๐ŸŒฑ
Farm Planner

Privacy Policy

Last updated: 29 April 2026 ยท Available in English (authoritative version)

1. Who we are (Data Controller)

Farm Planner is operated by a sole trader based in Tunisia. For privacy-related questions, contact: diyzone.pro@gmail.com.

2. What we collect

  • Account data: email address, full name, region/country, password (hashed with bcrypt; we never see the plaintext), preferred language.
  • Optional location: postal code or coordinates, used solely to fetch the correct local weather forecast (NOAA in the US, Open-Meteo elsewhere). You can leave this blank.
  • Farm records you create: animals, plantings, fields, equipment, events, photos, notes. These belong to you and are visible only to your account.
  • Payment metadata: when you subscribe, our payment provider (Paddle) processes your card and shares back a transaction ID, status, and the last 4 digits of the card. We never see the full card number.
  • Technical data: IP address, user agent, and timestamps for security auditing and rate-limiting. Affiliate-link clicks (when you arrive via a /from/<slug> URL) are logged for fraud detection.
  • Analytics: we use Google Analytics 4 (gtag.js) to understand which pages are visited and how users navigate. You can opt out via your browser's Do-Not-Track setting or by disabling cookies.

3. Why we process your data (legal bases)

  • Contract performance: to provide the Service you signed up for โ€” the largest category, covers all account and farm data.
  • Legitimate interest: to keep the Service secure (fraud detection, abuse prevention) and to improve it (aggregated analytics).
  • Consent: for marketing emails (we only send these if you opt in) and for non-essential analytics cookies.
  • Legal obligation: to comply with tax, accounting, and regulatory requirements that apply to running an online business.

4. Sub-processors (who else handles your data)

We use the following third-party services to operate Farm Planner. Each is bound by a Data Processing Agreement (DPA) and is GDPR-compliant.

  • Paddle.com Inc. โ€” payment processing (merchant of record). paddle.com/legal/privacy
  • Hetzner Online GmbH (or your VPS provider) โ€” server hosting in Germany.
  • National Weather Service (NOAA) โ€” US weather forecast (no PII sent).
  • Open-Meteo โ€” non-US weather forecast (no PII sent).
  • Google LLC โ€” Google Analytics 4 for usage analytics. policies.google.com/privacy

5. Cookies

  • fp_session โ€” your authenticated session (HttpOnly, Secure, SameSite=Lax). Essential; cannot be disabled if you want to log in.
  • farmplanner.locale โ€” remembers your language choice.
  • fp_ref โ€” affiliate attribution cookie set when you arrive via a referral link. Stored for 60 days; HttpOnly.
  • _ga / _ga_* โ€” Google Analytics. Set only if your browser permits.

6. International transfers

Your data may be processed in the EU, the United Kingdom, the United States, and Tunisia. Where data leaves the European Economic Area, we rely on Standard Contractual Clauses (or equivalent safeguards) provided by our sub-processors.

7. How long we keep your data

  • Active accounts: as long as the account exists.
  • Deleted accounts: backups retained for 30 days, then permanently removed.
  • Affiliate click logs: 12 months, then anonymised.
  • Payment records: 7 years (legal/tax requirement).

8. Your rights

Under the GDPR (EU), CCPA (California), Quebec's Law 25, and equivalent laws elsewhere, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data โ€” available in-app from /profile.
  • Export your data in a portable format (CSV/JSON) โ€” available in-app from /profile.
  • Restrict or object to certain processing.
  • Withdraw consent for any processing based on consent.
  • Lodge a complaint with your local supervisory authority (e.g. CNIL in France, the ICO in the UK, your state Attorney General in the US).

To exercise any right, email diyzone.pro@gmail.com. We respond within 30 days.

9. Children

Farm Planner is not directed at children under 16 (or under 13 in the United States). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will delete it promptly.

10. Security

Personal data is encrypted in transit (TLS) and at rest (database-level encryption on the host). Passwords are hashed with bcrypt. Access to production systems is restricted to the Operator and protected by multi-factor authentication.

11. Changes to this policy

We may revise this Privacy Policy. Material changes will be communicated by email and noted by an updated "Last updated" date.

12. Contact

Questions about your privacy or this policy? Email diyzone.pro@gmail.com.

โ† Back to Farm Planner