Draft status: counsel-review working draft only; not
for publication
Version: 0.1
Proposed effective date:
[EFFECTIVE DATE]
Controller: [EXACT LEGAL ENTITY NAME],
doing business as Agora Grove
Privacy contact: [PRIVACY EMAIL] ·
[PRIVACY REQUEST URL] · [POSTAL ADDRESS]
Placeholder rule: Every all-caps bracketed field in this draft is a [COMPANY INPUT REQUIRED] item unless it is expressly labeled [LAWYER REVIEW]. It must be completed and approved before publication.
Publication gate: Do not publish this policy until every bracketed field is completed and the vendor, tracking, AI, retention, payment, and data-sharing statements are verified against the production build and website. A privacy policy is not a safe place to reserve undisclosed rights.
This Privacy Policy explains how Agora Grove collects, uses, discloses, retains, and protects personal information when you use the Agora Grove consumer app, consumer-facing website, customer support, and related services that link to this Policy (collectively, the “Services”). It does not automatically govern a Farm’s independent handling of information it receives to fulfill an order, a third-party payment provider, or a third-party site or service unless that party’s notice says it does.
“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a person, household, account, device, or other identifier, as the term is defined or applied by relevant law.
Agora Grove is designed to help users discover independent farms and coordinate food orders. We may collect account/contact information; order, cart, payment-reference, and address information; location; device/technical information; support communications; preferences; feature interactions; AI search or image inputs when you choose those features; and information needed to protect the Services.
We use that information to operate the Services, route and coordinate requested orders, confirm inventory, process or coordinate payment, provide support, prevent fraud and abuse, improve product performance, personalize features where you enable personalization, comply with law, and communicate with you.
We share information with a Farm you select when it is needed to carry out your order; with service providers that help operate the Services; with payment, authentication, map/location, communications, hosting, and AI providers as described below; and with others when required or permitted by law.
We do not use allergy, dietary, or other sensitive-by-policy preferences for targeted advertising. We do not sell personal information for money. [COMPANY INPUT REQUIRED: select and validate the applicable advertising/pixels statement in Section 8 before publication.]
| Category | Examples | Sources |
|---|---|---|
| Account and identifiers | Name, email, phone, account ID, authentication ID, account settings, login provider | You; Apple/Google/email authentication provider; our systems |
| Contact and support information | Email, phone, support messages, dispute details, requested accommodations | You; your communications with us |
| Order, transaction, and payment-reference information | Cart contents, Farm, amounts, order status, substitution decision, payment-method label, card brand/last four, payment processor identifiers, refund/dispute data | You; Farm; payment processor; our order systems |
| Address and fulfillment information | Delivery/pickup address, address components, ZIP/postal code, access or pickup notes, selected market, fulfillment preferences | You; map/address provider; Farm/order systems |
| Precise and approximate location | Current or recent device coordinates, accuracy, derived proximity, city/region | Your device if you allow location; your manual entry; map/address provider |
| Preferences and inferred interests | Dietary and allergen preferences, household/fulfillment preferences, favorites, saved farms, product interactions, derived preference signals | You; your use of the Services; our systems |
| Search, AI, and image inputs | Search text, AI grocery request, image you choose to submit for grocery-list extraction, extracted list, feature result, feature feedback | You when you use the relevant feature |
| Voice input | Temporary on-device audio/transcript while you use voice input | Your device when you activate the feature |
| Device, usage, and diagnostics information | Device/app identifiers, operating system, app version, IP/network information, event logs, session data, crash reports, query length, latency, security signals | Your device/browser; our app/website; service providers |
| Communications and marketing preferences | Push token, notification topics, email/SMS choices, consent records, unsubscribe or opt-out records | You; your device; our systems |
| Farm and business information | Farm business contact, listing content, public product/farm information, permit/verification material if formally onboarded | Farm; public sources; service providers |
| Legal and compliance records | Policy version accepted, consent event, deletion/rights request, fraud/security investigation, regulator or legal request | You; our systems; authorities; service providers |
We may receive information from a Farm, payment provider, authentication provider, map/address provider, public sources, referral partner, or another user where needed to operate, secure, or improve the Services. We may combine information from sources where appropriate for the purposes described in this Policy.
We use personal information for the following purposes:
We request foreground location access only when a feature needs it, such as helping you locate a delivery address, evaluate nearby availability, or provide pickup/delivery relevance. You can decline location permission and enter an address or city manually. Do not use location features while driving or in a situation where using your device is unsafe.
If you use address search, we may send your typed address-search
information, an address-search session token, and a location bias/origin
to our map/address provider, currently
[COMPANY INPUT REQUIRED: Google Places confirmation], to
return address suggestions or details. We do not use precise location
for targeted advertising unless we first update this Policy and obtain
any required choice or consent.
[COMPANY INPUT REQUIRED] Confirm whether any precise coordinate is stored on Agora Grove servers, shared with a Farm, or retained beyond the observed local short-term cache. The public policy must state the final answer precisely.
When you set up or use a payment method, we and our payment provider may process transaction and payment-reference information. The intended current payment provider is Stripe. We do not intend to receive or store your full payment-card number or card security code through the app’s Stripe payment sheet, but we may receive and retain payment-related identifiers, card brand/last four, expiration data, payment status, transaction amount, and fraud/dispute information.
We use payment data to set up payment methods, process or coordinate orders and refunds, prevent fraud, respond to disputes, and maintain records. Farms should not receive your complete card data through Agora Grove. A Farm may receive information necessary to fulfill the order, such as your name, contact method, order, and pickup/delivery details.
[LAWYER REVIEW] Finalize the merchant-of-record, payment processor account owner, tax, refund, and chargeback positions before publishing this section. Payment-data descriptions must match the actual flow, including Apple Pay and any future Stripe Connect configuration.
If you choose an AI search or cart-assistance feature, we may send the request text you enter and the minimum associated information needed to provide the feature to an approved AI provider. Depending on the approved architecture, a provider may process the text to structure your request, identify products, or return a feature result. We will identify the provider in the feature disclosure, subprocessor list, or both before it receives your data.
Current code evidence, not a publication statement: complex text search can use Cerebras; production deployment and final model/provider are not confirmed. Do not publish a provider name, training statement, or retention promise until the production vendor list and settings are approved.
Do not submit information that you do not want processed to provide the requested feature. AI output may be incomplete, inaccurate, or unsuitable for your dietary, allergy, medical, safety, legal, or other circumstances. You remain responsible for reviewing the result and the Farm’s product information.
We will not use individually identifiable AI prompts, images, voice recordings, or outputs to train a general-purpose model unless we clearly tell you beforehand and obtain any required separate consent. We will not use dietary/allergen preferences for targeted advertising.
If you select or take a photo for grocery-list extraction, the image is sent to the disclosed provider to perform that feature. Current source code identifies a Supabase function using Google Gemini Vision; production configuration must be confirmed before launch. We intend not to retain the original image after processing unless you expressly choose a feature that saves it. The result may remain in your session or account only as the feature tells you.
The current intended voice-input experience processes audio on your device and does not upload or retain the audio or transcript after the active session. [COMPANY INPUT REQUIRED] The app currently has server-side fields for voice-retention and model-improvement preferences. Those fields must be removed, disabled, or reconciled before this “on-device/no retention” statement is published. If any fallback speech-recognition service transmits audio or transcript off-device, we will update this Policy and provide a feature-specific disclosure before use.
Using an AI or image feature is optional. We provide a feature-specific disclosure before data leaves your device for a third-party AI provider. You can choose not to use that feature and can use other available app functions instead.
We use operational analytics and diagnostics to understand feature performance, detect errors, prevent abuse, and improve the Services. Current app telemetry is designed to use closed-vocabulary events and metrics rather than raw user query text, but all telemetry and crash-reporting flows must be reconciled to the final implementation before launch.
Our websites, including the separate Mandala farm-facing site when it links to this Policy, may use cookies, SDKs, pixels, local storage, tags, and similar technologies for essential functions, authentication, preferences, security, analytics, campaign measurement, referral attribution, and, if enabled, advertising.
We will provide a cookie notice and controls that distinguish required technologies from optional analytics or advertising technologies where applicable. See the Cookie and Tracking Technologies Policy in the supplemental policies document.
Option A — use only if no sale/share/targeted-ad flow exists:
As of the effective date, Agora Grove does not sell personal information for money and does not share personal information for cross-context behavioral advertising or process it for targeted advertising as those terms are defined by applicable U.S. privacy laws.
Option B — use only after final vendor and control implementation:
We may disclose online identifiers, device/browser information, cookies, engagement information, and campaign/referral information to analytics and advertising partners to measure campaigns, market the Services, and reach people who may be interested in the Services. Depending on the technology and law, this may be a “sale,” “sharing,” or processing for “targeted advertising.” You may use our “Do Not Sell or Share / Targeted Advertising Opt-Out” control, cookie controls, and, where applicable, a Global Privacy Control signal to opt out.
Do not publish both options. A pixel or advertising SDK cannot be enabled before the selected statement, vendor list, consent logic, Global Privacy Control handling, and any required App Tracking Transparency flow are complete.
Apple treats some linking or sharing of app data with third-party data for targeted advertising or measurement as “tracking,” which can require App Tracking Transparency. Apple User Privacy and Data Use
We may send transactional communications about your account, order, Farm confirmation, substitution, pickup/delivery coordination, payment, safety/recall, support, and policy changes. You may not be able to opt out of certain essential order, safety, fraud, security, or legal notices while using the relevant service.
We may send marketing email only where permitted by law. You can opt
out through the unsubscribe link in the message or through
[PREFERENCES URL]. We will continue to send non-marketing
transactional and legal messages when permitted. Commercial email will
include the legally required sender identification, address, and opt-out
mechanism. FTC
CAN-SPAM guide
If you allow push notifications, we may use them for order updates and, if you separately opt in, promotions or Farm-drop messages. You can change your choice in iOS Settings and the app’s notification preferences. We do not make promotional push notifications a condition of using the Services. Apple App Review Guidelines §4.5.4
[COMPANY INPUT REQUIRED: no marketing SMS program may launch until this is completed.] If we offer marketing SMS, we will obtain separate, affirmative consent that is not a condition of purchase; identify the program/sender; disclose message frequency, message/data-rate notice, and HELP/STOP instructions; and honor opt-outs. Transactional SMS must remain separate from marketing content. Automated/prerecorded telemarketing texts have additional consent requirements. 47 C.F.R. §64.1200
We may disclose personal information to the following categories of recipients:
We require service providers to use information only for appropriate contracted purposes where applicable. A Farm that receives order information to sell or fulfill its products may have independent controller responsibilities; we do not automatically characterize every Farm as our “service provider.”
We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, meet legal/tax/accounting obligations, resolve disputes, prevent fraud, enforce agreements, and protect security. We consider the nature/sensitivity of the information, the reason for collection, the risk of harm, the availability of less-identifying alternatives, and applicable legal requirements.
Our proposed retention periods are in the Legal Readiness Data Map. Before publication, we will replace those proposals with a technically implemented schedule covering accounts, orders, tax/payment records, consent records, security logs, support cases, AI inputs, analytics, push tokens, and deletion records. We may retain or isolate information for a legal hold, fraud/security investigation, or other lawful need and will delete or deidentify it when the reason no longer applies.
We use administrative, technical, and organizational safeguards designed to protect personal information. No system, transmission, or storage method is completely secure, and we cannot guarantee absolute security. Please use a unique password or sign-in method, protect your device, and notify us promptly of suspected account compromise.
Agora Grove is based in the United States. We and our service providers may process information in the United States or other locations where we or they operate. Those locations may have different data-protection laws than your jurisdiction. If we offer the Services outside the United States, we will update this Policy and use an appropriate transfer mechanism where required.
The Services are for users 18 and older. We do not knowingly collect
personal information from children under 13 or knowingly offer the
Services to minors. If we learn that we collected personal information
from someone under 18 without an appropriate basis, we will take
appropriate steps to delete it or otherwise address it. Contact
[PRIVACY EMAIL] if you believe this occurred.
COPPA can apply to child-directed services and general-audience services that have actual knowledge of under-13 collection. FTC COPPA guidance
Subject to available features, you can update account information,
saved addresses, payment methods, notification topics, marketing
choices, privacy/recommendation choices, and relevant permissions in the
app. You can manage location, camera/photo, microphone, and push
permissions through your device settings. You can request a copy of your
data or delete your account through the app or
[ACCOUNT DELETION URL].
Depending on where you live and applicable law, you may have rights to request access/know, deletion, correction, portability, opt out of certain sale/sharing/targeted-advertising or profiling activities, limit certain sensitive-data uses, and appeal a decision. California provides rights including access/know, delete, correct, opt out of sale/sharing (including through GPC), and non-discrimination, subject to statutory scope and exceptions. California DOJ CCPA
To make a request, use [PRIVACY REQUEST URL], email
[PRIVACY EMAIL], or call
[TOLL-FREE NUMBER IF REQUIRED]. We may verify your identity
and authority before fulfilling a request, and we may ask for
information needed to do so. We will respond within the timeline
required by applicable law and explain any lawful denial or
limitation.
You may use an authorized agent where applicable law allows. We may
require the agent to provide written authorization and may ask you to
verify your identity directly. If we deny a request, you may appeal by
contacting [APPEAL EMAIL / URL] with “Privacy Appeal” and
the request reference number. We will explain the appeal result and any
further rights available under applicable law.
Where applicable law requires it, we will treat an opt-out preference signal such as Global Privacy Control as a request to opt out of sale/sharing or targeted advertising for the browser/device associated with the signal. If you are logged into an account, we may apply the signal to that account where technically and legally appropriate. Essential processing, security, fraud prevention, and non-advertising operations may continue.
We will not unlawfully discriminate against you for exercising a privacy right. Some features may need information that is necessary to provide them; if you choose not to provide it or ask us to delete it, that feature may not work.
At or before collection, Agora Grove provides this notice:
| Category collected | Business / commercial purposes | Categories disclosed |
|---|---|---|
| Identifiers and contact information | Account, authentication, support, order coordination, communications, security | Farms selected for order; authentication, hosting, support, communications, and security providers |
| Commercial and payment-reference information | Order processing, payment, refund, fraud, accounting | Farms selected for order; payment processor; hosting/accounting/security providers |
| Precise location and address | Availability, address assistance, pickup/delivery coordination, fraud/security | Map/address provider; selected Farm/fulfillment participant as needed |
| Preference / dietary / allergen information | User-requested search/filter/personalization; order assistance | Hosting/AI provider for feature you use; selected Farm only if necessary or user-directed; never targeted ads under current proposed position |
| Internet/device/usage information | Service function, security, analytics, diagnostics, improvement | Hosting/security/analytics providers; advertising partners only if Option B in Section 8 is selected and controls operate |
| User Content / image inputs | Requested AI/image feature, support, safety, legal compliance | Approved AI provider for feature; hosting/support provider |
| Inferences | Recommendations/search relevance, fraud/security, product improvement | Hosting/service providers; no targeted ad use without approved program |
We do not retain each category longer than reasonably necessary for the disclosed purposes, subject to the Retention section. See Sections 8 and 15 for sale/share/targeted-advertising choices and opt-outs.
You can initiate whole-account deletion from the app and
[ACCOUNT DELETION URL]. Deletion is intended to remove the
account and associated personal data, subject to data we must or may
lawfully retain for security, fraud prevention, tax/accounting, payment
disputes, legal claims, consent evidence, or legal compliance. Where we
retain records, we will isolate, minimize, and/or deidentify them where
appropriate.
We may also provide an in-app data export. Export links may be time-limited for security. Account deletion does not itself cancel an accepted Farm order or erase data a Farm independently needs to fulfill a current order or meet its own legal obligations; we will explain the effect at the deletion screen.
Apple requires apps that support account creation to provide an in-app account-deletion path. Apple account-deletion guidance
We may update this Policy to reflect changes to the Services, vendors, data practices, legal requirements, or other business needs. We will post the updated version and effective date. For material changes, we will provide additional notice or obtain consent where required. If a change affects how we use a previously collected sensitive input or enables a new AI/advertising use, we will provide the required feature-specific notice and control before that use.
For privacy questions, requests, or accessibility-related requests about this Policy, contact:
[EXACT LEGAL ENTITY NAME] d/b/a Agora Grove
[POSTAL ADDRESS]
[PRIVACY EMAIL]
[PRIVACY REQUEST URL]
[PHONE / TOLL-FREE NUMBER IF APPLICABLE]
| Version | Proposed effective date | Change |
|---|---|---|
| 0.1 | [EFFECTIVE DATE] |
Initial counsel-review draft. |