Privacy Policy

1. Information We Collect

1.1 Authentication & Account Data

When you sign in using Google SSO, authentication is handled by Google and our managed identity provider. We do not receive your Google password. We collect:

• Basic profile information from Google (name, email address, profile image URL)
• Authentication identifiers (Google account ID, internal user ID)
• Account metadata (creation date, plan type, language preference, feature settings)
• Session tokens for authentication and security

1.2 Usage & Content Data

• Chat messages, prompts, and AI responses in FieldGuide
• Agricultural images uploaded to FieldVision with associated metadata (crop type, location, suspected disease)
• fieldmap inputs and outputs (field descriptions, weather data features, model predictions)
• Geographic context (country, province, district, crop type, season, management practices)
• Usage metrics (timestamps, feature usage, error logs, performance data)

1.3 Device & Technical Data

• IP address and approximate geographic location
• Browser type, operating system, device information
• Error logs, timeouts, and performance metrics
• Cookies and session management tokens

1.4 Organizational Data

• Organization name, contact person, billing details
• User lists and access roles for team workspaces
• Configuration settings (crops of interest, regions, integrations)

1.5 Mobile App & Permission Data

If you use our iOS or Android app, we may request device permissions only when needed for app features. You can manage these permissions through your device settings.

• Camera or photo library access when you choose to upload crop, field, livestock, or farm images
• Microphone access when you choose to record audio for transcription, translation, or voice-based guidance
• Location access, if enabled, to provide region-specific weather, crop calendar, pest, disease, and field guidance
• Push notification tokens, if enabled, to send service alerts, reminders, or important account messages
• App diagnostics such as crash logs, app version, device model, operating system, and performance data

1.6 Payment & Transaction Data

• Payment intent identifiers, payment status, plan or credit purchase history, and transaction references
• Billing contact details needed for invoices, receipts, reconciliation, support, fraud prevention, or legal compliance
• We do not intentionally store full card numbers, bank passwords, or mobile money PINs; payment credentials are handled by payment processors where applicable

2. Where Your Data Lives

FildraAI runs on a leading cloud platform with encrypted storage and managed services. Here's transparency on our main data tables:

2.0 Physical Data Location

Production data is stored in cloud data centres in Cape Town, South Africa. For disaster recovery, encrypted backups of your account profile and chat history are replicated to data centres in Dublin, Ireland. Other personal data (audio recordings, uploaded crop images) is not replicated outside the primary region. If you access FildraAI from outside South Africa, your data still rests in these locations, your browser communicates with our servers there.

2.1 Users Table (Identity & Accounts)

• Stores core account records: user_id, cognitoSub, email, display name, metadata
• Includes plan type, language preferences, feature flags
• Does not store passwords (handled by Google and our managed identity provider)

2.2 Chats Table (Conversations)

• Stores chat sessions, messages, prompts, and AI responses
• Includes references to uploaded images, crop context, model selections
• Chat history is automatically deleted 180 days after creation. Audio job records are retained for 30 days. Account profiles persist until you request deletion (see Section 8).
• Used for history, quality improvement, debugging, and usage analysis

2.3 Context Tables (Personalization)

• UserContext: Stores farming context (crops, regions, suppliers) for consistent recommendations
• ContextEvolution: Tracks changes to context over time with timestamps
• Used only for personalization, not shared with advertisers or third parties
• May use TTL to clean up inactive profiles per retention policies

2.4 fieldmap Jobs & Artifacts

• fieldmapJobs: Records each analysis run with job_id, user_id, status, settings
• fieldmapArtifacts: References to reports, features, and outputs stored in our secure cloud object storage
• Used for analysis history, result reproduction, model improvement

2.5 Connections Table (Real-time Sessions)

• Stores WebSocket connection IDs for live updates
• Contains minimal information (connectionId, session_id)
• Short-lived, automatically cleaned up when connections close

3. How We Use Your Information

4. AI Services, Third-Party Processors & Payments

4.1 Third-Party Processors

We use trusted third-party service providers to operate FildraAI. These providers process data only for the purposes we authorize and are expected to protect user data consistently with this policy.

• Cloud infrastructure, storage, databases, authentication, and security services
• Google services where used for sign-in, app platform services, diagnostics, translation, speech, or related functionality
• AI service providers where needed to process prompts, images, audio, extracted text, summaries, translations, or agricultural guidance
• Map, weather, analytics, logging, email, and payment providers where needed to provide the service

4.2 AI Processing & Model Improvement

• Your prompts, uploaded images, audio, field notes, and generated outputs may be processed to provide AI features such as diagnosis, translation, summaries, and guidance
• Where we use data for quality improvement, we aim to de-identify, aggregate, or minimize personal information where practical
• We do not sell private user uploads or farm records to advertisers
• If we introduce materially different AI training or data-sharing practices, we will update this policy and provide any required notice or choice

4.3 Payments

If paid features, credits, subscriptions, or payment links are offered, payment processing may be handled by FildraAI, FildraPay, app stores, banks, mobile money providers, card networks, or other payment processors. We use payment information to process transactions, grant credits or plan access, prevent fraud, reconcile payments, issue receipts, and comply with accounting or legal requirements.

5. Cookies, Analytics, Tracking & App Permissions

5.1 Cookies and Similar Technologies

• We use cookies, local storage, and similar technologies for login sessions, security, preferences, language settings, analytics, and service reliability
• Some cookies are required for authentication and security; others may support analytics or product improvement
• You can control cookies through your browser settings, but disabling required cookies may affect login or service functionality

5.2 Tracking and Advertising

We do not sell personal data. We do not use third-party advertising trackers unless this policy and applicable app store privacy disclosures are updated. If we use analytics or diagnostics, we use them to understand reliability, feature usage, crashes, and service quality.

5.2a Google Analytics 4 (Consent-Gated)

When you click “Accept all” on the cookie banner, we load Google Analytics 4 to understand how the site is used. This is the only third-party analytics we run beyond Cloudflare’s first-party web analytics (which uses no cookies). Specifics:

• Loads only when you accept the banner. Google’s Consent Mode v2 keeps all storage in ‘denied’ state until you click Accept, and immediately re-denies storage if you click Essential only.
• IP anonymisation is forced on (anonymize_ip: true). Google truncates the last octet of every visitor IP before it’s logged.
• Google Signals (cross-device tracking, demographic inference) is explicitly disabled.
• Ad personalisation signals are explicitly disabled. Google may not use this data to retarget you with ads across other sites.
• Data shared with Google: the URL of the page you visit, the referrer, your device type, your browser language, and (under Cloudflare proxying) the country your IP geolocates to. We do not pass your email, account id, or any farm/field data into the analytics events.
• Opt out at any time by clearing localStorage on this domain or by visiting tools.google.com/dlpage/gaoptout — Google’s official opt-out browser add-on disables GA across every site that uses it.

5.3 Managing App Permissions

You can revoke app permissions such as camera, photo library, microphone, location, and notifications through your device settings. Some features may stop working if a required permission is disabled.

6. Information Sharing

We May Share Information With:

• Service Providers: Cloud providers, authentication providers (Google sign-in and managed identity providers), analytics, logging, and email services under data protection agreements.
• Legal Compliance: Authorities or regulators when required by law or necessary to protect rights and safety.
• Business Transfers: Another entity during mergers, acquisitions, or asset sales, with privacy rights preserved.

7. Data Retention

We retain data only as long as necessary for the purposes described in this policy or as required by law:

• Account Information: Retained while your account is active. When you delete your account, live profile data is removed within 24 hours; encrypted automated backups roll off within 35 days per AWS’s default backup retention.
• Chat & Image Data: Retained during use and for product improvement; some records may have automated TTL cleanup.
• Analytics & Logs: Aggregated or pseudonymized where possible, retained for reliability and security.
• Support Communications: Retained for reasonable period to resolve issues and maintain support history.

8. Your Rights, Choices, and Account Deletion

To exercise these rights, including the right to erasure (deletion of your data) and the right to portability (a copy of all personal data we hold about you), please contact us with details to identify your account. We confirm receipt of every request within 3 business days, and complete most requests within 30 days. Some records (audit logs, financial transaction records) may be retained for legal reasons after account deletion; we will tell you which when we complete your request.

9. Data Security

We use technical and organizational measures to protect your data from unauthorized access, alteration, or destruction. No system is completely secure, but we work to reduce risk and respond quickly to issues.

• Encryption of data in transit (HTTPS) and at rest in core storage services
• Access controls and authentication for administrative tools and production environments
• Logging and monitoring to detect unusual activity or potential abuse
• Regular updates to infrastructure components and libraries

10. International Transfers & Children

10.1 International Data Transfers And EU Residency

Your production data is stored in AWS DynamoDB Global Tables with two regions: the primary write region is AWS af-south-1 (Cape Town, South Africa) and the failover replica is AWS eu-west-1 (Dublin, Ireland). Writes from any region replicate bidirectionally; reads serve from the nearest healthy region. This setup means that if you are a resident of the EU or EEA, your personal data is continuously processed in two regions, one of which (Ireland) is inside the EU. Cross-border transfers between these regions are governed by the AWS Customer Agreement and AWS’s Standard Contractual Clauses (SCCs) under Article 46 GDPR. AI inference for chat and crop-diagnosis runs in AWS eu-west-1 (Ireland) on AWS Bedrock; Bedrock is contractually configured not to use customer prompts or outputs to train models. We do not transfer your personal data to the United States or to other third countries except where strictly necessary to deliver a feature you request (for example, an external map provider for a specific tile); in those cases we share only the minimum necessary and rely on SCCs or an applicable adequacy decision.

10.2 Children's Privacy

FildraAI is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact support and we will delete the account and its data without charge.

11. Contact Us

If you have questions about this Privacy Policy, our data practices, account deletion, app permissions, Google SSO, our managed identity provider, or how we store data, please contact us: