Actuate Ag, Inc. Privacy Policy
Last Updated: August 21, 2025
Effective Date: August 21, 2025
Privacy at a Glance:
- We collect information to provide and improve our agricultural technology services
- We do not sell or share your personal information
- You have rights to access, correct, delete, and export your data
- We use industry-standard security to protect your information
- We comply with GDPR, CCPA/CPRA, and other privacy laws
- Contact us at privacy@actuate.ag with any questions
1. Introduction
Actuate Ag, Inc. ("Actuate," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our websites, cloud applications, and services (collectively, the "Services").
This Policy applies to all users of our Services globally. Additional rights may apply based on your location, as detailed in the jurisdiction-specific sections below.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email, phone number, company name, job title
- Billing Information: Payment card details (processed by our PCI-compliant payment processor), billing address
- Agricultural Data: Sensor readings, crop data, environmental conditions, operational metrics
- Communications: Support requests, feedback, survey responses
- User Content: Any content you upload or create within the Services
2.2 Information We Collect Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Features used, pages viewed, clicks, session duration
- Location Data: General location from IP address (not precise GPS unless you consent)
- Cookies and Tracking: See Section 8 for details
2.3 Information from Third Parties
- Integration Partners: Data from services you connect (weather services, equipment providers)
- Service Providers: Identity verification, credit check information (for enterprise accounts)
3. How We Use Information
| Purpose | Legal Basis (EEA/UK) | Categories Used |
|---|---|---|
| Provide and operate the Services | Contract performance | Account, Agricultural, Usage |
| Process payments and billing | Contract performance | Account, Billing |
| Send service communications | Contract performance | Account, Communications |
| Provide customer support | Contract / Legitimate interests | Account, Communications, Usage |
| Improve and develop Services | Legitimate interests | Usage, Agricultural (aggregated) |
| Ensure security and prevent fraud | Legitimate interests / Legal obligation | Device, Usage, Account |
| Marketing (with consent) | Consent | Account, Communications |
| Legal compliance | Legal obligation | All as required |
4. Notice at Collection - California Residents
This table summarizes our data practices for California residents under CCPA/CPRA:
| Category | Examples | Sources | Purpose(s) | Retention | Sold/Shared |
|---|---|---|---|---|---|
| Identifiers | Name, email, phone, IP address | You, automatic collection | Service delivery, support, security | Account life + 3 years | No |
| Commercial Info | Purchase history, subscription details | You, transactions | Billing, service provision | 7 years (tax requirements) | No |
| Internet Activity | Browsing, search, interaction data | Automatic collection | Analytics, improvement, security | 36 months | No |
| Geolocation | General location from IP | Automatic collection | Service localization, compliance | Session + 30 days | No |
| Professional Info | Company, job title, industry | You | Service customization, support | Account life + 3 years | No |
| Agricultural/Operational | Sensor data, crop data, yields | You, connected devices | Core service functionality | Subscription + 90 days | No |
| Inferences | Preferences, trends, predictions | Derived from above | Service improvement, insights | Until no longer relevant | No |
Sensitive Personal Information: We do not intentionally collect sensitive personal information as defined under CPRA. If agricultural data contains sensitive elements, we process it solely for service delivery with your explicit consent.
5. Data Sharing and Disclosure
We do not sell or rent your personal information. We share information only in these circumstances:
5.1 Service Providers
We share data with vendors who help us provide the Services:
- Cloud infrastructure (AWS - data hosting)
- Payment processors (Stripe - billing)
- Analytics providers (in aggregated form)
- Customer support tools
- Security and fraud prevention services
5.2 Legal Requirements
We may disclose information if required by law, court order, or governmental request, or if necessary to:
- Comply with legal obligations
- Protect rights, property, or safety
- Prevent fraud or security issues
- Respond to lawful government requests
5.3 Business Transfers
In the event of merger, acquisition, or asset sale, your information may be transferred. We will notify you before any transfer that results in a material change to this Policy.
5.4 With Your Consent
We may share information for any other purpose with your explicit consent.
6. Data Security
We implement appropriate technical and organizational measures to protect personal information, including:
- Encryption at rest and in transit (TLS 1.2+, AES-256)
- Access controls and authentication (including multi-factor authentication)
- Regular security assessments and penetration testing
- Employee training and confidentiality agreements
- Audit logging and monitoring
- Incident response procedures
- Physical security for data centers
While we strive to protect your information, no system is 100% secure. We cannot guarantee absolute security but commit to notifying you of breaches as required by law.
7. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. Specific retention periods are:
- Account Data: Duration of account + 3 years
- Agricultural/Operational Data: Duration of subscription + 90 days
- Billing Records: 7 years (tax and accounting requirements)
- Support Communications: 3 years
- Security Logs: 12 months
- Marketing Consents: Until withdrawn + 3 years for records
- Legal Compliance Records: As required by applicable law
8. Cookies and Tracking Technologies
8.1 Types of Cookies We Use
| Category | Purpose | Duration | Opt-Out Available |
|---|---|---|---|
| Essential | Authentication, security, basic functionality | Session or up to 1 year | No (required for service) |
| Functional | Preferences, settings, enhanced features | 1 year | Yes |
| Analytics | Usage analysis, performance monitoring | 2 years | Yes |
| Marketing | Relevant ads, campaign effectiveness | 90 days | Yes |
8.2 Managing Cookies
- Cookie Banner: Use our consent tool when you first visit
- Browser Settings: Block or delete cookies (may impact functionality)
- Global Privacy Control: We honor GPC signals where legally required
- Do Not Track: We currently do not respond to DNT signals
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- EEA/UK to US: Standard Contractual Clauses (SCCs) with supplementary measures
- Other Transfers: Appropriate safeguards per local law
- Data Localization: Where required, we can provide regional data storage
You can request a copy of the safeguards we use by contacting privacy@actuate.ag.
10. Your Privacy Rights
10.1 Rights Available to All Users
- Access: Request a copy of your personal information
- Correction: Request corrections to inaccurate information
- Deletion: Request deletion of your information (subject to legal requirements)
- Portability: Receive your data in a structured, machine-readable format
- Opt-Out: Unsubscribe from marketing communications
10.2 How to Exercise Your Rights
Submit requests through:
- Email: support@actuate.ag
We will verify your identity before processing requests. We respond within 30 days (or as required by applicable law).
11. Jurisdiction-Specific Rights
11.1 California (CCPA/CPRA)
Additional Rights:
- Right to know categories and specific pieces of personal information
- Right to delete (with exceptions)
- Right to correct inaccurate information
- Right to opt-out of sale/sharing (we do not sell/share)
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising rights
Authorized Agent: You may designate an authorized agent to make requests. The agent must provide written authorization and verify identity.
Shine the Light: California residents may request information about disclosures to third parties for direct marketing (not applicable as we don't share for such purposes).
11.2 European Economic Area / United Kingdom (GDPR)
Additional Rights:
- Right to object to processing based on legitimate interests
- Right to restriction of processing
- Right to withdraw consent (where processing is based on consent)
- Right to lodge a complaint with supervisory authority
- Right not to be subject to automated decision-making
Data Protection Officer: Contact our DPO at dpo@actuate.ag
Lead Supervisory Authority: [To be determined based on main establishment]
11.3 Other US States
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA):
- Rights to access, correct, delete, and portability
- Right to opt-out of targeted advertising, sale, or profiling
- Right to appeal decisions regarding requests
We comply with all applicable state privacy laws. Contact us for state-specific information.
11.4 Canada (PIPEDA)
- Right to access and challenge accuracy
- Right to withdraw consent (subject to legal requirements)
- Right to complain to Privacy Commissioner
11.5 Brazil (LGPD)
- Rights similar to GDPR including access, correction, deletion, portability
- Right to review automated decisions
- Right to complain to ANPD (National Data Protection Authority)
12. Children's Privacy
Our Services are not directed to individuals under 18 (or applicable age of consent). We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly. Contact us if you believe we have inadvertently collected such information.
13. Automated Decision-Making
We may use automated systems to analyze agricultural data and provide insights. These systems do not make decisions with legal or similarly significant effects without human review. You have the right to request human review of any automated decisions that significantly affect you.
14. Changes to This Policy
We may update this Policy periodically. We will notify you of material changes by:
- Posting a notice on our website
- Sending an email to registered users
- Requiring acknowledgment for significant changes
The "Last Updated" date shows when the Policy was last revised. Continued use after changes constitutes acceptance unless otherwise required by law.
15. Contact Information
For privacy-related questions, requests, or complaints:
Privacy Team:
Email: support@actuate.ag
EU Representative:
[To be appointed if required]
UK Representative:
[To be appointed if required]
16. Accessibility
This Privacy Policy is available in alternative formats upon request. Contact support@actuate.ag for assistance.