Privacy Policy

Privacy Policy

Last updated: May 13, 2026

This Privacy Policy describes how BarnDesk LLC (“BarnDesk,” “we,” “us,” or “our”) collects, uses, and shares information about you when you access or use the BarnDesk farm management software, including our website at thebarndesk.com, our iOS mobile application, and related services (collectively, the “Service”). BarnDesk LLC is a Wyoming limited liability company. By using the Service, you agree to the practices described in this Privacy Policy.

The Service is intended for use by farmers and farm operators located in the United States. We do not market the Service outside the United States and do not knowingly process personal information of individuals located in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States.

1. Introduction

BarnDesk provides multi-tenant farm management software designed for small and mid-sized family farms with mixed livestock. This Privacy Policy applies to all users of the Service, including farm owners, members invited to a farm, and visitors to our website. It does not apply to third-party websites, services, or applications you may access through the Service, even if linked from within the Service.

If you do not agree with our practices, do not access or use the Service. We may update this Privacy Policy from time to time as described in Section 13.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information received from third parties.

2.1 Information You Provide Directly

• Account information: name, email address, password (stored as a salted, irreversible hash), and any profile details you choose to add.
• Farm and livestock data: animal records (including identification, breed, sex, age, weight, and acquisition information), breeding history, health events, FAMACHA scores, vaccination records, medication and withholding logs, pasture rotations, equipment logs, and any other data you enter to operate your farm.
• Financial records: expense entries, income records, Schedule F categorizations, and uploaded receipt images. We treat your financial and farm operations data as sensitive and protect it accordingly, even where the data does not strictly meet a legal definition of “sensitive personal information.”
• Communications: messages you send to support, feedback you submit, and the content of emails you send to or receive from us.
• Subscription information: subscription tier, billing status, and renewal dates received from our subscription processor. We do not directly receive or store full payment card numbers; payment is processed by Apple.
• Farm member information: when you invite another person to access your farm, we collect their email address (provided by you) for the purpose of sending the invitation. When they accept, we treat them as a separate account holder under this Privacy Policy.

2.2 Information Collected Automatically

• Device and usage information: device type, operating system, app version, IP address, time zone, and language settings.
• Log data: server logs that record requests made to our infrastructure, including timestamps, URLs accessed, and error states. Log data is used for security monitoring and debugging and is not associated with marketing or advertising.
• Cookies and equivalent technologies on the website, and equivalent technologies (local storage, SDK identifiers, authentication tokens) in our mobile application. See Section 11 for full details. We do not use cross-site advertising trackers, behavioral analytics tools, or third-party advertising cookies.

2.3 Information Received From Third Parties

• Authentication providers: when you sign in using Apple ID or Google, we receive your name, email address, and a unique identifier from the provider, in accordance with the permissions you grant.
• Subscription provider: our subscription management provider sends us status events (active, expired, refunded, grace period) so we can grant or revoke access to paid features.

3. Sensitive Information

Some information you submit may be treated as sensitive under applicable laws, including financial information and information related to the health of your livestock. Although livestock health is not “personal health information” of a human being, we apply the same protective measures to it as we would to other sensitive data: encryption in transit and at rest, strict role-based access, and limited retention. We do not use any sensitive information to infer personal characteristics, and we do not share sensitive information with third parties for advertising purposes.

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Authenticate you and secure your account.
• Process subscriptions and grant access to paid features.
• Process receipt images submitted by you to extract structured data, as described in Section 5.
• Send transactional communications such as receipts, password resets, security alerts, and subscription notices.
• Send service-related communications such as feature announcements and reminders, only where you have opted in. You may opt out at any time.
• Respond to your support requests.
• Detect, investigate, and prevent fraudulent, abusive, or illegal activity.
• Comply with legal obligations and enforce our Terms of Service.
• Generate aggregated, de-identified analytics about how the Service is used.

5. Receipt Image Processing and Artificial Intelligence

When you upload a receipt image, we send the image to a third-party artificial intelligence provider for the purpose of optical character recognition (OCR). The provider extracts structured information such as vendor name, date, amount, and line items, and returns that information to us so we can populate your expense record.

• Data minimization: only the receipt image you submit is sent to the AI provider. We do not send your account credentials, your account ID, your other farm data, or other receipt images alongside the image being processed.
• No human review: receipt processing is fully automated. No employee, contractor, or other person at BarnDesk LLC or at the AI provider routinely reviews the contents of your receipts.
• No model training: under our agreement with the AI provider, your receipt images and the extracted text are not used to train artificial intelligence models.
• Provider retention: the AI provider’s terms allow them to retain inputs and outputs for a limited period for trust and safety purposes (typically up to 30 days). After that, the provider deletes the data from its systems.
• Our retention: we retain receipt images in our storage while your account remains active and the related expense record exists. If you delete an expense, the corresponding receipt image is deleted within 30 days. If you close your account, all receipt images are deleted following the 30-day account-deletion grace period described in Section 7. Extracted structured data (vendor, amount, date, category) is retained for as long as the related expense record exists in your account. You are responsible for maintaining your own tax records — we recommend exporting your receipts and Schedule F data annually using the export tools provided in the Service.

6. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share information only in the following limited circumstances.

6.1 Service Providers

We share information with vendors who process data on our behalf to operate the Service. These providers are contractually obligated to use the information only for the services they provide to us and to maintain commercially reasonable security. Current providers are:

• Supabase, Inc. — database, authentication, file storage, and serverless function hosting.
• Resend, Inc. — transactional and opt-in email delivery, including delivery and engagement reporting.
• RevenueCat, Inc. — subscription state management and Apple App Store webhook processing.
• Anthropic, PBC — vision-based optical character recognition of receipt images, as described in Section 5.
• Functional Software, Inc. (d/b/a Sentry) — application error monitoring and crash reporting. Sentry is not a behavioral analytics tool and does not track marketing activity.
• Apple Inc. and Google LLC — authentication services that you may optionally use to sign in.
• Apple Inc., through the Apple App Store — payment processing for Apple App Store subscriptions.

6.2 Other Members of Your Farm

BarnDesk is multi-tenant. When you create or are invited to a farm, you become a member of that farm. All members of a farm can view records belonging to that farm. The farm owner can manage memberships, including removing members. When a member is removed, that person loses access to the farm’s data immediately, but data they previously created remains in the farm. See Section 9 for additional details.

6.3 Legal Requirements

We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, valid legal process, or governmental request; to enforce our Terms of Service; to protect the rights, property, or safety of BarnDesk, our users, or others; or to investigate fraud, security, or technical issues.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

6.5 With Your Consent

We may share information with your consent or at your direction, for example when you choose to invite another farm member.

7. Data Storage, Security, and Retention

We use commercially reasonable technical and organizational measures to protect the information we collect. Data is stored on servers located in the United States. Database connections are encrypted in transit, and data at rest is encrypted by our infrastructure provider. Role-based access controls ensure that members of one farm cannot access data of another farm. Access to production systems by BarnDesk personnel is limited and logged.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. We maintain an internal incident response procedure and will notify affected users of confirmed security incidents as required by applicable law.

We retain your information for as long as your account is active or as needed to provide the Service. If you cancel your subscription or delete your account, we will delete or de-identify your personal information within 30 days, except where we are required to retain information for legal, tax, or security purposes (for example, transaction records may be retained for up to seven years to comply with tax record-keeping requirements; these are stored separately and access is limited to those uses).

Receipt images are retained while your account is active and the related expense exists. They are deleted within 30 days of either (a) deletion of the underlying expense record, or (b) closure of your account, following the grace period described above. You are responsible for maintaining independent copies of your tax records; we provide export tools to support this. Extracted structured data persists with the related expense record.

8. Your Privacy Rights

Depending on where you live, you may have the following rights:

• Access: request a copy of the personal information we hold about you.
• Correction: request that we correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information, subject to legal exceptions.
• Portability: receive your information in a portable, machine-readable format. The Service provides export tools for your farm data.
• Objection or restriction: object to or restrict certain processing.
• Withdrawal of consent: where processing is based on your consent, withdraw consent at any time.

California residents have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right to opt out of the sale or sharing of personal information.

BarnDesk does not sell personal information and does not share personal information for cross-context behavioral advertising. As such, no opt-out of sale or sharing is technically required, but you may still submit a “Do Not Sell or Share” request to us using the contact information in Section 14, and we will confirm in writing that no such activity occurs.

We honor the Global Privacy Control (GPC) browser signal where applicable law requires. If your browser sends a GPC signal, we treat it as a request to opt out of any sale or sharing of your personal information.

To exercise any privacy right, contact us at support@thebarndesk.com. We will respond within the timeframe required by applicable law (generally 45 days under CCPA, with one allowed extension). We may need to verify your identity before fulfilling your request.

9. Multi-Tenant Farms and Member Data

BarnDesk is structured around farms. A farm has one owner and may have additional members invited by the owner.

• The farm owner is treated as the controller of the farm’s data and is responsible for managing memberships.
• Members can create, view, and modify farm data while they are members of the farm. Records they create attribute to them but belong to the farm.
• When a member is removed from a farm, they immediately lose access to the farm’s data. Records they created previously remain with the farm.
• A privacy rights request (access, deletion, correction) submitted by a member affects only their own personal account information, not the farm’s records. To delete a farm and all of its records, the farm owner must initiate that deletion.
• Inviting another person to your farm requires their consent. We will not add them to your farm until they accept the invitation through their own BarnDesk account.

10. Children’s Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under that age. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at support@thebarndesk.com and we will delete that information.

11. Cookies and Tracking Technologies

This section describes how we use cookies and equivalent technologies on our website at thebarndesk.com and in our iOS mobile application. We do not maintain a separate Cookie Policy document; the practices described here are the complete description of our use of these technologies.

11.1 What Cookies Are

Cookies are small text files that are placed on your device when you visit a website. Similar technologies — including web beacons, pixels, software development kit (SDK) identifiers, and local storage — serve comparable purposes. We refer to all of these collectively as “cookies” in this section.

Cookies set by the operator of the website you are visiting are called “first-party cookies.” Cookies set by parties other than the website operator are called “third-party cookies.”

11.2 Categories of Cookies We Use

We group the cookies on our properties into three categories: strictly necessary, error monitoring, and preferences. We do NOT use third-party behavioral analytics tools such as Google Analytics, Mixpanel, or Segment, and we do NOT serve any advertising or use advertising cookies.

• Strictly necessary cookies: essential for the Service to function. Examples include authentication session cookies (set by Supabase Auth) that keep you signed in, cross-site request forgery (CSRF) tokens that protect against forged requests, and load balancer cookies that route requests consistently. You cannot disable these cookies and continue to use the Service. No consent is required for these cookies.
• Error monitoring cookies: Sentry sets a session identifier in your browser to correlate crash reports across a session, so we can debug errors. Resend embeds tracking pixels in transactional and opt-in emails to report delivery and open events; these pixels are only embedded in emails we send, not on the website itself.
• Preference cookies: remember choices you make to give you a better experience, such as dashboard layout, sort order, theme preference (light or dark), and language settings. Disabling preference cookies will not prevent you from using the Service, but you may need to re-set your preferences each session.

11.3 Third-Party Cookies and SDKs

Some cookies and SDK identifiers are set by third-party services we integrate with. We do not control these cookies, and you should review the third party’s own privacy and cookie policies for details. Third parties currently used:

• Supabase, Inc. (Supabase Auth) — sets first-party-equivalent session cookies on our domain to manage authentication.
• Functional Software, Inc. (d/b/a Sentry) (Sentry) — sets a session identifier in your browser to correlate crash reports.
• Resend, Inc. (Resend) — embeds tracking pixels in transactional and opt-in emails to report delivery and open events.
• RevenueCat, Inc. (RevenueCat) — uses SDK identifiers in the iOS app to track subscription state.
• Apple Inc. (Sign in with Apple) and Google LLC (Sign in with Google) — set their own cookies during sign-in. These cookies are governed by Apple’s and Google’s respective policies.

11.4 How Long Cookies Last

Cookies fall into two general categories based on how long they persist:

• Session cookies expire when you close your browser. Used for authentication, CSRF protection, and short-lived state.
• Persistent cookies remain on your device for a set period or until you delete them. Used for preferences and longer-lived sessions.

The maximum lifetime for any persistent cookie we set is 12 months.

11.5 How to Manage Cookies

Most browsers allow you to control cookies through their settings. You can typically refuse all cookies, refuse third-party cookies only, delete cookies after each session, or be prompted before a cookie is stored. Disabling strictly necessary cookies will prevent the Service from functioning correctly — you will not be able to sign in. To manage cookies in popular browsers, see:

• Apple Safari: support.apple.com/guide/safari/manage-cookies-sfri11471
• Google Chrome: support.google.com/chrome/answer/95647
• Mozilla Firefox: support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop
• Microsoft Edge: support.microsoft.com/microsoft-edge

11.6 Global Privacy Control and Do Not Track

BarnDesk honors the Global Privacy Control (GPC) browser signal where required by applicable law (for example, under the California Consumer Privacy Act). If your browser sends a GPC signal, we will treat it as a request to opt out of any sale or sharing of your personal information for cross-context behavioral advertising. We do not currently engage in any such activity, but we will continue to honor the signal as a matter of policy. There is no industry-standard interpretation of the older “Do Not Track” (DNT) signal, and we currently do not respond to DNT signals separately from GPC.

11.7 Cookies in Our Mobile Application

Our iOS application does not use traditional browser cookies. It uses equivalent technologies — including local device storage, authentication tokens, and SDK identifiers — that serve comparable purposes. The categories described in Section 11.2 (strictly necessary, error monitoring, preferences) apply equivalently to these technologies, and the third parties listed in Section 11.3 may also receive identifiers through SDKs included in the mobile application.

Apple provides system-level controls for tracking and identifiers, including App Tracking Transparency (ATT). Our application does not currently request ATT permission because we do not engage in cross-app tracking. If we ever introduce a feature that requires ATT, we will request your permission through the standard iOS prompt before tracking.

12. International Users

BarnDesk is operated from the United States and is intended only for users in the United States. We do not direct the Service to users outside the United States. If you access the Service from outside the United States, you do so at your own initiative and your information will be transferred to, stored in, and processed in the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice in the Service, sending an email to the address associated with your account, or both, at least ten (10) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

Email: support@thebarndesk.com

Postal address: BarnDesk LLC, 30 N Gould St Ste N, Sheridan, WY 82801

— End of Privacy Policy —