Privacy Policy

1. Information We Collect

When you register as a volunteer or a Farm Manager, we collect essential contact and identity information, including your name, email address, and optionally, your phone number. If you sign a liability waiver, we strictly require a physical mailing address to legally validate your electronic signature.

When you use the platform, we also track your volunteer logs, including dates, hours worked, crop associations, and qualitative field notes.

2. Legal Waivers & WORM Compliance

To provide legal protection for our participating farms, all signed compliance forms and liability waivers are generated as cryptographically hashed, immutable PDF documents. These documents capture your IP address and a timestamp at the exact moment of signing. Because these are legal records stored in a "Write Once, Read Many" (WORM) vault, they cannot be altered or deleted once submitted.

3. Cloudflare Turnstile & Bot Protection

To protect this platform from spam, credential stuffing, and automated attacks, we use Cloudflare Turnstile. Turnstile operates transparently in the background to verify that visitors are real humans.

What Turnstile Collects: Turnstile processes minimal client-side signals, including your IP address, User-Agent header, and browser characteristics. This data is processed strictly under the legal basis of "legitimate interest" to maintain the security of the platform.

No Advertising Tracking: Unlike other CAPTCHA providers, Turnstile does not harvest your data for ad retargeting, nor does it inject cross-site tracking cookies into your browser.

4. Third-Party Infrastructure

We never sell your personal data. We only share data with essential infrastructure partners required to operate the service:

• AWS (Amazon Web Services): Used for secure, long-term storage of user avatars, farm logos, and legal PDFs.
• Stripe: Used to securely process subscription payments for Farm Managers. We do not store your credit card numbers on our servers.
• Brevo: Used to route transactional emails (like password resets) and manager broadcast emails.

5. Data Anonymization

You have the right to request the deletion of your account. Because farms rely on historical labor analytics, executing an account deletion will trigger a GDPR/CCPA-compliant anonymization protocol. This permanently scrubs your name, email, phone number, and physical address from the database, while preserving the raw hours logged as an anonymous, unidentifiable record. The only record of your presence will be if you signed a legally binding waiver that is stored on an AWS -drop in -never remove vault for 7 years to maintain a legal compliance track record of document signing for both parties.