This Privacy Policy explains how UvaLink (“UvaLink,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you access or use our websites and services (collectively, the “Service”).

By using the Service, you agree to this Privacy Policy.

1. Scope and U.S.-Only Service

The Service is offered only for use in the United States. We do not target or market the Service to individuals located outside the United States.

If you access the Service from outside the United States (including while traveling), you do so at your own initiative and risk, and you are responsible for compliance with applicable laws.

2. Information We Collect

We collect information in three main ways: (a) you provide it, (b) it is generated through your use of the Service, and (c) it is collected automatically.

2.1 Information you provide

Depending on how you use the Service, you may provide:

– Account information: name, email address, password (hashed), authentication settings (e.g., 2FA status), and related account details
– Billing information: billing contact information and payment details processed by our payment processor (we do not store full card numbers)
– Customer Data (vineyard operations data): vineyard/block details, activities (e.g., pest control, vine care, irrigation, harvest entries), notes, materials/rates, timing/conditions, attachments you upload (if enabled)
– Location information: vineyard location data, including approximate location and/or GPS coordinates you enter or upload
– Operator and manager information: names and permit numbers you store for operational tracking purposes
– Support and communications: information you submit through our contact form, including messages, attachments, and other details

2.2 Information generated through use of the Service

We may collect information about how you use the Service, such as:

– pages/screens viewed, features used, actions taken
– device type and browser type
– approximate geolocation inferred from IP address (primarily for security and fraud prevention)
– account events (login history, security events, billing status)

2.3 Information collected automatically (cookies and similar technologies)

We (and our service providers) may use cookies, pixels, tags, SDKs, and similar technologies to collect information such as:

– usage analytics
– session integrity and security signals
– basic performance diagnostics
– advertising measurement and attribution (for example, in connection with our marketing campaigns)

You can control cookies through your browser settings. Blocking certain cookies may affect functionality.

2.4 Cookies and browser storage (strictly necessary)

The Service may use strictly necessary cookies and browser storage to operate, such as:

– authentication/session cookies (including HTTP-only cookies)
– trusted-device or security cookies (where enabled)
– localStorage or sessionStorage for session persistence and “remember me” functionality (where enabled)

These technologies help keep you signed in, prevent fraud, and secure the Service.

3. How We Use Information

We use information for the following business purposes:

– Provide and operate the Service (including user authentication, account management, and feature functionality)
– Process payments and manage subscriptions (through our payment processor)
– Generate maps, weather-related features, and alerts (through third-party integrations where applicable)
– Send Service communications (see Section 7), including onboarding and walkthrough messages, product tips, important updates, security notices, and transactional messages (such as verification, billing, and account notices)
– Improve and develop the Service (including debugging, performance monitoring, and feature enhancements)
– Maintain security and prevent fraud/abuse
– Provide support and respond to requests
– Comply with legal obligations and enforce our Terms of Service
– Create aggregated or de-identified data for analytics, benchmarking, industry trends, and product improvement

4. How We Share Information

We may disclose information to the categories of recipients described below.

4.1 Service providers and vendors

We may share information with vendors that help us operate the Service, such as:

– Payment processing: Stripe
– Mapping and geocoding: Mapbox; Nominatim/OpenStreetMap (as applicable)
– Weather data: WeatherAPI
– Email delivery: Resend (for Service communications, including transactional emails and account-related messages, as well as product tips and important updates)
– Image storage/processing: Cloudflare Images (when you upload images or attachments that use our image hosting pipeline)
– Analytics and measurement: Google Analytics (used on our website and/or Service for usage analytics)
– Advertising measurement and conversion tracking: Google Ads and Meta (Facebook/Instagram) advertising tools (used in connection with our marketing and advertising campaigns, which may involve cookies/pixels on our website and/or Service)
– Hosting, storage, monitoring, and analytics providers: infrastructure and logging vendors we use to run and secure the Service

These providers are permitted to process information only for our instructions and business purposes.

4.2 Legal and compliance

We may disclose information to comply with law or legal process, including to:

– respond to lawful requests from public authorities
– investigate fraud or security incidents
– protect rights, safety, and property of UvaLink, users, or the public

4.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed as part of that transaction.

4.4 With your direction

We may share information when you ask us to, authorize it, or configure the Service to do so (for example, enabling integrations).

5. Data Retention

We retain personal information and Customer Data for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention varies by category and purpose. Examples include:

– Account profile and billing records: retained for the life of the account and for a reasonable period thereafter for legal, security, and dispute resolution purposes.
– Customer Data (vineyard operations data): retained until deleted by you or until account termination/expiration, after which we may delete or de-identify it subject to legal and operational needs (including backups).
– Email dispatch and communication logs: generally retained up to 90 days.
– Alerts: read/archived alerts may be cleaned up after approximately 30 days.
– Login and security logs: retained for security and fraud prevention and may be kept for a reasonable period; some logs may be retained until the account is closed.
– Cached data (for performance): weather responses may be cached for about 24 hours; geocoding may be cached for about 7 days; certain security signals (e.g., failed login attempt tracking) may be retained for minutes.

Backup systems may retain residual copies for limited periods consistent with security, legal, or operational requirements. You are responsible for exporting and backing up your data.

6. Security

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no security system is perfect, and we cannot guarantee absolute security.

7. Communications Preferences

7.1 Service and Transactional Emails.

We may send you transactional and service-related communications that are necessary to provide the Service, such as verification emails, security notices, billing and payment communications, and important account notices. These communications are required to operate the Service.

7.2 Product Tips and Important Updates.

By default, when you create an Account, you may receive product tips, onboarding or walkthrough messages, and important updates about the Service. Where available, you can manage your communication preferences within the Service. If you turn off product tips or similar messages in your settings, we may still send transactional or service-related communications described in Section 7.1.

7.3 Unsubscribe Limitation.

We may send transactional and non-transactional communications from the same sending address or email stream. If you use an unsubscribe link or other mechanism that blocks emails from us, you may stop receiving transactional or service-related messages described in Section 7.1. You are responsible for ensuring you can receive emails from UvaLink (for example, by allowing our domain and regularly checking your account and billing status in the Service).

8. California Privacy Rights (CCPA/CPRA)

This section applies only to the extent UvaLink is subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

8.1 Categories of personal information we may collect

Depending on usage, we may collect:

– identifiers (name, email, IP address, device identifiers)
– commercial information (subscription status, billing history)
– internet or other electronic network activity information (usage logs, device data)
– geolocation data (vineyard location you provide; approximate IP-based location for security)
– professional/employment-related information you upload about operators/managers (names, permit numbers)
– inferences (limited, such as feature usage patterns)

8.2 Sale and sharing (cross-context behavioral advertising)

We do not sell personal information for monetary compensation.

If we use advertising measurement or conversion tracking tools (for example, Google Ads or Meta advertising tools), we may disclose certain identifiers and internet/network activity information to those providers for cross-context behavioral advertising, measurement, or attribution. Under California law, this may be considered “sharing” of personal information.

To opt out of sale or sharing (including where required by law), submit a request through our Contact Page. We may honor Global Privacy Control (GPC) signals where required by law as we implement support for such signals. Until then, you can opt out through our Contact Page.

8.3 How to exercise California rights

To exercise your rights (such as access, deletion, correction, or opt-out), submit a request through our Contact Page. We may request information to verify your identity and the scope of your request. In some cases we may deny or limit requests as permitted by law (for example, to protect security, comply with legal obligations, or where we cannot verify identity).

Authorized agents may submit requests on your behalf where permitted by law, but we may require proof of authorization and may still need to verify your identity.

Where required by applicable law, we will respond to verified requests within the timeframes required by law (generally 45 days, and we may extend where permitted). If we need additional time or cannot fulfill a request, we will explain why to the extent required by law.

Depending on the information and context, fulfilling a deletion request may involve deactivating your account, removing access, and deleting or de-identifying information, and some information may persist for a period in backups or logs or where required for security, legal compliance, fraud prevention, and dispute resolution.

California “Shine the Light.” We do not disclose personal information to third parties for their own direct marketing purposes.

9. Do Not Track and Global Privacy Control

Some browsers offer a “Do Not Track” (DNT) preference signal. We do not respond to DNT signals. We may honor user-enabled Global Privacy Control (GPC) signals where required by law as we implement support for such signals.

10. Children’s Privacy

The Service is not intended for individuals under 18, and we do not knowingly collect personal information from children under 18.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date indicates when it was last revised. If you continue using the Service after changes become effective, you accept the updated Privacy Policy to the extent permitted by law.

12. Contact Us

For questions or privacy requests, use our Contact Page.