Privacy Policy

The data controller for the Service is AgriOps. If you have any questions about how we handle your data, please contact us at team@agriops.online.

We collect and process the following categories of data:

Account and identity data:

• Name and email address (collected on registration)
• Business name, address, and postcode
• Farm/business logo (if uploaded)

Farm and operational data:

• Field names, areas, and boundary polygons (map data)
• Cropping history and plans
• Nutrient application plans and soil index records
• Slurry storage details and livestock stocking records
• NVZ compliance records and nutrient movement data
• Farm location (latitude/longitude pin)

Subscription and billing data:

• Subscription status and renewal dates
• Stripe customer ID and subscription ID (we do not store card details)

Technical data:

• Authentication tokens and session data (managed by Supabase)
• Cookie consent preference (stored locally in your browser)

We process your data on the following lawful bases under UK GDPR:

• Contract performance — to provide and maintain the Service you have subscribed to
• Legitimate interests — to improve the Service, prevent fraud, and maintain security
• Legal obligation — to comply with applicable UK law
• Consent — for optional communications such as service updates (where applicable)

We use your data specifically to:

• Provide access to the Nutrient Management Planner and all its features
• Process subscription payments through Stripe
• Maintain and secure your account
• Send transactional emails (e.g. password reset, subscription confirmation)
• Improve and debug the Service

We do not sell your data to third parties. We do not use your farm operational data for any purpose other than providing the Service to you.

Your data is stored securely using Supabase, a cloud database platform hosted on AWS infrastructure within the European Economic Area. Access to your data is protected by row-level security policies — only your account can read or modify your records.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, or destruction. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

Payment data is handled exclusively by Stripe and is never stored on our servers. Stripe is certified to PCI Service Provider Level 1, the highest level of certification available.

We retain your account and farm data for as long as your account remains active, and indefinitely after cancellation unless you request deletion. This allows you to resubscribe and access your historical records at any time.

If you request deletion of your account, all personal data and farm records will be permanently deleted within 30 days, except where we are required by law to retain certain records (e.g. billing records for tax purposes, which are retained for 7 years in accordance with HMRC requirements).

We use the following third-party services to deliver the Service. Each has its own privacy policy:

• Supabase (database, authentication, file storage) — supabase.com/privacy
• Stripe (payment processing) — stripe.com/gb/privacy
• OpenStreetMap / Leaflet (field boundary mapping) — map tiles are loaded from OpenStreetMap servers. No personal data is transmitted to OpenStreetMap beyond your IP address as part of normal tile loading.

We use a minimal number of cookies necessary to operate the Service:

• Authentication cookies — set by Supabase to maintain your login session. These are essential and cannot be disabled without logging you out.
• Cookie consent preference — stored in your browser's local storage to remember that you have acknowledged our cookie notice.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not track your behaviour across other websites.

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can update or correct inaccurate data directly within the Service or by contacting us
• Right to erasure — you can request deletion of your account and all associated data
• Right to restriction — you can request that we restrict processing of your data in certain circumstances
• Right to portability — you can request a machine-readable export of your data
• Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, please contact us at team@agriops.online. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice within the Service. The date at the top of this page reflects when the policy was last updated.

For any privacy-related queries or to exercise your data rights, please contact:

AgriOps
Email: team@agriops.online