Privacy Policy
Last updated: 5 July 2026
This Privacy Policy explains what personal data The Farmland Atlas collects, how and why we use it, who we share it with, and the rights you have over it. It is written to meet the standards of the EU General Data Protection Regulation (GDPR) and applies to your use of our website, interactive map, API, concierge product and related services (together, the “Service”). Please read it alongside our Terms of Service.
1. Who we are
The Farmland Atlas is operated by Kiss Industries (“we”, “us”, “our”), a company based in Switzerland, which is the data controller responsible for your personal data. As a Swiss company we are subject to the Swiss Federal Act on Data Protection (FADP), and because we serve users in the European Union we also comply with the EU General Data Protection Regulation (GDPR). For any privacy question, or to exercise your rights, contact us at [email protected]. For general enquiries you can also reach us at [email protected].
2. The data we collect
We collect only what we need to run the Service. Depending on how you use it, this includes:
- Account and contact data: your email address; if you sign in with Google, your name and the account identifier that Google shares with us; and, for concierge orders, any delivery and criteria details you provide.
- Usage data: how you interact with the map, including which locations you open field notes for, the filters and layers you set, and your subscription status. This helps us run the Service and improve it.
- Aggregate analytics: pseudonymous, aggregate usage statistics such as page views and conversion-funnel steps, collected through our privacy-first analytics provider (DataFast), which sets a single first-party cookie. This does not identify you individually or track you across other sites.
- Free-lookup counter: a count of how many location field notes you have opened, used to apply the free-tier limit.
- Subscription data: your PRO subscription status and limited billing metadata received from Stripe. We do not receive or store your full card number.
- Technical and log data: your IP address, browser and device type, and basic request logs, used for security, abuse prevention, and operating the Service.
- Cookies and local storage: small values stored in your browser to keep you signed in, remember your preferences, and hold your free-lookup counter. See section 4.
3. How and why we use your data
We use your personal data for the purposes below. For each, we identify the lawful basis on which we rely under the GDPR:
- To provide the Service, create and run your account, and deliver field notes: performance of a contract with you.
- To process and manage PRO subscriptions and concierge orders, including billing and delivery: performance of a contract.
- To apply the free-tier limit, keep the Service secure, prevent abuse and bots, and understand and improve how the Service is used through aggregate, pseudonymous usage analytics: our legitimate interests in running a safe, reliable and sustainable product.
- To send you optional marketing email, where you have chosen to receive it: your consent, which you can withdraw at any time.
- To meet our legal and regulatory duties, such as tax, accounting and responding to lawful requests: compliance with a legal obligation.
We send transactional emails (such as magic sign-in links and billing notices) as a necessary part of providing the Service.
4. Cookies and local storage
For visitors in the EU and EEA we use essential cookies plus a single first-party analytics cookie. The essential cookies keep you signed in, remember your preferences, and hold your free-lookup counter. The analytics cookie is set by DataFast, our privacy-first analytics provider, and measures aggregate usage such as page views and conversion steps; it does not identify you individually or follow you across other sites. We never use cookies for advertising, we do not build advertising profiles, and we never share your data with advertisers or ad networks. Sponsor placements (which are removed for PRO) are served as static content and do not track you.
5. Who we share your data with
We do not sell your personal data. We share it only with the service providers that process it on our behalf, under contract and only as needed to run the Service:
- Google for authentication, when you choose to sign in with Google.
- Resend for sending magic-link and transactional emails.
- Stripe for payment processing and subscription billing.
- Cloudflare for serving the static map tiles and content delivery (CDN). Cloudflare mainly serves non-personal static map data, and may process technical data such as your IP address for security and delivery.
- DataFast (datafa.st) for privacy-first visitor analytics (aggregate page views and conversion funnel), using a single first-party analytics cookie.
We may also disclose personal data where we are required to do so by law, to comply with legal process, or to protect the rights, safety and security of our users, the public or the Service. If we are ever involved in a merger, acquisition or asset sale, we will require the recipient to honour this policy.
6. Where your data is stored and international transfers
We host our servers and store your account and usage data in the European Union, and that data does not leave the EU under our control. Data is transmitted over encrypted (HTTPS) connections. The one exception is Google sign-in: if you choose to sign in with Google, Google processes your authentication on its own infrastructure and under its own terms, which we do not control and which may involve processing outside the EU. Where personal data is transferred outside the European Economic Area by a processor, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to protect it.
7. Security
We take reasonable technical and organisational measures to protect your personal data, including encryption in transit, access controls, and limiting who and what can reach the data. We use reputable providers for payments and email so that sensitive details (such as card numbers) are handled by specialists and never stored by us. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to respond appropriately to any incident.
8. How long we keep your data
We keep personal data only as long as we need it:
- Account and usage data: while your account is active and for a reasonable period afterwards.
- Billing and tax records: for as long as we are legally required to keep them.
- Log data: for a limited period, for security and abuse prevention.
You can ask us to delete your account at any time, and we will remove or anonymise your data except where we must retain some of it to meet a legal obligation.
9. Your rights
Under the GDPR and similar laws, you have the following rights over your personal data:
- Access: to obtain a copy of the personal data we hold about you.
- Rectification: to have inaccurate or incomplete data corrected.
- Erasure: to have your data deleted in certain circumstances.
- Restriction: to limit how we process your data in certain circumstances.
- Portability: to receive certain data in a structured, machine-readable format, or have it sent to another controller.
- Objection: to object to processing based on our legitimate interests.
- Withdraw consent: to withdraw consent at any time where we rely on it, without affecting processing already carried out.
To exercise any of these rights, email [email protected]. We will respond within the time required by law. You also have the right to lodge a complaint with a supervisory authority. If you are in the EU or EEA, you may complain to your local supervisory authority, in particular in the country where you live or work. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).
10. Marketing and transactional email
We send marketing email only if you have opted in, and every marketing message includes an unsubscribe link so you can stop at any time. Transactional emails, such as magic sign-in links and billing notices, are part of providing the Service and are sent regardless of your marketing preferences.
11. Children
The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Automated decision-making
The viability scores you see are modelled estimates about places, not automated decisions about you. We do not carry out automated decision-making that produces legal or similarly significant effects concerning you, and we do not profile you for advertising.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy here with a new “last updated” date and, where appropriate, provide additional notice. We encourage you to review it periodically.
14. How to contact us
For any privacy question or request, email [email protected]. For general enquiries, email [email protected].
See also our Terms of Service.