# Turflux Privacy Policy
**Effective Date**: January 8, 2026
**Last Updated**: January 8, 2026
---
## Introduction
Turflux ("we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our service dashboard and when we access data through integrated third-party services including QuickBooks Online, HubSpot, Raven Slingshot, and other precision agriculture platform APIs.
### Current Active Integrations
This policy currently applies to information we collect:
- Through our internal service dashboard application
- Via **QuickBooks Online** API integration (active)
- Via **HubSpot** API integration (active)
- Via **Raven Slingshot** API integration (active)
- Through direct communications with you
### Planned Future Integrations
We are actively developing integrations with additional precision agriculture platforms to enhance our service capabilities. When these integrations are activated, we will collect similar types of equipment and operational data as described in this policy. Planned integrations include:
- **Ag Leader AgFiniti** (https://agleader.com) - Farm management and equipment data platform
- **Trimble Ag Software** (https://agriculture.trimble.com) - Precision agriculture and farm management
- **Digifarm** (https://digifarm.com) - Agricultural data management platform
- **Data Activation Center** (https://dataactivationcenter.com) - Agricultural intelligence platform (API planned, not yet available)
**Note**: Before activating any new integration, we will notify existing customers and update this Privacy Policy with specific details about the data collected from each new platform. You will have the opportunity to review and consent to any new data collection practices.
**By using our services, you consent to the data practices described in this policy.**
---
## 1. Information We Collect
### 1.1 Personal Information
**"Personal Information"** means any information that identifies or can be used to identify, contact, or locate a person, including:
- **Contact Information**: Names, business names, email addresses, phone numbers, fax numbers, mailing addresses
- **Business Information**: Company names, job titles, business roles
- **Financial Information**: Customer account balances, payment terms, credit limits (accessed via QuickBooks)
- **Equipment Information**: Equipment serial numbers, hardware identifiers, IMEI numbers (accessed via Raven Slingshot)
- **Location Information**: GPS coordinates, service addresses, equipment locations
- **Account Credentials**: Access tokens and authentication credentials for third-party integrations (stored securely)
### 1.2 Information Collected from Third-Party Services
#### QuickBooks Online
- Customer and company information (names, addresses, contact details)
- Invoice and estimate data
- Product and service records
- Payment and transaction history
- Account balances and financial data
#### HubSpot CRM
- Contact information (names, email addresses, phone numbers)
- Company details and relationships
- Deal and opportunity information
- Communication history and notes
#### Raven Slingshot
- Equipment identification (system IDs, serial numbers, barcodes, IMEI)
- Equipment ownership and customer associations
- Equipment operational status (last check-in times, GPS data, signal strength)
- System configuration (software versions, features, correction profiles)
- Telematics data (GPS time, satellite count, battery voltage, cellular service)
### 1.3 Automatically Collected Information
When you access our dashboard, we automatically collect:
- **Log Data**: IP addresses, browser type, access times, pages viewed
- **Device Information**: Device type, operating system, unique device identifiers
- **Usage Data**: Features used, actions taken, time spent on pages
### 1.4 Information We Do NOT Collect
- **Social Security Numbers** or government-issued identification numbers
- **Credit card or payment card information** (handled directly by payment processors)
- **Sensitive health or medical information**
- **Biometric information**
---
## 2. How We Use Your Information
### 2.1 Primary Business Purposes
We use collected information to:
**Service Delivery**:
- Provide equipment service and technical support to customers
- Monitor equipment status and proactively identify potential issues
- Coordinate service requests and dispatch technicians
- Maintain accurate equipment and customer records
- Verify warranty coverage and equipment ownership
**Business Operations**:
- Process billing and invoicing through QuickBooks integration
- Manage customer relationships through HubSpot integration
- Generate service reports and analytics
- Improve our service quality and operational efficiency
**Communication**:
- Respond to customer inquiries and support requests
- Send service notifications and equipment alerts
- Provide technical support and troubleshooting assistance
- Communicate about service appointments and updates
### 2.2 Legal and Compliance Purposes
We may use your information to:
- Comply with legal obligations and regulations
- Enforce our terms of service and agreements
- Protect our rights, property, and safety
- Respond to lawful requests from public authorities
### 2.3 With Your Consent
We may use your information for other purposes with your explicit consent.
---
## 3. How We Share Your Information
### 3.1 Third-Party Service Providers
We share information with trusted service providers who assist our business operations:
**Technology Infrastructure**:
- **Railway.app**: Cloud hosting platform (servers located in United States)
- **PostgreSQL Database**: Secure data storage
- **GitHub**: Code repository and version control
**Integrated Platforms**:
- **QuickBooks Online (Intuit Inc.)**: Financial data synchronization
- **HubSpot**: Customer relationship management
- **Raven Slingshot (Raven Industries, Inc.)**: Equipment monitoring and telematics
All third-party service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the purposes we specify.
### 3.2 Business Transfers
If Turflux is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
### 3.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid requests by public authorities (e.g., court orders, subpoenas)
- Legal processes or government investigations
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
### 3.4 With Your Consent
We may share your information for other purposes with your explicit consent.
### 3.5 We Do NOT Sell Your Information
**Turflux does not sell, rent, or trade your personal information to third parties for their marketing purposes.**
---
## 4. Data Security
### 4.1 Security Measures
We implement commercially reasonable administrative, technical, and physical security measures to protect your information, including:
**Technical Safeguards**:
- **Encryption in Transit**: All data transmitted over HTTPS/TLS connections
- **Encryption at Rest**: Database encryption for stored personal information
- **Access Controls**: Role-based access with HTTP Basic Authentication
- **Secure Token Storage**: OAuth tokens encrypted using industry-standard methods
- **API Security**: Secure API keys and credentials for third-party integrations
**Administrative Safeguards**:
- Restricted access to personal information (authorized personnel only)
- Employee training on data privacy and security
- Regular security reviews and updates
- Incident response procedures
**Physical Safeguards**:
- Cloud infrastructure with SOC 2 compliance (Railway.app)
- Secure data centers with physical access controls
- Regular backups and disaster recovery procedures
### 4.2 Data Breach Notification
In the event of a security breach that compromises your personal information, we will:
- Notify affected individuals without unreasonable delay
- Report the breach to relevant third-party API providers (QuickBooks, HubSpot, Raven) within required timeframes
- Take immediate steps to mitigate the breach and prevent future occurrences
- Cooperate with law enforcement and regulatory authorities as required
### 4.3 Limitations
While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
---
## 5. Data Retention
### 5.1 Retention Periods
We retain personal information for as long as necessary to:
- Fulfill the purposes described in this Privacy Policy
- Comply with legal and regulatory requirements
- Resolve disputes and enforce agreements
- Maintain accurate business records
**Typical Retention Periods**:
- **Active customer data**: Retained during active service relationship
- **Equipment service history**: 7 years after service completion
- **Financial records**: 7 years per IRS requirements
- **API authentication tokens**: Refreshed/rotated per provider requirements
- **Log data**: 90 days
### 5.2 Data Deletion
When information is no longer needed:
- We securely delete or anonymize personal information
- Backups containing deleted data are overwritten in accordance with our backup rotation schedule
- Third-party API access tokens are revoked when no longer needed
### 5.3 Your Deletion Rights
You may request deletion of your personal information (see Section 7 - Your Privacy Rights).
---
## 6. International Data Transfers
### 6.1 Data Location
Your information may be transferred to and stored on servers located in the United States. Our cloud infrastructure provider (Railway.app) operates data centers primarily in the United States.
### 6.2 Third-Party Service Locations
- **QuickBooks Online**: Data processed by Intuit Inc. (United States)
- **HubSpot**: Data processed by HubSpot, Inc. (United States)
- **Raven Slingshot**: Data processed by Raven Industries, Inc. (United States)
### 6.3 Cross-Border Transfers
If you are located outside the United States, please note that your information will be transferred to the United States, which may have different data protection laws than your country.
---
## 7. Your Privacy Rights
### 7.1 Access and Correction
You have the right to:
- **Access**: Request a copy of the personal information we hold about you
- **Correction**: Request correction of inaccurate or incomplete information
- **Portability**: Receive your information in a structured, machine-readable format
### 7.2 Deletion and Restriction
You have the right to:
- **Deletion**: Request deletion of your personal information (subject to legal retention requirements)
- **Restriction**: Request restriction of processing of your information
### 7.3 Objection and Withdrawal
You have the right to:
- **Object**: Object to our processing of your personal information
- **Withdraw Consent**: Withdraw previously given consent (where processing is based on consent)
### 7.4 Exercising Your Rights
To exercise any of these rights, please contact us at:
- **Email**: [privacy@turflux.com - to be provided]
- **Mail**: [Turflux mailing address - to be provided]
We will respond to your request within 30 days. We may need to verify your identity before fulfilling certain requests.
### 7.5 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of sale of personal information (we do not sell information)
- Right to deletion of personal information
- Right to non-discrimination for exercising CCPA rights
### 7.6 GDPR Rights (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including:
- Right to access, rectification, and erasure
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
---
## 8. Third-Party Links and Services
### 8.1 External Links
Our dashboard may contain links to third-party websites or services (e.g., QuickBooks Online, HubSpot, Raven Slingshot portals). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
### 8.2 Third-Party API Provider Policies
Your use of integrated services is also governed by:
- **QuickBooks Online**: [Intuit Privacy Statement](https://www.intuit.com/privacy/)
- **HubSpot**: [HubSpot Privacy Policy](https://legal.hubspot.com/privacy-policy)
- **Raven Slingshot**: [Raven Privacy Policy](https://www.ravenind.com/privacy-policy)
---
## 9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete it.
---
## 10. Changes to This Privacy Policy
### 10.1 Policy Updates
We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New legal or regulatory requirements
- New features or services
- Feedback from users
### 10.2 Notification of Changes
When we make material changes to this Privacy Policy:
- We will update the "Last Updated" date at the top of this policy
- We will notify you via email (if we have your email address)
- For significant changes, we may post a notice on our dashboard
- Continued use of our services after changes constitutes acceptance
### 10.3 Version History
Previous versions of this Privacy Policy are available upon request.
---
## 11. Contact Us
### 11.1 Privacy Questions
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
**Privacy Officer**
Turflux
[Mailing Address - to be provided]
[Email: privacy@turflux.com - to be provided]
[Phone - to be provided]
### 11.2 Data Protection Officer (GDPR)
For EU/EEA residents, you may contact our Data Protection Officer:
[DPO contact information - to be provided if applicable]
### 11.3 Response Time
We will respond to privacy-related inquiries within 30 days.
---
## 12. Specific Third-Party Integration Disclosures
### 12.1 QuickBooks Online Integration
**Data Accessed**:
- We access customer, invoice, estimate, and product data from your QuickBooks Online account
- Access is granted through OAuth 2.0 with your explicit authorization
- We store QuickBooks data in our local database for dashboard display and service operations
**Data Use**:
- View customer account balances and payment information for service coordination
- Access invoice and estimate data to correlate with service requests
- Synchronize customer information for unified customer view
**Your Control**:
- You can revoke our QuickBooks access at any time through QuickBooks account settings
- Revoking access will disable financial data features in our dashboard
### 12.2 HubSpot Integration
**Data Accessed**:
- We access contact, company, and deal information from your HubSpot CRM account
- Access is granted through API key authentication with your authorization
- We store HubSpot data in our local database for dashboard display
**Data Use**:
- View customer contact information for service communication
- Track sales opportunities and customer relationships
- Maintain synchronized customer records across systems
**Your Control**:
- You can revoke our HubSpot API access by removing/rotating the API key
- Contact us to request deletion of cached HubSpot data
### 12.3 Raven Slingshot Integration
**Data Accessed**:
- We access equipment identification, ownership, operational status, and telematics data from Raven Slingshot systems
- Access is granted through Developer Keys and customer Access Keys per Raven API License Agreement
- We store Raven data in our local database for equipment monitoring and service operations
**Data Use**:
- Monitor equipment operational status (connectivity, GPS, battery, signal strength)
- Track equipment configurations and software versions
- Proactively identify equipment issues for customer support
- Maintain equipment service history and records
**Your Control**:
- You control which equipment systems we can access through Raven Access Keys
- Contact us to request removal of specific equipment from monitoring
- Equipment data is retained per Section 5 (Data Retention)
**Raven API Compliance**:
- We comply with Raven Slingshot API License Agreement Section 5.2 (Privacy Requirements)
- Access Keys are treated as confidential information per Section 4.7
- We implement security measures per GDPR Article 32(1) requirements per Section 3.8
- Security breaches are reported to Raven within 48 hours per Section 3.8
---
## 13. Cookie Policy
### 13.1 Cookies We Use
Our dashboard uses minimal cookies for:
- **Authentication**: Session cookies to maintain login state
- **Preferences**: Storing user dashboard preferences
- **Analytics**: Basic usage analytics (if implemented)
### 13.2 Cookie Control
Most web browsers allow you to control cookies through settings. Disabling cookies may limit dashboard functionality.
---
## 14. Consent
By using our services and accessing our dashboard, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.
If you access our dashboard on behalf of your employer or organization, you represent that you have authority to bind that entity to this Privacy Policy.
---
**Last Reviewed**: January 8, 2026
**Document Version**: 1.0
---
*This Privacy Policy is designed to comply with applicable privacy laws including GDPR (EU), CCPA (California), and other U.S. state and federal privacy regulations. It also satisfies privacy policy requirements under our API license agreements with QuickBooks Online (Intuit), HubSpot, and Raven Slingshot.*