Privacy Policy
Last updated: 1 November 2024
1. Introduction
Agrotronics Innovations Ltd (“Agrotronics”, “we”, “our”, or “us”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our smart farm management platform, including our website, mobile application, API, and IoT services.
By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Account information
When you register, we collect your name, email address, phone number (optional), and password (stored as a bcrypt hash). We never store passwords in plain text.
2.2 Farm and sensor data
We collect and store all data transmitted by your ESP32 sensor nodes, including soil moisture readings, temperature, humidity, water level, GPS coordinates, battery levels, and device telemetry. This data is stored in your organisation's account and is not shared with other organisations.
2.3 Usage data
We collect IP addresses, browser type, pages visited, and session duration for security, debugging, and product improvement. This is stored in our audit log and retained for 12 months.
2.4 Payment information
Payments are processed by Paystack. We do not store card numbers or bank account details. We retain transaction references and invoice amounts for accounting purposes.
3. How We Use Your Information
- To provide, operate, and improve the Agrotronics platform
- To process payments and manage your subscription
- To send alert notifications (email, WhatsApp, in-app) based on your preferences
- To send transactional emails (account verification, password reset)
- To detect and prevent fraud and abuse
- To comply with legal obligations
- To generate anonymised, aggregated insights about agricultural trends (no personal data included)
We do not sell your personal data to third parties. We do not use your farm data for advertising.
4. Data Sharing
We share your data only with:
- Paystack — for payment processing
- Cloudinary — for image storage (farm photos, avatars)
- HiveMQ / MQTT broker — for real-time device data transit
- Email provider (SMTP) — for notification delivery
- WhatsApp Cloud API (Meta) — only if you enable WhatsApp alerts
- Supabase / PostgreSQL — for data storage (hosted in the EU or AWS West Africa region)
All third-party processors are bound by Data Processing Agreements and are prohibited from using your data for their own purposes.
5. Data Retention
- Free plan: Sensor readings retained for 7 days
- Pro plan: Sensor readings retained for 90 days
- Enterprise plan: Sensor readings retained for 1 year
- Account data: Retained until account deletion + 30-day grace period
- Audit logs: Retained for 12 months
- Invoices: Retained for 7 years (Nigerian tax law requirement)
6. Your Rights
You have the right to:
- Access — request a copy of all data we hold about you
- Correction — update inaccurate information via Settings
- Deletion — request account deletion (subject to legal retention obligations)
- Portability — export your sensor data as CSV or Excel
- Objection — opt out of non-essential communications at any time
To exercise any of these rights, email privacy@agrotronics.io. We will respond within 30 days.
7. Security
We use industry-standard security measures including TLS 1.3 in transit, AES-256 encryption at rest, bcrypt password hashing, HTTP-only cookies with CSRF protection, and regular security audits. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Cookies
We use three HTTP-only cookies: access_token, refresh_token, and a CSRF token. These are strictly necessary for authentication and cannot be opted out of while using the platform. We do not use advertising or tracking cookies.
9. Children's Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notification at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
11. Contact
For privacy enquiries, data subject requests, or to report a privacy concern:
Agrotronics Innovations Ltd
Data Protection Officer
Ibadan, Oyo State, Nigeria