Privacy Policy
How FarmFlow handles your personal information, and the rights you have under the New Zealand Privacy Act 2020.
Contents
1. Who we are
FarmFlow is a dairy farm management web application built and operated by the FarmFlow team, based in New Zealand. We provide software-as-a-service to dairy farmers and their teams under the farmflow.co.nz domain.
When this policy says "we", "us", or "FarmFlow", it means the FarmFlow team. The agent for any privacy enquiries is listed in section 12.
2. What we collect
The personal information we collect depends on how you use the service.
2.1 Visitors to farmflow.co.nz
Our marketing site does not load any third-party analytics, tracking pixels, advertising networks, or social-media trackers. The Netlify edge that serves the site logs basic request data (IP address, request path, timestamp, user agent) for its own infrastructure operations — we do not use those logs and they are managed under Netlify's own privacy practices.
2.2 People who request a free trial or contact us
Our trial-signup form collects: your name, email address, phone number (optional), farm address (optional), and farm name (optional). Our contact form collects your name, email, and the message you send.
2.3 Registered users of the application
Once you sign up for an account at app.farmflow.co.nz, we collect and store everything you enter into the application as part of running your farm. This includes (but is not limited to):
- Account details: name, email, hashed password, role, last-login timestamp.
- Farm details you record: paddock layouts, grazing records, milk production, cow herd information, supplement inventory.
- Employee records you record: names, addresses, phone numbers, pay rates, timesheets, payroll calculations, leave balances. If you choose to record employee bank or tax (IRD) details inside FarmFlow, those are stored too.
- Health & Safety: incidents, hazards, chemicals, inspections, training.
- Finance: account categories, transactions, balance-sheet items.
- Files you upload: spreadsheets, CSVs, fertiliser map PDFs, your own backup files.
2.4 Information collected automatically while you use the service
- Login events: timestamp, IP address, approximate geographic location derived from the IP, user-agent string of your browser.
- An audit log of significant actions you take within the app (e.g. permanently destroying a farm, restoring a backup).
- Session cookies (see section 10).
3. Why we collect it
We collect personal information for the following purposes, and no others:
| Information | Purpose |
|---|---|
| Email address | To create your account, verify it, send account and security notifications, and reset your password. |
| Name + farm name | To personalise the application and to address you when we email you. |
| Phone number (optional) | So we can contact you about your trial or onboarding if email fails. |
| Hashed password | To authenticate your login attempts. We never store passwords in plain text. |
| IP + location + user-agent on login | To detect suspicious logins (e.g. from a country you have never used before) and warn you, and to apply rate limits that block credential-stuffing attacks. |
| Farm operational data you enter | To run the application — that is the product you signed up for. |
| Employee personal data you enter | To run payroll, rostering, timesheet and leave features for your farm. You are responsible for telling your employees that you are using FarmFlow to handle their data. |
| Audit log of significant actions | To investigate incidents, to detect abuse, and to support compliance enquiries. |
4. Where it's stored
Your information is stored across a small number of carefully chosen services:
| Service | Where | What's stored there |
|---|---|---|
| Railway | Singapore (asia-southeast1) | The application and the primary PostgreSQL database where all account and farm data lives, including backups. |
| Resend | United States | Transactional emails we send you (verification, password reset, suspicious-login alerts). Resend processes the email content and recipient address. |
| Netlify | Global CDN | The static marketing site at farmflow.co.nz (no personal data). |
| cron-job.org | Germany | Triggers the daily backup job. Sees only an authentication header, not your data. |
5. How long we keep it
- Active account data: for as long as you continue to use FarmFlow.
- Free-trial accounts: 30 days from signup. After expiry we may delete the account if you have not converted to a paid plan (currently FarmFlow is free during beta; trial expiry is a placeholder).
- Per-farm backups: up to 30 daily snapshots per farm are kept; oldest are automatically pruned. These are stored inside the same primary database as your live data.
- Audit log + login log: we currently retain these for the lifetime of your account; we are introducing a 12-month retention window.
- Deleted farms: when you move a farm to trash, all data stays recoverable until you permanently destroy it. When you permanently destroy a farm, every record connected to that farm — including all backups — is removed within the same transaction.
- Email logs at Resend: Resend retains delivery metadata according to its own retention policy (typically 30-90 days).
6. Who has access
- You (and any team members you invite, scoped to the permissions you set).
- The FarmFlow team operating the platform — for support, debugging, and platform operations. This access is logged in the audit log.
- Railway support staff, if we open a support ticket that requires them to look at the database. We will do this only when there is no other way to resolve a problem.
- Resend, for the limited purpose of delivering the emails we ask it to send.
- We do not sell, rent, or trade your personal information to anyone.
- We do not use your farm data to train AI or machine-learning models, and we will ask for your explicit opt-in consent if we ever want to.
7. Overseas disclosure
Under Information Privacy Principle 12 of the New Zealand Privacy Act 2020 we have to tell you when your personal information leaves New Zealand. As section 4 sets out, your information is stored on infrastructure located in Singapore (Railway), the United States (Resend), Germany (cron-job.org), and globally distributed (Netlify CDN, no personal data).
We rely on each of these providers' contractual commitments to handle data to a standard comparable to the Privacy Act. By using FarmFlow you accept that your information will be processed in those jurisdictions.
8. How we protect it
We apply the safeguards required by Information Privacy Principle 5:
- All web traffic is encrypted with TLS (HTTPS).
- The HSTS preload list is requested for our domain, so browsers refuse plain-HTTP connections.
- Passwords are stored only as a salted scrypt hash — even we cannot read them.
- Accounts lock for 15 minutes after 5 failed login attempts.
- Login attempts are rate-limited per IP to make credential-stuffing attacks impractical.
- We log a separate audit entry for every significant administrative action (backup, restore, destroy, permission change).
- Daily backups protect against data loss.
- Database access requires authentication via Railway-managed secrets that are not stored in source code.
- HTTP responses include the standard set of security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, Strict-Transport-Security).
No system is perfect. If we ever experience a security incident that is likely to cause you serious harm, we will notify you and the Office of the Privacy Commissioner as required by the Privacy Act (within 72 hours of becoming aware of the incident).
9. Your rights
The Privacy Act 2020 gives you the following rights. We honour them all:
- Right of access (IPP 6): you can ask for a copy of all the personal information we hold about you. Owners can download a complete JSON export of their farm via the "Backup" button in Settings; if you want the data in a different format, email us.
- Right of correction (IPP 7): you can edit any information you have entered, directly inside the application. If you cannot reach a field, email us.
- Right of deletion: you can permanently destroy your farm (and all data tied to it) from Settings. Once destroyed, the data cannot be recovered.
- Right to complain: if you are unhappy with how we have handled your personal information, you can complain to us (section 12) and to the Office of the Privacy Commissioner on 0800 803 909 or via their online form.
10. Cookies
We use the minimum cookies needed to operate the service:
| Cookie | Purpose | Lifetime |
|---|---|---|
session |
Stores your signed-in session. HttpOnly, Secure, SameSite=Lax. | Up to 31 days (we are tightening this to 7 days). |
remember_token |
Keeps you logged in across browser restarts if you ticked "remember me". | Up to 31 days. |
ff_prefer_full |
Remembers whether you prefer the full desktop app or the mobile view. | Indefinite (you control via UI). |
We do not use cookies for advertising, analytics, or cross-site tracking. The marketing site at farmflow.co.nz does not set any cookies of its own.
11. Changes to this policy
We will update this policy when we change what we collect, how we use it, or who we share it with. Material changes will be announced via email to registered users at least 14 days before they take effect.
12. Contact us
For privacy enquiries, data-access requests, or correction requests:
- Email: privacy@farmflow.co.nz
- Privacy officer: FarmFlow team
- Postal address: available on request
If we cannot resolve your concern, you can complain directly to the Office of the Privacy Commissioner: privacy.org.nz · 0800 803 909