1. Who We Are
Noktura is an agricultural image hosting and management platform designed for researchers, agronomists, and farmers working on weed detection, crop health monitoring, and precision agriculture.
Data Controller
Noktura
Email: support@noktura.tech
2. Data We Collect
We collect the following categories of personal data:
Account Data
- Email address (required)
- Full name (optional)
- Profile picture (optional)
- Organization name (optional)
- Country and region (optional)
Content Data
- Images you upload
- GPS coordinates in images
- Metadata (crops, growth stages)
- Dataset descriptions
- Annotations and labels
Usage Data
- Upload and download activity
- Storage usage
- Group memberships
- Search queries
Technical Data
- IP addresses
- User agent strings
- Authentication events
- Security-relevant actions
3. How We Use Your Data
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide the service | Performance of contract |
| Store and serve your images | Performance of contract |
| Process payments | Performance of contract |
| Security monitoring | Legitimate interest |
| Send service notifications | Performance of contract |
| Analytics (if consented) | Consent |
| Marketing (if consented) | Consent |
4. Data Sharing
We share data with the following third-party processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database | EU (Frankfurt) |
| Hetzner | Image storage (S3) | EU (Germany) |
| Stripe | Payment processing | EU/US |
| Vercel | Website hosting | Global (EU routing) |
| Open-Meteo | Weather data | Switzerland/EU |
| GBIF | Species taxonomy | EU (public API) |
We do NOT sell your personal data to third parties.
5. GPS Data Privacy
Images often contain GPS coordinates in EXIF metadata. We understand this can be sensitive information, particularly for agricultural operations. Noktura provides granular privacy controls:
- Dataset owners always see and receive precise GPS coordinates in their own downloads.
- Group members receive GPS based on the per-group location visibility setting chosen by the dataset owner when sharing:
- All: All group members see precise GPS coordinates
- Admins only: Only group admins and owners see precise GPS; regular members see region only
- None: No group members see precise GPS coordinates
- Region and country are always included in downloads regardless of GPS visibility settings.
- Downloaded images contain embedded EXIF GPS data only when the downloader has precise access. The DOWNLOAD_INFO.txt and metadata.json files also respect these privacy boundaries.
- Public datasets without a direct group share path default to coarse (region-only) GPS in downloads.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active accounts | Until deletion requested |
| Deleted account profile | Immediately deleted |
| Public datasets (orphaned) | Indefinitely (research value) |
| Private datasets (deleted account) | Immediately deleted |
| Audit logs | 90 days |
| Payment records | 7 years (legal requirement) |
| Download jobs | 30 days |
7. Your Rights (GDPR Articles 15-22)
- Access (Art. 15): Request a copy of your data
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17): Delete your account and data
- Restrict Processing (Art. 18): Limit how we use your data
- Data Portability (Art. 20): Export your data in machine-readable format
- Object (Art. 21): Object to processing based on legitimate interest
- Withdraw Consent (Art. 7): Withdraw consent at any time
To exercise these rights: Use the Settings page in your account or email support@noktura.tech. Response time: We respond within 30 days.
8. Cookie Policy
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
sb-* | Supabase auth | Session | Necessary |
noktura-consent | Cookie preferences | 1 year | Necessary |
_ga, _gid | Google Analytics | 2 years | Analytics |
Necessary cookies are essential and cannot be disabled. Analytics cookies require your consent.
9. International Transfers
Your data may be transferred to countries outside the EU/EEA. We ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs) with US-based processors
- EU-based hosting for primary data storage (Supabase EU, Hetzner Germany)
10. Data Security
We implement appropriate technical and organizational measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Row-Level Security (RLS) database policies
- Security audit logging and regular security reviews
- Magic byte validation for uploaded files
11. Children's Privacy
Noktura is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.
12. Changes to This Policy
We may update this policy periodically. Significant changes will be notified via:
- Email to registered users
- Banner notification in the application
- Requirement to re-accept updated terms
13. Contact Us
For privacy-related inquiries: support@noktura.tech
For complaints, contact your local Data Protection Authority: edpb.europa.eu.