data deletion policy
You can take your data back any time.
Your farm and financial data belongs to you — Spade is just the processor. Request a deletion below and our privacy team responds within 1–2 business days.
Soft delete
Hard delete
Backups purged
Request
Responds in 1-2 days
.png)
encrypted in transit · aes-256 at rest
01
Overview
Spade is designed to securely ingest, process, and analyze agricultural and financial data — while keeping ownership, transparency, and control with you.
Three principles guide everything below: the customer owns their data, access is permissioned and auditable, and data can be deleted or revoked at any time.
02
Where your data lives
Your data flows through four layers, each with its own purpose and protections.
Raw ingestion
Integrations and manual uploads land in encrypted cloud object storage (AWS S3 or equivalent). Files are transformed quickly and not directly user-accessible.
Processed data
Cleaned, normalized datasets and farm-level metrics live in our data platform (Databricks). This is what powers dashboards, analytics, and Spade AI.Integrations and manual uploads land in encrypted cloud object storage (AWS S3 or equivalent). Files are transformed quickly and not directly user-accessible.
Application data
Users, organizations, permissions, configurations and saved views live in our Postgres application database — the engine behind the Spade Farm product.
Derived & AI
Cached insights, aggregates and model outputs. No model training occurs on customer data without explicit consent.
03
Ownership & access
Your data is yours. Spade acts as a processor, not an owner.
Access is controlled by role — organization, site/farm, and feature level (view vs. edit). Internal access is limited to authorized employees, used only for support or customer-requested actions, and always logged.
Sharing — with lenders, processors, or anyone else — is explicit, scoped, revocable, and logged. Nothing leaves your organization without you saying so.
04
Retention
We hold each kind of data only as long as it serves you. Defaults below are configurable for enterprise accounts.
Raw ingestion data
30–90 days (configurable)
Processed data
Duration of active account
Application data
Duration of account
Audit & security logs
12–24 months
Encrypted backups
30–60 days, rolling
05
Deletion
Spade is designed to securely ingest, process, and analyze agricultural and financial data — while keeping ownership, transparency, and control with you.
Three principles guide everything below: the customer owns their data, access is permissioned and auditable, and data can be deleted or revoked at any time.
What may be retained: audit logs for legal and security purposes, and aggregated, anonymized data where applicable and disclosed.
Encrypted backups may continue to contain your data for 30–60 days before they’re automatically purged on the rolling backup window.
06
Security
Encryption at rest (AES-256) and in transit (TLS 1.2+). Role-based access with least-privilege defaults. Audit logs and access tracking across the platform.
Infrastructure runs on a secure cloud provider (AWS). Employee access is restricted and devices are managed via Vanta.
07
Portability
You can request an export of raw data, processed datasets, and reports (CSV, Excel) — delivered via secure download or API.
08
Third-party Integrations
Spade integrates with herd management systems, feed systems, and financial tools. Data is pulled over secure APIs or file ingestion, credentials are encrypted, and access can be revoked at any time.
09
Compliance & Trust
Spade aligns with SOC 2 (in progress), GDPR principles for access, deletion, and portability, and industry best practices for agricultural and financial data.
10
Incident Response
In the event of a data breach: immediate containment, internal investigation, customer notification within required timeframes, and remediation steps to prevent recurrence.
Download the policy as a PDF for your records.
download pdf
