Privacy Policy
1. Who We Are
TimberSentry ("we," "us," "our") is a SaaS platform for satellite-based timber stand health monitoring. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights over it.
2. Information We Collect
We collect only the data needed to provide and improve the Service:
| Category | Examples | Source |
|---|---|---|
| Account information | Name, email address, hashed password, account tier, registration date | Provided by you at sign-up |
| Stand boundaries | GeoJSON polygons representing your timber stand footprints, stand name, stand type, acreage | Drawn in the browser or uploaded as KMZ/KML/Shapefile |
| Vegetation scan history | Scan date, NDVI, NDMI, BSI, LAI Proxy values, health verdict, cloud cover percentage, PDF report files | Generated automatically by our satellite processing pipeline |
| Compliance records | EUDR package metadata, forest sustainability report entries, monitoring activity log entries (observation text, dates, statuses) | Entered by you in the compliance modules |
| Fire alert records | NASA FIRMS hotspot coordinates, proximity to your stands, alert timestamps | Generated automatically by our fire-monitoring pipeline |
| Billing data | Stripe customer ID, subscription ID, plan tier, billing status | Created during subscription checkout via Stripe |
| Technical/log data | IP address (server logs), browser type, page access timestamps, error logs | Automatically collected by the web server |
2.1 Social / Third-Party Authentication (Google Sign-In)
We offer the option to sign up and sign in using Google Sign‑In. When you choose this option, you authorise Google to share certain profile information with TimberSentry depending on the scopes requested. Typical information we receive may include:
- Basic profile information (name, profile picture) – if permitted by you
- Email address (verified) – used as your account identifier
- Google subject identifier (`sub`) – a unique, stable identifier used to link the Google identity to your TimberSentry account
How we use it: we use Google-provided information only to create or authenticate your account, pre-fill profile fields, and to contact you for account-related matters. We do not store Google access tokens for long-term use and we do not publish on your behalf or share your Google account data with third parties except as required to provide the Service (e.g., to create a Stripe customer when you subscribe).
Disconnecting / revoking access: you may disconnect your Google account from TimberSentry in your account settings, or revoke TimberSentry's access from your Google Account permissions page. If you disconnect and you have no password or other login method on file, you must set a local password or your account may become inaccessible; contact support if you need assistance.
We do not collect: credit card numbers (handled entirely by Stripe), government ID, or sensitive personal categories as defined by GDPR.
3. How We Use Your Information
- Service delivery: To process and display satellite scan results, generate PDF reports, send health verdict and fire-alert notifications, and operate the compliance modules.
- Account management: To authenticate you, enforce subscription limits, and communicate important service updates.
- Billing: To manage your subscription through Stripe, process payments, and handle cancellations.
- Platform improvement: Aggregated, de-identified usage patterns (e.g., average stand size, feature usage frequency) may be used to improve the Service. Individual account data is not used for this purpose without explicit consent.
- Security and abuse prevention: Server logs are retained to detect and respond to security incidents.
- Legal compliance: To comply with applicable laws or respond to valid legal requests from authorities.
4. Third-Party Services and Data Sharing
TimberSentry queries external APIs to deliver the Service. The following table lists what data leaves our servers and under what conditions:
| Third Party | Purpose | Data Sent | Their Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing and subscription management | Name, email, subscription plan | stripe.com/privacy |
| ESA / Copernicus STAC API | Retrieving Sentinel-2 satellite imagery for your stand areas | Bounding box coordinates of your stand polygons (no account identifiers) | dataspace.copernicus.eu |
| NASA FIRMS | Fetching active fire hotspot data near your stands | Bounding box of your stand regions (no account identifiers) | firms.modaps.eosdis.nasa.gov |
We do not sell your personal information. We do not share personal data with advertisers, data brokers, or any third parties beyond those listed above.
4.1 Legal Basis for Processing (where applicable)
Where the General Data Protection Regulation (GDPR) or similar laws apply, our lawful bases for processing personal data include:
- Performance of a contract: processing necessary to provide the Service and manage subscriptions.
- Legal compliance: processing necessary to comply with legal obligations.
- Legitimate interests: aggregate analytics, fraud prevention, and platform security, balanced against user rights.
- Consent: optional features that require explicit consent (we will request consent where required by law).
4.2 Data Controller & Contact
The data controller for TimberSentry is the operator of the Service. For privacy requests or questions, contact our privacy team at [email protected]. If you are a resident of the European Economic Area and wish to exercise GDPR rights, please contact us and we will route your request to the appropriate internal contact.
5. Stand Boundary Data
Your stand boundary polygons are your property (see our Terms of Service §8). We send only anonymous bounding box coordinates to satellite and fire API endpoints — we never transmit your account identity, name, or email to those services. Your specific polygon geometry is stored only on TimberSentry servers and is never shared with or sold to any third party.
6. Data Retention
- Active accounts: All account data, scan history, and compliance records are retained indefinitely while your account remains active.
- After cancellation or account deletion: Data is delete from our servers. Stand boundaries, scan history, compliance records, and notification history are permanently and irreversibly deleted.
- Server logs: Web server access and error logs may be retained for up to 90 days for security purposes, then deleted.
- Backup copies: Database backups may retain deleted data for up to an additional 30 days beyond the retention window before being purged from backup storage.
7. Cookies and Tracking
TimberSentry uses a minimal cookie footprint:
- Session cookie: A single, HttpOnly, Secure session cookie is set upon login to maintain your authenticated session. It expires when you close your browser or log out explicitly.
- CSRF token: A CSRF protection token is embedded in forms and AJAX requests to prevent cross-site request forgery.
- No advertising or tracking cookies: We do not use Google Analytics, Facebook Pixel, or any third-party advertising/tracking scripts.
8. Data Security
We implement industry-standard security measures appropriate for a SaaS platform, including:
- TLS/HTTPS encryption for all data in transit.
- Bcrypt-hashed passwords — we never store plaintext passwords.
- CSRF protection on all state-modifying requests.
- Parameterised SQL queries throughout to prevent SQL injection.
- Network-level firewall isolating the database from public internet access.
- Regular software updates and security patching.
No security measure is 100% foolproof. In the event of a data breach that affects your personal information, we will notify you via the email address on your account within 72 hours of becoming aware of the breach, consistent with applicable data breach notification laws.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your account and associated personal data, subject to retention obligations above.
- Data portability: Export your stand boundaries and scan history in a machine-readable format (available via the dashboard export feature).
- Objection / restriction: Object to or request restriction of certain processing activities.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9.1 Additional Notes About OAuth / Google Data
If you used Google Sign‑In, you may also revoke TimberSentry's access directly from your Google account. Revocation prevents further sharing of profile data from Google to TimberSentry but does not automatically erase the TimberSentry account data we have already stored. To delete account data held by TimberSentry, submit a deletion request to [email protected].
10. Children's Privacy
TimberSentry is intended for use by adults and business entities. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that a minor's data has been collected, we will delete it promptly.
11. International Users
TimberSentry is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from those of your country. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure that personal information is treated securely and in accordance with this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.
13. Contact
For privacy questions, data requests, or concerns about this policy:
- Email (privacy): [email protected]
- Email (general support): [email protected]
- Website: timbersentry.com