Agrosoko Privacy Policy

Last Updated: November 4, 2025

Your Privacy Matters: Agrosoko is committed to protecting your privacy and being transparent about how we collect, use, and protect your data. This Privacy Policy explains our practices for all Agrosoko services including Farm Manager, Warehouse Manager, Marketplace, and Administrative platforms.

1. Introduction

This Privacy Policy describes how Agrosoko (“we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our agricultural platform services. By using Agrosoko, you consent to the practices described in this policy.

1.1 Scope

This policy applies to:

• All Agrosoko web applications and mobile PWAs
• Farm Manager, Warehouse Manager, Marketplace, and Admin platforms
• Data collected online and offline (through offline-first applications)
• Third-party services integrated with Agrosoko

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Data:

• Organization Accounts: Organization name, contact person, email address, phone number, business address, tax identification
• Individual Buyer Accounts: Full name, email, phone number, delivery address, buyer type (individual/company/cooperative)
• User Profiles: Name, role, contact information, profile photo

Farm Management Data:

• Farmer information: Names, contact details, demographics, identification numbers
• Farmer group details: Group name, leadership, membership records
• Farm records: Location coordinates, size, ownership, administrative area
• Season data: Crop types, planting dates, yield records, input usage
• Custom fields: User-defined data fields specific to your organization

Warehouse Management Data:

• Warehouse details: Name, location, capacity, supervisor assignments
• Inventory records: Product names, quantities, pricing, specifications
• Owner information: Owner details, payment terms, transaction history
• Transaction data: Purchase orders, sales records, payment information

Marketplace Data:

• Product listings: Descriptions, images, pricing, availability
• Order information: Product selections, quantities, delivery details
• KYC verification: Identity documents for business buyers (as required)
• Communication: Messages between buyers and sellers

2.2 Automatically Collected Information

Usage Data:

• Pages visited, features used, time spent on platform
• Click patterns, navigation paths, feature adoption
• Application errors, performance metrics, crash reports

Device and Technical Information:

• IP address, browser type and version, operating system
• Device identifiers, screen resolution, language preferences
• Network information: Online/offline status, connection type
• Local storage: Cached data in IndexedDB for offline functionality

Location Data:

• GPS coordinates for farm mapping (with explicit permission)
• Administrative area selection for warehouse coverage
• IP-based location for marketplace delivery zones

2.3 Information from Third Parties

• Clerk Authentication: Email, user ID, organization membership
• Payment Processors: Transaction confirmation, payment status
• Mapping Services: Geographic data validation
• Verification Services: KYC and business verification results

3. How We Use Your Information

3.1 Service Delivery

• Account Management: Create and manage user accounts, authenticate users, manage organization memberships
• Farm Operations: Store farm records, track seasons, manage farmer relationships, generate reports
• Warehouse Operations: Manage inventory, process transactions, track product movements
• Marketplace Functions: Display products, facilitate orders, connect buyers with sellers
• Offline Functionality: Cache data locally for offline access, sync changes when connectivity is restored

3.2 Communication

• Service notifications and operational updates
• Order confirmations and transaction receipts
• Account security alerts
• Customer support responses
• Product updates and new feature announcements (opt-out available)

3.3 Platform Improvement

• Analyze usage patterns to improve user experience
• Identify and fix technical issues
• Develop new features based on user needs
• Optimize performance and reliability

3.4 Security and Fraud Prevention

• Detect and prevent unauthorized access
• Identify fraudulent transactions
• Enforce Terms of Service
• Protect against malicious activity

3.5 Analytics and Business Intelligence

• Generate aggregated, anonymized statistics
• Agricultural trend analysis and insights
• Market research (with de-identified data)
• Business performance metrics

3.6 Legal Compliance

• Comply with legal obligations and regulations
• Respond to lawful requests from authorities
• Enforce our rights and agreements
• Protect safety and security

4. Data Sharing and Disclosure

4.1 Within Your Organization

In multi-tenant organization accounts:

• Data is shared among organization members based on roles and permissions
• Organization administrators can access all organizational data
• Supervisors can access data within their assigned scope (warehouses, regions)
• Regular users can access data according to their role permissions

4.2 Marketplace Visibility

• Public Product Information: Product listings, descriptions, prices, and warehouse location are publicly visible
• Seller Information: Warehouse name and general location are visible to buyers
• Private Transaction Data: Order details, payment information, and personal buyer data remain private

4.3 Service Providers

We share data with trusted third parties who provide services on our behalf:

Service Provider	Purpose	Data Shared
Convex	Real-time database & backend	All application data (encrypted in transit)
Cloud Hosting	Infrastructure & deployment	Application data for service delivery
Payment Processors	Payment processing	Payment information (not stored by us)
Email Services	Transactional emails	Email addresses, notification content
Analytics Providers	Usage analytics	Anonymized usage data

4.4 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect rights, property, or safety of Agrosoko, users, or the public
• Detect, prevent, or address fraud, security, or technical issues

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

4.6 With Your Consent

We may share information for purposes not described in this policy with your explicit consent.

5. Data Storage and Security

5.1 Data Storage Locations

• Cloud Storage: Data is stored on secure Convex cloud infrastructure with geographic redundancy
• Local Device Storage: Offline-first applications cache data in browser IndexedDB for offline access
• Data Residency: Cloud data is stored in [specify regions] with backups in [specify regions]

5.2 Security Measures

We implement industry-standard security measures:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Authentication: Secure authentication via Clerk with optional multi-factor authentication
• Access Controls: Role-based access control (RBAC) and tenant isolation
• Monitoring: Continuous security monitoring and intrusion detection
• Regular Audits: Security assessments and vulnerability scanning
• Data Backups: Regular automated backups with disaster recovery procedures

5.3 Offline-First Security

• Local data is stored in browser-managed IndexedDB (encrypted by modern browsers)
• Users are responsible for device security (passwords, biometrics, physical security)
• Local data is automatically synced and validated with cloud backend
• Sync conflicts are resolved securely using last-write-wins or manual resolution

5.4 Data Retention

• Active Accounts: Data retained while account is active
• Terminated Accounts: Data deleted within 90 days of account termination (unless legal retention required)
• Transactional Records: Retained for [X years] for accounting and legal compliance
• Backup Data: May persist in backups for up to 90 days after deletion
• Anonymized Data: Aggregated analytics data may be retained indefinitely

6. Multi-Tenant Data Isolation

Agrosoko uses strict multi-tenant architecture to protect organizational data:

• Tenant Separation: Each organization’s data is isolated through unique tenant identifiers
• Access Controls: Users can only access data within their organization
• Data Queries: All database queries are filtered by tenant_id to prevent cross-tenant access
• No Data Mixing: Organizational data never intermingles with other organizations
• Marketplace Exception: Product listings are intentionally public but transactional data remains private

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Access your personal information
• Export your data in machine-readable formats (CSV, JSON)
• Request a copy of all data we hold about you

7.2 Correction and Update

• Update your account information through account settings
• Correct inaccurate personal information
• Request correction of data you cannot directly edit

7.3 Deletion (“Right to be Forgotten”)

• Request deletion of your account and personal information
• Some data may be retained for legal or legitimate business purposes
• Anonymized data may be retained for analytics

7.4 Restriction and Objection

• Restrict processing of your personal information
• Object to certain types of data processing
• Opt-out of marketing communications

7.5 Data Portability

• Export your data to use with other services
• Transfer data to another provider (where technically feasible)

7.6 Exercising Your Rights

To exercise these rights, contact us at:

• Email: privacy@agrosoko.com
• In-App: Account Settings → Privacy & Data

We will respond to requests within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Cookie Type	Purpose	Can Opt-Out?
Essential Cookies	Authentication, security, session management	No (required for service)
Functional Cookies	User preferences, language settings	Yes (limited functionality)
Analytics Cookies	Usage analytics, performance monitoring	Yes
Marketing Cookies	Personalized content (if applicable)	Yes

8.2 Local Storage and IndexedDB

• Offline-first applications use IndexedDB for local data caching
• Essential for offline functionality
• Stored in browser-managed secure storage
• Cleared when you clear browser data or uninstall PWA

8.3 Third-Party Tracking

• Clerk authentication uses cookies for session management
• Analytics providers may use cookies (with your consent)
• You can block third-party cookies through browser settings

9. International Data Transfers

Agrosoko operates globally, and data may be transferred internationally:

• Data may be transferred to and processed in countries outside your residence
• We use appropriate safeguards for cross-border transfers (Standard Contractual Clauses, Privacy Shield, etc.)
• Third-party service providers comply with applicable data protection laws

10. Children’s Privacy

Agrosoko is not directed to children under 16 (or applicable age of consent):

• We do not knowingly collect information from children
• If we learn we have collected children’s data, we will delete it promptly
• Parents/guardians can contact us to request deletion of children’s data

11. Third-Party Links and Services

• Agrosoko may link to external websites or integrate third-party services
• This Privacy Policy does not apply to third-party sites/services
• Review third-party privacy policies before providing information
• We are not responsible for third-party privacy practices

12. Changes to This Privacy Policy

• We may update this Privacy Policy periodically
• Material changes will be notified via email or platform notification
• Last updated date is shown at the top of this policy
• Continued use after changes constitutes acceptance

13. Regional Privacy Rights

13.1 European Union (GDPR)

If you are in the EU/EEA, you have additional rights under GDPR:

• Right to withdraw consent at any time
• Right to lodge a complaint with supervisory authority
• Right to not be subject to automated decision-making
• Legal bases for processing: Consent, contractual necessity, legitimate interests, legal compliance

13.2 California (CCPA/CPRA)

California residents have rights under CCPA/CPRA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale/sharing of personal information
• Right to non-discrimination for exercising privacy rights
• We do not sell your personal information

13.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.

14. Data Protection Officer

For privacy-related inquiries, contact our Data Protection Officer:

• Email: support@agrosoko.com
• Address: House 06, Tarime Street, Industrial Area, Mikocheni B
  Dar es Salaam, Tanzania]

15. Contact Us

For questions about this Privacy Policy or our privacy practices:

• Privacy Email: info@agrosoko.com
• Support Email: support@agrosoko.com
• Mailing Address: House 06, Tarime Street, Industrial Area, Mikocheni B
  Dar es Salaam, Tanzania

Your Rights Summary:

• ✓ Access your data
• ✓ Correct inaccuracies
• ✓ Request deletion
• ✓ Export your data
• ✓ Opt-out of marketing
• ✓ Control cookies

Contact privacy@agrosoko.com to exercise any of these rights.

By using Agrosoko, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.