Privacy Policy

1. Who we are

AgriAI KE Limited (in registration) ("AgriAI", "we", "us", "our") provides a mobile-first farm-management service to farmers in Kenya. For the purposes of the Data Protection Act, 2019, we are the data controller for the personal data described in this policy.

Our operations are based in Subukia, Nakuru County, Kenya. We are in the process of establishing a parent company in Amsterdam, the Netherlands; once it is incorporated we will update this policy with its details and its role. You can contact us about your privacy or your data, or to exercise your rights, at hello@agrikeai.com.

2. Data we collect

We collect only the data we need to run the service for you:

• •Account details — your name, email address, phone number, and a securely hashed password.
• •Farm details — farm name, county, size, and any exporter you choose to link to.
• •Agronomic records you enter — crops, planting and harvest dates, tasks, expenses, and farmer-reported market prices.
• •Crop photos you upload for AI diagnosis.
• •Farm plot geolocation — the coordinates and boundaries you capture when mapping a plot.
• •Worker records you add about people who work on your farm.
• •Phone-verification data — one-time passcodes (OTP) used to confirm your number.
• •Device and usage data — app interactions and error/diagnostic logs (via Sentry) used to keep the service working.

If you add records about your workers, you are responsible for informing them and for having a lawful basis to do so.

3. Why we use it and our legal basis

We use your data to:

• •Deliver the service you ask for — running your farm records, AI tools, and dashboards.
• •Provide community disease early-warning, using anonymized and aggregated data so farmers in an area can be alerted to outbreaks.
• •Improve our AI models, using anonymized data.
• •Provide exporter compliance visibility — but only where you choose to link your farm to an exporter.

Our legal basis depends on the purpose. We process your data to perform the service you ask for; with your consent where we request it (for example, optional research and model-improvement use); and in our legitimate interest in keeping the service secure and improving it. Where we rely on consent, you can withdraw it at any time.

4. How we share it

We do not sell personal data. We share data only as follows:

• •Exporters you link to. If you link your farm to an exporter, we share your farm's identifiable compliance data — including tasks, input use, and scan history — with that exporter. This data is not anonymized; the exporter can see that it is your farm.
• •Service providers who help us run the service — Supabase (database and hosting, in the EU), Sentry (error monitoring), Safaricom / M-Pesa (payments), and our SMS/OTP provider. They may only process your data on our instructions.
• •Research and academic partners — only anonymized and aggregated data that cannot identify you or your farm.
• •Authorities — where we are required to by law, or to protect rights and safety.

5. Cross-border transfer of your data

Our database and hosting are provided by Supabase on servers in the European Union (Frankfurt, Germany). This means your data is processed outside Kenya, within the EU.

We make these transfers in line with the Data Protection Act, 2019 — relying on appropriate safeguards for international transfers and/or your consent. The European Union is widely recognised as providing a high standard of data protection.

6. How long we keep it

We keep your data while your account is active, and for 24 months after closure, except where the law requires us to keep it longer (for example, tax and accounting records). When we no longer need data, we delete or anonymize it.

7. Your rights

Under the Data Protection Act, 2019, you have the right to:

• •be informed about how your data is used;
• •access the data we hold about you;
• •correct data that is wrong or incomplete;
• •have your data erased;
• •object to how we process your data;
• •data portability — receive your data in a usable format;
• •withdraw consent at any time, without affecting processing already carried out.

To exercise any of these rights, email hello@agrikeai.com. We will respond within the timelines set by law.

8. How we protect your data

We protect your data with row-level security in our database, encryption of data in transit (TLS), hashed passwords and one-time passcodes, and access restricted to those who need it. No system is perfectly secure, but we work to protect your data and to fix problems quickly.

9. Children

AgriAI is intended for adult farmers (18 and over). It is not directed at children, and we do not knowingly collect data from anyone under 18. If we become aware that someone under 18 has registered, we will delete the account and associated data.

10. Data breaches

If a data breach occurs that is likely to harm your rights, we will notify the Office of the Data Protection Commissioner (ODPC) within 72 hours where the law requires, and we will tell you where we are required to.

11. Complaints

If you believe we have mishandled your data, please contact us first at hello@agrikeai.com. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC):

Website: www.odpc.go.ke · Address: Britam Towers, Upper Hill, Nairobi.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, tell you in the app.