Privacy Policy

1. Who we are

GreenLab ("GreenLab", "we", "us", or "our") is a smart-agriculture service that helps farmers monitor their fields and receive clear, actionable recommendations. GreenLab is operated by Lefter Prifti, based in Tirana, Albania.

For any privacy-related matter, you can contact us at:

• Email: info@greenlab.ai
• Website: www.greenlab.ai

We are the data controller responsible for the personal data described in this policy.

2. Scope

This policy explains how we collect, use, share, and protect personal data when you use the GreenLab mobile app, web dashboard, sensors, and related services (together, the "Service"). It applies to our customers, the people who use accounts on their behalf, and anyone who contacts us.

3. What data we collect

Account and contact data. Your name, the name of your farm or business, email address, phone number, role, login credentials, and language preference.

Farm and field data. The location and boundaries of your fields, crop types, growth stages, and other agronomic details you enter or that are needed to generate recommendations. Field locations are geographic data tied to a specific place.

Sensor data. Readings from sensors installed on your farm, such as soil temperature, soil moisture, electrical conductivity (EC), air temperature, and humidity, together with device identifiers and timestamps.

Satellite and weather data. Satellite-derived vegetation indices (for example NDVI, NDMI) for your fields, and weather and forecast data for your area, which we obtain from third-party providers and associate with your fields.

Application and compliance records. Records you log or that the Service generates about fertilizer, pesticide, and water/irrigation use, used for recommendations and for traceability and compliance reporting.

Usage and technical data. How you interact with the app and dashboard, device type and operating system, app version, IP address, log data, and push-notification tokens used to send you alerts.

Communications. Messages, support requests, and feedback you send us, and our responses.

We do not intentionally collect special categories of data (such as health or biometric data). Please do not send us such data through the Service.

4. How and why we use your data

We use your data to:

• Provide the Service — process sensor, satellite, weather, and field data to generate monitoring views and recommendations.
• Send you notifications and alerts, including daily guidance such as watering and fertilization instructions.
• Maintain application and traceability records and produce compliance reports you request.
• Create and manage your account and authenticate you.
• Provide customer support and respond to your requests.
• Improve and develop the Service, including calibrating and improving our recommendation models. Where we use your data to improve models, we use it in aggregated or de-identified form wherever possible.
• Send service-related communications and, where you have agreed, occasional product updates.
• Comply with legal obligations, and establish, exercise, or defend legal claims.
• Keep the Service secure and prevent fraud or misuse.

5. Legal bases for processing

Under Albanian data protection law (Law No. 124/2024) and the GDPR, we rely on the following legal bases:

• Performance of a contract — to provide the Service you have signed up for.
• Legitimate interests — to secure, support, and improve the Service, provided your rights do not override those interests.
• Consent — for optional things such as marketing messages or any non-essential cookies; you can withdraw consent at any time.
• Legal obligation — where we must process data to comply with the law.

6. Who we share data with

We do not sell your personal data. We share it only with:

• Service providers (processors) who help us run the Service under contract, such as cloud hosting and data-storage providers, sensor and hardware/connectivity providers, satellite-imagery providers, weather-data providers, AI/processing infrastructure, push-notification and email delivery providers, and analytics tools.
• Professional advisers such as lawyers, accountants, and auditors, where needed.
• Authorities or third parties where required by law, to comply with a legal obligation, or to protect our rights, safety, or property.
• In a business transfer — if GreenLab is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this policy.

We require our processors to protect your data and use it only on our instructions.

7. International transfers

Some of our providers may store or process data outside Albania, including in the European Economic Area or other countries. Where we transfer data outside Albania, we do so only to countries recognized as providing an adequate level of protection, or under appropriate safeguards such as standard contractual clauses, in line with Law No. 124/2024 and GDPR requirements.

8. How long we keep data

We keep personal data for as long as your account is active and for as long as needed to provide the Service. After that, we keep it only as long as necessary to comply with legal obligations (for example, compliance and traceability records may need to be retained for a set period), resolve disputes, and enforce our agreements. When data is no longer needed, we delete it or irreversibly anonymize it.

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with the supervisory authority.

To exercise any of these rights, contact us at info@greenlab.ai. We will respond within the timeframes required by law. You also have the right to complain to the Commissioner for the Right to Information and Protection of Personal Data (Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale) in Albania.

10. Security

We use appropriate technical and organizational measures to protect your data, including access controls, encryption in transit where appropriate, and secure infrastructure. The Service is designed to buffer sensor data locally if connectivity is interrupted and sync it once the connection is restored. No system can be guaranteed completely secure, but we work to protect your data and to address any incident promptly.

11. Cookies and similar technologies

Our website and dashboard may use cookies and similar technologies to operate the Service, remember your preferences, and understand usage. You can control non-essential cookies through your browser or any consent tool we provide.

12. Children

The Service is intended for farmers and agricultural businesses and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you through the Service or by email and update the "Last updated" date above. Continued use of the Service after changes take effect means you accept the updated policy.

14. Contact us

If you have questions about this policy or how we handle your data, contact us at:

• GreenLab — info@greenlab.ai