Privacy Policy

Effective Date: October 31, 2025

Last Updated: November 26, 2025

Version: 1.0

Who We Are

agAI ("we," "us," "our") operates a Data Powered Farm Management platform that integrates with contracted veterinary laboratories. Our platform enables dairy farms and veterinarians to manage their data and access integrated laboratory services from our contracted partners.

Contact Information:

• Business Name: agAI
• Website: https://agaiinc.com
• Address: 10117 Commodore Dr, Bakersfield, CA 93312
• Email: privacy@agaiinc.com
• Phone: (559) 358-6934

What This Policy Covers

This Privacy Policy describes how we collect, use, disclose, and protect information when you:

• Use the agAI platform (https://[yourdomain].com)
• Access integrated laboratory services from our contracted partners
• Receive data analytics and farm management insights
• Communicate with our platform support staff

Who This Policy Applies To

This policy applies to:

• Platform Users: Dairy farm owners, managers, and authorized personnel who use agAI
• Laboratory Partners: Contracted veterinary labs that integrate with our platform
• Employees: agAI staff and administrators who use the platform internally
• Visitors: Anyone browsing our public website

Governing Laws

We comply with:

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• California Business & Professions Code §4857 (Veterinary Confidentiality) - as applicable to integrated laboratory services
• Federal CAN-SPAM Act (email communications)
• Telephone Consumer Protection Act (TCPA) for SMS

Important: agAI integrates with veterinary laboratories that handle animal health data. While the platform itself does not perform veterinary testing, integrated laboratory services may involve veterinary medical records, which are NOT subject to HIPAA. However, all integrated services treat veterinary information with appropriate confidentiality.

Information We Collect

A. Information You Provide Directly

Account Information

When you create an account or we create one for you via invitation:

• Full name (first and last name)
• Email address
• Password (encrypted, never stored in plain text)
• Phone number (optional, for notifications)
• Farm/business name and address
• Role and access level

Veterinary & Laboratory Data

When you submit samples or we process tests:

• Herd demographics (herd size, farm practices)
• Sample collection information (date, type, cow identifiers)
• Test type selections (culture type, specific tests requested)
• Sample metadata (quarter sampled, clinical notes)
• Test results (organism identifications, growth characteristics)
• Billing and payment information (processed by third-party payment processor)

Communications

When you contact us:

• Support request content
• Email correspondence
• Phone call logs (date/time, not recording content)

B. Information Collected Automatically

Usage Information

When you use agAI:

• Login timestamps and activity logs
• Pages viewed and features used
• IP address and approximate location (city/state level)
• Browser type and version
• Device type (desktop, tablet, mobile)
• Referring website

Cookies & Similar Technologies

We use the following cookies:

• Essential cookies: Required for authentication and security (cannot opt-out)
• Analytics cookies: Usage statistics to improve service (can opt-out)
• Preference cookies: Remember your settings (can opt-out)

We DO NOT use:

• Advertising cookies
• Third-party tracking cookies
• Cross-site tracking

C. Information from Third Parties

DairyComp/DC305 Integration (If Enabled)

If you authorize integration with herd management software:

• Cow identifiers and demographics
• Milk production records
• Lactation and breeding information
• Treatment histories
• Somatic cell count data

This data is synchronized ONLY with your explicit consent and can be disconnected at any time.

Payment Processors

We receive confirmation of successful payments but do NOT store full credit card numbers (only last 4 digits and expiration for reference).

D. Information We Do NOT Collect

We do not knowingly collect:

• Social Security Numbers
• Driver's license numbers
• Financial account numbers (full credit cards)
• Biometric data
• Precise geolocation
• Personal health information about humans
• Information from children under 18 (agAI is a business service)

How We Use Your Information

Primary Purposes (Contractual Necessity)

We use your information to provide laboratory services:

• Process samples: Track samples from submission to results
• Generate test results: Identify organisms and create reports
• Deliver results: Provide test results to authorized contacts
• Generate analytics: Calculate infection rates, trends, and herd health metrics
• Billing: Invoice for services and process payments
• Customer support: Respond to questions and troubleshoot issues

Secondary Purposes (Legitimate Business Interests)

We also use information for:

• Security: Detect fraud, prevent unauthorized access, protect data integrity
• Quality improvement: Analyze usage patterns to enhance features
• Compliance: Meet legal obligations, respond to legal requests
• Internal analytics: Understand service performance and reliability
• Audit trails: Maintain records of data changes for quality control

Purposes Requiring Consent

We will ask for your separate consent before:

• Benchmarking: Using anonymized data for industry comparisons
• Research: Including your data in scientific studies
• Marketing: Sending promotional communications
• Third-party sharing: Sharing with partners beyond service providers

You can withdraw consent at any time without affecting our core services.

Anonymization & Aggregation

We create anonymized, aggregated statistics such as:

• Industry-wide infection rate averages
• Regional pathogen prevalence
• Common organism trends

This anonymized data CANNOT identify individual farms and may be used for research, publications, or benchmarking services.

Legal Basis (for non-U.S. users)

If you are outside the United States, our legal basis for processing is:

• Contract performance: Providing lab services you requested
• Legitimate interests: Security, fraud prevention, service improvement
• Legal obligation: Compliance with laws and regulations
• Consent: Marketing, research, non-essential features

How We Share Your Information

We Do NOT Sell Your Data

We have never sold personal information and will never sell it in the future.

If this ever changes, we will provide 30 days' notice and an opt-out mechanism.

Sharing with Your Authorization

We share information when you direct us to:

• Authorized contacts: Test results sent to farm personnel you designate
• Veterinarians: Results shared with your consulting veterinarian (as authorized)
• DairyComp sync: Culture results pushed to your herd management software (if enabled)

Service Providers (Data Processors)

We share information with trusted vendors who process data on our behalf:

• Supabase: Database hosting, authentication | All application data | United States
• Vercel: Web hosting | Usage logs, IP addresses | United States
• Resend: Transactional emails | Email addresses, results summaries | United States
• Twilio: SMS notifications | Phone numbers, message content | United States
• Stripe: Payment processing | Billing information | United States

All service providers are contractually required to:

• Use data only for specified purposes
• Implement appropriate security measures
• Comply with CCPA (if applicable)
• Delete or return data upon contract termination

Legal Disclosures

We may disclose information when required by law or to protect rights:

• Court orders or subpoenas: Legal compulsion
• Disease reporting: Mandatory veterinary reporting requirements (e.g., reportable diseases)
• Law enforcement: Valid legal requests with appropriate documentation
• Emergency situations: Imminent threat to health or safety
• Regulatory agencies: California Veterinary Medical Board, USDA, FDA

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified and given choices regarding your data.

Veterinary Confidentiality Protection (§4857)

In compliance with California Business & Professions Code §4857:

• Animal health records are disclosed ONLY with farm owner consent (except legal requirements)
• We maintain strict confidentiality of veterinary medical information
• Unauthorized disclosure can result in license revocation and criminal penalties
• All employees sign confidentiality agreements

You control who receives test results via your designated contact list.

Data Security

We implement industry-standard security practices:

• Encryption: Data in transit: TLS 1.3 encryption (HTTPS), Data at rest: AES-256 encryption (database level), Password storage: Bcrypt hashing with salt
• Access Controls: Role-based access control (RBAC), Row-level security (RLS) policies in database, Multi-factor authentication (MFA) for admin accounts, Principle of least privilege
• Monitoring & Detection: Audit logging of all data access and modifications, Automated security scanning, Intrusion detection systems, Regular security assessments

Your Privacy Rights

Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

• Right to Know (Access): Request disclosure of categories of personal information collected, specific pieces of information, sources, business purposes, and categories of third parties
• Right to Delete: Request deletion of personal information (subject to exceptions for scientific/medical records)
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out of Sales: Not applicable - we don't sell personal information
• Right to Limit Use of Sensitive Information: Not applicable - we don't collect sensitive personal information
• Right to Non-Discrimination: We will not discriminate for exercising privacy rights

Data Retention

Retention Periods:

• Active User Accounts: Duration of relationship
• Inactive Accounts: 3 years after last login, then deleted
• Test Results & Samples: Permanent (scientific/medical necessity)
• Billing Records: 7 years (tax/accounting requirements)
• Audit Logs: 7 years (legal compliance)

SMS Communications

Consent to Receive SMS Messages

By enabling SMS notifications in your account settings and providing your phone number, you expressly consent to receive automated text messages from agAI. This consent is not required as a condition of purchasing any goods or services.

What Information We Collect for SMS

• Phone number (provided by you)
• SMS opt-in preferences
• Message delivery status
• Opt-out requests

How We Use Your Phone Number

Your phone number is used solely to deliver the SMS notifications you have opted into, including:

• Contagious pathogen alerts (S. aureus, Mycoplasma, Prototheca detection)
• Test results notifications
• Billing reminders
• Service announcements

Message Frequency & Carrier Charges

• Message frequency varies based on your herd activity and notification preferences (typically 1-20 messages per month)
• Message and data rates may apply depending on your mobile carrier plan

How to Opt-Out

You can stop receiving SMS messages at any time by:

• Replying STOP to any message
• Disabling SMS in your account notification settings
• Contacting us at support@agaiinc.com or (559) 358-6934

Third-Party SMS Provider

SMS messages are delivered through Twilio, a trusted third-party communications provider based in the United States. Twilio processes your phone number and message content solely to deliver notifications on our behalf and is contractually bound to protect your information. See Twilio's privacy policy at twilio.com/legal/privacy.

We Do NOT Share Your Phone Number

Your phone number is never sold, rented, or shared with third parties for marketing purposes. It is used exclusively for delivering the agAI notifications you have consented to receive.