Privacy Policy
# DairyCraftPro Privacy Policy
**Last Updated: November 17, 2025**
—
## 1. Introduction
DairyCraftPro (“we,” “us,” “our,” or “Company”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our dairy production management application (“the App,” “Service,” or “Platform”).
**Please read this Privacy Policy carefully.** By accessing or using DairyCraftPro, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.
### 1.1 Who We Are (Data Controller)
**Data Controller:**
– **Company Name:** DairyCraftPro
– **Email:** info@dairycraftpro.com
– **Mailing Address:** Calle H #3, Cerros de Gurabo, Santiago, Dominican Republic 51000
### 1.2 Scope of This Policy
This Privacy Policy applies to all users of DairyCraftPro, including:
– Individual account holders (Free, Premium, and Corporate subscribers)
– Team members (Corporate plans)
– Website visitors
– Anyone who interacts with our services
### 1.3 Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time. We will notify you of any material changes by:
– Posting the updated Privacy Policy on our website and within the App
– Sending an email notification to your registered email address
– Displaying a prominent notice within the App
**Effective Date of Changes:**
– Material changes will become effective **30 days** after notification
– Non-material changes become effective immediately upon posting
– The “Last Updated” date at the top of this policy reflects the most recent revision
**Your Continued Use:**
Your continued use of the App after the effective date of changes constitutes your acceptance of the updated Privacy Policy.
—
## 2. Legal Basis for Processing (GDPR and Data Protection Laws)
We process your personal data based on the following legal grounds under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws:
### 2.1 Consent (Article 6(1)(a) GDPR)
– You provide explicit consent when creating an account and accepting this Privacy Policy
– You consent to receive marketing communications (which you can withdraw at any time)
– You consent to the use of cookies (which you can manage through your preferences)
### 2.2 Performance of a Contract (Article 6(1)(b) GDPR)
Processing is necessary to:
– Provide the services you have requested (production management, HACCP tools, reports, etc.)
– Create and maintain your user account
– Process your subscription payments
– Provide customer support
### 2.3 Compliance with Legal Obligations (Article 6(1)(c) GDPR)
Processing is necessary to:
– Comply with tax and accounting regulations
– Comply with legal record-keeping requirements
– Respond to lawful requests from government authorities
– Comply with court orders or legal processes
### 2.4 Legitimate Interests (Article 6(1)(f) GDPR)
Processing is necessary for our legitimate interests, such as:
– Improving and optimizing the App’s functionality and user experience
– Detecting and preventing fraud, security threats, and abuse
– Conducting analytics to understand usage patterns
– Sending service-related communications (non-marketing)
– Enforcing our Terms and Conditions
We have conducted a balancing test to ensure that our legitimate interests do not override your rights and freedoms.
### 2.5 Your Right to Object
You have the right to object to processing based on legitimate interests. To exercise this right, contact us at info@dairycraftpro.com.
—
## 3. Information We Collect
### 3.1 Personal Information You Provide
When you create an account or use our services, we collect the following personal information:
**Account Registration Information:**
– **Email address** (required)
– **Password** (required, stored as bcrypt hash – we never see your actual password)
– First name (optional)
– Last name (optional)
– Company name (optional)
– Profile picture (optional, maximum 5MB, formats: JPEG, PNG, GIF, WebP)
– Telephone number (optional)
– Country of residence (optional)
**Google OAuth Authentication (if you sign in with Google):**
– Email address
– Full name
– Profile picture URL
– Google user ID
When you use Google OAuth, Google shares this information with us in accordance with your Google account settings and Google’s privacy policy.
**Account Settings and Preferences:**
– Timezone preference
– Language preference (English/Spanish)
– Parameter preference (Metric/Imperial units)
– Email notification preferences
**Subscription and Billing Information:**
– Subscription plan selection (Free, Premium, Corporate)
– Subscription status (active, trial, cancelled, expired)
– Free trial usage
– Lemon Squeezy customer ID (assigned by payment processor)
– Lemon Squeezy subscription ID
– Lemon Squeezy order ID
– Invoice history and transaction records
– Pending subscription changes
– Subscription expiry dates
**Note:** We do **not** collect or store your credit card information, billing address, or payment details. All payment information is collected and processed directly by **Lemon Squeezy**, our third-party payment processor (see Section 5.2).
### 3.2 Production and Business Data
As a dairy production management platform, we collect and store the following business and operational data you input:
**Milk Reception Data:**
– Supplier information (names, contact details, delivery schedules)
– Milk volume and quality metrics
– pH levels
– Bacterial counts (total plate count, coliforms, somatic cell counts)
– Temperature data
– Date and time of reception
– Corrective actions taken
– Quality test results
**Production Batch Information:**
– Product types (cheese, yogurt, milk)
– Batch numbers and lot numbers
– Production dates and times
– Ingredient calculations (rennet, cultures, salt, preservatives)
– Process control data (pasteurization temperatures/times, cooling data)
– Yield calculations
– Equipment numbers and refrigerator identifiers
– Expiration dates and maturation periods
– VAT numbers
– Production notes and observations
**HACCP Compliance Data:**
– Critical control point (CCP) configurations
– Temperature and time monitoring data
– pH ranges and limits
– Bacterial count limits
– Compliance status (pass/fail)
– Corrective actions and QA reviews
– Equipment sanitization records
– HACCP compliance reports
**Quality Control Metrics:**
– Fat content
– Protein content
– Moisture levels
– Quality ratings (1-5 scale)
– Sensory evaluation notes
**Supplier Management Data:**
– Supplier names and contact information
– Delivery schedules and performance tracking
– Supplier quality metrics
– Supplier notes and relationships
### 3.3 Team Management Data (Corporate Plans Only)
If you have a Corporate subscription and create team member accounts:
**Team Member Information:**
– Team member email addresses
– Team member names
– Role assignments (admin, user, teamuser)
– Granular permission settings (access to specific features)
– Account relationships (account owner linkage)
– Team member creation date and created by user ID
**Team Activity Logs:**
– Actions performed by team members
– Timestamps of activities
– User agent information (browser and device used)
– Action descriptions (e.g., “created production batch,” “edited milk reception”)
### 3.4 Automatically Collected Information
When you access or use the App, we automatically collect the following information:
**Authentication and Session Data:**
– OAuth2 access tokens (JWT tokens, 15-day expiration)
– Refresh tokens (30-day expiration)
– Token creation and expiration timestamps
– Last login date and time
– Email verification status
– Account active/inactive status
**Cookies and Browser Storage:**
– Authentication cookie (“token”) containing your JWT token (15-day expiration)
– Cookie acceptance status (stored in localStorage: “cookiesAccepted”)
– Session storage data (AI chat history, 24-hour expiration)
– User preferences and settings
**Log Data and Analytics:**
– IP addresses (for security, fraud prevention, and server diagnostics)
– Browser type and version
– Operating system
– Device type (desktop, mobile, tablet)
– Access times and dates
– Pages viewed and navigation paths
– Referrer URLs
– Feature usage patterns
– Dashboard interactions
**Error and Diagnostic Data:**
– Application errors and crash reports
– Performance metrics
– Server response times
– API request logs
### 3.5 AI Interaction Data (Not Stored Long-Term)
When you use **DairyCraft AI** (our AI-powered chatbot assistant):
**Data Transmitted to Anthropic (Third-Party AI Provider):**
– Your chat messages and questions
– Production data context (milk reception data, quality metrics, batch information) to provide context-aware responses
– Images you upload for analysis (encoded in base64 format)
**Important:**
– **Conversation history is NOT stored in the DairyCraftPro database**
– Chat history is temporarily maintained in your browser’s session storage only (24-hour expiration)
– Once session storage expires or you close your browser, conversations are permanently deleted
– We cannot retrieve or provide historical AI conversation data
See Section 5.3 for more information about Anthropic’s data handling.
### 3.6 Information We Do Not Collect
We **do not** collect:
– Credit card or payment details (handled by Lemon Squeezy)
– Social Security Numbers or government-issued ID numbers
– Health information unrelated to dairy production
– Biometric data
– Precise geolocation data (GPS coordinates)
– Data from children under 18 years of age
—
## 4. How We Use Your Information
### 4.1 To Provide and Maintain the Service
We use your information to:
– Create and manage your user account
– Authenticate your identity and manage login sessions
– Provide access to the App’s features based on your subscription level
– Store and manage your production data (milk reception, batches, HACCP records)
– Generate calculations and reports (yields, ingredients, compliance)
– Export data to Excel and PDF formats
– Manage team members and permissions (Corporate plans)
– Provide customer support and respond to your inquiries
– Ensure the App functions correctly and reliably
### 4.2 To Process Payments and Subscriptions
We use your subscription information to:
– Process your subscription plan selection through Lemon Squeezy
– Manage your subscription status (trial, active, cancelled, expired)
– Track subscription changes (upgrades, downgrades, cancellations)
– Generate invoices and transaction records
– Handle subscription renewals and expirations
– Process refunds when applicable
**Note:** Payment processing is handled by Lemon Squeezy (see Section 5.2).
### 4.3 To Provide AI-Powered Features
We use your data to:
– Provide AI chatbot assistance (DairyCraft AI) through Anthropic’s Claude API
– Generate context-aware responses based on your production data
– Analyze images you upload for dairy production insights
– Generate HACCP compliance reports using AI
**Note:** AI conversation data is not stored long-term (see Section 3.5).
### 4.4 To Communicate with You
We use your email address to send:
**Transactional Emails (via SendGrid):**
– Account verification emails (to verify your email address)
– Password reset emails
– Account closure confirmations
– Subscription change notifications (upgrades, downgrades, cancellations, renewals)
– Payment receipts and invoices (sent by Lemon Squeezy)
– Team activity notifications (Corporate plans)
– Security alerts and important account changes
**Operational Communications:**
– Service updates and announcements
– Changes to Terms and Conditions or Privacy Policy
– Scheduled maintenance notifications
– Data breach notifications (if applicable)
**Optional Marketing Communications (with your consent):**
– Product updates and new features
– Tips and best practices for dairy production
– Special offers and promotions
You can opt out of marketing communications by clicking “unsubscribe” in any marketing email or by adjusting your notification settings. You cannot opt out of transactional or operational emails as they are necessary for the service.
### 4.5 To Personalize Your Experience
We use your preferences to:
– Display the App in your preferred language (English/Spanish)
– Apply your timezone for accurate date/time displays
– Use your preferred unit system (Metric/Imperial)
– Customize dashboard widgets and layouts
– Remember your settings across sessions
### 4.6 To Improve and Optimize the App
We use aggregated and anonymized data to:
– Analyze usage patterns and feature adoption
– Identify bugs, errors, and performance issues
– Improve user interface and user experience
– Develop new features and tools
– Optimize calculation algorithms and HACCP compliance tools
– Conduct A/B testing for new features
**Anonymization:**
Aggregated analytics data is anonymized and cannot be used to identify individual users.
### 4.7 To Ensure Security and Prevent Fraud
We use your information to:
– Detect and prevent fraudulent activities and unauthorized access
– Monitor for security threats and vulnerabilities
– Enforce our Terms and Conditions
– Prevent abuse of the App (e.g., subscription fraud, account sharing)
– Investigate and respond to security incidents
– Comply with legal obligations and law enforcement requests
### 4.8 To Comply with Legal Obligations
We use and retain your information as necessary to:
– Comply with tax and accounting regulations (invoice retention)
– Respond to lawful requests from government authorities
– Comply with court orders, subpoenas, or legal processes
– Enforce our legal rights and defend against legal claims
– Comply with data protection laws (GDPR, CCPA, etc.)
—
## 5. Sharing Your Information with Third Parties
### 5.1 Overview
We **do not sell, rent, or lease** your personal information to third parties for their marketing purposes.
We share your information only with trusted third-party service providers who help us operate and improve the App, and only to the extent necessary to provide their services.
All third-party service providers are contractually required to:
– Use your data only for the specific services they provide to us
– Implement appropriate security measures to protect your data
– Comply with applicable data protection laws
– Not disclose your data to other third parties without authorization
### 5.2 Lemon Squeezy (Payment Processing and Subscription Management)
**Service Provider:** Lemon Squeezy, LLC
**Purpose:** Payment processing, subscription management, invoicing, tax collection
**Website:** https://www.lemonsqueezy.com
**Data Shared with Lemon Squeezy:**
– Your email address
– Your name (if provided)
– Your subscription plan selection
– Your DairyCraftPro user ID (for account linkage)
**Data Collected Directly by Lemon Squeezy (not by us):**
– Credit card and payment information
– Billing address
– Tax identification information (if applicable)
– IP address and device information
**Lemon Squeezy as Merchant of Record (MOR):**
– Lemon Squeezy acts as the **Merchant of Record** for all transactions
– Lemon Squeezy is the legal seller and is responsible for payment processing, PCI DSS compliance, fraud detection, tax calculation and collection, and invoicing
– Lemon Squeezy processes payments on our behalf and remits net revenue to us
**Data Processing:**
– When you subscribe to a paid plan, you are redirected to Lemon Squeezy’s secure checkout page
– Lemon Squeezy collects and processes your payment information in accordance with their privacy policy
– Lemon Squeezy sends us webhook notifications about subscription events (successful payments, failed payments, cancellations, refunds, etc.)
– We store only the Lemon Squeezy customer ID, subscription ID, and order ID to link your DairyCraftPro account to your Lemon Squeezy subscription
**Lemon Squeezy Privacy Policy:**
https://www.lemonsqueezy.com/privacy
**Security:**
– Lemon Squeezy is **PCI DSS Level 1 compliant** (the highest level of payment security certification)
– We never have access to your credit card details or full payment information
### 5.3 Anthropic (AI Services)
**Service Provider:** Anthropic PBC
**Purpose:** AI-powered chatbot assistant (DairyCraft AI)
**Website:** https://www.anthropic.com
**Data Shared with Anthropic:**
– Your chat messages and questions submitted to DairyCraft AI
– Production data context (milk reception data, quality metrics, batch information, HACCP data) to generate context-aware responses
– Images you upload for AI analysis (base64 encoded)
**How Data is Transmitted:**
– When you use DairyCraft AI, your messages are sent in real-time to Anthropic’s Claude API (Sonnet 4 model)
– Anthropic processes your data to generate AI responses
– Responses are returned to your browser and displayed in the chat interface
**Anthropic’s Data Usage Policy:**
– According to Anthropic’s data usage policy, data submitted via their API is **not used to train or improve their AI models**
– Anthropic retains API data for a limited time for trust and safety purposes only (typically 30 days)
– Anthropic’s data handling is governed by their privacy policy and terms of service
**Anthropic Privacy Policy:**
https://www.anthropic.com/privacy
**Data Not Stored by DairyCraftPro:**
– We do **not** store AI conversation history in our database
– Conversations are temporarily stored in your browser’s session storage (24-hour expiration)
– Once session storage expires, conversations are permanently deleted
**Your Control:**
– You can clear session storage at any time by closing your browser or clearing browser data
– You can choose not to use DairyCraft AI if you do not want your data shared with Anthropic
### 5.4 SendGrid (Email Delivery Services)
**Service Provider:** Twilio SendGrid, Inc. (a Twilio company)
**Purpose:** Transactional email delivery
**Website:** https://sendgrid.com
**Data Shared with SendGrid:**
– Email addresses of recipients
– Email content (account verification emails, password reset emails, subscription notifications, team activity alerts, etc.)
– User names (for email personalization)
**Email Types Sent via SendGrid:**
– Email verification emails
– Password reset emails
– Account closure confirmations
– Subscription change notifications
– Team activity logs and alerts
– Administrative notifications
**SendGrid Privacy Policy:**
https://www.twilio.com/legal/privacy
**Data Retention by SendGrid:**
– SendGrid retains email logs and delivery data in accordance with their privacy policy
– We use SendGrid’s SMTP relay service (port 465 with SSL/TLS encryption)
### 5.5 Google (OAuth Authentication)
**Service Provider:** Google LLC
**Purpose:** Social login (Sign in with Google)
**Website:** https://www.google.com
**Data Shared from Google to DairyCraftPro (when you sign in with Google):**
– Email address
– Full name
– Profile picture URL
– Google user ID
**OAuth Scopes:**
– `email` (access to your email address)
– `profile` (access to your basic profile information)
**How Google OAuth Works:**
1. You click “Sign in with Google”
2. You are redirected to Google’s login page
3. You authorize DairyCraftPro to access your email and profile information
4. Google shares the authorized information with us
5. We create or link your DairyCraftPro account using your Google email
**Google’s Data Handling:**
– Your use of Google OAuth is governed by Google’s privacy policy and terms of service
– Google may collect data about your use of OAuth (e.g., which apps you’ve authorized)
– We do not have access to your Google password or other Google account data beyond the authorized scopes
**Google Privacy Policy:**
https://policies.google.com/privacy
**Revoking Access:**
– You can revoke DairyCraftPro’s access to your Google account at any time through your Google Account settings: https://myaccount.google.com/permissions
### 5.6 Railway (Cloud Hosting and Infrastructure)
**Service Provider:** Railway Corp
**Purpose:** Backend API hosting, database hosting, application infrastructure
**Website:** https://railway.app
**Data Stored on Railway Servers:**
– **All user data** described in Section 3 (personal information, production data, subscription data, team data, etc.)
– MySQL database containing all application data
– Backend API server files and application code
**Data Location:**
– Railway servers are located in the **United States**
– Your data is processed and stored in the United States
**Railway’s Role:**
– Railway provides cloud infrastructure and does not access or use your data for any purpose other than hosting our application
– Railway implements industry-standard security measures to protect hosted data
– Railway’s data handling is governed by their privacy policy
**Railway Privacy Policy:**
https://railway.app/legal/privacy
### 5.7 Legal Disclosures and Government Requests
We may disclose your information to government authorities, law enforcement, regulatory agencies, or third parties if required by law or if we believe in good faith that such disclosure is necessary to:
**Legal Obligations:**
– Comply with a valid court order, subpoena, warrant, or other legal process
– Respond to lawful requests from government authorities (e.g., law enforcement, tax authorities, regulatory agencies)
– Comply with applicable laws and regulations
**Protection of Rights:**
– Protect our legal rights, property, or safety, or the rights, property, or safety of our users or the public
– Detect, prevent, or investigate fraud, security threats, or illegal activities
– Enforce our Terms and Conditions or other agreements
**Verification of Legal Requests:**
– We will only disclose information in response to valid legal requests issued by a judge or authorized legal authority
– We will verify the legitimacy of legal requests before disclosing any data
– We will notify you of legal requests unless prohibited by law or court order
### 5.8 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction involving DairyCraftPro:
– Your information may be transferred to a successor entity or acquiring company
– You will be notified of any such transfer via email and/or a prominent notice on the App
– The successor entity will be bound by this Privacy Policy unless you consent to a new privacy policy
### 5.9 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified data with third parties for:
– Industry research and analytics
– Business intelligence and market analysis
– Product development and improvement
– Academic research
**Important:** Aggregated and anonymized data cannot be used to identify you individually and is not considered personal information under data protection laws.
—
## 6. International Data Transfers
### 6.1 Cross-Border Data Transfers
DairyCraftPro and our third-party service providers (Lemon Squeezy, Anthropic, SendGrid, Google, Railway) are based in or process data in the **United States**.
**If you are located outside the United States** (including in the European Economic Area, United Kingdom, Switzerland, or other jurisdictions with data protection laws), your personal information will be transferred to, processed, and stored in the United States.
**By using the App, you acknowledge and consent to:**
– The transfer of your personal information to the United States
– The processing and storage of your data in the United States
– The application of U.S. data protection laws (which may differ from the laws in your jurisdiction)
### 6.2 Data Protection Mechanisms for EU/EEA Users
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement the following safeguards for international data transfers:
**Standard Contractual Clauses (SCCs):**
– Where required, we use **EU-approved Standard Contractual Clauses** (also known as Model Clauses) to ensure adequate protection for data transfers to the United States
– SCCs are contractual commitments between data exporters (in the EU) and data importers (in the U.S.) to protect personal data
**Adequacy Decisions:**
– We monitor developments in international data transfer mechanisms, including adequacy decisions by the European Commission
– If the U.S. receives an adequacy decision, we will rely on that mechanism
**Supplementary Measures:**
– We implement supplementary technical and organizational measures to protect your data, including encryption, access controls, and security audits
### 6.3 Your Rights Regarding International Transfers
If you are located in the EEA, UK, or Switzerland, you have the right to:
– Request information about the safeguards in place for international data transfers
– Object to international data transfers in certain circumstances
To exercise these rights, contact us at info@dairycraftpro.com.
—
## 7. Data Security Measures
We take the security of your personal information seriously and implement a variety of technical, organizational, and administrative safeguards to protect your data.
### 7.1 Technical Security Measures
**Data Encryption:**
– **In Transit:** All data transmitted between your browser and our servers is encrypted using **HTTPS/SSL/TLS** protocols (industry-standard encryption)
– **Email Communications:** SendGrid uses **TLS encryption** (port 465) for email transmission
– **API Communications:** All API requests to third-party services (Lemon Squeezy, Anthropic, Google) are encrypted using HTTPS
**Password Security:**
– Passwords are hashed using **bcrypt** (a strong one-way hashing algorithm with salt)
– We never store passwords in plain text and cannot retrieve your actual password
– Password complexity requirements enforced (minimum 8 characters, uppercase, lowercase, digit, special character)
**Authentication Security:**
– OAuth2 authentication with JWT tokens (RS256 algorithm)
– Token expiration (access tokens: 15 days, refresh tokens: 30 days)
– Token revocation on logout
– Secure token storage in database
**Database Security:**
– MySQL database hosted on secure Railway infrastructure
– Database access restricted to authorized application servers only
– Connection security via encrypted connections
**File Upload Security:**
– File type validation (only image formats allowed: JPEG, PNG, GIF, WebP)
– File size limits (maximum 5MB)
– Files stored in server directory with restricted access
### 7.2 Organizational Security Measures
**Access Controls:**
– Access to personal data is restricted to authorized personnel only
– Role-based access controls (admin, user, teamuser roles)
– Granular permissions for team members (Corporate plans)
– Multi-level authentication for administrative access
**Security Audits and Monitoring:**
– Regular security assessments to identify and address vulnerabilities
– Monitoring of application logs for suspicious activity
– Incident response procedures in place
– Regular software updates and security patches
**Employee Training:**
– Employees with access to personal data receive privacy and security training
– Confidentiality agreements with employees and contractors
– Principle of least privilege (employees have access only to data necessary for their role)
**Third-Party Security:**
– All third-party service providers are required to implement appropriate security measures
– Security provisions included in contracts with third-party processors
– Regular review of third-party security practices
### 7.3 Data Backup and Redundancy
– Regular automated backups of database and application data
– Backup data stored securely with encryption
– Disaster recovery procedures to restore data in case of system failure
### 7.4 Security Limitations
**Important Disclaimer:**
– While we implement industry-standard security measures, **no method of transmission over the internet or electronic storage is 100% secure**
– We cannot guarantee absolute security of your data
– You acknowledge and accept the inherent risks of transmitting data over the internet
**Your Responsibility:**
– Protect your account credentials (email and password)
– Use a strong, unique password
– Do not share your password with others
– Log out of your account when using shared or public computers
– Enable two-factor authentication if available (future feature)
– Notify us immediately if you suspect unauthorized access to your account
### 7.5 Reporting Security Vulnerabilities
If you discover a security vulnerability in the App, please report it to us immediately at info@dairycraftpro.com. We appreciate responsible disclosure and will work with you to address the issue promptly.
—
## 8. Data Retention
### 8.1 How Long We Retain Your Data
**Active Accounts:**
– We retain your personal information and production data **indefinitely** while your account remains active
– You have full access to all your data while your account is active
– Data includes: account information, production records, invoices, team data (if applicable), and all other user-generated content
**After Account Closure:**
– When you close your account (or we close your account), your data enters a **soft delete** state
– During soft delete, your data is retained for **180 days (approximately 6 months)**
– Soft-deleted data is not publicly accessible but remains in our systems for recovery purposes (in case of accidental deletion or account reactivation)
**Paid Subscription Accounts:**
– For accounts with active paid subscriptions at the time of closure:
– Deletion is **scheduled for the end of the current subscription period**
– You retain access to your account and data until your subscription expires
– After the subscription ends, the 180-day soft delete retention period begins
**Permanent Deletion:**
– After the 180-day retention period, your data is **permanently and irrevocably deleted** from our systems
– Permanent deletion includes:
– Account information (name, email, profile, settings)
– Production data (milk reception, batches, calculations, HACCP records)
– Supplier information
– Team member data (if applicable)
– Uploaded files (profile pictures)
– Activity logs
**Note:** Data cannot be recovered after permanent deletion.
### 8.2 Data Retained Beyond Deletion
Certain data may be retained beyond the 180-day period for the following reasons:
**Legal and Regulatory Requirements:**
– **Invoices and transaction records:** Retained for **7 years** (or as required by tax and accounting regulations in applicable jurisdictions)
– **Payment records:** Retained as required by financial record-keeping laws
– **Data required for legal compliance, dispute resolution, or enforcement of Terms**
**Security and Fraud Prevention:**
– Data related to fraud investigations, security incidents, or Terms violations may be retained longer as necessary
**Anonymized and Aggregated Data:**
– **Anonymized, aggregated, or de-identified data** that cannot identify you may be retained indefinitely for analytics, research, and service improvement
### 8.3 Criteria for Determining Retention Periods
We determine data retention periods based on:
– **Legal obligations:** Laws requiring retention of certain records (e.g., tax laws, financial regulations)
– **Contractual obligations:** Agreements with users or third parties
– **Business needs:** Operational, analytical, or security purposes
– **User requests:** Data deletion requests under data protection laws
### 8.4 Your Right to Request Deletion
You have the right to request deletion of your personal data at any time (subject to legal retention requirements). See Section 10.3 for details on exercising this right.
—
## 9. Cookies and Tracking Technologies
### 9.1 What Are Cookies?
Cookies are small text files placed on your device (computer, smartphone, tablet) by websites you visit. Cookies allow websites to recognize your device, store preferences, and enhance your browsing experience.
### 9.2 Types of Cookies We Use
**Essential Cookies (Strictly Necessary):**
– **Purpose:** Required for the App to function properly; cannot be disabled
– **Examples:**
– **Authentication cookie (“token”):** Stores your JWT token for session management and authentication (15-day expiration)
– Cookies necessary for security and fraud prevention
**Functional Cookies (Optional):**
– **Purpose:** Remember your preferences and settings to enhance your experience
– **Examples:**
– Language preference (English/Spanish)
– Timezone preference
– Unit system preference (Metric/Imperial)
**Analytics Cookies (Not Currently Used):**
– We do **not** currently use third-party analytics cookies (e.g., Google Analytics)
– If we implement analytics cookies in the future, we will update this policy and obtain your consent
**Advertising Cookies (Not Used):**
– We do **not** use advertising or tracking cookies for marketing purposes
### 9.3 Browser Storage Technologies
In addition to cookies, we use the following browser storage technologies:
**LocalStorage:**
– **Cookie consent status:** Stores whether you have accepted cookies (“cookiesAccepted” key)
– **Purpose:** Prevents the cookie consent popup from appearing repeatedly
**SessionStorage:**
– **AI chat history:** Temporarily stores DairyCraft AI conversation history (24-hour expiration)
– **Purpose:** Maintains conversation context within a single session
– **Note:** Session storage is cleared when you close your browser or after 24 hours
### 9.4 How We Use Cookies
We use cookies and browser storage to:
– **Authenticate your identity** and maintain your login session
– **Remember your preferences** (language, timezone, units)
– **Track cookie consent** to avoid showing the consent popup repeatedly
– **Improve user experience** by personalizing the App based on your settings
– **Enhance security** by detecting unauthorized access attempts
### 9.5 Managing and Disabling Cookies
**Cookie Consent Popup:**
– When you first visit the App, you will see a cookie consent popup
– By clicking “Accept,” you consent to the use of cookies as described in this policy
**Browser Settings:**
– You can manage or disable cookies through your browser settings
– Most browsers allow you to:
– View and delete cookies
– Block all cookies
– Block third-party cookies only
– Clear cookies when you close the browser
**Effect of Disabling Cookies:**
– If you disable essential cookies (e.g., authentication cookie), **you will not be able to log in or use the App**
– Disabling functional cookies may degrade your user experience (e.g., language preference not saved)
**How to Manage Cookies in Your Browser:**
– **Google Chrome:** Settings > Privacy and security > Cookies and other site data
– **Mozilla Firefox:** Settings > Privacy & Security > Cookies and Site Data
– **Safari:** Preferences > Privacy > Cookies and website data
– **Microsoft Edge:** Settings > Cookies and site permissions > Manage and delete cookies
### 9.6 Cookie Consent Compliance (GDPR)
**Current Implementation:**
– Our cookie consent mechanism displays a popup on first visit
– Users can accept cookies by clicking “Accept”
– Currently, there is no “Reject” or “Manage Preferences” option
**Recommended Improvement (for GDPR Compliance):**
– To fully comply with GDPR requirements, we recommend implementing:
– Granular cookie consent options (Essential, Functional, Analytics)
– “Accept All,” “Reject Non-Essential,” and “Manage Preferences” buttons
– Cookie preference management in user settings
**Note to DairyCraftPro:** Consider updating the cookie consent popup to meet GDPR standards. Consult with a legal advisor to ensure compliance.
### 9.7 Third-Party Cookies
We do **not** currently use third-party cookies for advertising or tracking purposes.
**Third-Party Services:**
– Some third-party services (Lemon Squeezy, Google OAuth) may set their own cookies when you interact with their services
– These third-party cookies are governed by the respective third party’s privacy policy
– We do not control third-party cookies
—
## 10. Your Privacy Rights
Depending on your location, you have certain rights regarding your personal information under data protection laws, including the **EU General Data Protection Regulation (GDPR)**, **UK Data Protection Act**, **California Consumer Privacy Act (CCPA)**, and other applicable laws.
### 10.1 Right to Access (GDPR Article 15, CCPA)
**What it means:**
– You have the right to request a copy of the personal data we hold about you
– You can request details about how we collect, use, and share your data
**How to exercise:**
– Email us at info@dairycraftpro.com with the subject line: “Data Access Request”
– We will provide a copy of your personal data in a commonly used electronic format within **30 days** (or as required by applicable law)
**What we will provide:**
– Copy of your account information
– Production data you have entered (milk reception, batches, HACCP records)
– Subscription and billing history
– Information about data processing activities
**Limitations:**
– We may request verification of your identity before providing data
– We may charge a reasonable fee for excessive or repetitive requests
– We cannot provide data about other users (e.g., team members’ personal data)
### 10.2 Right to Rectification (GDPR Article 16, CCPA)
**What it means:**
– You have the right to request correction of inaccurate or incomplete personal data
**How to exercise:**
– **Self-Service:** Update most information yourself through your Profile settings in the App
– **Contact Us:** For data you cannot update yourself, email info@dairycraftpro.com
**What you can correct:**
– Account information (name, email, phone, company, profile picture)
– Production data (milk reception, batches, suppliers, HACCP records)
– Preferences and settings
**Response Time:**
– We will correct inaccurate data within **30 days** of your request
### 10.3 Right to Erasure / Right to Be Forgotten (GDPR Article 17, CCPA)
**What it means:**
– You have the right to request deletion of your personal data under certain conditions
**How to exercise:**
– **Account Closure:** Close your account through the Profile settings by typing the confirmation phrase: “i want to close account”
– **Email Request:** Email info@dairycraftpro.com with the subject line: “Data Deletion Request”
**What will be deleted:**
– After the 180-day soft delete retention period:
– All account information
– All production data
– Uploaded files (profile pictures)
– Team member data (if applicable)
– Activity logs
**Data Not Deleted:**
– Invoices and transaction records (retained for 7 years for legal compliance)
– Data required for legal obligations or dispute resolution
– Anonymized, aggregated data that does not identify you
**Timeline:**
– **Soft delete:** Your data is retained for 180 days (recoverable)
– **Permanent deletion:** After 180 days, data is permanently deleted
– **Paid subscriptions:** Deletion is scheduled for the end of your subscription period
**Important:**
– Data deletion is irreversible after the 180-day retention period
– We recommend exporting your data (Excel/PDF) before closing your account
### 10.4 Right to Restrict Processing (GDPR Article 18)
**What it means:**
– You have the right to request limitation of our processing of your data in certain circumstances (e.g., while we verify the accuracy of your data or assess whether we have legitimate grounds for processing)
**How to exercise:**
– Email info@dairycraftpro.com with the subject line: “Restrict Processing Request”
**Effect:**
– We will only store your data and will not use it for other purposes until the restriction is lifted
– We will notify you before lifting the restriction
**Limitations:**
– We may not be able to provide full service functionality while processing is restricted
– We may continue processing with your consent or for legal claims
### 10.5 Right to Data Portability (GDPR Article 20, CCPA)
**What it means:**
– You have the right to receive your personal data in a structured, commonly used, and machine-readable format
– You have the right to transmit your data to another service provider
**How to exercise:**
– **Self-Service Export:**
– Export production data to **Excel (.xlsx)** format (available in the App)
– Export HACCP reports and production results to **PDF** format
– Exports available in English and Spanish
– **Full Data Export:** Email info@dairycraftpro.com to request a complete data export
**What we will provide:**
– Account information (JSON or CSV format)
– Production data (Excel, CSV, or JSON format)
– Subscription history (CSV or PDF format)
**Current Limitations:**
– The App does **not** currently provide a comprehensive “Download All My Data” feature for complete account data in a single file
– We are working to improve data portability features
**Timeline:**
– We will provide your data within **30 days** of your request
### 10.6 Right to Object (GDPR Article 21)
**What it means:**
– You have the right to object to processing of your data for certain purposes, particularly:
– Processing based on legitimate interests
– Direct marketing
**How to exercise:**
– **Marketing Communications:** Click “Unsubscribe” in any marketing email or adjust your notification settings
– **Other Objections:** Email info@dairycraftpro.com with the subject line: “Object to Processing”
**Effect:**
– We will stop processing your data for the specified purpose unless we can demonstrate compelling legitimate grounds that override your rights
**Limitations:**
– You cannot object to processing that is necessary to provide the Service (e.g., account management, subscription processing)
### 10.7 Right to Withdraw Consent (GDPR Article 7(3))
**What it means:**
– Where processing is based on your consent, you have the right to withdraw consent at any time
**How to exercise:**
– **Cookie Consent:** Clear your browser cookies and localStorage
– **Marketing Consent:** Click “Unsubscribe” in marketing emails
– **General Consent:** Email info@dairycraftpro.com
**Effect:**
– Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal
– If you withdraw consent for essential processing, we may not be able to provide the Service, and you may need to close your account
### 10.8 Right Not to Be Subject to Automated Decision-Making (GDPR Article 22)
**What it means:**
– You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significant effects
**Our Use of Automated Decision-Making:**
– We do **not** use automated decision-making or profiling that produces legal or similarly significant effects
– AI-generated responses (DairyCraft AI) are for informational purposes only and do not constitute automated decisions affecting your rights
### 10.9 Right to Lodge a Complaint with a Supervisory Authority (GDPR Article 77)
**What it means:**
– If you believe we have violated your privacy rights or data protection laws, you have the right to lodge a complaint with your local data protection authority (supervisory authority)
**EU/EEA Users:**
– You can contact your country’s data protection authority
– List of EU data protection authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
**UK Users:**
– **Information Commissioner’s Office (ICO):** https://ico.org.uk/make-a-complaint/
**Other Jurisdictions:**
– Contact your local privacy regulator or data protection authority
**We Encourage You to Contact Us First:**
– Before lodging a complaint, please contact us at info@dairycraftpro.com so we can attempt to resolve your concerns directly
### 10.10 California Residents (CCPA Rights)
If you are a California resident, you have additional rights under the **California Consumer Privacy Act (CCPA):**
**Right to Know:**
– Right to know what personal information we collect, use, disclose, and sell (see Section 3)
**Right to Delete:**
– Right to request deletion of your personal information (see Section 10.3)
**Right to Opt-Out of Sale:**
– We do **not sell** your personal information
– You do not need to opt out of sale
**Right to Non-Discrimination:**
– We will not discriminate against you for exercising your CCPA rights
**Authorized Agent:**
– You may designate an authorized agent to make requests on your behalf
– We may require verification of the agent’s authority
### 10.11 How to Exercise Your Rights
**Contact Information:**
– **Email:** info@dairycraftpro.com
– **Subject Line:** Specify the right you wish to exercise (e.g., “Data Access Request,” “Data Deletion Request”)
**Information Required:**
– Your full name
– Email address associated with your account
– Description of your request
– Verification of identity (we may request additional information to confirm your identity)
**Response Time:**
– We will respond to your request within **30 days** (or as required by applicable law)
– If we need more time, we will notify you and explain the reason for the delay
**No Fee (Generally):**
– We do not charge a fee for processing requests unless they are excessive, repetitive, or manifestly unfounded
– If a fee applies, we will notify you in advance
—
## 11. Data Breach Notification
### 11.1 Our Commitment
We are committed to protecting your personal information and have implemented security measures to prevent data breaches (see Section 7). However, no system is completely secure, and breaches can occur despite our best efforts.
### 11.2 Breach Assessment and Response
In the event of a data breach involving your personal information:
**Immediate Assessment:**
1. We will promptly investigate the breach to determine:
– The nature and scope of the breach
– The type of data affected (e.g., names, emails, production data, payment information)
– The number of affected users
– The risk level to affected individuals (low, medium, high)
**Containment and Remediation:**
2. We will take immediate steps to:
– Contain the breach and prevent further unauthorized access
– Secure affected systems and data
– Identify and fix vulnerabilities that led to the breach
– Work with third-party security experts if necessary
### 11.3 User Notification
**When We Will Notify You:**
– If the breach is likely to result in a **high risk** to your rights and freedoms (e.g., risk of identity theft, fraud, financial loss, or reputational damage)
**Timeline:**
– We will notify affected users **within 72 hours** of becoming aware of the breach (or as soon as reasonably possible)
**Notification Method:**
– Email to the email address associated with your account
– Prominent notice within the App
**What the Notification Will Include:**
– Description of the breach (what happened)
– Type of data affected
– Likely consequences of the breach
– Measures we have taken to address the breach
– Recommendations for protecting yourself (e.g., changing passwords, monitoring accounts)
– Contact information for questions
### 11.4 Supervisory Authority Notification
**Regulatory Reporting:**
– We will report the breach to the relevant data protection authority (e.g., EU supervisory authority, state attorney general) **within 72 hours** of becoming aware of the breach, as required by GDPR and other applicable laws
**Documentation:**
– We will document all data breaches, including facts, effects, and remedial actions taken
### 11.5 Mitigation Measures
To help you protect yourself after a breach, we may recommend:
– Changing your password immediately
– Monitoring your accounts for suspicious activity
– Enabling two-factor authentication (if available)
– Reviewing your credit reports (if financial data was affected)
– Being cautious of phishing emails
### 11.6 Ongoing Security Improvements
After a breach, we will:
– Conduct a thorough post-incident review to identify root causes
– Implement additional security measures to prevent similar breaches
– Update our security policies and procedures
– Provide additional training to employees
—
## 12. Children’s Privacy Compliance
### 12.1 Age Restrictions
DairyCraftPro is **not intended for use by individuals under 18 years of age**.
**Minimum Age Requirement:**
– You must be **at least 18 years old** to create an account and use the App
– By registering, you represent and warrant that you are at least 18 years of age
### 12.2 No Knowing Collection from Minors
**COPPA Compliance (Children’s Online Privacy Protection Act):**
– We do **not knowingly collect, use, or disclose** personal information from children under **13 years of age** (or under 16 in certain jurisdictions like the EU)
– We do not target our services to children
**If We Discover Data from Minors:**
– If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will:
– **Immediately delete** the account and all associated data
– Not use the information for any purpose
– Not disclose the information to third parties
### 12.3 Parental Controls and Consent
**No Parental Consent Accepted:**
– We do not permit individuals under 18 to use the App, even with parental or guardian consent
– If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@dairycraftpro.com
### 12.4 Reporting Underage Accounts
If you believe a user is under 18 years of age, please report it to us at info@dairycraftpro.com. We will investigate and take appropriate action, including account termination and data deletion.
—
## 13. Do Not Track (DNT) Signals
### 13.1 What is Do Not Track?
“Do Not Track” (DNT) is a privacy preference that users can set in their web browsers to signal that they do not want to be tracked by websites.
### 13.2 Our Response to DNT Signals
**We do not currently respond to Do Not Track (DNT) signals.**
**Reason:**
– There is **no consistent industry standard** for how websites should interpret and respond to DNT signals
– Different browsers implement DNT differently, and there is no universal agreement on what actions websites should take
### 13.3 Managing Your Privacy Preferences
**Alternative Privacy Controls:**
– You can manage your privacy preferences through:
– **Browser settings:** Block or manage cookies
– **Account settings:** Adjust notification preferences
– **Opt-out links:** Unsubscribe from marketing emails
**Future DNT Support:**
– If a universal DNT standard is adopted, we will update this policy and implement appropriate responses to DNT signals
—
## 14. User Responsibility for Account Security
### 14.1 Protecting Your Account Credentials
**Your Responsibilities:**
– **Strong Password:** Use a strong, unique password that meets our complexity requirements (minimum 8 characters, uppercase, lowercase, digit, special character)
– **Confidentiality:** Keep your password confidential and do not share it with anyone
– **No Reuse:** Do not use the same password for DairyCraftPro that you use for other services
– **Secure Storage:** Store your password securely (e.g., using a password manager)
### 14.2 Keeping Information Up-to-Date
**Accuracy:**
– You are responsible for ensuring that your personal information is accurate, complete, and up-to-date
– Incorrect information (e.g., outdated email address) may prevent you from receiving important notifications
**How to Update:**
– Update your information through your Profile settings in the App
– Contact us at info@dairycraftpro.com if you need assistance
### 14.3 Account Security Best Practices
**Recommendations:**
– **Log Out:** Log out of your account when using shared or public computers
– **Secure Devices:** Use antivirus software and keep your devices updated
– **Phishing Awareness:** Be cautious of phishing emails asking for your password or personal information (we will never ask for your password via email)
– **Two-Factor Authentication (2FA):** Enable 2FA when available (future feature)
### 14.4 Unauthorized Access
**If You Suspect Unauthorized Access:**
– Immediately change your password
– Log out of all sessions
– Contact us at info@dairycraftpro.com to report the incident
– Review your account activity for suspicious actions
**Our Response:**
– We will investigate the incident
– We may temporarily suspend your account to prevent further unauthorized access
– We will assist you in securing your account
### 14.5 Account Sharing (Corporate Plans)
**Team Member Accounts:**
– Corporate plan account owners can create team member accounts with specific permissions
– Team members should have their **own individual login credentials** and should not share passwords
– Account owners are responsible for managing team member access and revoking access when necessary (e.g., when an employee leaves)
**Prohibited Sharing:**
– Do not share your account credentials with unauthorized individuals
– Do not allow multiple people to use the same account login
—
## 15. Third-Party Links and Services
### 15.1 Links to External Websites
The App may contain links to third-party websites, services, or resources that are not owned or controlled by DairyCraftPro (e.g., links to Lemon Squeezy checkout, Google OAuth login, external documentation, industry resources).
**No Control or Responsibility:**
– We have **no control** over the content, privacy policies, or practices of third-party websites
– We do **not endorse** or assume responsibility for third-party websites or their content
– Visiting third-party websites is at your own risk
### 15.2 Third-Party Privacy Policies
**Separate Privacy Policies:**
– Each third-party service has its own privacy policy and terms of service
– We are not responsible for the privacy practices of third parties
**Review Third-Party Policies:**
– Before providing personal information to third-party websites or services, we encourage you to review their privacy policies
– Third-party privacy policies may differ significantly from ours
**Key Third-Party Policies:**
– **Lemon Squeezy:** https://www.lemonsqueezy.com/privacy
– **Anthropic:** https://www.anthropic.com/privacy
– **SendGrid (Twilio):** https://www.twilio.com/legal/privacy
– **Google:** https://policies.google.com/privacy
– **Railway:** https://railway.app/legal/privacy
### 15.3 Disclaimer of Liability
DairyCraftPro shall **not be responsible or liable** for any:
– Damage, loss, or harm caused by or in connection with your use of third-party websites or services
– Privacy violations by third parties
– Inaccurate, misleading, or harmful content on third-party websites
**User Acknowledgment:**
You acknowledge and agree that your interactions with third-party services are solely between you and the third party.
—
## 16. Data Anonymization and Aggregation
### 16.1 Use of Anonymized Data
We may use **anonymized and aggregated data** derived from user activity for the following purposes:
**Analytics and Research:**
– Understanding usage patterns and trends
– Identifying popular features and areas for improvement
– Conducting industry research and benchmarking
**Product Development:**
– Developing new features and tools
– Improving existing functionality
– Optimizing user experience
**Business Intelligence:**
– Marketing and promotional materials (e.g., “85% of users report improved efficiency”)
– Investor and stakeholder reporting
### 16.2 What is Anonymized Data?
**Definition:**
– **Anonymized data** is data that has been processed to remove all personally identifiable information (PII)
– Anonymized data cannot be used to identify you individually, even when combined with other data
**Examples of Anonymized Data:**
– “50% of users use the HACCP compliance feature”
– “Average production batch size: 500 liters”
– “Most popular feature: Milk Reception Management”
### 16.3 No Re-Identification
**Commitment:**
– We do **not** attempt to re-identify anonymized data
– Anonymized data is treated as non-personal data under data protection laws (GDPR, CCPA)
### 16.4 Sharing Anonymized Data
We may share anonymized and aggregated data with:
– Business partners and industry organizations
– Researchers and academic institutions
– Marketing and analytics firms
– The public (e.g., in blog posts, whitepapers, case studies)
**No Privacy Risk:**
Since anonymized data does not identify you, sharing it does not pose a privacy risk and is not subject to the restrictions on sharing personal data.
—
## 17. Your Consent and How to Withdraw It
### 17.1 How You Provide Consent
By using DairyCraftPro, you provide consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
**Explicit Consent:**
– Creating an account and accepting this Privacy Policy
– Clicking “Accept” on the cookie consent popup
– Opting in to marketing communications
– Authorizing Google OAuth access
### 17.2 Scope of Consent
Your consent covers:
– Collection of personal and production data as described in Section 3
– Use of your data for the purposes described in Section 4
– Sharing your data with third-party service providers as described in Section 5
– Use of cookies and tracking technologies as described in Section 9
– International data transfers as described in Section 6
### 17.3 How to Withdraw Consent
You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
**Cookie Consent:**
– Clear your browser cookies and localStorage
– Adjust your browser settings to block cookies
**Marketing Communications:**
– Click “Unsubscribe” in any marketing email
– Adjust your notification settings in your account
**Google OAuth:**
– Revoke DairyCraftPro’s access through your Google Account settings: https://myaccount.google.com/permissions
**General Consent (Account Closure):**
– Close your account (see Section 10.3)
– Email info@dairycraftpro.com to request account closure
**Effect of Withdrawal:**
– If you withdraw consent for essential processing (e.g., account management), we may not be able to provide the Service
– You may need to close your account if you withdraw consent for core functionalities
### 17.4 Continued Use After Withdrawal
If you withdraw consent but continue to use the App:
– Processing may continue based on other legal grounds (e.g., performance of contract, legitimate interests, legal obligations)
– Some features may become unavailable if consent is required for those features
—
## 18. Commitment to Compliance
### 18.1 Data Protection Laws We Comply With
DairyCraftPro is committed to complying with applicable data protection and privacy laws, including:
**European Union:**
– **General Data Protection Regulation (GDPR)** (EU Regulation 2016/679)
– **ePrivacy Directive** (Directive 2002/58/EC)
**United Kingdom:**
– **UK Data Protection Act 2018**
– **UK GDPR** (post-Brexit)
**United States:**
– **California Consumer Privacy Act (CCPA)** (California Civil Code §1798.100 et seq.)
– **California Privacy Rights Act (CPRA)** (effective 2023)
– **Virginia Consumer Data Protection Act (VCDPA)**
– **Colorado Privacy Act (CPA)**
– **Other state-level privacy laws** (as applicable)
– **Children’s Online Privacy Protection Act (COPPA)**
– **Health Insurance Portability and Accountability Act (HIPAA)** (not applicable – we do not collect protected health information)
**Other Jurisdictions:**
– Privacy laws in other jurisdictions where our users are located
### 18.2 Ongoing Compliance Efforts
**Policy Updates:**
– We regularly review and update this Privacy Policy to reflect changes in:
– Applicable laws and regulations
– Our data processing activities
– Industry best practices
**Legal Consultation:**
– We consult with legal advisors to ensure compliance with evolving privacy laws
**User Rights:**
– We provide mechanisms for users to exercise their privacy rights (see Section 10)
**Transparency:**
– We are committed to transparency about our data practices and provide clear information about data collection and use
### 18.3 Areas of Ongoing Improvement
**Cookie Consent (GDPR Compliance):**
– We are working to improve our cookie consent mechanism to provide granular choices and “Reject” options in compliance with GDPR requirements
**Data Portability:**
– We are developing a comprehensive “Download All My Data” feature to improve data portability for users exercising their GDPR/CCPA rights
**Privacy by Design:**
– We incorporate privacy considerations into the design and development of new features
### 18.4 Limitations and Disclaimers
**Not Legal Advice:**
– This Privacy Policy is provided for informational purposes and does not constitute legal advice
– For specific legal questions about your privacy rights, consult a qualified attorney
**Best Efforts:**
– While we strive for full compliance with all applicable laws, we acknowledge that privacy regulations are complex and evolving
– We welcome feedback from users and regulators to improve our practices
—
## 19. Contact Information and Data Protection Officer
### 19.1 How to Contact Us
If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:
**Email:** info@dairycraftpro.com
**Mailing Address:**
DairyCraftPro
Calle H #3, Cerros de Gurabo
Santiago, Dominican Republic 51000
**Response Time:**
– We will make reasonable efforts to respond to all inquiries within **3-5 business days**
– For data subject rights requests (access, deletion, etc.), we will respond within **30 days** as required by law
### 19.2 Data Protection Officer (DPO)
**GDPR Requirement:**
– Under GDPR, certain organizations are required to appoint a Data Protection Officer (DPO)
**DPO Status:**
– DairyCraftPro is currently evaluating whether a DPO is required based on the scale and nature of our data processing activities
**DPO Contact (if appointed):**
– If we appoint a DPO, their contact information will be provided here
– DPO Email: [To be added if DPO is appointed]
**Note to DairyCraftPro:** Consult with a legal advisor to determine if you are required to appoint a DPO under GDPR Article 37. If required, designate a DPO and provide their contact information.
### 19.3 EU Representative (if applicable)
**GDPR Requirement:**
– Non-EU organizations offering goods or services to EU residents or monitoring their behavior may be required to appoint an EU representative (GDPR Article 27)
**EU Representative Status:**
– DairyCraftPro is currently evaluating whether an EU representative is required
**EU Representative Contact (if appointed):**
– If we appoint an EU representative, their contact information will be provided here
**Note to DairyCraftPro:** If you have a significant number of EU users, consult with a legal advisor to determine if you need to appoint an EU representative.
—
## 20. Dispute Resolution and Complaints
### 20.1 Internal Complaint Process
**Contact Us First:**
If you have a complaint, concern, or dispute regarding your privacy or our compliance with this Privacy Policy:
1. **Email us:** info@dairycraftpro.com with the subject line “Privacy Complaint”
2. **Provide details:** Describe the nature of your complaint and your desired resolution
3. **We will investigate:** We will promptly investigate your complaint and attempt to resolve it
**Resolution Timeline:**
– We will acknowledge your complaint within **3-5 business days**
– We will provide a substantive response within **30 days**
**Good Faith Efforts:**
– We are committed to resolving complaints in good faith through amicable discussions
### 20.2 Supervisory Authority (EU/EEA/UK Users)
**Right to Lodge a Complaint:**
If you are not satisfied with our response or believe we have violated your privacy rights, you have the right to lodge a complaint with your local **data protection supervisory authority**.
**EU/EEA Data Protection Authorities:**
– Contact your country’s data protection authority
– List of EU supervisory authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
**UK Information Commissioner’s Office (ICO):**
– Website: https://ico.org.uk/make-a-complaint/
– Phone: 0303 123 1113
**Your Rights:**
– You have the right to lodge a complaint at any time
– We encourage you to contact us first, but you are not required to do so before contacting a supervisory authority
### 20.3 U.S. State Privacy Regulators
**California Residents:**
– **California Attorney General’s Office**
– Website: https://oag.ca.gov/privacy
– Privacy complaint form: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
**Other U.S. States:**
– Contact your state attorney general’s office or consumer protection agency
### 20.4 Alternative Dispute Resolution
We are open to alternative dispute resolution mechanisms, such as mediation or arbitration, to resolve privacy disputes in a timely and cost-effective manner.
—
## 21. Governing Law and Jurisdiction
### 21.1 Governing Law
This Privacy Policy and any disputes arising from it are governed by and construed in accordance with the **laws of the Dominican Republic**, without regard to its conflict of law provisions.
### 21.2 Jurisdiction and Venue
**Exclusive Jurisdiction:**
Any legal action or proceeding arising out of or relating to this Privacy Policy or your use of the App shall be brought exclusively in the courts located in **Santiago, Dominican Republic**.
**Consent to Jurisdiction:**
You consent to the personal and exclusive jurisdiction of these courts and waive any objections to jurisdiction, venue, or inconvenient forum.
### 21.3 Exception for EU/EEA/UK Users
For users located in the European Economic Area, United Kingdom, or Switzerland:
– You may also bring legal proceedings in the courts of your country of residence
– GDPR and other EU/UK data protection laws apply to the processing of your personal data regardless of governing law provisions
—
## 22. Severability
If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction:
– The invalid provision will be modified and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law
– The remaining provisions of this Privacy Policy will remain in full force and effect
– The invalidity or unenforceability of any provision shall not affect the validity or enforceability of any other provision
—
## 23. Entire Agreement
This Privacy Policy, together with our **Terms and Conditions** (incorporated herein by reference), constitutes the entire agreement between you and DairyCraftPro regarding the privacy of your personal information and supersedes all prior or contemporaneous agreements, understandings, or communications, whether written or oral, relating to the subject matter herein.
**Integration:**
This Privacy Policy represents the complete and exclusive statement of the agreement between you and DairyCraftPro regarding privacy.
**No Oral Modifications:**
No oral explanation or oral information provided by DairyCraftPro or its representatives shall modify or supplement this Privacy Policy.
—
## 24. Language and Translation
### 24.1 Governing Language
This Privacy Policy has been written in **English**.
**Translations:**
To the extent this Privacy Policy is translated into any other language (e.g., Spanish for user convenience), the **English version** is the official and controlling version.
**Conflicts:**
In the event of any conflict, inconsistency, or ambiguity between the English version and any translated version, the **English version controls** and shall prevail.
—
## 25. Acknowledgment and Agreement
**BY CREATING AN ACCOUNT, CLICKING “I AGREE,” ACCEPTING COOKIES, OR USING THE APP, YOU ACKNOWLEDGE THAT:**
1. You have read and understood this Privacy Policy in its entirety.
2. You consent to the collection, use, disclosure, and processing of your personal information as described in this Privacy Policy.
3. You consent to the use of cookies and tracking technologies as described in Section 9.
4. You consent to the sharing of your data with third-party service providers (Lemon Squeezy, Anthropic, SendGrid, Google, Railway) as described in Section 5.
5. You consent to international data transfers to the United States as described in Section 6.
6. You are at least 18 years of age.
7. You understand your privacy rights under applicable data protection laws (Section 10).
**If you do not agree to this Privacy Policy, do not use the App.**
—
## DISCLAIMER
**This Privacy Policy is provided for informational purposes only and does not constitute legal advice.**
**Important Recommendations:**
1. **Legal Review:** Have this Privacy Policy reviewed by a qualified attorney licensed in the Dominican Republic before publishing, with expertise in:
– Dominican Republic data protection law (Law 172-13 on Comprehensive Protection of Personal Data)
– International data transfers and cross-border privacy compliance
– GDPR compliance for EU customers
– CCPA compliance for California customers
2. **Dominican Republic Compliance:**
– Law 172-13 on Comprehensive Protection of Personal Data (Dominican data protection law)
– Determine if you need to register with the Dominican data protection authority (if applicable)
– Understand data breach notification requirements under Dominican law
3. **International Compliance:**
– **GDPR** (for EU/EEA customers): Verify Standard Contractual Clauses for U.S. data transfers
– **CCPA/CPRA** (for California customers): Ensure “Do Not Sell” disclosures and user rights mechanisms
– **Other jurisdictions**: Review data protection laws in countries where you have significant users
4. **DPO Evaluation:** Determine if you are required to appoint a Data Protection Officer under GDPR (if you have substantial EU customers).
5. **EU Representative:** Determine if you need to appoint an EU representative under GDPR Article 27 (consult attorney).
6. **Cookie Consent:** Upgrade your cookie consent mechanism to provide granular choices and “Reject” options for GDPR compliance.
7. **Data Portability:** Build a comprehensive “Download All My Data” feature for GDPR/CCPA compliance.
8. **Regular Updates:** Review and update this Privacy Policy regularly as your business, features, and applicable laws evolve.
9. **Privacy Impact Assessments (PIAs):** Conduct PIAs for high-risk data processing activities (AI features, international transfers).
**Limitations:**
– Privacy laws are complex and vary by jurisdiction
– This policy is based on the codebase analysis and may need adjustments based on your specific business practices
– Dominican Republic jurisdiction may affect enforceability in international disputes
– Consult with legal counsel to address jurisdiction-specific requirements
—
**END OF PRIVACY POLICY**