Privacy Policy

1. Overview

GrazeMate, Inc. ("GrazeMate", "we", "our", or "us") provides autonomous drone monitoring software and hardware for agricultural operations. This Privacy Policy describes how we collect, use, store, and protect personal and operational data when you use the GrazeMate platform, mobile application, and associated services (collectively, the "Services").

By accessing or using our Services, you agree to the practices described in this policy. If you do not agree, please do not use our Services.

2. Who We Are

GrazeMate, Inc. is the data controller responsible for the personal data collected through our Services. We are incorporated and headquartered in Australia, with cloud infrastructure hosted across AWS regions in Australia and the United States.

For privacy-related enquiries, contact our privacy team at support@grazemate.com.

3. Data We Collect

We collect several categories of data when you use GrazeMate:

3.1 Account and Identity Data

• Name and email address — provided during account creation
• Organisation name and billing details — for account management and invoicing
• Password — stored as a salted, hashed value. We never store plaintext passwords.

3.2 Property and Configuration Data

• Paddock boundaries and maps — geofences and property layouts you define in the app
• Mission schedules and parameters — automated flyover times, intensity settings, and task configurations
• Infrastructure records — troughs, gates, fences, and other assets you register in the platform

3.3 Operational and Sensor Data

• Drone telemetry — GPS position, altitude, heading, battery level, and flight logs generated during missions
• Aerial imagery and video — footage captured by the drone during scheduled missions on your property
• Sensor readings — thermal, multispectral, and other sensor data used for pasture and livestock analysis
• Mission reports — automated summaries including cattle counts, trough levels, and pasture assessments

3.4 Usage and Technical Data

• App usage data — features accessed, session duration, and interaction patterns within the GrazeMate app
• Device information — operating system, device model, and app version
• Log data — IP addresses, timestamps, error logs, and crash reports

4. How We Use Your Data

We use your data only for the purposes described below. Our legal bases for processing under applicable privacy law (including GDPR where relevant) are noted for each purpose.

• Service delivery — To operate missions, generate reports, and deliver results to your device. Legal basis: contractual necessity.
• Account management — To manage your account, process billing, and communicate about your subscription. Legal basis: contractual necessity.
• Platform improvement — To diagnose issues, fix bugs, and improve platform reliability and performance. Legal basis: legitimate interests.
• AI and model development — To improve our AI systems for cattle detection, pasture analysis, and autonomous navigation. See Section 5 for full detail. Legal basis: legitimate interests, with appropriate safeguards.
• Safety and compliance — To detect fraud, enforce our terms, and meet legal obligations. Legal basis: legal obligation / legitimate interests.
• Communications — To send service-related updates, security alerts, and (with your consent) product news. Legal basis: consent / contractual necessity.

We do not use your data for advertising, behavioural profiling, or any purpose not listed above.

5. AI Model Training

GrazeMate's core capabilities — cattle detection, livestock behaviour analysis, pasture assessment, and autonomous navigation — are powered by machine learning models that improve over time. To do this, we use operational data generated during real-world missions.

5.1 What is used

• Processed imagery (not raw footage) — aerial frames that have been stripped of metadata and associated with anonymised labels
• Sensor and telemetry data — flight parameters, environmental readings, and detection outputs
• Mission outcome data — whether a task was completed successfully and any corrections made

5.2 What is never used

• Your name, email, or any account credentials
• Raw, unprocessed imagery with intact metadata
• Property names, addresses, or any geographic identifiers that could be traced back to your operation
• Billing or financial information

5.3 How we protect training data

• Anonymisation — all data used for training is de-identified prior to use
• Encryption — data is encrypted at rest (AES-256) and in transit (TLS 1.2+) at every stage of the pipeline
• Access controls — only authorised GrazeMate ML engineers can access training datasets, subject to role-based permissions and audit logging
• No external exposure — training data is never shared with external model providers, research institutions, or third parties

6. Data Security

We apply multiple layers of security across all GrazeMate systems:

• Encryption at rest — all stored data, including imagery, telemetry, and account information, is encrypted using AES-256
• Encryption in transit — all data transmitted between your device, our servers, and the drone uses TLS 1.2 or higher
• Access controls — internal access to customer data is role-based, principle-of-least-privilege, and fully audit-logged
• Infrastructure security — our cloud environment is hosted on AWS and configured in accordance with AWS security best practices, including VPC isolation, private subnets, and security group rules
• Vulnerability management — we conduct regular security reviews and promptly remediate identified vulnerabilities
• Employee training — all GrazeMate staff handling customer data are trained on data handling obligations and security procedures

Despite these measures, no system is completely immune to security risks. We encourage you to use a strong, unique password and to notify us immediately if you suspect any unauthorised access to your account.

7. Data Retention

We retain different categories of data for different periods based on operational need and legal requirements:

• Account data — retained for the duration of your account, plus 90 days following account closure to allow for reactivation or dispute resolution
• Mission reports and telemetry — retained for 24 months by default, after which they are automatically deleted or anonymised
• Raw aerial imagery — retained for 90 days following mission completion, then permanently deleted from our systems
• Billing records — retained for 7 years to comply with financial and tax regulations
• Log and audit data — retained for 12 months for security and diagnostic purposes

You may request earlier deletion of your data at any time. See Section 11 for your rights.

8. Data Sharing and Third Parties

We do not sell, rent, or trade your data. We share data only in the following limited circumstances:

• Infrastructure providers — We use Amazon Web Services (AWS) to host our platform. AWS processes data on our behalf under a Data Processing Agreement and is not permitted to use your data for any other purpose.
• Payment processors — Billing data is handled by our payment processor (currently Stripe). We do not store full card numbers on GrazeMate systems.
• Analytics and monitoring tools — We use internal tooling to monitor platform health. These tools operate on aggregated, de-identified data only.
• Legal requirements — We may disclose data if required by law, court order, or regulatory authority, and will notify you where legally permitted to do so.
• Business transfers — In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of that transaction. We will notify affected users and ensure the receiving entity is bound by equivalent privacy obligations.

All third-party service providers are vetted for their data handling practices and bound by contractual confidentiality obligations.

9. International Data Transfers

GrazeMate operates primarily from Australia, with cloud infrastructure in AWS Sydney (ap-southeast-2) and, for certain redundancy functions, AWS US East. If your data is processed outside your jurisdiction, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses where required under GDPR
• Transfers only to countries or services with adequate data protection frameworks
• Data processing agreements with all sub-processors

By using GrazeMate, you acknowledge that your data may be processed in Australia and the United States.

10. Cookies and Tracking

Our website (grazemate.com) uses a small number of cookies and similar technologies:

• Essential cookies — required for the site to function (e.g. session state). These cannot be disabled.
• Analytics cookies — used to understand how visitors use the site (e.g. page views, referral sources). These are aggregated and anonymised. We do not use Google Analytics user-level tracking.

The GrazeMate mobile application does not use advertising cookies or cross-app tracking technologies.

You can control cookie preferences through your browser settings. Disabling analytics cookies does not affect your ability to use the site.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate or incomplete data be corrected
• Deletion — request that your personal data be deleted (subject to legal retention requirements)
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests, including AI model training
• Restriction — request that we limit how we use your data while a dispute is resolved
• Withdrawal of consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, contact support@grazemate.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

If you are located in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority. If you are located in California, you have additional rights under the CCPA, including the right to know, delete, and opt out of sale (we do not sell data).

12. Children's Privacy

GrazeMate is a professional agricultural platform intended for use by adults. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that a minor has provided personal data, we will delete it promptly. If you believe a minor has submitted data through our Services, please contact us at support@grazemate.com.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will:

• Notify relevant supervisory authorities within 72 hours of becoming aware of the breach, where required by law
• Notify affected users without undue delay via email to the address on file
• Provide clear information on what data was affected, what we have done in response, and what steps you can take to protect yourself

We maintain an internal incident response plan and conduct regular drills to ensure our team is prepared to respond effectively.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify active users via email at least 14 days before the change takes effect
• Where required by law, seek your consent before any significant change to how we process your data

We encourage you to review this policy periodically. Continued use of GrazeMate after any update constitutes acceptance of the revised policy.

15. Contact Us