Privacy Policy

Introduction

Astraeus Technology Limited ("we", "us", "our", or "Agrianta") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our website, our farm management web application, and our iOS and Android mobile applications (together, the "Services").

Astraeus Technology Limited is a company registered in England and Wales (Company Number: 15162283). We are the data controller responsible for your personal data.

This policy applies to all users of the Services, including the website at agrianta.com, the web dashboard, and the Agrianta mobile apps.

Who This Policy Applies To

We process personal data from the following categories of individuals:

• Farm users: Farmers, farm managers, and farm workers who use our platform to manage their operations
• Veterinarians and advisors: Professionals granted access to farm data through our Vet Insights module or partner sharing features
• Website visitors: People who browse our website or contact us through our forms
• Prospective customers: Individuals who enquire about our services or request demonstrations
• Business partners and suppliers: Companies and individuals we work with to deliver our services

Information We Collect

We collect and process the following categories of personal data:

Information you provide directly

• Account information: name, email address, phone number, organisation name
• Farm data: farm location, herd information, livestock records, compliance logs, drug records, and withdrawal dates
• Sensor and device data: information from connected sensors, collars, tags, boluses, cameras, and environmental monitors
• Livestock photographs: images you upload for record-keeping or for automated ear-tag and passport recognition
• Scout AI inputs: questions, prompts, and uploaded context you submit to our AI features
• Communications: messages you send us via contact forms or email
• Payment information: name, email, billing address, and invoice history. Card details are entered directly into our payment provider's secure form and never reach our servers (see "Payment Processing" below).

Information collected automatically

• Device information: browser type, operating system, device type; for mobile apps also app version, OS version, crash logs, and push-notification tokens
• Usage data: pages visited, features used, time spent on pages
• IP addresses: we log IP addresses only in limited administrative contexts (specifically our audit trail for privileged-access and impersonation events) — we do not record IP addresses against normal, day-to-day requests
• Approximate location (country level) for security and fraud detection
• Analytics data: collected via PostHog (EU-hosted) to help us improve our services

Information collected by our mobile apps

Our iOS and Android apps request the following permissions. Each permission is used only for the specific purpose listed, and you can grant or revoke them at any time through your device settings:

• Camera: to scan ear tags and passports, attach photos to livestock records, and capture images for the Vision and Camera Pack
• Location (foreground and, where enabled, background): for farm boundary detection, field walks, geotagged records, and pairing of nearby devices
• Bluetooth: to pair and communicate with boluses, collars, ear tags, and handheld readers
• Push notifications: to send alerts, task reminders, and device or sensor warnings
• Photo library: to attach existing photos to livestock or task records
• Biometric unlock (Face ID, Touch ID, fingerprint): where enabled, to unlock the app without re-entering your password. Biometric data is processed on your device by the operating system and is never sent to us.

Our mobile apps cache data on your device so you can continue working when connectivity is limited. Cached data is encrypted at rest by the operating system and is deleted when you uninstall the app. We also use mobile analytics and crash-reporting SDKs (currently PostHog and Sentry) to diagnose problems; mobile apps do not use cookies.

How We Use Your Information

We use your personal data for the following purposes:

• Service provision: To operate and maintain your account, process your farm data, and provide our livestock monitoring, compliance, and AI-powered insight services
• Communication: To respond to your enquiries and send important service updates
• Improvement: To analyse usage patterns and improve our platform's functionality
• Security: To detect and prevent fraud, abuse, and security issues
• Legal compliance: To comply with applicable laws and regulations
• Marketing: With your consent, to send you information about new features and services

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you (e.g., providing our services)
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and ensuring security
• Consent: Where you have given explicit consent (e.g., marketing communications, analytics cookies)
• Legal obligation: Processing necessary to comply with legal requirements

AI-Powered Features

Some features of the Services are powered by third-party AI models:

• Scout AI uses OpenAI's language models to answer questions about your farm and to generate insights over your records. When you use Scout AI, we send your prompt and relevant farm and livestock context to OpenAI (hosted in the United States) for inference. Separately, to make your farm records searchable by Scout AI, we send selected records — such as animal medical records, livestock insights, and inventory entries — to OpenAI's embeddings endpoint to produce vector representations. Those vectors are stored in our own database and used only to retrieve the most relevant records when you ask a question; the original text is not retained by OpenAI after the embedding is returned.
• Livestock image recognition uses Anthropic's Claude Vision to read ear tags, passports, and similar documents from photographs. When you upload such an image, it is transmitted to Anthropic (hosted in the United States) for inference; it is not retained by Anthropic after the inference is returned.

We use API tiers with both OpenAI and Anthropic that do not permit your inputs, outputs, or livestock images to be used to train their foundation models. Both transfers to the United States take place under the UK International Data Transfer Agreement or Standard Contractual Clauses supplemented by the UK Addendum; full details are set out in our Data Processing Addendum.

AI outputs are decision-support tools, not veterinary or professional advice. AI-generated answers can be incomplete, inaccurate, or wrong; ear-tag scans can misread digits. You should verify AI output before acting on it and should consult a qualified veterinarian for animal-health decisions.

Under Article 22 UK GDPR you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. AI insights and alerts provided by the Services are not used to make such decisions; human judgement (yours and your team's) remains in the loop for all material decisions about animal care, compliance, and farm management.

Cookies and Analytics

We use cookies and similar technologies to improve your experience on our website. You can manage your cookie preferences through the consent banner displayed when you first visit our site.

Types of cookies we use

• Essential cookies: Required for the website to function properly (e.g., authentication, security)
• Analytics cookies: Help us understand how visitors use our site (via PostHog)

Analytics

We use PostHog for product analytics, hosted in the European Union. We only enable analytics tracking after you provide consent. The events we send to PostHog relate to organisation and feature usage and do not include user names or email addresses. You can withdraw your consent at any time by clearing your browser cookies and revisiting our site.

For detailed information about the specific cookies we use, please see our Cookie Policy.

Payment Processing

Card payments are handled by Stripe. When you enter card details, they are sent directly from your browser to Stripe and never touch Agrianta's servers. We receive only a token referencing the saved payment method plus invoice metadata (amount, description, date). Stripe is a regulated payment processor; see our Sub-processors page for details.

How We Share Your Information

We do not sell your personal data. We may share your information with:

Sharing you control

• Veterinarians and advisors: You can grant veterinary practices and agricultural advisors access to your farm data through our platform. When you share access, we provide them with the email address and contact details necessary to connect. You can revoke this access at any time through your account settings.
• Team members: If you invite colleagues or farm workers to your organisation, they will have access to shared farm data according to the permissions you set.
• UK Livestock Information Service (LIS): If you choose to connect your LIS account, we transmit CPH number, animal IDs, and movement records to the UK Livestock Information Service on your behalf for statutory compliance reporting. This transfer is authorised each time by the OAuth credentials you provide, and can be revoked at any time.

Sharing for service delivery

• Sub-processors: Third parties who help us operate the Services — including cloud hosting, payment processing, authentication, transactional email, error monitoring, product analytics, and AI inference. A current list is published at agrianta.com/subprocessors.
• Professional advisers: Lawyers, accountants, and auditors where necessary
• Law enforcement: When required by law or to protect our legal rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

All third-party sub-processors are required to protect your data and only process it in accordance with our instructions. Business customers processing personal data about others (for example, staff or farm workers) are covered by our Data Processing Addendum.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained while your account is active and for 2 years after closure
• Farm and livestock data: Retained while your account is active; you can request deletion at any time
• Product analytics (PostHog): Retained for up to 12 months
• Error monitoring (Sentry): Retained for up to 90 days
• Privileged-access audit logs (including IP addresses): Retained for up to 2 years
• Financial records: Retained for 7 years as required by UK law

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent
• Rights relating to automated decision-making: Under Article 22 UK GDPR, not to be subject to solely automated decisions with legal or similarly significant effects (see "AI-Powered Features" above)

To exercise any of these rights, please contact us at privacy@agrianta.com. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Staff training on data protection
• Incident response procedures

If we become aware of a personal data breach affecting your information, we will notify you without undue delay, and, where we act as a processor on behalf of a business customer, in a timeframe that allows you to meet your own 72-hour notification obligation to the UK Information Commissioner's Office under UK GDPR. Further detail is set out in our Data Processing Addendum.

International Data Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). Some of our sub-processors (notably Stripe, Resend, OpenAI, and Anthropic) are located in the United States, and AI-powered features necessarily involve transferring the relevant prompt, context, or image to those providers for inference.

Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place — typically the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses supplemented by the UK Addendum, or the EU-US Data Privacy Framework including the UK Extension. Our Sub-processors page lists each sub-processor and its location; our Data Processing Addendum sets out the transfer mechanism used for each.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting a notice on our website or sending you an email. We encourage you to review this policy periodically.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk/make-a-complaint or by phone on 0303 123 1113. However, we would appreciate the opportunity to address your concerns first.

Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us: