Skip to main content

Legal

Privacy policy

Last reviewed: 28 May 2026. This policy explains what personal data TerraceFarming ("we", "our", "the platform") collects, why, and what rights you have over it. Questions? Write to privacy@terracefarming.in.

Who we are

TerraceFarming is an AI-powered smart gardening platform operated by TerraceFarming India (the "Data Fiduciary" under the DPDP Act 2023). We help home and terrace growers diagnose plant problems, plan crops, buy supplies, and connect with certified agronomists — all from one place.

Registered address and Grievance Officer contact: Grievance Officer page.

Data we collect

Account data

Name, email address, phone number (optional), city, state, and grower type (terrace / field farmer / home gardener). Collected when you register or update your profile.

Usage data

Pages visited, features used, calculator inputs, diagnose queries, and session timestamps. Used to improve the product and personalise recommendations. Never sold to third parties.

Transaction data

Order IDs, product SKUs, payment amounts, Razorpay transaction references, and delivery addresses. Stored for invoicing, refunds, and legal compliance. Raw card or UPI credentials are never stored — Razorpay handles PCI-DSS compliance.

Consultation data

Chat messages, photos, and agronomist responses exchanged during expert consultations. Stored for 2 years to support follow-up consultations and dispute resolution.

Device & technical data

IP address, browser type, device model, and crash reports. Collected automatically via Sentry (error monitoring) and our analytics stack. Used only for debugging and security.

Cookies

See our Cookies & consent policy for a full list of cookies, their purpose, and how to manage them.

Why we process your data

  • To provide the service — account management, AI diagnoses, calculators, shop orders, and expert consultations.
  • To process payments — passing order details to Razorpay to complete checkout and issue refunds.
  • To send transactional messages — OTPs, order confirmations, delivery updates, and consultation replies via email and SMS.
  • To personalise your experience — crop recommendations, seasonal alerts, and the AI assistant context are tailored to your grower profile and location.
  • To improve the product — aggregate, anonymised analytics help us identify broken flows and prioritise features.
  • To comply with law — tax records, invoices, and transaction logs are retained as required by the Income Tax Act, GST rules, and Consumer Protection (E-Commerce) Rules 2020.

Legal basis (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, we process your personal data on the following grounds:

  • Consent — analytics, personalisation, and marketing emails. You can withdraw at any time from your account settings.
  • Contract — fulfilling orders, processing payments, and delivering consultations you have paid for.
  • Legitimate use — fraud prevention, security monitoring, and product improvement using anonymised data.
  • Legal obligation — tax and financial record-keeping mandated by Indian law.

Who we share data with

We do not sell personal data. We share only what is necessary:

  • Razorpay — payment processing. Governed by Razorpay's own privacy policy.
  • Resend / AWS SES — transactional email delivery (OTPs, order confirmations).
  • Twilio / SMS provider — OTP delivery via SMS.
  • Supabase — database and authentication infrastructure hosted in AWS Mumbai (ap-south-1).
  • Sentry — error monitoring. Stack traces may contain request metadata but never passwords or payment data.
  • Agronomists (expert consultations) — consultation content is shared with the assigned agronomist to deliver the service you booked.
  • Legal / regulatory — if required by a court order or government directive under Indian law.

A full list of sub-processors is maintained at /legal/sub-processors.

How long we keep it

  • Account data — kept while your account is active, plus 90 days after deletion to allow you to recover it.
  • Transaction & invoice data — 7 years (GST and income tax legal requirement).
  • Consultation messages — 2 years from the consultation date.
  • Analytics & usage logs — 12 months, then anonymised or deleted.
  • Error / crash logs — 30 days.

Your rights

Under the DPDP Act 2023 and IT Act 2000, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your account and personal data. Statutory records (tax, legal) are exempt.
  • Withdraw consent — turn off analytics and personalisation from Account settings at any time.
  • Grievance — raise a complaint with our Grievance Officer (acknowledged within 24 hours, resolved within 15 days).
  • Nominate — nominate another person to exercise your rights on your behalf in the event of death or incapacity (DPDP §14).

To exercise any right, email privacy@terracefarming.in or use the Grievance Officer form.

Deleting your account

You can request full account deletion from My Account → Delete account or by emailing privacy@terracefarming.in. We process deletion requests within 30 days. Transaction records required by law are anonymised, not deleted.

Security

All data is transmitted over TLS 1.2+. Passwords are hashed with bcrypt (never stored in plain text). Database access is restricted to application service accounts with least-privilege roles. We run periodic vulnerability scans and notify affected users within 72 hours of a confirmed breach involving their data.

Changes to this policy

We update this policy when our practices change. Significant changes (new data categories, new third-party sharing) will be notified by email at least 14 days before they take effect. The "Last reviewed" date at the top always reflects the most recent version.