CropStackEN

CropStack Privacy Policy

Last updated: June 23, 2026
Effective date: June 23, 2026

This Privacy Policy explains how CropStack ("CropStack," "we," "us," or "our") collects, uses, shares, and protects information when you use the CropStack web application, websites, and related services (collectively, the "Service").

CropStack is operated by CROP STACK LLC, located at 1701 Heim Road, Mount Dora, FL 32757, USA. If you have questions, contact us at cropstack.ai@gmail.com.

1. Scope

This Policy applies to information we process when you:

  • Create or use a CropStack account;
  • Use any feature of the Service (inventory tracking, spray programs, orders, transfers, forecasting, planning, team management, and the AI advisor/assistant tools); or
  • Communicate with us.

This Policy does not apply to third-party websites, products, or services that we do not control, even if they link to or from the Service.

2. Who Controls Your Data

CropStack is a business-to-business ("B2B") tool used by farm operations ("Customers"). When you use the Service as part of an organization (a "tenant" / farm company), that organization is generally the controller of the operational data entered into the account, and CropStack acts as a processor / service provider that handles that data on the organization's behalf. Account owners and administrators within your organization can access, manage, export, and delete data associated with the account, including data you contribute.

If you use CropStack as an individual creating your own account, we act as the controller of your information as described below.

3. Information We Collect

3.1 Information you provide

  • Account & profile information. Name, email address, password (stored in hashed form by our authentication provider), preferred language (English or Spanish), and your role within an organization (e.g., owner, manager, consultant, employee).
  • Organization & farm data. Farm names, regions, acreage, storage locations, and team membership/assignments.
  • Operational data. Chemical/product library entries, inventory quantities and movements, spray programs and application records, vendor bids and orders, transfers, alert thresholds, notes, and similar records you enter or upload.
  • Imported documents. Files you upload for import (for example, product labels or invoices in PDF form) so that the Service can extract structured data from them.
  • Voice input. Audio recordings you submit to the voice/assistant features so they can be transcribed into inventory or program entries.
  • Free-text prompts. Questions and messages you send to the AI advisor and assistant features.
  • Communications. Information you provide when you contact us for support or other inquiries.

3.2 Information collected automatically

  • Usage & device data. IP address, browser type, device and operating system information, pages viewed, actions taken, timestamps, and referring/exit pages.
  • Diagnostics & error data. When the Service encounters an error, we collect crash and performance diagnostics (including technical context about the event) to help us detect, debug, and fix problems. This is handled through our error-monitoring provider (see Section 5).
  • Cookies & similar technologies. We use cookies and local storage that are necessary to keep you signed in, remember preferences (such as language), and operate the Service. See Section 8.

3.3 Information from third parties

We may receive information from authentication providers you use to sign in. The Service does not currently offer paid plans, so we do not process payment information at this time. If we introduce billing in the future, we will update this Policy and our payment processor would provide us with limited transaction and subscription-status information (we would not receive or store full payment card numbers).

4. How We Use Information

We use information to:

  • Provide, operate, maintain, and secure the Service;
  • Authenticate users and manage roles, permissions, and farm-level access;
  • Store and process your operational data (inventory, spray programs, orders, etc.) so the Service functions as intended;
  • Power AI-assisted features — including transcribing voice input, parsing uploaded documents, looking up chemical/product information, and answering questions through the advisor/assistant — by sending the relevant input to our AI provider (see Section 5);
  • Detect, prevent, investigate, and address errors, security incidents, fraud, and abuse;
  • Provide customer support and respond to your requests;
  • Process subscriptions and payments (if applicable);
  • Comply with legal obligations and enforce our agreements; and
  • Improve and develop the Service, including understanding how features are used.

We do not sell your personal information, and we do not use your operational data to train our own general-purpose AI models.

5. AI Features and Third-Party AI Processing

Several features rely on a third-party AI provider (currently Google's Gemini models, accessed via the Google Generative AI API) to provide functionality such as:

  • Transcribing voice recordings;
  • Parsing uploaded product labels and documents;
  • Looking up chemical/product information (which may use web-search grounding to retrieve publicly available information); and
  • Generating responses in the advisor and assistant tools.

When you use these features, the relevant input — which may include your audio, uploaded files, prompts, and contextual data such as your farm names and product names (to improve accuracy) — is transmitted to the AI provider for processing and a result is returned to the Service. Your use of these features is also subject to the AI provider's applicable terms and policies. We send only the data needed to perform the requested task.

AI output is informational only. AI-generated content (including chemical, agronomic, regulatory, or application-related suggestions) may be inaccurate or incomplete and is not professional agronomic, legal, regulatory, or pesticide-application advice. Always consult the product label and a licensed professional, and follow all applicable laws and regulations. See the Terms of Service for the full disclaimer.

6. How We Share Information

We share information only as described here:

  • Within your organization. Operational data is visible to authorized members of your tenant/farm according to their roles and farm assignments.
  • Service providers (sub-processors). We use trusted third parties to run the Service, including:
  • Supabase — authentication and database/hosting of your data;
  • Vercel — application hosting and delivery;
  • Google (Gemini / Generative AI API) — AI processing as described in Section 5;
  • Sentry — error monitoring and diagnostics.

These providers process information on our behalf and are bound by obligations to protect it. (We do not currently use a payment processor because the Service does not offer paid plans; if that changes, we will update this list.)

  • Legal & safety. We may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of CropStack, our users, or the public.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
  • With your direction or consent. We share information at your direction or with your consent.

We do not sell personal information or share it for cross-context behavioral advertising.

7. Data Storage, Location, and International Transfers

Your data is stored and processed using the providers listed above, which may operate or store data in the United States and other countries. By using the Service, you understand that your information may be transferred to and processed in countries that may have different data-protection laws than your own. Where required, we rely on appropriate safeguards for such transfers.

8. Cookies and Similar Technologies

We use strictly necessary cookies and local/session storage to authenticate you, maintain your session, secure the Service, and remember preferences such as your language. Because these are essential to operating the Service, disabling them may prevent the Service from working properly. We do not use advertising or cross-site tracking cookies.

9. Data Retention

We retain information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Operational data is generally retained until you or your organization delete it or close the account. Inventory movement records are kept as an append-only ledger for accuracy and auditability. Diagnostic/error data is retained for a limited period consistent with our monitoring provider's settings. When data is no longer needed, we delete or de-identify it.

Audio and uploaded documents submitted to AI features are processed to produce a result; we do not retain them longer than necessary to provide the feature and operate the Service, subject to the AI provider's own processing.

10. Security

We use technical and organizational measures designed to protect your information, including encrypted transport (HTTPS), authentication controls, and database row-level security that isolates each tenant's data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your login credentials confidential and for activity under your account.

11. Your Rights and Choices

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your information;
  • Export / port your data;
  • Object to or restrict certain processing; and
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact cropstack.ai@gmail.com. If you use CropStack through an organization, we may direct your request to that organization (the controller) or ask you to work with your account administrator, who can access, modify, export, and delete data within the account. We will respond consistent with applicable law and may need to verify your identity.

Region-specific notes:

  • California residents (CCPA/CPRA): You have rights to know, delete, correct, and opt out of "sale"/"sharing." We do not sell or share personal information as those terms are defined. We do not discriminate against you for exercising your rights.
  • EEA/UK residents (GDPR/UK GDPR): Our legal bases for processing include performance of a contract, our legitimate interests in operating and securing the Service, compliance with legal obligations, and your consent where applicable. You have the right to lodge a complaint with your local supervisory authority.

12. Children's Privacy

The Service is intended for use by businesses and individuals 18 years or older and is not directed to children. We do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction). If you believe a child has provided us information, contact us and we will delete it.

13. Third-Party Links and Services

The Service may reference or link to third-party websites, products, or services (for example, web-search results surfaced by AI features). We are not responsible for the privacy practices of those third parties. Review their policies before providing information.

14. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice (such as within the Service or by email). Your continued use of the Service after an update means you accept the revised Policy.

15. Contact Us

If you have questions, requests, or complaints about this Policy or our data practices, contact:

CropStack
CROP STACK LLC
1701 Heim Road, Mount Dora, FL 32757, USA
Email: cropstack.ai@gmail.com