CredoSense Privacy Policy

Last Updated: July 2025

This Privacy Policy explains how CredoSense Inc. (“CredoSense”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal information when you visit our websites, interact with us, purchase our products or services, or use CredoSense platforms and devices.

This Policy is designed to be easy to find, easy to read, and precise about what we do with your information. If you use our devices, software platform, or other CredoSense services under separate terms, those terms may include additional privacy disclosures that work together with this Policy.

Who We Are & Applicable Laws

CredoSense Inc. is a company incorporated in Canada with operations in Canada and Bangladesh. For most processing described in this Policy, CredoSense Inc. is the “controller” (or equivalent term under applicable law) responsible for your personal information.

We aim to comply with applicable privacy laws, including: Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws; the EU/UK General Data Protection Regulation (GDPR/UK GDPR), where applicable; and relevant U.S. state privacy laws (such as the California Consumer Privacy Act as amended), where they apply. Local rights and obligations may vary depending on where you live

Information We Collect

We collect personal information only where we have a clear business and user-focused reason to do so, such as to provide products and services, support our users, operate our website and platforms securely, or improve our offerings.

Information You Provide
  • Contact details: name, email address, phone number, organization, role.
  • Account details: login credentials and profile information for any CredoSense portal, platform, or service you register for.
  • Transaction details: billing name, billing address, shipping address, tax information, payment amount, and purchase history. Payment card details are processed by our payment processors; we do not store full card numbers.
  • Communications: content of emails, forms, support requests, meeting notes, and (where permitted by law) call recordings, along with associated metadata such as timestamps and communication channel.
  • Other information you submit: feedback, survey responses, event registrations, and any information contained in files you voluntarily provide.
Information We Collect Automatically (Web & Online Services)
  • Log data: IP address, browser type, device identifiers, operating system, pages visited, referring/exit pages, timestamps, and basic interaction data.
  • Cookies and similar technologies: identifiers stored on your browser or device, pixel tags, and scripts used for core functionality, security, usage analytics, and (where enabled and lawful) marketing or advertising measurement. Where required by law, we obtain your consent before setting up non-essential cookies.
Information from Third Parties
We may receive limited information about you from payment processors, logistics providers, partners who introduce you to CredoSense, and analytics or advertising partners (often in aggregated or pseudonymous form). We use such information only in line with this Policy and applicable law.
 
Platform & Device Data (Leaf Chamber & Related Systems)
This section describes how we handle data generated when you use CredoSense hardware (such as Leaf Chamber systems and associated sensors), software platforms, and integrated services (collectively, the “Platform”).

Types of Platform & Device Data
  • Account and user role information: information required to create and manage user accounts, including names, business contact details, organization, roles, and permissions for multi-user teams.
  • Device identifiers and configuration: device serial numbers, firmware versions, configuration profiles, activation status, and logs related to setup and updates.
  • Operational and telemetry data: non-personal technical information generated by the devices and Platform, such as error codes, connectivity events, uptime, performance metrics, and interaction logs used for diagnostics, reliability, and security.
  • Measurement and agronomic data: data points captured through CredoSense devices and Platform, which may include leaf- and canopy-level readings, soil parameters, environmental measurements, timestamps, sampling grid identifiers, and associated farm or field metadata.
  • Derived insights and recommendations: outputs generated by our analytics or AI models (such as risk scores, diagnostic indicators, and management recommendations) based on Platform & Device Data.
  • Location and project metadata: optional geospatial information or project identifiers associated with fields, farms, or facilities, as configured by you or your organization. In typical use, this is business or operational information, not consumer residential data.
How We Use Platform & Device Data
We use Platform & Device Data for the following purposes, in addition to the purposes set out elsewhere in this Policy:
  • Service delivery: to operate the Platform, run measurements, generate analytics and recommendations, and present results to authorized users.
  • Support and reliability: to diagnose issues, provide technical support, improve performance, monitor device health, and plan updates.
  • Product improvement and R&D: to analyze aggregated and de-identified Platform & Device Data to improve algorithms, hardware, and workflows. Where reasonably possible, we use de-identified or aggregated data for these purposes.
  • Security and abuse prevention: to protect accounts, devices, and infrastructure from unauthorized access, misuse, or other security threats.
  • Contractual and regulatory obligations: to fulfill our agreements with you or your organization and to comply with applicable legal, audit, and regulatory requirements.
Customer Control & Business Data
In most deployments, Platform & Device Data (including farm, field, and operational data) is collected and used on behalf of a business customer (such as a farm, agronomy firm, research institution, or advisor). That organization typically controls how such data is configured and shared within its account. We process this data in accordance with our agreements with that organization and this Policy.
We do not use identifiable customer Platform & Device Data to target advertising to individual natural persons, nor do we sell such data in the sense of providing identifiable datasets to third parties for their independent use.
 
How We Use Your Information (All Contexts)
We use personal information collected through our websites, Platform, and interactions with you for the following purposes:
  • Providing products and services;
  • Operating, maintaining, and securing our websites, Platform, and devices;
  • Managing accounts, orders, billing, and customer relationships;
  • Communicating with you about support, updates, safety, security, and changes to our terms;
  • Improving and developing our products, services, documentation, and user experience;
  • Detecting, investigating, and preventing fraud, abuse, or security incidents;
  • Conducting analytics and, where permitted, limited marketing activities;
  • Complying with legal and regulatory obligations and enforcing our agreements.
Legal Bases for Processing (GDPR/UK GDPR)
Where the GDPR or UK GDPR applies, we process personal data on one or more of the following legal bases:
  • Performance of a contract;
  • Compliance with legal obligations;
  • Legitimate interests (balanced against your rights and expectations);
  • Your consent, where required (for example, certain cookies or marketing communications).
Cookies & Similar Technologies
We use cookies and similar technologies to provide and secure our services, understand usage, and, where applicable, measure and improve marketing. You can manage cookies through your browser settings and, where available, our cookie banner or preference tools. We do not set non-essential cookies in regions where consent is required unless you provide them.
 
How We Share Information
We do not sell personal information in the ordinary sense of selling lists of identifiable individuals for money. We may share personal information only in the following circumstances and with appropriate safeguards:
 
  • Within the CredoSense group of companies and affiliates;
  • With service providers who process data on our behalf under contractual restrictions;
  • To comply with laws, regulations, legal processes, or enforceable government requests;
  • To protect the rights, property, or safety of CredoSense, our users, or others;
  • In connection with a business transaction (such as merger or acquisition), subject to safeguards;
  • With your consent or at your direction (including testimonials or integrations);
  • Using aggregated or de-identified data that cannot reasonably be used to identify you.
International Transfers
We may transfer personal information to countries outside of your jurisdiction. Where required by law, we implement appropriate safeguards for such transfers, which may include standard contractual clauses, adequacy decisions, or other legally recognized mechanisms, combined with technical and organizational measures.
 
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. When information is no longer required, we delete it or de-identify it in a secure manner.
 
Security
We use reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, use, alteration, and destruction. These measures include access controls, encryption where appropriate, network and system monitoring, vulnerability management, and staff confidentiality obligations. No system is perfectly secure, but security is a design requirement across our infrastructure and operations.
 
Your Rights
Your rights depend on the applicable law in your jurisdiction. Subject to legal limitations, you may have the right to access, correct, delete, or restrict certain uses of your personal information; to object to certain processing; to withdraw consent where processing is based on consent; and to obtain a copy of your information in a portable format.
You can exercise these rights by contacting us using the details below. We may need to verify your identity before responding to your request and will respond within the time required by applicable law.
EU/UK residents may also lodge a complaint with their local data protection authority. Canadian residents may contact the Office of the Privacy Commissioner of Canada or applicable provincial regulators. Where U.S. state privacy laws apply, we will honor additional rights available under those laws.
 
Children’s Privacy
Our websites, Platform, and devices are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children in this age group without appropriate consent. If you believe a child has provided us with personal information, please contact us so we can take appropriate steps to remove it.
 
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and provide additional notice where appropriate (such as a notice on our website or direct communication). Your continued use of our websites, Platform, or devices after changes to take effect constitutes acknowledgment of the updated Policy.
How to Contact Us
If you have questions or concerns about this Policy, or wish to exercise your privacy rights, contact: CredoSense Inc. Email (preferred): info@credosense.com. Mailing address: CredoSense Inc., C/O: VentureLAB, B114—3600 Steeles Ave E, Markham, ON L3R 9Z7, Canada.
 
Scope Clarification
This Policy applies to personal information processed by CredoSense in connection with our websites, Platform, devices, and related online services. It does not govern third-party websites or services that may be linked from or integrated with our systems. In the event of a conflict between this Policy and more specific privacy terms presented for a particular product, portal, or pilot program, the more specific terms will control that context.