Privacy Policy

AgriAI s.r.o. (“AgriAI”, “we”, “us”, or “our”), a company registered in the Slovak Republic (Banska Bystrica), operates the AgriAI precision farming platform available at agriai.cakcoded.com. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Slovak law.

1. Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, and password hash when you register for an account.
• Farm and field data: farm name, GPS coordinates, field boundaries (GeoJSON polygons), crop types, and hectare sizes that you enter into the platform.
• Agronomic sensor data: soil moisture, temperature, pH readings, and NDVI health scores associated with your fields.
• Usage data: pages visited, features used, timestamps, browser type, and IP address collected automatically via server logs and analytics.
• Communications: messages you send us via email or support channels.

2. How We Use Your Data

We use your personal data to:

• Provide, operate, and improve the AgriAI platform and its features (legal basis: contract performance, Art. 6(1)(b) GDPR).
• Generate crop health advisories, yield predictions, and disease risk alerts specific to your fields (contract performance).
• Send transactional emails such as account confirmations and critical field alerts (contract performance).
• Send optional product updates and newsletters, only with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
• Comply with legal obligations under Slovak and EU law (Art. 6(1)(c) GDPR).
• Aggregate anonymised data for platform analytics and research into European crop performance (legitimate interest, Art. 6(1)(f) GDPR).

3. Data Retention

• Account and farm data is retained for as long as your account is active, plus 30 days after deletion to allow for recovery.
• Historical sensor and health scan data is retained for up to 5 years to enable trend analysis and yield benchmarking.
• Server access logs are retained for 90 days and then automatically purged.
• Data you explicitly delete is removed from active databases within 7 days and from backups within 90 days.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

• Supabase Inc. - cloud database and authentication infrastructure (EU data residency configured).
• Vercel Inc. - application hosting and CDN. Data is processed in accordance with Vercel's DPA.
• European Space Agency / Copernicus: we query publicly available Sentinel-2 satellite data for NDVI calculations. No personal data is transmitted.
• Public authorities or regulators if required by applicable law.

5. Your Rights Under GDPR

As a data subject in the EU/EEA you have the following rights:

• Right of access - request a copy of all personal data we hold about you.
• Right to rectification - correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) - request deletion of your account and associated data.
• Right to restriction of processing - limit how we process your data in certain circumstances.
• Right to data portability - receive your farm and field data in a structured, machine-readable format (JSON/CSV).
• Right to object - object to processing based on legitimate interest, including direct marketing.
• Right to withdraw consent - where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@agriai.cakcoded.com. We will respond within 30 days. You also have the right to lodge a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov SR) at dataprotection.gov.sk.

6. Cookies and Tracking

We use strictly necessary cookies for authentication session management. We use analytics cookies (Vercel Analytics) to understand aggregate platform usage. No cross-site tracking or advertising cookies are used. You may disable non-essential cookies in your browser settings without affecting core functionality.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email at least 14 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

9. Contact