Account data: Email address and hashed password. We do not collect names, phone numbers, or physical addresses.
Usage data: Crop/trait selections, report generation history, and session metadata (IP address, browser type, timestamps). This data is used to improve the Service and is not sold to third parties.
2. How We Use Your Data
Your data is used to: (a) authenticate your account; (b) generate and store reports; (c) improve report quality through aggregated, anonymized usage analytics; (d) send transactional emails (verification codes, password resets).
3. Data Storage & Security
Data is stored in encrypted databases. Passwords are hashed using bcrypt. All connections use TLS 1.2+. We conduct regular security reviews.
4. Data Retention
Account data is retained while your account is active. Saved reports are retained for 24 months after last access. You may request deletion of your account and all associated data at any time.
5. Third-Party Services
We use third-party AI model providers to generate reports. Your crop/trait selections (not personal data) are sent to these providers. We do not share your email or account data with AI providers.
6. Cookies
We use essential session cookies for authentication. We do not use advertising or tracking cookies.
7. Contact
For privacy inquiries, contact: privacy@plantbreed.io
Europe-Specific Privacy Provisions
GDPR Rights
If you are in the EEA, you have the right to:
Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Port your data to another service
Object to processing based on legitimate interest
Restrict processing under certain conditions
To exercise these rights, email: gdpr@plantbreed.io
Legal Basis for Processing
Contract performance: Account creation and report generation. Legitimate interest: Service improvement through anonymized analytics. Consent: Optional marketing communications (not currently offered).
Data Transfers
Report generation may involve data processing outside the EEA. Such transfers are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission.
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority.
Africa-Specific Privacy Provisions
Data Protection Frameworks
PlantBreed respects applicable national data protection laws across African jurisdictions, including but not limited to: Kenya Data Protection Act 2019, South Africa POPIA, Nigeria NDPR, and the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention).
Research Data
Crop and trait selection data from African breeding contexts may be included in anonymized, aggregated datasets to improve AI model performance for African agriculture. No individual user or organization is identifiable in these datasets.
CGIAR Data Sharing
Where reports incorporate CGIAR open-access data, PlantBreed adheres to the CGIAR Open Access and Data Management Policy. Your generated reports remain private to your account unless you choose to share them.
Local Data Residency
We aim to process data for African users within regions that comply with applicable data residency requirements. Contact us for details on data processing locations relevant to your jurisdiction.