Provided by: Lou John White trading as AgriStack (ABN 73 180 037 675)
Contact: lou@agristackapp.com
Formal notices: Please contact us by email for the current postal address for legal notices.
1. About This Policy
This Privacy Policy explains how we collect, hold, use, disclose and protect personal information in connection with the AgriStack platform, websites, mobile apps, support channels and related services (together, the Service).
We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to the extent they apply to us.
AgriStack is designed for business use by farms, agribusinesses, depots, buyers, exporters, carriers and related organisations. We do not target individuals in a personal, domestic or household capacity.
2. Who We Collect Information About
We collect personal information about:
- Our business customers and their representatives (for example, farm owners, managers, depot staff and other team members);
- Users of the Service (for example, operators, truck drivers, contractors, admin users); and
- Buyers, suppliers, freight companies, counterparties and contacts added into the Service by our customers.
We generally do not target or contract with individuals in a personal, domestic or household capacity.
3. What Personal Information We Collect
3.1 Account and Contact Details
- Names and titles
- Business names and ABNs (where applicable)
- Email addresses
- Phone numbers
- Business postal or physical addresses
- User names and profile information
3.2 Login and Usage Information
- Login identifiers and authentication tokens
- Role and permissions within an organisation (for example, owner, manager, operator, truck driver)
- Audit information about access to and changes within the Service (for example, who created or edited a contract or load)
- Device, browser and technical information (for example, IP address, device type, operating system, app version)
- Push notification tokens and notification preferences where notifications are enabled
3.3 Location, Paddock and Operational Data
In order to provide the Service, we may process:
- Paddock names, identifiers and approximate locations
- Shed and storage locations and capacity details
- Buyer locations or distances from farm
- Depot, grain storage, fertiliser storage, truck, route and delivery information
- Information about loads, deliveries, routes and related scheduling
- RFID, sensor or scanning data associated with bales, loads, trucks or other operational records where you choose to integrate such devices
This information may, in some cases, be linked to an identifiable person (for example, a driver or buyer contact) and can therefore constitute personal information.
3.4 Payment and Billing Information
- Billing contact details
- Business payment preferences and records of invoices and payments
- If you pay via card or direct debit, limited payment information such as the last few digits of a card number or tokenised information provided by our payment processor
We do not generally store full payment card details; these are handled by our third-party payment provider.
3.5 Photos and User Content
- Photos captured or uploaded as part of weight tickets, load documentation, or feed test records
- User-generated content entered into the Service (for example, notes, descriptions, contract details)
3.6 Support, Communications and Feedback
- Information you provide when contacting support
- Content of emails and in-app messages sent to us
- Survey responses, feedback and feature requests
4. How We Collect Personal Information
We may collect personal information:
- Directly from you when you sign up, configure tenants, create users or enter data into the Service;
- From your employer or organisation, if they create an account for you or designate you as a contact;
- Automatically when you use the Service, via logs, cookies, SDKs and similar technologies; and
- From third parties where permitted, such as Xero, Google services, app stores, payment processors, integration partners, device providers or publicly available business sources.
5. Why We Collect, Use and Disclose Personal Information
5.1 Providing and Operating the Service
- Creating and managing accounts, tenants and user profiles
- Enabling you to record and manage hay, grain and fertiliser inventory, paddocks, sheds, depots, contracts, tickets, loads, freight and related workflows
- Displaying allocations, dashboards, warnings and historical records
- Integrating with third-party services and devices where you choose to connect them, including Xero and mapping services
5.2 Communicating With You
- Sending service-related communications, such as onboarding information, feature updates and security notices
- Responding to support requests and resolving technical issues
- Sending administrative notifications about billing, renewals and changes to our terms or policies
5.3 Improving and Securing the Service
- Monitoring usage patterns to troubleshoot, maintain and improve performance
- Developing new features and functionality
- Conducting analytics on a de-identified or aggregated basis
- Detecting, investigating and preventing fraud, misuse and security incidents
5.4 Marketing (Business-to-Business)
We may use contact details of business representatives to send you information about new features, farm management tips or offers relevant to our Service, and to invite you to events, surveys or product research.
You can opt out of direct marketing communications at any time by using the unsubscribe facility or contacting us.
5.5 Legal and Compliance
- Complying with our legal obligations
- Responding to lawful requests from regulators, law enforcement or courts
- Enforcing our agreements and managing disputes
6. Legal Bases for Handling Personal Information
Although Australian privacy law does not require us to specify "legal bases" in the same way as some overseas laws, in practice we generally rely on:
- Your consent (for example, where you agree to marketing communications);
- Necessity for the performance of our contract with you or your organisation; and
- Our legitimate interests in operating, improving and securing the Service, in a way that is balanced with your privacy rights.
7. Disclosure of Personal Information
We may disclose personal information to:
- Our employees and contractors who need it to operate the Service and support you
- Hosting, infrastructure and platform providers (for example, cloud providers and database services)
- Payment processors
- App stores and platform providers
- Email, messaging and analytics providers
- Integration partners and device providers you choose to connect (for example, Xero, Google Maps, RFID hardware or third-party apps)
- Other users, organisations or counterparties where your organisation uses invite, sharing, buyer, supplier, freight or collaboration features
- Professional advisers (for example, lawyers, accountants, insurers)
- Potential purchasers of our business or assets, subject to appropriate confidentiality protections
We may also disclose personal information where required or authorised by law, or with your consent.
8. Overseas Disclosure and Data Location
Our infrastructure and service providers may be located in, or may process personal information from, countries outside Australia. These may include data centres or service providers in the United States, the European Union or other regions.
Where we disclose personal information overseas, we will take reasonable steps to ensure that the recipient will handle it in a manner consistent with the APPs or otherwise in accordance with applicable law and this Privacy Policy.
9. Cookies, Analytics and Similar Technologies
We may use cookies, local storage, SDKs and similar technologies to operate the website and Service, remember preferences, authenticate sessions, improve performance, diagnose issues and understand usage.
We do not use personal information for third-party advertising tracking unless this Privacy Policy and any applicable app store disclosures are updated and any required consent is obtained.
10. Data Security
We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure, including by:
- Using reputable cloud hosting and database providers
- Encrypting data in transit, and where appropriate, at rest
- Implementing role-based access controls and authentication
- Maintaining audit logs for key actions within the Service
- Limiting access to personal information to personnel who need it for their work
However, no method of transmission or storage is completely secure. You are also responsible for maintaining the security of your devices, networks and login credentials, and promptly notifying us if you become aware of any actual or suspected compromise of your account.
11. Data Retention
We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy or as required by law, including:
- For the duration of your organisation's subscription
- For a period after termination to allow data export, account reactivation, backup expiry or dispute management
- For longer periods where we are legally required to retain certain records
We may retain and use aggregated, de-identified data (which does not identify individuals) for analytics, benchmarking and improving our services.
12. Access and Correction
You can generally access and update certain personal information directly via your account settings in the Service.
You may also request access to, or correction of, personal information we hold about you by contacting us at lou@agristackapp.com.
We may need to verify your identity before fulfilling your request. In some cases, we may refuse access or correction as permitted or required by law. If we refuse your request, we will tell you why (unless it is unreasonable to do so) and explain how you can complain.
13. Data Deletion
You may request deletion of your personal information by contacting us at lou@agristackapp.com. We will process your request in accordance with applicable law. Some information may be retained where we have a legal obligation or legitimate need to do so (for example, financial records required for tax or audit purposes).
14. Data Breaches
We maintain a data breach response process to identify, contain, assess, remediate and document suspected data breaches. If the Notifiable Data Breaches scheme applies and an eligible data breach is likely to result in serious harm, we will notify affected individuals and the OAIC as required by law.
15. Third-Party Services and Links
The Service may contain links or integrations to third-party websites, apps or services, including Xero, Google Maps, app stores, payment processors, RFID or device providers. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before using them.
16. Children
The Service is intended for use by businesses and adult professionals. It is not directed to children and we do not knowingly collect personal information from individuals under 18 years of age in a personal capacity.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will take reasonable steps to notify you, such as by email or via the Service.
The updated Privacy Policy will be effective from the date specified in the notice. Your continued use of the Service after that date will constitute acceptance of the updated policy.
18. Contact Us and Complaints
If you have any questions about this Privacy Policy, or wish to request access to, correction or deletion of your personal information, please contact us:
Email: lou@agristackapp.com
If you have a complaint about how we have handled your personal information, please contact us with full details. We will investigate and respond to your complaint within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).