Privacy Policy

When you submit a form. We collect the name, work email, phone number (required), company, message, the page you submitted from, and a timestamp.

When you subscribe to our newsletter. We collect your email address and the signup source.

When you apply for a role. We collect the information you submit on the careers form (name, email, phone, current company, role of interest, message) plus any CV you email to us in response to your application.

Chatbot (future). If and when we enable a chatbot, we will collect the messages you send, a session identifier, and any contact details you choose to share in the conversation.

Usage data. Standard server-side request logs (IP address, user agent, referrer, timestamp). We do not run behavioural advertising trackers, and our analytics configuration minimises what is retained.

Respond to enquiries. Names, emails, phones, and messages are used to respond to your outreach, scope engagements, and follow up on active conversations.

Deliver requested content. Newsletter subscribers receive our monthly agri-advisory email. You can unsubscribe via the link in any email.

Evaluate candidates. Careers applications and CVs are reviewed by AgPro partners and, if relevant, shared with prospective client employers where you have expressly consented.

Improve the site. Usage logs help us debug errors, tune performance, and detect abuse.

We do not sell personal data, and we do not share it for advertising purposes.

We rely on two principal grounds for processing: (a) your explicit consent, given when you submit a form or subscribe; and (b) the legitimate uses recognised under Section 7 of the DPDP Act — including where processing is necessary to respond to an enquiry you have initiated, perform an employment function, or comply with law. Where consent is the basis, you may withdraw it at any time by writing to us (see §10).

Supabase (PostgreSQL hosting). All form submissions are stored in a Supabase-hosted Postgres database. Supabase is operated by Supabase Inc.; their privacy policy is at supabase.com/privacy. Data is stored in the AWS region linked to our project.

Resend (transactional email). Contact form notifications and newsletter delivery run through Resend. Resend’s privacy policy is at resend.com/legal/privacy-policy.

Vercel (hosting).The website is deployed on Vercel. Vercel’s privacy policy is at vercel.com/legal/privacy-policy.

Google Maps (embed). We embed Google Maps iframes on our contact page to show office locations. Google may collect your IP address and other data per its policy.

We do not currently use Google Analytics, third-party ad networks, session-replay tools, or A/B-testing platforms.

We set only the cookies strictly necessary for the site and the Supabase session (if any authentication is active). We do not set advertising or third-party tracking cookies. Google Maps embeds may set cookies within the iframe scope.

Leads and enquiries are retained for up to 3 years from last contact. We may retain records longer where required for legal, tax, or contractual reasons.

Newsletter subscribers remain on our list until they unsubscribe.

Careers applications are retained for up to 2 years to match you against future openings, unless you ask us to delete them sooner.

Usage logs are retained for a shorter operational window (typically 90 days).

We apply reasonable security practices under Rule 8 of the IT Rules, 2011 — encryption in transit, access controls at the database layer, privileged service-role keys restricted to trusted server code, and monitoring for unauthorised access. No system is perfectly secure; we promptly notify affected Data Principals and the Data Protection Board of India of any personal-data breach as required under DPDP Act §8(6).

Under the DPDP Act, you have the right to:

• Access a summary of the personal data we hold about you and the processing we carry out.
• Have errors in your personal data corrected or updated.
• Request erasure of your personal data, subject to our overriding legal or contractual obligations.
• Nominate another person to exercise rights on your behalf.
• Withdraw any consent you have given.
• File a grievance with us (see §10) — and escalate to the Data Protection Board of India if unresolved.

We respond to verified rights requests within a reasonable time consistent with the DPDP framework and typically within 30 calendar days.

Our services are not directed at Data Principals under 18. We do not knowingly collect personal data of children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

For any privacy questions, grievances, or rights requests, write to us:

If we are unable to resolve a grievance to your satisfaction, you may approach the Data Protection Board of India established under the DPDP Act.

We update this policy as our practices evolve. Material changes will be accompanied by a revised “Last updated” date at the top of this page and, where required, direct notice to affected Data Principals.