Privacy

The short version

Every.Farm is a research-driven decision-support platform built with public grant funding. We collect only what we need to run your account and the analyses you ask for. We don't sell data, we don't run ads, and we don't share your farm data with anyone outside the people you've invited to your farm.

Who runs Every.Farm

Every.Farm is operated by Orbitist LLC in collaboration with the Cornell AgriTech Cornell Lake Erie Research and Extension Laboratory (CLEREL). Development has been supported by the NASA Acres consortium, USDA-NIFA, the Cyber-Agricultural Intelligence and Robotics Laboratory (CAIR), the New York Wine and Grape Foundation, and the National Grape Research Alliance.

What this marketing site (every.farm) collects

If you accept the cookie banner, Google Analytics 4 records:

• Pages you visit on every.farm
• How you arrived (search, direct link, referral, etc.)
• Approximate location (country and region — never a street address)
• Device, browser, and screen size
• Whether you click through to app.every.farm or crops.every.farm

IP addresses are anonymized before being sent to Google. If you decline, no analytics cookies are written and Google receives no pageview from you — the site keeps working normally. You can change your choice at any time: Re-open consent banner

The contact form on /contact/ is processed by Formspree. Your name, email, organization (optional), and message are forwarded to our team's inbox. We retain submissions only as long as needed to respond. See Formspree's privacy policy for their handling.

What the app (app.every.farm) collects

When you create an account and use the application, we store the information needed to provide the service:

• Account information: the email address you sign up with, your display name, and authentication credentials. Passwords are never stored by Every.Farm — they're handled entirely by Google's Firebase Authentication service.
• Farm and field content: the farms, blocks, field boundaries, datasets, folders, log entries, photos, and notes that you (or people you've invited) create inside the app. This is your data — you own it.
• Collaborator information: if you invite a collaborator, we store their email address and the role you assigned them so the right level of access can be applied.
• Operational metadata: creation and update timestamps, the user ID associated with each change, and the farm a record belongs to. This is what allows audit trails, permissions, and "who edited this last" features to work.
• Application logs: standard server logs from our hosting provider record requests, error traces, and performance metrics. These are retained on a short rolling window for debugging and abuse prevention, then discarded.

We do not collect: government IDs, payment card numbers, banking details, social security numbers, or health data. The platform is currently free to use, so there is no billing information involved.

Satellite imagery and external data

Every.Farm pulls satellite imagery and reference data from public archives operated by government agencies and research partners, including ESA Copernicus (Sentinel-1, Sentinel-2), NASA / USGS (Landsat, HLS, MODIS), USDA (NAIP, gNATSGO soils), and USGS (3DEP elevation), accessed through Microsoft Planetary Computer and Element 84's Earth Search. Imagery is fetched on demand for the area of your block — only the bounding-box coordinates of your block, the date range you request, and the index you asked for are sent to those services. No personally identifiable information leaves the platform during these requests.

How we use your data

We use the information above only to:

• Provide the application's features (mapping, datasets, analyses, sharing).
• Authenticate you and apply the access permissions you and your collaborators have set.
• Diagnose problems, prevent abuse, and improve performance.
• Send you essential service messages (e.g. password reset emails). We do not send marketing emails from the app.
• With your permission, learn from de-identified aggregate usage to improve the platform — for example, knowing how often a feature is used in total, never tied back to an individual farm.

Who can see your farm data

Inside the application, your farm data is private to your farm. It is visible only to:

• You, the farm owner.
• People you have explicitly invited to your farm, in the role you assigned them.
• A small number of Every.Farm staff who, under strict access controls, may need to view a record to provide support or investigate a reported problem — and only when necessary.

We never sell your data, never share it with advertisers, and never use it to train external machine-learning models without your explicit, written consent.

How we protect your data

Every.Farm is built on Google Cloud's Firebase platform, which provides industry-standard security controls. In broad terms:

• All traffic between your device and our servers is encrypted in transit (HTTPS / TLS).
• Data is encrypted at rest by the underlying cloud platform.
• Access to your records is enforced by server-side authorization rules — not by what the client app chooses to show.
• Authentication is handled by Google's Firebase Authentication service; passwords are stored as salted hashes by Google, never seen or stored by Every.Farm.
• The number of staff with elevated access is minimized, and elevated access is logged.

No platform on the open internet can guarantee perfect security, but we follow modern best practices and review our implementation regularly. If you believe you have found a security issue, please report it privately via the contact form — we'll respond and credit responsible disclosures.

Cookies and local storage

On the marketing site, GA4 sets cookies named _ga and _ga_* only after you accept the consent banner; they expire after 24 months. The application uses cookies and local browser storage that are strictly necessary to keep you signed in and remember your in-app preferences (such as which tab you had open). We do not set advertising or cross-site tracking cookies in either context.

Data retention

We keep your account and farm data for as long as your account is active. If you delete a farm, blocks, datasets, or other records inside the app, they are removed from the active database; some deleted records may be retained briefly in encrypted backups before they age out, and audit-log entries (who deleted what, when) may be kept longer for security and accountability. If you want your account fully deleted, including any retained backups where technically possible, contact us via the contact form.

Your rights

Regardless of where you live, you can:

• Access and export your farm and block data through the application.
• Correct or update your account information.
• Request that your account and associated data be deleted.
• Withdraw consent for analytics on this marketing site at any time.

If you are in the EU, UK, or California, you also have the rights afforded by GDPR / UK-GDPR / CCPA — including the right to lodge a complaint with your local data-protection authority. The legal basis we rely on for processing is normally performance of a contract (operating the service you signed up for) or your explicit consent (e.g. analytics cookies).

International transfers

Our cloud infrastructure is hosted primarily in the United States. If you access Every.Farm from outside the United States, your information will be processed in the United States. We rely on Google Cloud's standard contractual clauses where applicable.

Service providers (sub-processors)

The platform relies on a small set of trusted vendors:

• Google Cloud / Firebase — application hosting, authentication, database, file storage, serverless functions.
• Google Analytics 4 — anonymous usage analytics on this marketing site (only with your consent).
• Microsoft Planetary Computer and Element 84 Earth Search — public satellite imagery archives accessed on demand.
• Mapbox — map rendering inside the application. Mapbox sees only the map tiles your browser requests; it does not see your underlying farm data.
• Formspree — processes the marketing-site contact form.

Each vendor is bound by its own published privacy policy, and we chose them in part for their privacy posture.

Children's privacy

Every.Farm is intended for use by adults running agricultural operations and by researchers. We do not knowingly collect information from children under 13. If you believe a child has created an account, please contact us so we can remove it.

Changes to this policy

We may update this policy from time to time as the platform evolves. The "Last updated" date at the top of this page reflects the most recent change. Material changes that affect how your existing data is handled will be communicated to active users by email or in-app notice before they take effect.

Contact

Questions about privacy, data handling, or a request to exercise your rights? Reach us through the contact form and your message will land with the team.