opt in to "Show Benchmarks" in Privacy Settings, anonymised performance metrics from your farm may be aggregated with other farms to provide community benchmarks (e.g., "Average ADG for Hereford cattle in your region: 1.4 kg/day"). All benchmark data is aggregated across ≥10 farms and applies geographic generalisation (minimum county/regional level). Your identity and farm name are never associated with published benchmarks.

2.5 Service Improvements

Anonymised and aggregated usage patterns (e.g., "40% of users record health events weekly") may be used to prioritise feature development, optimise app performance, and personalise the app experience. No individual-level analysis is performed.

2.6 Legal Compliance & Safety

We may use or disclose your data where required by applicable law, government request, or to prevent fraud, abuse, or activities that could harm users, animals, or third parties. We are also required to retain certain financial and veterinary records for compliance audit purposes as required by law in your jurisdiction.

3. Data Sharing & Third Parties

3.1 We Do NOT Sell Your Data

Farmer Copilot has never sold, and will never sell, your personal or agricultural data to advertisers, data brokers, financial institutions, agricultural commodity traders, or any other commercial third party. This is a core commitment.

3.2 Infrastructure Providers

We use Google Cloud Platform (GCP) for cloud storage and Firebase for authentication. These providers operate under strict data processing agreements that prohibit them from accessing your farm data for their own purposes. GCP is SOC 2 Type II, ISO 27001, and GDPR-compliant.

3.3 Payment Processing

Subscription payments are processed by Stripe. Farmer Copilot never sees or stores your full card number; only the last 4 digits and expiry are retained for display. Stripe is PCI DSS Level 1 compliant.

3.4 Veterinary & Compliance Integrations

If you explicitly connect a third-party veterinary record system, livestock registry, or government compliance portal, only the specific data required for that integration is shared — nothing more. You can revoke any integration at any time in Settings → Integrations.

3.5 Research Partnerships

We partner with universities and agricultural research institutions. Participation in research programs is strictly opt-in, and all shared data is anonymised at the farm level. You will always be presented with a clear consent form before any research data is collected.

4. Data Retention

4.1 Active Account Data

Farm data, animal records, and production history are retained for as long as your account is active. You may delete individual records, entire animal histories, or your complete farm profile at any time through Settings → Data Management.

4.2 Account Deletion

When you delete your Farmer Copilot account, all personally identifiable information is permanently erased within 30 days. Anonymised, aggregated data (e.g., benchmark contributions) may be retained as they cannot be re-attributed to you.

4.3 Veterinary & Compliance Records

Certain veterinary treatment records and financial records may be subject to statutory retention periods (typically 3–7 years depending on jurisdiction). We will inform you if any of your records are subject to such retention obligations.

4.4 Backup & Exported Data

Backups you create are stored locally on your device. If you use our Cloud Backup feature, encrypted backups are retained for 90 days after the most recent backup. You can delete cloud backups at any time in Settings → Data Management.

5. Your Rights (GDPR & CCPA)

5.1 Right to Access

You have the right to request a complete export of all personal data we hold about you. Use Settings → Data Management → Export Farm Data, or contact us at [email protected].

5.2 Right to Rectification

You can correct any inaccurate personal data directly in the app. For data you cannot edit directly, contact our support team.

5.3 Right to Erasure ("Right to be Forgotten")

You can permanently delete your account and all associated data from Settings → My Account → Delete Account, or by emailing [email protected]. Erasure is completed within 30 days.

5.4 Right to Portability

You can export all your farm data in standard formats (CSV, JSON) at any time. This includes all animal records, financial transactions, health logs, and production data.

5.5 Right to Object

You may object to the processing of your data for analytics, benchmarking, federated learning, or research purposes at any time by toggling the relevant settings in Settings → Privacy.

5.6 CCPA Rights (California Residents)

California residents have additional rights under CCPA, including the right to Know, the right to Delete, the right to Opt-Out of Sale (we do not sell data), and the right to Non-Discrimination. Submit a request to [email protected].

6. Security

6.1 Encryption

All data transmitted between your device and our servers is encrypted using TLS 1.3. Data at rest in our cloud database is encrypted using AES-256. Local device storage uses encrypted databases where your farm data is stored.

6.2 Authentication

We support multi-factor authentication (MFA), biometric login (Face ID / Touch ID), and OAuth2 social login with major providers. We strongly recommend enabling MFA for accounts with farm financial records.

6.3 Security Monitoring

We continuously monitor for unauthorized access, data breaches, and security vulnerabilities. In the event of a breach affecting your personal data, we will notify you within 72 hours as required by GDPR Article 33.

6.4 Bug Reporting

We maintain a responsible disclosure program. If you discover a security vulnerability, please report it to [email protected]. We acknowledge all reports within 24 hours.

7. Cookies & Tracking

7.1 Mobile App

The Farmer Copilot mobile app does not use browser cookies. We use anonymous device identifiers for session management, which you can reset by clearing app data or reinstalling the app.

7.2 Analytics SDK

With your consent, we use an anonymised analytics SDK to collect crash reports and usage statistics. This SDK is configured to prohibit cross-app tracking and does not collect advertising identifiers (IDFA/GAID). You can opt out in Settings → Privacy → Analytics.

8. Changes to This Policy

8.1 Notification of Changes

We will notify you of material changes to this Privacy Policy via in-app notification, email, and/or a notice on our website at least 30 days before the change takes effect. Continued use of Farmer Copilot after the effective date constitutes acceptance of the revised policy.

8.2 Version History

Version 2.1 (March 2026): Added federated learning differential privacy disclosures, CCPA expanded rights, and hardware integration section. Version 2.0 (November 2025): Major revision covering Phase 2 AI features. Version 1.0 (January 2025): Initial policy.

9. Contact Us

Data Controller

Farmer Copilot Ltd.
Data Protection Officer: [email protected]
Privacy enquiries: [email protected]
Security reports: [email protected]

Supervisory Authority

EU/UK users have the right to lodge a complaint with their national data protection authority (e.g., ICO in the United Kingdom, CNIL in France). We encourage you to contact us first so we can address your concern directly.