Provider: Lou John White trading as AgriStack (ABN 73 180 037 675)
Contact: lou@agristackapp.com
1. Platform architecture
AgriStack uses Firebase Authentication, Cloud Firestore, Firebase Storage, Cloud Functions, Firebase Cloud Messaging, Google Maps/Geocoding, payment processors, Xero APIs and app store platform services to operate the Service.
2. Data processed
The Service may process account details, organisation records, farm and location data, inventory, contracts, tickets, loads, freight, driver and counterparty records, uploaded files, audit logs, billing status, support and diagnostics information.
3. Access controls
AgriStack uses role-based access controls within customer Tenants. Customer administrators are responsible for managing their own users, roles and permissions.
4. Authentication and encryption
User authentication is provided through Firebase Authentication. Data is transmitted using HTTPS/TLS where supported by the relevant platform and third-party services. Managed cloud providers generally apply encryption at rest to hosted storage and database services.
5. Customer data segregation
Customer records are associated with Tenants or organisation identifiers. Firestore rules and application access controls are intended to limit access to authorised users and approved sharing workflows.
6. Logging and monitoring
The Service may maintain authentication records, audit logs, operational logs, Cloud Function logs, payment/webhook logs and security-relevant event records. Logs may contain personal information and are access-controlled.
7. Backups, retention and deletion
Operational data may be retained in active systems and provider-managed backups. Customer Data retention after termination will follow the SaaS Subscription Agreement and operational deletion capability.
8. Incident response
AgriStack maintains a process to identify, contain, investigate, assess, remediate and document suspected security incidents and data breaches. Where required, AgriStack will assess whether notification to customers, affected individuals or regulators is required.
9. Customer responsibilities
Customers are responsible for lawful data collection, role management, user training, physical stock and contract verification, secure devices and networks, exports, connected third-party services and required notices or consents.