Effective Date: March 10, 2026
Western Potatoes ("we," "us," or "our") operates the TaterVision application (the "App"), available on iOS, Android, and web platforms. This Privacy Policy explains how we collect, use, store, and protect your information when you use our App.
By using TaterVision, you consent to the practices described in this policy. If you do not agree, please discontinue use of the App.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name (first and last name)
- Email address (used as your login identifier)
- Password (stored as a one-way BCrypt hash; we cannot read your password)
- Phone number (optional, provided by you)
- Profile photo (optional, uploaded by you)
- Job title (optional)
1.2 Location Data
Mobile app only. With your explicit permission, we collect precise GPS coordinates to:
- Detect the nearest farm to your current location
- Display your position on the farm map
Location data is used in real time and is not stored permanently. We only access location while the app is in the foreground. You can revoke location permission at any time through your device settings.
1.3 Camera and Photos
Mobile app only. With your explicit permission, we access your device camera to:
- Capture photos for activity documentation and field records
- Upload profile photos
Photos are compressed and uploaded to our servers. We do not access your photo library — only the device camera. Photos are not saved to your device gallery. You can revoke camera permission through your device settings.
1.4 Biometric Authentication
Mobile app only. If you choose to enable biometric login, we use your device's Face ID, Touch ID, or fingerprint sensor for convenient authentication.
- Your biometric data (fingerprint, face scan) never leaves your device. It is processed entirely by the iOS Secure Enclave or Android Keystore hardware.
- We store only a secure authentication token (not biometric data) in your device's hardware-encrypted keychain and on our server.
- Biometric tokens expire after 180 days and can be disabled at any time.
1.5 Push Notifications
Mobile app only. If you grant notification permission, we collect:
- Device token — a unique identifier assigned by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM) to deliver notifications to your device
- Device platform (iOS or Android)
We use these tokens solely to send you activity notifications, task reminders, and system alerts. You can disable notifications through your device settings or within the App. When you log out, your device token is deactivated.
1.6 Agricultural Data
You enter agricultural operational data including:
- Farm details (name, address, coordinates)
- Field boundaries (GPS polygon coordinates), area, crop type, planting dates
- Zones with soil type, irrigation, and management notes
- Activities (planting, spraying, harvesting, costs)
- Product pricing and seed information
This data is stored on our servers and is accessible only to you and authorized users within your organization.
1.7 Automatically Collected Data
We automatically collect limited technical data to maintain and improve the App:
- Client type (web, iOS, or Android) and app version
- Authentication events (login attempts, password resets) for security auditing
- Browser user agent (sent during password reset requests for fraud detection)
- Language preference (English, Spanish, or Lakota)
2. How We Use Your Information
- Provide the service: Manage your farms, fields, activities, and agricultural operations
- Authentication: Verify your identity and secure your account
- Notifications: Send task reminders and activity alerts
- Vegetation analysis: Submit field boundaries to satellite services for NDVI analysis
- Soil and elevation analysis: Retrieve environmental data for your fields
- Feature management: Determine which features are available in your region
- Analytics: Understand platform usage (mobile vs. web) to improve the App
- Security: Detect unauthorized access and prevent fraud
We do not sell, rent, or trade your personal information to any third party.
3. Third-Party Service Providers
We share limited data with the following service providers to operate the App:
| Provider |
Purpose |
Data Shared |
| Microsoft Azure |
Cloud hosting, telemetry (Application Insights) |
Client type, app version, request metadata |
| Firebase Cloud Messaging (Google) |
Push notification delivery (Android) |
Device token, notification content |
| Apple Push Notification Service |
Push notification delivery (iOS) |
Device token, notification content |
| Google Maps Platform |
Map display, geocoding |
Field coordinates, place queries |
| Sentinel Hub (Sinergise) |
Satellite NDVI vegetation analysis |
Field boundary coordinates, date ranges |
| LaunchDarkly |
Feature flag management |
User ID, email, platform type |
| USDA SSURGO |
Soil composition data |
Field coordinates |
| USGS |
Elevation and terrain data |
Field coordinates |
Each provider processes data in accordance with their own privacy policies. We do not authorize any provider to use your data for purposes beyond operating TaterVision.
4. Data Storage and Security
- Server storage: Your data is stored in PostgreSQL databases hosted on Microsoft Azure with encryption at rest and in transit (TLS 1.2+).
- Password security: Passwords are hashed using BCrypt and cannot be recovered or read by anyone, including our team.
- Token security: Authentication tokens (JWT) are short-lived. On mobile devices, tokens are stored in the iOS Keychain or Android Keystore (hardware-encrypted).
- Biometric credentials: Stored exclusively in your device's hardware-encrypted secure storage.
- Local caching: The App caches data locally (IndexedDB on web, device storage on mobile) for offline access. This data is cleared on logout.
5. Data Retention
- Account data: Retained for the lifetime of your account.
- Agricultural data: Retained for the lifetime of your account.
- Authentication logs: Retained for 90 days for security auditing.
- Push notification tokens: Retained until you log out, unregister, or delete your account.
- Biometric tokens: Expire automatically after 180 days. Deleted immediately if you disable biometric login.
- Telemetry data: Retained per Microsoft Application Insights default retention (90 days).
When you delete your account, all personal data is permanently removed from our servers within 30 days.
6. Your Rights
All Users
- Access: Request a copy of your personal data.
- Correction: Update inaccurate information via your profile settings.
- Deletion: Request deletion of your account and all associated data.
- Revoke permissions: Disable location, camera, notifications, and biometric access through your device settings at any time.
European Economic Area (GDPR)
If you are located in the EEA, you have additional rights:
- Legal basis: We process your data based on contractual necessity (to provide the service you signed up for), legitimate interest (security and analytics), and consent (location, camera, biometrics, notifications).
- Data portability: Request your data in a machine-readable format.
- Restriction: Request that we limit processing of your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Withdraw consent for optional data processing at any time without affecting the lawfulness of prior processing.
California Residents (CCPA/CPRA)
- Right to know: Request the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of your personal information.
- Right to correct: Request correction of inaccurate personal information.
- Non-discrimination: We will not discriminate against you for exercising your rights.
- No sale of data: We do not sell or share your personal information for cross-context behavioral advertising.
7. Children's Privacy
TaterVision is not directed at children under 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided personal information, we will delete it promptly. If you believe a child has provided us data, please contact us.
8. International Data Transfers
Your data may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, by using the App you consent to the transfer of your data to the U.S. We ensure appropriate safeguards are in place to protect your data in compliance with applicable data protection laws.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the App or by email. The "Effective Date" at the top of this page indicates when the policy was last updated. Continued use of the App after changes constitutes acceptance of the revised policy.
10. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a concern, contact us at:
- Email: privacy@tatervision.com
- Company: Western Potatoes