Privacy Policy for Aurigraph Aurex

Last Updated: May 15, 2025

1. Introduction

• Purpose and Scope
  This Privacy Policy describes how Aurigraph Aurex ("Aurigraph Aurex," "we," "us," "our") collects, uses, shares, protects, and retains personal data when you ("you," "your") interact with our software platform, website(s), mobile application(s), environmental sensors, drone-based services, and other related products and offerings (collectively, the "Services").
  We are committed to protecting your privacy and ensuring compliance with applicable data protection laws. This policy places particular emphasis on adherence to India's Digital Personal Data Protection Act, 2023 (DPDPA).1 This policy applies to the processing of digital personal data within the territory of India, regardless of whether the data was collected online or collected offline and subsequently digitized. It also applies to the processing of digital personal data outside India if such processing is in connection with offering goods or services to individuals within India.2 This policy does not apply to personal data processed by an individual for any personal or domestic purpose, nor does it apply to personal data made publicly available by the Data Principal or under a legal obligation to be made public, as per the DPDPA.5
  Your access to and use of the Services signifies your acceptance of the terms outlined in this Privacy Policy.8 Please read this policy carefully.
• Who We Are
  Aurigraph Aurex operates at the intersection of agriculture technology (AgriTech) and environmental data science. Our mission is to leverage advanced technologies, including sensor networks, drone imagery, and data analytics, to provide solutions for sustainable agriculture, environmental monitoring, and potentially Measurement, Reporting, and Verification (MRV) for carbon sequestration initiatives.11 The diverse nature of our Services, encompassing platform access, mobile applications, hardware like sensors, and drone operations, means data collection occurs across multiple touchpoints, all governed by this policy.27
• Compliance with DPDPA 2023
  Given the likelihood of operations within India or processing data related to individuals in India, this policy is structured to align closely with the requirements of the DPDPA 2023.1 This includes specific attention to definitions, consent mechanisms, notice requirements, Data Principal rights, legitimate uses for processing, data security standards, data retention and erasure protocols, handling of children's data, cross-border data transfer regulations, and the roles of the Data Protection Board and Consent Managers. The DPDPA's extraterritorial scope necessitates this focus if our Services are offered to individuals in India, regardless of our physical location.2

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below, consistent with the DPDPA where applicable 6:

• Personal Data: Any data about an individual who is identifiable by or in relation to such data. Under the DPDPA, this primarily concerns data in digital form (or non-digital data that is subsequently digitized).2 Examples relevant to our Services include, but are not limited to: name, email address, phone number, physical address, farm location/boundaries (GPS/GIS data), financial information for payments, user credentials (username/password), equipment identifiers, online identifiers (IP address, cookie data), images or videos containing identifiable individuals or features captured during service provision (e.g., drone imagery), and potentially biometric data if collected for specific, consented purposes.
• Processing: A wholly or partly automated operation or set of operations performed on digital personal data. This includes activities such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction of personal data.5
• Data Principal: The individual to whom the personal data relates. This includes users of our Services, such as farmers, landowners, consultants, employees, or other individuals interacting with Aurigraph Aurex.2 Where the individual is a Child or a person with a disability who has a lawful guardian, the term "Data Principal" includes their parent or lawful guardian acting on their behalf.30
• Data Fiduciary: The entity that, alone or in conjunction with others, determines the purpose and means of processing personal data. For the purposes of this policy, Aurigraph Aurex is the Data Fiduciary.6 This designation places primary responsibility on us for compliance with the DPDPA and potential penalties for non-compliance.1
• Data Processor: Any person or entity that processes personal data on behalf of a Data Fiduciary.30 Examples include cloud storage providers, data analytics service providers, payment gateways, and communication platforms we may use.
• Consent Manager: A person registered with the Data Protection Board who acts as a single point of contact to enable a Data Principal to give, manage, review, and withdraw their consent through an accessible, transparent, and interoperable platform.6 Including this definition prepares users for potential interactions with such platforms as the DPDPA framework matures, demonstrating our awareness of the full regulatory landscape.
• Child: An individual who has not completed eighteen years of age.30
• Data Protection Board (Board): The adjudicatory body to be established by the Central Government of India under the DPDPA to determine non-compliance and impose penalties.1
• Personal Data Breach: Any unauthorized processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data.42

3. Information We Collect

We adhere to the principle of data minimization, collecting only the personal data that is necessary for the specified purposes outlined in this policy.37 The diverse nature of AgriTech services necessitates the collection of various data types.27 Providing specific and granular descriptions is essential for meeting the DPDPA's requirements for "specific" and "informed" consent.30 Vague descriptions could risk non-compliance.

We collect the following categories of personal data:

• Account and Contact Data: Information you provide when registering for an account, using our Services, or contacting us, such as your full name, email address, phone number, postal address, username, password, and potentially business-related information (company name, job title).28
• Farm and Field Data: Information related to the agricultural land you manage or operate, including farm name, field boundaries (often collected via GIS/GPS data upload or drawing tools), precise location data (GPS coordinates from devices or manual input), farm size, soil type information, topographical data (elevation, slope), and details about irrigation and drainage systems.27
• Agronomic Data: Detailed information about farming practices and crop performance, such as crop types planted, planting dates, seeding rates and depths, tillage practices (e.g., no-till, conventional till), cover crop types and management details, fertilizer and pesticide application records (product names, application rates, dates, methods), irrigation schedules and volumes, harvest dates, yield data (quantity and quality attributes), and data related to crop health (e.g., observations, disease/pest incidence).23
• Sensor Data: Data collected automatically from sensors deployed in the field or on equipment. This may include soil moisture readings, soil temperature, soil nutrient levels (e.g., N, P, K), ambient temperature, humidity, rainfall, wind speed/direction, and data from machine telematics systems (e.g., fuel consumption, operating hours, equipment location, operational parameters).27 The automated and potentially continuous nature of sensor data collection requires careful management to ensure only relevant data is processed.
• Drone and Imagery Data: Data captured during drone operations, including high-resolution aerial images (RGB, multispectral, thermal), LiDAR point cloud data, drone flight logs (time, location, altitude), and data derived from processing this imagery, such as Normalized Difference Vegetation Index (NDVI), biomass estimations, canopy coverage maps, plant stand counts, and potentially Soil Organic Carbon (SOC) estimations based on spectral analysis.27 Drone operations are managed carefully to minimize the capture of data outside the intended service area or purpose.
• Carbon Data: Information specifically related to carbon farming practices and outcomes, including records of regenerative agriculture practices implemented (e.g., cover cropping, no-till), soil sampling results for Soil Organic Carbon (SOC), calculated carbon intensity (CI) scores for crops, modelled or measured carbon sequestration rates, and other data required for Monitoring, Reporting, and Verification (MRV) processes related to carbon credit programs or sustainability reporting.11 This data category is crucial for our specialized services and requires explicit transparency regarding its collection and use.
• Financial Data: Information required for processing payments for subscriptions or services, such as credit card details (typically processed securely by a third-party payment gateway, we do not store full card numbers), billing address, subscription plan details, and transaction history.28
• Usage Data: Information about how you interact with our Services, including features accessed, buttons clicked, session duration, frequency of use, IP address, device type, operating system, browser type, and error logs.28
• Communication Data: Information exchanged when you communicate with us, such as feedback provided, customer support inquiries, survey responses, and testimonials.
• Cookies and Tracking Data: Data collected via cookies and similar technologies, as detailed further in Section 12 (Cookies and Tracking Technologies).74

We collect this information through various methods:

• Directly from You: When you register, create a profile, fill out forms, upload farm data, manually input practice details, or communicate with us.27
• Automated Collection: Through your use of our Services, including data automatically logged by our platform, data transmitted from connected sensors or equipment, data captured by drones during service provision, and data collected via cookies and similar technologies.27
• From Third Parties: We may receive information from third-party partners, such as agronomic consultants you authorize, integrated farm management platforms (e.g., John Deere Operations Center, if you connect your account 23), publicly available sources, or data providers, but only where we have confirmed that these third parties have your consent or are otherwise legally permitted or required to disclose your personal data to us.

4. How We Use Your Information (Purpose of Processing)

We process your personal data only for lawful purposes 30, which are specified in this policy or otherwise notified to you, and for which we have a valid legal basis (see Section 5). The combination of granular farm data (location, practices, yield, finances) can be highly sensitive; therefore, we are committed to using your data responsibly and securely, strictly limiting use to the purposes described below.78

The specific purposes for which we process your personal data include:

• Providing and Managing Services: To operate, maintain, and improve our platform and Services; authenticate users and provide access to accounts; deliver core functionalities such as farm mapping 53, data visualization, agronomic analysis 79, generating insights and reports 77; process transactions and manage subscriptions; and provide effective customer support and troubleshooting.84
• Carbon Monitoring, Reporting & Verification (MRV): To calculate greenhouse gas emissions reductions or carbon sequestration associated with specific agricultural practices 14; generate carbon intensity (CI) scores for crops 20; support the generation, verification, and issuance of carbon credits under recognized standards and protocols (e.g., Verra, Gold Standard, Climate Action Reserve) 11; facilitate data sharing with third-party verifiers, registries, or potential carbon credit buyers (subject to your explicit consent) 11; and help you meet sustainability reporting requirements. This is a core function requiring explicit user understanding and consent for associated data processing and potential sharing.
• Precision Agriculture & Farm Management: To provide data-driven insights for optimizing farm operations; recommend resource applications (water, fertilizer, pesticides) based on field conditions and crop needs 24; monitor crop health, growth stages, and potential stress factors 24; estimate potential yields; support informed decisions regarding planting, tillage, cover cropping, and harvest timing 27; and enable variable rate technology applications.23
• Platform Improvement and Development: To analyze usage patterns and user feedback to understand needs and preferences; improve the functionality, usability, and performance of existing Services; develop new features, products, and services; conduct research and development, potentially using aggregated or anonymized data.83
• Compliance and Legal Obligations: To comply with applicable laws, regulations, court orders, or governmental requests; enforce our Terms of Service and other agreements; protect the rights, property, or safety of Aurigraph Aurex, our users, or the public; detect and prevent fraud or security issues.6
• Communication: To send you important administrative messages, service updates, security alerts, and support communications; respond to your inquiries, comments, and feedback.8
• Marketing and Promotions: To send you promotional materials, newsletters, or information about our Services, new features, or special offers, but only where we have obtained your explicit prior consent to do so. You will always have the option to opt-out of receiving such communications. We will not engage in targeted advertising directed at Children.30
• Aggregated/Anonymized Data: To create and use aggregated or anonymized data sets (which do not identify individuals) for research, statistical analysis, industry benchmarking, or improving our services.

5. Legal Basis for Processing

Our processing of your personal data is based on the lawful grounds provided under the DPDPA.4 The DPDPA primarily allows processing based on: (a) the Data Principal's explicit Consent, or (b) certain specified Legitimate Uses. Notably, unlike regulations such as the GDPR, the DPDPA does not recognize 'performance of a contract' or 'legitimate interests' (of the Data Fiduciary) as broad, standalone legal bases for processing.4 This requires us to meticulously map each processing activity to either explicit consent or a specific legitimate use defined in the Act.

• Consent:
  Where we rely on consent, we ensure it meets the DPDPA's stringent standards. Consent must be:
• Free: Given voluntarily, without coercion or undue influence.
• Specific: Related to a clearly defined purpose(s) of processing. We will seek separate consents for distinct purposes where appropriate (e.g., core service use vs. marketing vs. sharing for carbon credits).
• Informed: Obtained after providing you with clear and comprehensive notice (as detailed in Section 3 and required by DPDPA Section 5 30) about the data being processed, the purpose, your rights, and how to complain to the Board.
• Unconditional: Granting consent cannot be a precondition for accessing unrelated services, although core service functionality may depend on consenting to necessary data processing.
• Unambiguous: Signified through a clear affirmative action (e.g., clicking an unchecked box, signing a form). We do not use pre-ticked boxes or rely on inactivity as consent.93
• Limited: Consent is sought only for the personal data necessary for the specified purpose.6

You have the right to withdraw your consent at any time. The process for withdrawal will be as easy as the process for giving consent. Upon withdrawal, we will cease processing your personal data for the purpose(s) consent was withdrawn, unless another legal basis applies (e.g., legal obligation) or retention is required by law. Withdrawal may impact your ability to use certain features or Services.30 We may integrate with or provide options to use registered Consent Managers to help you manage your consent preferences.6

• Legitimate Uses (Processing without Explicit Consent):
  In specific circumstances defined under DPDPA Section 7, we may process your personal data without your explicit consent. These "legitimate uses" relevant to our operations may include 4:
• Voluntary Provision of Data: Processing personal data that you have voluntarily provided to us for a specific purpose (e.g., providing your farm details, contact information, and operational data necessary to use the core features of the Aurigraph Aurex platform), provided you have not indicated that you do not consent to such processing.4 It is crucial to understand that while providing data to use the basic service falls under this, secondary uses like sharing data for carbon market verification or receiving marketing materials will typically require separate, explicit consent.
• Compliance with Law: Processing necessary for compliance with any judgment, decree, or order under Indian law, or fulfilling any legal obligation imposed on us to disclose information to the State or its instrumentalities.6
• Employment Purposes: Processing personal data of our employees for purposes related to their employment, or for safeguarding us as the employer from loss or liability (e.g., preventing disclosure of trade secrets).4
• Medical Emergencies/Disasters: Processing necessary to respond to medical emergencies, epidemics, or ensure safety during disasters (less likely applicable to our core services, but included in the Act).4

Where processing is based on these legitimate uses, prior notice and consent are generally not required under the DPDPA.78

6. How We Share Your Information

We do not sell your personal data. We share your personal data only in the circumstances described below, with appropriate safeguards, and, where required, with your explicit consent.98

We may share your personal data with the following categories of recipients 98:

• Service Providers / Data Processors: We engage third-party companies and individuals to perform services on our behalf, such as cloud hosting (e.g., AWS, Azure, Google Cloud), data storage, software development, data analytics, payment processing, customer support platforms, and communication services.35 These Data Processors are authorized to process your personal data only as necessary to provide these services to us and are contractually obligated (through Data Processing Agreements - DPAs) to implement reasonable security safeguards, maintain confidentiality, and process data solely based on our instructions.49 As the Data Fiduciary, we remain responsible for ensuring our Data Processors comply with DPDPA requirements.30
• Business Partners: We may collaborate with trusted partners, such as agronomic advisors, research institutions, or technology providers, to offer integrated services or specific programs.79 We will share your personal data with such partners only with your explicit consent or when necessary for a service you have requested, and under confidentiality agreements.
• Carbon Registries, Verifiers, and Buyers: For users participating in carbon programs, we may need to share specific farm data (e.g., location, practice data, SOC measurements, calculated GHG reductions/removals) with independent third-party verifiers, carbon registries (like Verra, Gold Standard, Climate Action Reserve), and potential buyers of carbon credits to facilitate the MRV process and credit issuance/transaction.11 This sharing is fundamental to the carbon program's operation and will only occur with your explicit, informed consent, clearly detailing what data is shared, with whom (or type of entity), and for what specific MRV purpose.
• Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law, court order, or other legal process, or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights or property, prevent fraud, ensure the safety of our users or the public, or respond to a government request.6
• Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such deal and inform you of your choices regarding your information, ensuring the receiving entity agrees to uphold the commitments made in this Privacy Policy or provides notice of any changes.
• Aggregated/Anonymized Data: We may share data that has been aggregated or anonymized, such that it cannot reasonably be used to identify you, for purposes like research, industry analysis, or improving our Services.

You have the right to withdraw your consent for sharing your personal data in certain circumstances, as described in Section 5 and Section 9.

7. Data Security

We are committed to protecting the security of your personal data. We implement and maintain "reasonable security safeguards," as mandated by DPDPA Section 8(5) 30, to prevent personal data breaches, including unauthorized access, use, disclosure, alteration, or destruction.

These safeguards include appropriate technical and organizational measures, taking into account the nature, scope, context, and purposes of processing, as well as the risks to your rights and freedoms. Our measures align with examples provided in the draft DPDPA Rules 5 and industry best practices 36:

• Technical Measures:
• Encryption: Encrypting personal data both at rest (when stored) and in transit (when transmitted over networks).41
• Data Obfuscation: Employing techniques like masking or using virtual tokens where appropriate to reduce the identifiability of data.49
• Access Controls: Implementing strict access controls (e.g., role-based access, multi-factor authentication) to ensure only authorized personnel can access personal data based on their job responsibilities.36
• Network Security: Utilizing firewalls, intrusion detection and prevention systems, and other network security tools to protect our systems from external threats.49
• Secure Development: Integrating security practices into our software development lifecycle.
• Monitoring and Logging: Maintaining access logs and regularly monitoring systems for suspicious activity or potential security threats.36
• Vulnerability Management: Regularly scanning for vulnerabilities and applying patches promptly.
• Organizational Measures:
• Policies and Procedures: Maintaining internal data protection policies and procedures governing data handling, access, and security.
• Employee Training: Providing regular data protection and security awareness training to employees who handle personal data.36
• Vendor Management: Conducting due diligence on Data Processors and ensuring they are contractually obligated to implement appropriate security measures.49
• Incident Response Plan: Having a documented plan to respond to and manage potential personal data breaches effectively.
• Data Minimization: Limiting the collection and retention of personal data to what is necessary for the specified purposes.
• Physical Security: Implementing appropriate physical security measures for facilities where data is stored or processed.
• Data Backups: Maintaining regular data backups to ensure business continuity and data recovery in case of loss or compromise.49
• Data Breach Notification:
  In the unfortunate event of a personal data breach, we will comply with DPDPA Section 8(6).30 This requires us to promptly notify the Data Protection Board of India and each affected Data Principal. The notification will be provided in the prescribed form and manner and will include details about the nature of the breach, the likely consequences, the measures taken to mitigate harm, and contact information for further inquiries.49 Given the lack of an explicit harm threshold in the enacted DPDPA for triggering notification 30, we have implemented robust internal processes for detecting, assessing, and responding promptly to any potential breach.
• Disclaimer:
  While we take reasonable and appropriate measures to safeguard your personal data, please be aware that no security system is impenetrable. We cannot guarantee the absolute security of your information, but we are committed to employing industry best practices and continuously improving our security posture.

8. Data Retention and Erasure

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, as outlined in Section 4 of this policy.37 This includes the duration required to provide you with our Services, comply with our legal and regulatory obligations (e.g., tax, accounting, carbon program record-keeping), resolve disputes, and enforce our agreements.

In accordance with DPDPA Section 8(7) 30, we will erase your personal data when one of the following triggers occurs, whichever is earlier:

1. Withdrawal of Consent: You withdraw your consent for the processing of your personal data for a specific purpose, and there is no other legal basis or requirement for us to retain it for that purpose.
2. Purpose No Longer Served: It is reasonable to assume that the specified purpose for which the personal data was collected is no longer being served. This determination requires proactive assessment based on factors such as account inactivity, completion of a project (e.g., a carbon crediting period), or other indicators that the data is no longer needed for its original purpose.30 The draft DPDPR provides specific inactivity thresholds for certain large entities 102, which we monitor for applicability.
3. Erasure Request: You submit a valid request for the erasure of your personal data (as per your rights described in Section 9), and we are not legally obligated or permitted to retain it.

Exception: We may retain your personal data beyond these triggers if retention is necessary for compliance with any applicable law in India.30

Erasure Process: When erasure is required, we will take steps to securely delete or anonymize your personal data from our active systems. We will also take reasonable steps to ensure that our Data Processors, with whom the data may have been shared, also erase the data in accordance with our instructions and contractual obligations.30 This requires robust tracking of data flows and verifiable deletion protocols with our vendors. We will also adhere to any pre-erasure notification requirements as may be prescribed (e.g., the 48-hour notice mentioned in draft DPDPR 102).

Anonymized Data: Data that has been irreversibly anonymized, such that it can no longer be used to identify you, is not considered personal data and may be retained indefinitely for research, analytics, or statistical purposes.

9. Your Rights (Data Principal Rights under DPDPA)

Under the DPDPA, you, as a Data Principal, have specific rights concerning your personal data. We are committed to facilitating the exercise of these rights.2

Please see the table below for a summary of your rights and how to exercise them:

Exercising Your Rights:

To exercise any of these rights, please contact us using the information provided in Section 14 (Grievance Redressal and Contact Information). We may need to verify your identity before processing your request to ensure the security of your personal data.104 We will respond to your request within a reasonable timeframe, or as prescribed by law.2

Data Principal Duties:

Please note that the DPDPA also outlines certain duties for Data Principals. You must not register false or frivolous grievances or complaints, provide false particulars, suppress material information, or impersonate another person when providing information or exercising your rights.35 Violation of these duties may be punishable under the Act.3

10. Cross-Border Data Transfers

Your personal data may be transferred to, stored, and processed in countries other than India, where our servers, service providers, or partners may be located. This is often necessary for providing our global Services, utilizing specialized infrastructure (e.g., cloud services), or collaborating with international partners.

We conduct such transfers in compliance with DPDPA Section 16.30 The DPDPA permits the transfer of personal data outside India, except to those countries or territories specifically restricted by the Central Government of India through notification (the "negative list").7 As of the "Last Updated" date of this policy, this list may not yet be published. We commit to monitoring for and complying with any such restrictions if and when they are notified by the government.

For transfers to countries not on the negative list, the DPDPA does not explicitly mandate specific transfer mechanisms like those required under GDPR (e.g., Adequacy Decisions, Standard Contractual Clauses - SCCs).6 However, we implement appropriate safeguards to protect your personal data during such transfers. These safeguards may include:

• Ensuring the recipient country offers an adequate level of data protection.
• Entering into contractual agreements (like DPAs incorporating SCCs or similar clauses where appropriate) with third-party recipients that require them to protect your personal data to standards comparable to those under DPDPA and this policy.32
• Implementing technical security measures during transfer (e.g., encryption).

We will also ensure that any transfer complies with other applicable Indian laws that may provide a higher degree of protection or restriction on data transfers.30 Where required by applicable law, we may seek your explicit consent before transferring your personal data internationally.

11. Children's Privacy

Our Services are generally not intended for or directed at individuals under the age of 18 ("Children"), as defined by the DPDPA 30, unless explicitly specified for a particular service designed for educational or family farm contexts.

We comply strictly with DPDPA Section 9 regarding the processing of Children's personal data 30:

• Verifiable Parental Consent: We do not knowingly collect or process personal data from Children without obtaining prior verifiable consent from a parent or lawful guardian.30 The method of verification will adhere to prescribed rules or recognized best practices to ensure the consent is genuinely from the parent/guardian.46 The higher age threshold of 18 under DPDPA requires careful age verification if services might appeal to teenagers.
• Prohibition on Harmful Processing: We will not undertake any processing of a Child's personal data that is likely to cause any detrimental effect on their well-being.30
• Prohibition on Tracking and Targeted Advertising: We do not engage in tracking or behavioural monitoring of Children, nor do we direct targeted advertising at them.30 This may limit certain analytics or personalization features for users identified as Children.

If we become aware that we have inadvertently collected personal data from a Child without verifiable parental consent, we will take steps to delete that information as soon as possible. If you are a parent or guardian and believe your Child has provided us with personal data without your consent, please contact us using the details in Section 14.

The Central Government may notify exemptions or a lower age threshold for certain Data Fiduciaries demonstrating verifiably safe processing; we will comply with any such notifications applicable to us.30

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixels, and scripts) on our website and potentially within our mobile applications to collect certain information automatically, enhance user experience, analyze usage, and support our Services.74

• What are Cookies: Cookies are small text files stored on your device (computer, tablet, mobile phone) when you visit certain web pages.
• Types of Cookies We May Use:
• Strictly Necessary Cookies: Essential for the operation of our Services (e.g., user authentication, security). These cannot be disabled.
• Performance/Analytics Cookies: Help us understand how users interact with our Services (e.g., pages visited, time spent, errors encountered) to improve performance.
• Functionality Cookies: Enable enhanced functionality and personalization (e.g., remembering preferences like language or region).
• Targeting/Advertising Cookies: (If used) Used to deliver relevant advertisements based on interests and browsing behaviour. These are often placed by third-party networks.
• Data Collected via Cookies: This may include IP address, browser type, device identifiers, operating system, referral URLs, pages viewed, time spent, and other usage details.74 Linking this cookie data with other farm-specific data requires transparency and is done only for the purposes stated in Section 4.
• Your Consent: For cookies that are not strictly necessary for the functioning of our Services, we will obtain your explicit consent before placing them on your device. This consent must meet the DPDPA standards (free, specific, informed, unambiguous, clear affirmative action) 42 and is typically managed through a cookie consent banner or preference center when you first visit our website or use our app.75 Implied consent is not sufficient.
• Managing Cookies: You can manage your cookie preferences at any time through our cookie consent tool (if applicable) or by adjusting your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking strictly necessary cookies may impact the functionality of our Services.74 You can also withdraw your consent for non-essential cookies at any time.
• Third-Party Cookies: Some cookies may be placed by third-party service providers (e.g., Google Analytics, advertising partners). We do not control these cookies. Please refer to the privacy policies of these third parties for more information on their practices.75
• Further Information: For more detailed information about the specific cookies we use, their purposes, and duration, please refer to our [Link to Cookie Policy, if separate] or contact us. If cookie usage is extensive, a separate, linked Cookie Policy provides greater clarity.74

13. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, service offerings, or legal and regulatory requirements.8 Compliance with the DPDPA is an evolving area, and updates may be necessary as rules are finalized and interpretations develop.4

We will notify you of any material changes to this Privacy Policy. Notification methods may include posting a prominent notice on our website, sending an email notification to registered users, or using in-app alerts.107 We encourage you to review this policy periodically.

The "Last Updated" date at the top of this policy indicates when it was last revised.108 Your continued use of our Services after the effective date of the revised policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue using the Services and contact us if you wish to exercise your rights (e.g., request data erasure).

14. Grievance Redressal and Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing practices, or if you wish to exercise your rights as a Data Principal under the DPDPA, please contact us.

We have appointed a Grievance Officer / Data Protection Contact Person to address your queries and concerns.31 This fulfills our obligation under DPDPA to provide a readily available means for grievance redressal.30

You can reach our Grievance Officer / Data Protection Contact Person at:

• Email: [privacy@aurigraphaurex.com] (Example)
• Postal Address: [Aurigraph Aurex Physical Address, including country]
• Phone: [Aurigraph Aurex Phone Number, if applicable]

We will acknowledge your grievance promptly and respond within the timeframes prescribed under the DPDPA or applicable regulations.

If you are not satisfied with the resolution provided through our internal grievance redressal mechanism, you have the right to lodge a complaint with the Data Protection Board of India.30 Information on how to contact the Board will be made available through official government channels or can be provided upon request once the Board is fully operational.

15. Consent Manager Information

The DPDPA introduces the concept of Consent Managers – registered entities that provide a platform for Data Principals to give, manage, review, and withdraw their consent for data processing across different Data Fiduciaries.6

As this framework develops, we will evaluate integrations with registered Consent Managers. Should we integrate with such platforms, or should you choose to manage your consent for our Services through a registered Consent Manager, we will cooperate with the Consent Manager as required by the DPDPA to facilitate your choices. We will provide updates on any integrations or options related to Consent Managers as they become available. Explaining this mechanism now helps set user expectations for this key DPDPA feature.

Works cited

1. Digital Personal Data Protection Act, 2023 – An Overview, accessed May 6, 2025, https://kpmg.com/in/en/insights/2023/08/digital-personal-data-protection-act-2023-overview.html
2. Understanding the Digital Personal Data Protection (DPDP) Act: A Comprehensive Guide for Businesses | Zscaler, accessed May 6, 2025, https://www.zscaler.com/blogs/product-insights/understanding-digital-personal-data-protection-dpdp-act-comprehensive-guide
3. The Digital Personal Data Protection Bill, 2023 - PRS India, accessed May 2, 2025, https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023
4. Unveiling India's New Data Privacy Law | Mintz, accessed May 6, 2025, https://www.mintz.com/insights-center/viewpoints/2826/2025-02-07-unveiling-indias-new-data-privacy-law
5. Six Steps to Comply with India's Digital Personal Data Protection Act (DPDPA), accessed May 6, 2025, https://www.ardentprivacy.ai/blog/six-steps-to-comply-with-indias-digital-personal-data-protection-act/
6. India's Digital Personal Data Protection Act 2023 vs. the GDPR: A Comparison - Latham & Watkins LLP, accessed May 6, 2025, https://www.lw.com/admin/upload/SiteAttachments/Indias-Digital-Personal-Data-Protection-Act-2023-vs-the-GDPR-A-Comparison.pdf
7. India's Digital Personal Data Protection Act 2023 vs. the GDPR: A Comparison, accessed May 6, 2025, https://www.globalprivacyblog.com/2023/12/indias-digital-personal-data-protection-act-2023-vs-the-gdpr-a-comparison/
8. Terms & Conditions - AgriTech New Zealand, accessed May 2, 2025, https://agritechnz.org.nz/terms-conditions/
9. Terms of service - HoYi, accessed May 2, 2025, https://hoyi.farm/pages/terms-of-service
10. Terms of Use | Plantix Partner, accessed May 2, 2025, https://plantix-partner.com/en/imprint/terms-and-conditions/
11. Soil Carbon Science and Policy | Indigo Ag, accessed April 30, 2025, https://www.indigoag.com/carbon/science/advancement
12. Agriculture Carbon Sequestration Market Research 2024-2034, Competitive Analysis of Indigo, Soil Capital, Yara, Carbon8 Systems, Cool Farm, Corteva, BASF, Syngenta, Carbo Culture, & Charm Industrial - GlobeNewswire, accessed April 30, 2025, https://www.globenewswire.com/news-release/2025/01/14/3009211/28124/en/Agriculture-Carbon-Sequestration-Market-Research-2024-2034-Competitive-Analysis-of-Indigo-Soil-Capital-Yara-Carbon8-Systems-Cool-Farm-Corteva-BASF-Syngenta-Carbo-Culture-Charm-Indu.html
13. Perennial | Harness earth to heal the planet, accessed April 30, 2025, https://www.perennial.earth/
14. Carbon Farming | Measure Soil Organic Carbon (SOC) - Spacenus, accessed April 30, 2025, https://www.spacenus.com/carbon-farming
15. Agricultural Carbon & Ecosystem Services | Truterra | TruCarbon, accessed April 30, 2025, https://www.truterraag.com/Carbon
16. Indigo | Carbon - Indigo Ag, accessed April 30, 2025, https://www.indigoag.com/carbon-credits
17. EO4CarbonFarming - ESA Space Solutions, accessed April 30, 2025, https://business.esa.int/projects/eo4carbonfarming
18. Agriculture Resilience Platform | Regrow, accessed April 30, 2025, https://www.regrow.ag/
19. Seqana: Leading in Soil Carbon MRV and cost-efficient sampling design, accessed April 30, 2025, https://www.seqana.com/
20. Measures to Reduce Emissions in Agricultural Production - Nebraska Department of Environment and Energy, accessed April 30, 2025, https://dee.nebraska.gov/sites/default/files/publications/Ag%20Registry%20and%20Grants%20Program.pdf
21. Agri Carbon Market Map: The companies helping to harness regen ag - AgFunderNews, accessed April 30, 2025, https://agfundernews.com/agri-carbon-market-map-companies-helping-harness-benefits-regen-ag
22. Unlocking Agricultural Carbon Market Opportunities - BloombergNEF, accessed April 30, 2025, https://about.bnef.com/blog/unlocking-agricultural-carbon-market-opportunities/
23. Carbon farming: practices and assessing - GeoPard Agriculture, accessed April 30, 2025, https://geopard.tech/blog/measuring-the-carbon-emissions-using-precision-agriculture/
24. Revolutionizing Sustainable Agriculture: How Precision Technology and Carbon Sequestration Are Shaping the Future of Farming - - Farmonaut, accessed April 30, 2025, https://farmonaut.com/precision-farming/revolutionizing-sustainable-agriculture-how-precision-technology-and-carbon-sequestration-are-shaping-the-future-of-farming/
25. Execute and Validate On Farm Carbon Projects | Regrow MRV, accessed April 30, 2025, https://www.regrow.ag/platform/mrv
26. 15 Global Farm Management Software Influencing Carbon Farming Practices - MazaoHub, accessed April 30, 2025, https://www.mazaohub.com/news/15-global-farm-management-software-influencing-carbon-farming-practices
27. Key field activity data types in agriculture to collect using Fulcrum, accessed May 6, 2025, https://www.fulcrumapp.com/blog/key-field-activity-data-types-to-collect-using-fulcrum/
28. Ag Data Categories — Ag Data Transparent, accessed May 6, 2025, https://www.agdatatransparent.com/ag-data-categories
29. 8 Ways to Focus Data Collection On Your Farm This Year - AgWeb, accessed May 6, 2025, https://www.agweb.com/news/business/technology/8-field-activity-data-types-you-need-collect-now
30. www.meity.gov.in, accessed May 6, 2025, https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
31. Data protection laws in India, accessed May 6, 2025, https://www.dlapiperdataprotection.com/index.html?t=law&c=IN
32. Navigating Cross-Border Data Transfers Under India's DPDPA and ..., accessed May 6, 2025, https://securiti.ai/cross-border-data-transfer-under-india-dpdpa-draft-rules/
33. Guidance on Cross-Border Data Transfers for Indian Organisations - DataGuidance, accessed May 6, 2025, https://www.dataguidance.com/sites/default/files/dcsi_privacy_across_borders-_guidance_on_cross-border_data_transfers_for_indian_organizations.pdf
34. The Future of Cross-Border Data Transfers Under the DPDP Act - Leegality, accessed May 6, 2025, https://www.leegality.com/consent-blog/cross-border-data-transfer
35. www.dsci.in, accessed May 6, 2025, https://www.dsci.in/files/content/documents/2024/FAQs-on-DPDP-Act-2023-MiniBooklet.pdf
36. 7 Steps to Prepare for India's Digital Personal Data Protection Act - Privado.ai, accessed May 6, 2025, https://www.privado.ai/post/india-digital-personal-data-protection-act
37. What Data Does the India Digital Personal Data Protection Act 2023 Safeguard? - Secure Privacy, accessed May 2, 2025, https://secureprivacy.ai/blog/india-digital-personal-data-protection-act-2023-guide-protected-data
38. India's Data Protection Laws | Zscaler Privacy, accessed May 6, 2025, https://www.zscaler.com/privacy/india-dpdpa
39. India's Digital Personal Data Protection Act 2023 vs. the GDPR: A Comparison - Latham & Watkins LLP, accessed May 6, 2025, https://www.lw.com/en/insights/2023/12/Indias-Digital-Personal-Data-Protection-Act-2023-vs-the-GDPR-A-Comparison
40. What does DPDPA - India's new Privacy Law mean for you? - LattIQ, accessed May 6, 2025, https://www.lattiq.com/discover/what-does-dpdpa-india-s-new-privacy-law-mean-for-you
41. Understanding India's Digital Personal Data Protection Act (DPDPA) - Entrust, accessed May 6, 2025, https://www.entrust.com/resources/learn/dpdpa
42. Guide to India's Digital Personal Data Protection Act (DPDP Act) - CookieYes, accessed May 6, 2025, https://www.cookieyes.com/blog/india-digital-personal-data-protection-act-dpdpa/
43. India Digital Personal Data Protection Act (DPDP Act) Overview - Usercentrics, accessed May 6, 2025, https://usercentrics.com/knowledge-hub/india-digital-personal-data-protection-act-dpdpa/
44. Deciphering the Digital Personal Data Protection Act (DPDPA) 2023 in India: A comprehensive guide - Scrut Automation, accessed May 6, 2025, https://www.scrut.io/post/deciphering-the-digital-personal-data-protection-act-dpdpa-2023-in-india-a-comprehensive-guide
45. “Verifiably Safe” Processing of Children's Personal Data under the DPDPA 2023: A Catalogue of Measures - The Dialogue, accessed May 6, 2025, https://thedialogue.co/publication/verifiably-safe-processing-of-childrens-personal-data-under-the-dpdpa-2023-a-catalogue-of-measures/
46. Processing Personal Data of Children: Navigating DPDP Act, 2023, accessed May 6, 2025, https://spiceroutelegal.com/data-protection/indias-new-digital-personal-data-protection-act-processing-personal-data-of-children/
47. Digital Personal Data Protection Act, 2023 DPDPA SECTION 9 WITH INTERPRETATION, accessed May 6, 2025, https://dpdpa.com/dpdpa2023/chapter-2/section9.html
48. Children's personal data and compliance with Digital Personal Data Protection Act, 2023: Not a Child's Play - ET Government, accessed May 6, 2025, https://government.economictimes.indiatimes.com/blog/childrens-personal-data-and-compliance-with-digital-personal-data-protection-act-2023-not-a-childs-play/107525926
49. Navigating the India's Digital Personal Data Protection Act (DPDPA) Rules: A Compliance Guide - Securiti.ai, accessed May 6, 2025, https://securiti.ai/india-digital-personal-data-protection-act-dpdpa-rules/
50. India's Digital Personal Data Protection Act (DPDPA) - Cookie Script, accessed May 6, 2025, https://cookie-script.com/privacy-laws/india-digital-personal-data-protection-act
51. Understanding India's DPDPA Compliance Framework | Guide & Requirements - Secure Privacy, accessed May 6, 2025, https://secureprivacy.ai/blog/india-dpdpa-2023-compliance-framework
52. How to Comply with India's New Data Privacy Law: The Digital Personal Data Protection Act (DPDPA) - Secureframe, accessed May 6, 2025, https://secureframe.com/blog/digital-personal-data-protection-act-dpdpa
53. Agrilyze | Data Analytics | Precision Farming | Farm Management Solution, accessed April 30, 2025, https://agrilyze.ca/
54. Best Agricultural Data Providers & Companies 2025 - Datarade, accessed April 30, 2025, https://datarade.ai/data-categories/agricultural-data/providers
55. Evaluating LiDAR technology for accurate measurement of tree metrics and carbon sequestration - PMC, accessed April 30, 2025, https://pmc.ncbi.nlm.nih.gov/articles/PMC11903942/
56. AgroScout - Detection Done Right, accessed April 30, 2025, https://agro-scout.com/
57. LiDAR Paints Picture of Forests, Fields, and Carbon Storage ..., accessed April 30, 2025, https://www.woodwellclimate.org/lidar-technology-carbon-biomass-estimates/
58. Proximal sensing, Drones & Soil - ESDAC - European Commission, accessed April 30, 2025, https://esdac.jrc.ec.europa.eu/projects/proximal-sensing-drones-soil
59. Agriculture Drones | Farming Drone for Crop Monitoring - JOUAV, accessed April 30, 2025, https://www.jouav.com/blog/agriculture-drone.html
60. (PDF) Predictive monitoring of soil organic carbon using ..., accessed April 30, 2025, https://www.researchgate.net/publication/381285571_Predictive_monitoring_of_soil_organic_carbon_using_multispectral_UAV_imagery_a_case_study_on_a_long-term_experimental_field
61. Full article: Rapid monitoring of the spatial distribution of soil organic matter using unmanned aerial vehicle imaging spectroscopy - Taylor & Francis Online, accessed April 30, 2025, https://www.tandfonline.com/doi/full/10.1080/19475683.2024.2360213
62. Application of UAVs and Remote Sensing Technologies for Atmospheric CO2 Capturing - Journal of Library and Information Science, accessed April 30, 2025, https://journal.pubmedia.id/index.php/ijgaes/article/download/3348/3275/6844
63. Progress and Limitations in Forest Carbon Stock Estimation Using ..., accessed April 30, 2025, https://www.mdpi.com/1999-4907/16/3/449
64. State of the art in remote sensing monitoring of carbon dynamics in African tropical forests, accessed April 30, 2025, https://www.frontiersin.org/journals/remote-sensing/articles/10.3389/frsen.2025.1532280/full
65. Application of remote sensing for monitoring carbon farming: a review - ResearchGate, accessed April 30, 2025, https://www.researchgate.net/publication/373284969_APPLICATION_OF_REMOTE_SENSING_FOR_MONITORING_CARBON_FARMING_A_REVIEW
66. Intelligent Drone Monitoring Solution | ZenaDrone Inc., accessed April 30, 2025, https://www.zenadrone.com/
67. Farm mapping with drone LIDAR - A Case Study | Engineers With ..., accessed April 30, 2025, https://www.engineerswithdrones.ie/case-studies/farm-mapping-lidar.php
68. Top Agricultural Drone Sprayer Companies Revolutionizing Farming in 2024 - FlyPix AI, accessed April 30, 2025, https://flypix.ai/blog/agricultural-drone-sprayer-companies/
69. Estimating Aboveground Biomass and Carbon Sequestration in Afforestation Areas Using Optical/SAR Data Fusion and Machine Learning - MDPI, accessed April 30, 2025, https://www.mdpi.com/2072-4292/17/5/934
70. Forest emissions reduction assessment from airborne LiDAR data using multiple machine learning approaches - Frontiers, accessed April 30, 2025, https://www.frontiersin.org/journals/energy-research/articles/10.3389/fenrg.2023.1252882/full
71. Sustainability at DroneDeploy, accessed April 30, 2025, https://www.dronedeploy.com/solutions/sustainability
72. Agricultural Drone Services | Crop Monitoring - Horus Drones, accessed April 30, 2025, https://horusdrones.com/agricultural-drone-services/
73. Digital Mapping of Soil Organic Carbon Using UAV Images and Soil Properties in a Thermo-Erosion Gully on the Tibetan Plateau - MDPI, accessed April 30, 2025, https://www.mdpi.com/2072-4292/15/6/1628
74. "Use of Cookies" clause in a Privacy Policy - Privacy Policy Generator, accessed May 6, 2025, https://www.privacypolicygenerator.info/use-cookies-clause-privacy-policy/
75. Privacy Policy Cookies Clause: Separate vs Combined - WebsitePolicies, accessed May 6, 2025, https://www.websitepolicies.com/blog/privacy-policy-cookies-clause
76. Cookie Clauses For Your Privacy Policy - TermsFeed, accessed May 6, 2025, https://www.termsfeed.com/blog/privacy-policy-cookies-clauses/
77. Terms & Conditions - CCS, accessed May 2, 2025, https://ccs.earth/terms-and-conditions/
78. Decoding the Digital Personal Data Protection Act, 2023 - KPMG LLP, accessed May 6, 2025, https://assets.kpmg.com/content/dam/kpmg/in/pdf/2023/08/decoding-the-digital-personal-data-protection-act-2023.pdf
79. Data Analytics at the Center of Next-Generation Agriculture - Agmatix, accessed April 30, 2025, https://www.agmatix.com/blog/data-analytics-at-the-center-of-next-generation-agriculture/
80. Data and analytics | Agriculture | McKinsey & Company, accessed April 30, 2025, https://www.mckinsey.com/industries/agriculture/how-we-help-clients/mckinsey-center-for-agricultural-transformation/data-and-analytics
81. Green Analytics, accessed April 30, 2025, https://www.greenanalytics.ca/
82. Agriculture Analytics - SAS Institute, accessed April 30, 2025, https://www.sas.com/en_us/industry/agriculture-analytics.html
83. ACRE | Agriculture - McKinsey & Company, accessed April 30, 2025, https://www.mckinsey.com/industries/agriculture/how-we-help-clients/acre
84. SaaS Contracts: Types & Key Clauses | Zluri, accessed May 2, 2025, https://www.zluri.com/blog/saas-contracts
85. ANALYSIS: 'Next generation' rice methane carbon credits set to ..., accessed April 30, 2025, https://www.qcintel.com/carbon/article/analysis-next-generation-rice-methane-carbon-credits-set-to-double-in-price-22192.html
86. Cutting Emissions and Boosting Yield in Rice Farming | Gold ..., accessed April 30, 2025, https://www.goldstandard.org/news/reducing-emissions-one-grain-at-a-time
87. VCS PROGRAM methodologies - Verra, accessed April 30, 2025, https://verra.org/program-methodology/vcs-program-standard/overview/
88. Achieve Sustainability Goals - Indigo Ag, accessed April 30, 2025, https://www.indigoag.com/corporation
89. U.S. Carbon Program | Bayer Global, accessed April 30, 2025, https://www.bayer.com/en/agriculture/carbon-program-united-states
90. Revolutionizing Climate-Resilient Agriculture: Farmonaut's Precision Technology Tackles Groundwater and Carbon Challenges -, accessed April 30, 2025, https://farmonaut.com/precision-farming/revolutionizing-climate-resilient-agriculture-farmonauts-precision-technology-tackles-groundwater-and-carbon-challenges/
91. Improving sustainability and profitability in agriculture - Indigo Ag, accessed April 30, 2025, https://www.indigoag.com/about
92. Legitimate Uses Under the DPDP Act, 2023 - DPDP Consultants, accessed May 6, 2025, https://www.dpdpconsultants.com/blog/legitimate-uses-under-the-dpdp-act-2023-2.php
93. India Digital Personal Data Protection Act 2023 (DPDPA) Cookie Consent Requirements, accessed May 2, 2025, https://secureprivacy.ai/blog/india-digital-personal-data-protection-act-dpdpa-cookie-consent-requirements
94. Digital Personal Data Protection Act, 2023 DPDPA SECTION 4 WITH INTERPRETATION, accessed May 2, 2025, https://dpdpa.com/dpdpa2023/chapter-2/section4.html
95. Consent under DPDPA - Comprehensive Understanding, accessed May 2, 2025, https://dpdpa.com/blogs/consentunderdpdpa.html
96. Consent Requirements Under Digital Personal Data Protection Act, 2023 & Rules, 2025, accessed May 2, 2025, https://www.ahlawatassociates.com/blog/consent-requirements-under-the-digital-personal-data-protection-act-2023-and-digital-personal-data-protection-rules-2025
97. Your Data Principal Rights: Understanding the DPDP Act, 2023, accessed May 6, 2025, https://www.dpdpa.com/blogs/dataprincipalrightsunderdpdpa.html
98. "How Do We Share Your Information" Clause in a Privacy Policy ..., accessed May 6, 2025, https://www.termsfeed.com/blog/share-information-clause-privacy-policy/
99. Data Protection Laws in India: Tackling Compliance Challenges under the DPDPA, 2023 & draft DPDPR, 2025 - Legal 500, accessed May 6, 2025, https://www.legal500.com/developments/thought-leadership/data-protection-laws-in-india-tackling-compliance-challenges-under-the-dpdpa-2023-draft-dpdpr-2025/
100. Requirements regarding reasonable security safeguards under the DPDPA, 2023 and the draft DPDPR, 2025 - Ahlawat Associates, accessed May 6, 2025, https://www.ahlawatassociates.com/blog/requirements-regarding-reasonable-security-safeguards-under-the-dpdpa-2023-and-the-draft-dpdpr-2025
101. Transforming data privacy: Digital Personal Data Protection Rules, 2025 | EY - India, accessed May 6, 2025, https://www.ey.com/en_in/insights/cybersecurity/transforming-data-privacy-digital-personal-data-protection-rules-2025
102. Data retention requirements under the DPDPA, 2023 and the draft ..., accessed May 6, 2025, https://www.ahlawatassociates.com/blog/data-retention-requirements-under-the-dpdpa-2023-and-the-draft-dpdpr-2025
103. Rule 8 of Digital Personal Data Protection Act, 2023 DPDP Rules 2025 - DPDPA, accessed May 6, 2025, https://dpdpa.com/dpdparules/rule8.html
104. Rights of Data Principals under the DPDP Act explained - Leegality, accessed May 6, 2025, https://www.leegality.com/consent-blog/rights-dpdp
105. Digital Personal Data Protection Act, 2023 DPDPA SECTION 11 WITH INTERPRETATION, accessed May 6, 2025, https://dpdpa.com/dpdpa2023/chapter-3/section11.html
106. Top 10 operational impacts of India's DPDPA – Comparative analysis with the EU General Data Protection Regulation and other major data privacy laws - IAPP, accessed May 6, 2025, https://iapp.org/resources/article/operational-impacts-of-indias-dpdpa-part6/
107. Best Practices for Material Updates to Your Privacy Policy - TermsFeed, accessed May 6, 2025, https://www.termsfeed.com/blog/best-practices-material-updates-privacy-policy/
108. Privacy Policy Updates: Why and How To Update - Termly, accessed May 6, 2025, https://termly.io/resources/articles/privacy-policy-updates/
109. How to Update Privacy Policy to Remain Compliant - WebsitePolicies, accessed May 6, 2025, https://www.websitepolicies.com/blog/update-privacy-policy