Privacy Policy
Last updated: April 13, 2026 — Version 2.0
1. Data Controller
GeraFarm is operated by Gera Services (registered in England and Wales), an agriculture marketplace. We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: gerafarm.com
- Data Protection: [email protected]
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, email address, phone number, farm or business address.
2.2 Farm and Business Data
Farm name, size and location, crop or livestock types, certifications (organic, fair-trade, etc.), product listings, pricing, harvest calendars, and verified seller status.
2.3 Transaction Data
Order and purchase history, delivery addresses, payment type and last four digits, payout history for sellers.
2.4 Location Data
Farm location for buyer matching and logistics. Precise GPS only with your permission via mobile app.
2.5 Usage and Technical Data
IP address, browser type, device identifiers, session data, crash logs.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account and order management | Contract (Art. 6(1)(b)) |
| Connecting buyers with farmers and suppliers | Contract (Art. 6(1)(b)) |
| Processing transactions and payouts | Contract (Art. 6(1)(b)) |
| Fraud prevention | Legitimate Interests (Art. 6(1)(f)) |
| Tax and regulatory compliance | Legal Obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Retention
- Transaction and order records: 6 years (HMRC)
- Account data (after closure): 2 years
- Analytics: 13 months rolling
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Buyers and sellers — contact and delivery details to fulfil transactions
- Logistics partners — delivery information for shipment of goods
- Stripe — payment processing
- Railway, Neon, Vercel — infrastructure
- PostHog (EU, anonymised); Sentry (EU, errors)
- Legal/regulatory authorities — when required by law
6. Your Rights
Access, rectify, erase, restrict, port, or object to your data. Email [email protected] — one month response. Complaints to the ICO.
7. Security
TLS 1.2+ in transit, AES-256 at rest, MFA on admin, regular audits. ICO notified within 72 hours of qualifying breach.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: [email protected]
- Support: [email protected]