Privacy Policy

This Privacy Policy explains how Idunn AI LLC, an Oregon limited liability company, collects, uses, stores, shares, and protects information when you use the app, including the web app, iOS app, Android app builds, APIs, uploads, AI tools, exports, reminders, maps, logs, and organization workspaces.

Idunn AI is intended for business and farm operations use. It is not intended for children, consumer health record management, financial account management, or storage of information that is not needed to operate the farm or organization.

This policy applies to information handled by Idunn AI itself. It does not control information practices of farms, employers, labor contractors, consultants, pesticide advisors, auditors, payment processors, government agencies, customer systems, downloaded exports, or other third parties outside Idunn AI's control.

We may collect account information such as email address, display name, authentication identifiers, organization membership, role, preferences, saved signature, language settings, device/browser metadata, and support communications.

We may collect organization and operational records entered or uploaded by users, including spray recommendation sheets, spray logs, machinery logs, labor quality observations, time cards, worker names, crews, orchard maps, pins, block notes, reminders, compliance checklist responses, signatures, photos, files, exports, chat messages, transcriptions, and related metadata.

We may collect technical information such as IP address, browser or device type, app version, push notification tokens, timestamps, session events, error logs, diagnostics, and security/audit information needed to run and protect the service.

We use cookies and similar device storage only for essential purposes such as sign-in, session security, two-factor verification, fraud and abuse prevention, and remembering app preferences. We do not use third-party advertising cookies or cross-site tracking.

Some information may be considered sensitive depending on context, including precise field or device location, worker information, signatures, immigration or employment-related records, health or safety notes voluntarily entered by an organization, pesticide-handler exposure-hour and cholinesterase-monitoring figures the app compiles for occupational-health tracking, photos, audio, and biometric-like identifiers if users choose to upload them.

We use information to provide and secure the app, authenticate users, enforce organization access controls, save and retrieve records, process uploads, generate previews and exports, send reminders, support billing, troubleshoot errors, prevent abuse, maintain backups, improve reliability, and communicate about the service.

We may use operational data to generate summaries, charts, AI responses, compliance PDFs, CSVs, document extractions, translations, transcriptions, and other app outputs requested by users.

We may use limited information to investigate suspected misuse, enforce terms and notices, protect users and organizations, comply with legal process, test safety and reliability, improve extraction accuracy, diagnose performance, and maintain security logs.

Idunn AI may store records that are regulated because of their subject matter, including pesticide application records, restricted-use pesticide records, Worker Protection Standard materials, food safety materials, customer audit materials, equipment logs, time cards, payroll-adjacent notes, H-2A-adjacent records, worker names, crew assignments, signatures, photos, pesticide-handler exposure-hour and cholinesterase-monitoring records, and compliance checklists.

Idunn AI does not decide whether these records satisfy any statute, regulation, label, contract, audit scheme, insurance requirement, employment rule, or customer standard. Organizations must independently determine what records are required, what fields must be included, how long records must be retained, and who may lawfully access them.

If a user enters personal information about employees, contractors, workers, visitors, customers, or consultants, the organization is responsible for having authority to enter, process, and share that information and for providing any notice, consent, payroll statement, personnel-file access, or privacy rights required by law.

When you use AI features, chat, translation, transcription, document ingestion, file extraction, or recommendation-sheet processing, relevant prompts, messages, files, excerpts, images, metadata, and related context may be sent to AI, OCR, transcription, hosting, storage, or processing providers.

AI output may be retained in the app as chat history, extracted data, summaries, citations, export history, or operational records. Do not upload or enter sensitive personal information unless it is necessary for your organization's use of the app.

AI and extraction providers may receive only the information needed to perform the requested function, but files and prompts can contain personal, employment, location, pesticide, or confidential business information if users include it. Users should review uploads before submitting them.

Unless a feature or provider setting states otherwise, Idunn AI does not intend to permit third-party AI providers to use customer content to train general-purpose public models. Provider terms and technical controls may change, and Idunn AI may update this policy when provider practices change.

We use third-party providers for hosting, database, authentication, file storage, AI, transcription, email, payments, analytics or diagnostics, maps, geocoding, weather and forecast data, and infrastructure. These providers may process information only as needed to provide their services to Idunn AI.

Payment card details are handled by our PCI-compliant third-party payment processor and are not stored directly by Idunn AI. Billing metadata such as customer identifiers, subscription status, invoice status, and seat information may be stored in the app.

Records belong to the relevant organization workspace. Organization owners, managers, workers, invited users, and other authorized personnel may be able to view, create, edit, delete, export, download, sign, or discuss records based on their role and permissions.

Organization owners and managers are responsible for inviting appropriate users, assigning roles correctly, reviewing exports, preserving required business records, and controlling how downloaded files are shared outside Idunn AI.

A person who administers an organization workspace represents that they have authority to act for that organization, configure access, enter records, invite users, and direct Idunn AI to process organization data. Disputes inside an organization, including ownership, employment, contractor, or management disputes, must be resolved by the organization and are not decided by Idunn AI.

If an organization requests deletion, transfer, correction, or export of records that include multiple people or legally required records, Idunn AI may require authentication, owner approval, legal review, or additional confirmation before acting.

We do not sell personal information or precise location data. We do not process personal information for targeted advertising unless a future feature clearly says so and provides any required consent or opt-out.

We may share information with service providers, within your organization workspace, at your direction, to comply with law or legal process, to protect rights and safety, to investigate abuse or security issues, in connection with a business transfer, or as otherwise described in this policy.

At an organization owner's direction, an organization may grant designated packing houses or other fruit receivers read-only access to that organization's orchard map (including block boundaries, acreage, and pin locations), the documents the organization chooses to share from its data library, and its spray recommendation records. This sharing is optional, is controlled and revocable by the organization owner in the app's settings, and is limited to the organizations and records the owner selects. A packing house the owner designates may have more than one authorized user, including an administrator who manages that packing house's own users and settings, and any of those users may view and download what is shared. Once an item is shared, the receiving packing house may view and download it, and Idunn AI does not control how a recipient then uses, stores, or further distributes it. A designated packing house may also record block-level or whole-orchard field observations (for example, fruit-pressure or maturity notes and starch tests, which may include photos) and choose to share an individual note or log back to the organization; a shared note or log, including any attached photo, becomes visible to that organization and, where the organization has enabled it, may be processed by the organization's in-app assistant and trigger a notification to the organization. The organization treats such notes and logs as advisory third-party information. A designated packing house may also send the organization a request for a document; the request message and the requesting packing house's identity are shown to the organization and may trigger a notification to it, and the organization decides whether and what to share in response.

Categories of third parties may include hosting providers, database and authentication providers, file storage providers, AI/OCR/transcription providers, email and notification providers (including mobile push delivery through Apple and Google platform push services), payment processors, analytics or diagnostics providers, map or geocoding providers, weather or forecast data providers, public or third-party reference data sources the app queries to help identify products, regulatory information, or locations, packing houses or other fruit receivers that an organization owner designates for read-only access, professional advisors, government agencies or courts when legally required, and entities involved in a business transfer.

Exports, PDFs, CSVs, signed documents, downloaded files, screenshots, and shared credentials may leave Idunn AI's control once a user downloads or distributes them.

We retain information for as long as needed to provide the service, maintain records, support billing, comply with legal obligations, resolve disputes, enforce agreements, secure the system, and preserve backups. Deleted records may remain in backups, logs, cache, export history, or audit records for a limited period.

Deleting your account or your organization's account removes access but may not immediately erase every copy. Some information persists in backups, billing and accounting records, security and audit logs, and records that other organization members or owners retain, and may be kept where retention is legally required, for the periods described in this section.

Users and organizations are responsible for deciding whether Idunn AI is suitable for any legally required record-retention obligation and for keeping independent records where required by law, label, contract, or regulator.

Retention settings in the app, if any, are convenience tools and are not legal advice. Idunn AI may preserve records when reasonably necessary to comply with law, prevent fraud or abuse, complete transactions, resolve disputes, enforce terms, preserve security evidence, or maintain required accounting and billing records.

When a deletion request conflicts with pesticide, employment, payroll, tax, audit, litigation-hold, safety, insurance, customer, or regulatory retention obligations, the organization remains responsible for determining what must be preserved and for instructing Idunn AI appropriately.

We use technical and organizational safeguards such as authentication, role-based access controls, database policies, storage controls, provider security features, and operational monitoring. No system is perfectly secure.

Users must protect passwords, devices, email accounts, sessions, downloaded files, exports, signatures, API keys, and organization access. Notify the operator promptly if you suspect unauthorized access or incorrect permissions.

Security protections do not guarantee that data cannot be accessed, altered, lost, intercepted, disclosed, corrupted, or misused. Users are responsible for device security, browser extensions, shared computers, screenshots, printed copies, local files, email forwarding, weak passwords, reused passwords, and access granted to other people.

On supported mobile devices, the app may show operational information — such as an in-progress shift, its activity, and a running timer — in system notifications or in a lock-screen or always-on (“live activity”) display rendered by the device operating system. This display can appear while the device is locked and may be visible to anyone with physical access to the device, so secure your device and lock screen. The on-device display is handled by the operating system, and you can turn it off through your device or notification settings.

Idunn AI may suspend or restrict access when reasonably necessary to protect the service, investigate security concerns, prevent misuse, comply with law, respond to chargebacks or billing problems, or protect an organization from unauthorized access.

If you enable biometric unlock (such as fingerprint or face recognition) on a supported device, biometric matching happens on your device and is handled by the device operating system. Idunn AI does not receive, store, or transmit biometric identifiers or biometric templates used for device unlock.

Depending on your location and the size and use of the service, privacy laws may provide rights to confirm processing, access, correct, delete, obtain a copy of, opt out of certain processing, withdraw consent, or receive information about certain personal data. Requests may be limited by authentication, security, legal, operational, backup, billing, employment-record, or recordkeeping requirements.

Submit privacy requests through your signed-in account, your organization owner, privacy@idunnai.com, support@idunnai.com, or another request method made available in the app. We may require information reasonably necessary to authenticate the request and may ask that you use an existing account, but we will not require you to create a new account only to make a privacy request.

Where a law requires a response period, we will respond within the required period, which is generally 45 days under Oregon and Washington privacy laws, unless an allowed extension applies. If we deny a request, we will explain the decision and provide an appeal or complaint path when required.

For Oregon residents, the Oregon Consumer Privacy Act may apply if the service meets Oregon's statutory thresholds. If it applies, Oregon consumers may have rights to access, correct, delete, obtain a portable copy of personal data, opt out of certain sale, targeted advertising, or profiling activities, and receive a list of specific third parties that received personal data when required by law.

Idunn AI's processing purposes are listed in this policy. The categories of personal data, sensitive data, third parties, and service providers are listed above. We do not sell personal data, do not sell precise geolocation, and do not use dark-pattern consent flows.

If Oregon law requires consent for sensitive data or a secondary use, Idunn AI will seek consent before that processing where the law applies. If Oregon law requires recognition of a universal opt-out mechanism for a processing activity we perform, we will honor it when that obligation applies.

Oregon law may treat certain information as sensitive, including precise location, certain health information, genetic or biometric information, citizenship or immigration status, child data, and other protected categories. Idunn AI is designed to avoid unnecessary sensitive data, but organizations may choose to enter sensitive operational or employment information. Organizations are responsible for determining whether they have authority and consent to do so.

Oregon privacy law may not apply to some employment records or business-to-business contexts, but Idunn AI still uses this policy to describe its general data handling practices. Nothing in this policy limits rights that cannot be waived under Oregon law.

Idunn AI is not designed as a medical, wellness, diagnosis, treatment, or consumer health tracking service. Even so, Washington's My Health My Data Act may treat some voluntarily entered safety, injury, medical, biometric, or health-status information as consumer health data depending on context.

When Washington consumer health data is entered into Idunn AI, we collect and share it only as needed to provide the app features requested by the user or organization, with consent where required, and as described in the separate Consumer Health Data Privacy Notice.

Idunn AI does not sell consumer health data. Do not enter medical, injury, disability, biometric, or health-status information unless it is necessary for your organization's lawful operational use and you have authority to enter it.

Idunn AI is not intended for children under 13 and is not directed to minors. Do not create accounts for children or enter personal information about children unless your organization has a lawful operational need and the legal authority required to do so.

If we learn that an account was created by a child under 13 without required consent, we may delete or restrict the account and related information. Organizations remain responsible for child labor, minor worker, school, parental consent, and youth employment requirements that apply to their own operations.

Idunn AI and its service providers may process, store, or access information in the United States and other locations where providers operate. Privacy and data protection laws may differ from the laws where a user or organization is located.

Users are responsible for determining whether they may upload or transfer information about non-U.S. persons, foreign workers, customers, visitors, or contractors into Idunn AI and for obtaining any required notices, consents, or transfer mechanisms.

Information may be disclosed, transferred, or preserved in connection with a merger, acquisition, financing, bankruptcy, restructuring, sale of assets, change of control, or similar transaction involving Idunn AI or its assets.

We may preserve, use, or disclose information when we reasonably believe it is necessary to comply with law, subpoena, warrant, court order, regulator request, government inquiry, audit, tax obligation, law enforcement request, safety issue, security investigation, or to establish, exercise, or defend legal claims.

We may create or use aggregated, deidentified, or diagnostic information to understand performance, improve reliability, detect abuse, improve extraction quality, estimate usage, and develop app features.

We will not intentionally attempt to reidentify deidentified data except to test safeguards, investigate misuse, comply with law, or as otherwise permitted by applicable law.

Idunn AI LLC operates this service. To submit a privacy request, ask about this policy, report a concern, or exercise a privacy right described above, contact us at privacy@idunnai.com.

For account-level requests you may also use your signed-in account settings or contact support@idunnai.com. For billing questions, contact billing@idunnai.com.

We may update this policy as the app, providers, laws, or business practices change. For material changes we may require you to review and accept the updated notices within the app before you can continue. Continued use after an update means the updated policy applies to future use of the app.