Agrevo
Legal

Privacy Policy

We are committed to protecting your personal data and your right to privacy.

Last updated: March 23, 2026

GDPRCCPAPIPA

1. Data Controller

Agrevo ("we", "us", "our") is the data controller responsible for your personal data. For users in the European Union, Agrevo acts as the data controller under GDPR Article 4(7). For users in California, Agrevo is the "business" under CCPA. For users in South Korea, Agrevo is the personal information processor under the Personal Information Protection Act (PIPA).

Contact: privacy@agrevo.ai

2. Information We Collect

We collect the following categories of personal and operational data:

Account Information

Name, email address, company name, country, job role, and password (hashed). Collected when you register or update your profile.

Farm & Field Data

GPS coordinates, field boundaries (GeoJSON), crop types, planting dates, harvest records, and farm management notes. This data belongs to you and is used solely to deliver our services.

Usage & Technical Data

IP address, browser type, operating system, page views, feature usage logs, and session duration. Collected automatically via server logs and analytics.

Satellite & Environmental Data

NDVI readings from Sentinel-2, weather data from NOAA and Open-Meteo, soil moisture indices. This data is derived from public and licensed sources linked to your registered fields.

Payment Information

We do not store payment card data directly. Payment processing is handled by our PCI-DSS certified payment provider. We retain only transaction IDs and subscription status.

3. How We Use Your Data

We use your data for the following purposes:

  • ·Providing and improving our platform services
  • ·Generating EUDR compliance documentation and audit trails
  • ·Calculating carbon credits and MRV (Monitoring, Reporting, Verification) reports
  • ·AI-powered pest detection and yield forecasting
  • ·Sending service notifications, updates, and support communications
  • ·Complying with legal obligations and regulatory requirements
  • ·Fraud prevention and platform security

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases under GDPR Article 6 are:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide the services you subscribed to.

Legitimate Interests (Art. 6(1)(f))

Platform security, fraud prevention, product improvement, and aggregated analytics.

Legal Obligation (Art. 6(1)(c))

Compliance with tax, EUDR, and other applicable regulatory requirements.

Consent (Art. 6(1)(a))

Marketing communications and optional analytics. You may withdraw consent at any time.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with trusted processors under strict data processing agreements (DPAs):

Amazon Web Services (AWS)

Cloud infrastructure and storage. Data is hosted in AWS regions selected for compliance with applicable law.

Satellite & Weather Data Providers

Copernicus/Sentinel-2 (EU), NOAA, Open-Meteo — for environmental data enrichment. Only field location data is shared, not personal identifiers.

Payment Processors

PCI-DSS certified processors for subscription billing. No card details are stored on Agrevo servers.

Legal & Regulatory Bodies

We may disclose data when required by law, court order, or to protect the safety of users.

6. International Data Transfers

Agrevo operates globally and may transfer your data across borders. For transfers of EEA personal data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For transfers from South Korea, we comply with cross-border transfer requirements under PIPA Article 28-8. We ensure all international transfers are subject to equivalent data protection measures.

7. Data Retention

We retain your data only as long as necessary:

  • ·Account data: retained for the duration of your subscription plus 30 days after cancellation
  • ·Farm & field data: retained until you request deletion or close your account
  • ·Usage logs: retained for 12 months, then anonymized or deleted
  • ·Financial records: retained for 7 years as required by applicable tax law
  • ·EUDR compliance records: retained for 5 years per EU regulation requirements

8. Your Rights

GDPR Rights (EEA Users)

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Restrict — request restriction of processing in certain circumstances
  • Withdraw Consent — where processing is based on consent, withdraw it at any time

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).

CCPA Rights (California Residents)

  • Know — request disclosure of personal information we collect, use, and share
  • Delete — request deletion of your personal information
  • Opt-Out — we do not sell your personal information
  • Non-Discrimination — we will not discriminate against you for exercising your rights

PIPA Rights (South Korean Users)

  • Access — request confirmation and access to your personal information
  • Correction — request correction of inaccurate personal information
  • Deletion — request deletion of your personal information
  • Suspension — request suspension of processing of your personal information
To exercise any of the above rights, contact us at privacy@agrevo.ai. We will respond within 30 days (or within the timeframe required by applicable law).

9. Cookies

We use cookies and similar tracking technologies to operate our platform, remember your preferences, and analyze usage. You can control cookies through your browser settings or our Cookie Preference Center. For full details, see our Cookie Policy.

10. Children's Privacy

Agrevo is not directed at children under the age of 16 (or 13 in jurisdictions where applicable). We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact privacy@agrevo.ai and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of Agrevo after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related inquiries, data subject requests, or complaints, please contact:

privacy@agrevo.ai

Data Protection Officer: dpo@agrevo.ai

Agrevo Privacy Team

We aim to respond to all requests within 30 days.