Skip to main content

Privacy Policy

Last updated: 15 March 2026

1. Introduction

AgrSync Ltd (“AgrSync”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal data when you visit our website at agrsync.com, use our mobile applications, or interact with our farm management platform (collectively, the “Services”).

AgrSync Ltd is a company registered in England and Wales (company number 12345678), with its registered office at 12 Bootham Row, York, YO30 7BZ, United Kingdom. We are the data controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

If you have any questions about this Privacy Policy, please contact our Data Protection Officer at privacy@agrsync.co.uk or write to us at the address above.

2. Data We Collect

We collect personal data in the following ways:

2.1 Information You Provide Directly

  • Account registration: Full name, email address, phone number, farm name, farm address, company name, and password.
  • Demo and contact forms: Name, email, phone, farm size, farm type, county, and any messages you send us.
  • Payment information: Billing address, VAT number, and payment card details (processed securely through Stripe; we do not store full card numbers on our servers).
  • Farm data: Field boundaries, crop records, livestock records, financial data, yield data, soil analyses, SFI compliance documentation, and other farm management information you enter into the platform.
  • Communications: Emails, support tickets, chat messages, and phone call records when you contact our team.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent on pages, click patterns, and navigation paths within our platform.
  • Device information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Location data: Approximate location derived from your IP address. We may also collect precise GPS coordinates if you enable location services for field mapping features.
  • Cookies and tracking technologies: We use cookies, web beacons, and similar technologies as described in our Cookie Policy.

2.3 Information from Third Parties

  • Satellite and mapping providers: We receive satellite imagery and geospatial data from third-party providers to support field mapping, NDVI analysis, and crop monitoring features.
  • Government and regulatory data: Publicly available data from Defra, the Rural Payments Agency (RPA), and the Environment Agency to support SFI compliance tools.
  • Analytics providers: Aggregated analytics data from services such as Google Analytics and Hotjar (configured to anonymise IP addresses).

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service provision: To create and manage your account, provide our farm management platform, process transactions, and deliver the features you subscribe to.
  • Communication: To respond to your enquiries, send booking confirmations, deliver important service updates, and provide customer support.
  • Personalisation: To tailor content, recommendations, and features to your farm type, region, and usage patterns.
  • Analytics and improvement: To understand how our Services are used, identify areas for improvement, and develop new features.
  • Marketing: To send you marketing communications about our products and services where you have consented or where we have a legitimate interest (you can opt out at any time).
  • Legal compliance: To comply with applicable laws, regulations, and legal processes, including UK GDPR, tax and accounting obligations, and agricultural reporting requirements.
  • Security: To detect, prevent, and address fraud, unauthorised access, and other security issues.

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract performance (Article 6(1)(b)): Processing necessary for the performance of our contract with you, including providing the Services and managing your account.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and conducting direct marketing to existing customers.
  • Consent (Article 6(1)(a)): Where you have given specific consent, such as opting in to marketing emails or enabling optional analytics cookies.
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with our legal obligations, such as tax and financial reporting requirements.

5. Who We Share Your Data With

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers: Cloud hosting (AWS EU-West-2, London), payment processing (Stripe), email delivery (SendGrid), analytics (Google Analytics, configured for IP anonymisation), and customer support tools (Intercom).
  • Professional advisers: Lawyers, accountants, and auditors where necessary for the administration of our business.
  • Regulatory bodies: Where required by law, we may disclose data to HMRC, the ICO, Defra, or other regulatory authorities.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred to the acquiring entity.

All third-party service providers are contractually required to protect your data and process it only in accordance with our instructions and applicable data protection law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data: Retained for the duration of your account, plus 12 months after account closure to allow for reactivation and to comply with legal obligations.
  • Farm data: Retained for the duration of your account. Upon account closure, you may request an export of all your farm data before deletion.
  • Financial records: Retained for 7 years in accordance with HMRC requirements.
  • Marketing data: Retained until you unsubscribe or withdraw consent.
  • Contact form submissions: Retained for 24 months from the date of submission.
  • Anonymised analytics data: May be retained indefinitely as it is no longer personal data.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Regular security audits and penetration testing by independent third parties.
  • Access controls and authentication measures, including multi-factor authentication for all staff accessing personal data.
  • Regular staff training on data protection and information security.
  • Incident response procedures and breach notification processes as required by UK GDPR.
  • Data hosted exclusively within the United Kingdom (AWS EU-West-2, London) unless otherwise stated.

8. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the ICO.
  • Transfers to countries with an adequacy decision from the UK Government.
  • Binding Corporate Rules where applicable.

Currently, limited data may be processed in the European Economic Area (EEA) by our satellite imagery providers. The EEA is considered adequate by the UK Government.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your data in certain circumstances (“right to be forgotten”).
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling.

To exercise any of these rights, please contact our Data Protection Officer at privacy@agrsync.co.uk. We will respond within one month of receiving your request, as required by UK GDPR.

10. Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before taking effect. The “last updated” date at the top of this page indicates when this policy was last revised.

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first at privacy@agrsync.co.uk so we can try to resolve your concern directly.

13. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact:

  • Data Protection Officer: privacy@agrsync.co.uk
  • General enquiries: hello@agrsync.co.uk
  • Post: AgrSync Ltd, 12 Bootham Row, York, YO30 7BZ, United Kingdom