R2Data2 LLC ("Company," "we," "us," or "our") operates the R2Data2 agricultural risk data platform and API at r2data2.com. This Privacy Policy describes how we collect, use, disclose, and safeguard information in connection with your use of our services.
This Privacy Policy applies to information collected through our website, API, and related services (collectively, the "Services"). By using the Services, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Services.
R2Data2 primarily serves business and professional users, including agricultural lenders, insurers, analysts, and developers. Our Services are accessible to any individual with a valid email address via our free tier. We do not knowingly collect personal information from individuals under the age of 18.
We collect the following information when you register for or use the Services:
We do not collect billing or payment information. All payment processing is handled entirely by Stripe. When you subscribe, we receive subscription metadata (customer ID and subscription ID) via Stripe webhook and retrieve the email address associated with your Stripe account to provision API access and send your API key. No card numbers, billing addresses, or payment method details are ever transmitted to or stored in our systems.
When you access the Services, we automatically collect certain technical information, including:
We do not collect sensitive personal information such as government identification numbers, financial account numbers, health information, or biometric data. We do not collect personal information about the end consumers or borrowers whose agricultural properties or loans may be analyzed using our Output Data — we process geographic, agronomic, and climate data, not consumer personal data.
We use the information we collect for the following purposes:
We do not sell your personal information to third parties. We do not use your information to train machine learning models offered to third parties.
We may share your information with trusted third-party service providers who assist us in operating the Services, including:
These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.
We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud.
If the Company undergoes a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to such transfer.
We do not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.
We retain your account information, including your email address, for as long as your account is active or as needed to provide the Services.
API usage data: We store daily aggregate request counts (requests per day per API key) and individual API request logs (endpoint, county FIPS code, response code, response time, and a SHA-256 hash of your API key) in our database. Request logs are periodically purged and are not retained indefinitely. Aggregate usage counts are retained for the life of the account. Infrastructure-level logs (including IP addresses and browser information) are retained by our hosting provider (Railway) in accordance with their own data retention policies.
If you close your account, we will delete or anonymize your personal information within ninety (90) days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.
We implement commercially reasonable technical and organizational measures to protect your information against unauthorized access, loss, alteration, or disclosure. These measures include encrypted data transmission (TLS/HTTPS), API key authentication, and access controls.
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords and protect your API keys. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.
We use a single session cookie (r2_admin_session) solely to maintain authenticated sessions for administrative access to the admin dashboard. This cookie is not set for standard API users or visitors to the public website.
We do not use analytics cookies, advertising cookies, or any third-party tracking technologies on r2data2.com. Blocking cookies has no effect on API access or standard website functionality.
You have the following rights with respect to your personal information:
To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within thirty (30) days.
California Residents (CCPA). If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise CCPA rights, contact us at [email protected].
EU and UK Residents (GDPR / UK GDPR). If you are located in the European Union or United Kingdom, you have rights under the GDPR or UK GDPR, including the rights of access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing your personal information is the performance of our contract with you (account management and API access) and our legitimate interests (security, abuse prevention, and service improvement). To exercise your rights or lodge a complaint with a supervisory authority, contact us at [email protected].
The Services may contain links to third-party websites or reference third-party data sources. This Privacy Policy does not apply to those third-party sites or services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access in connection with your use of R2Data2.
We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by sending an email to the address associated with your account or by posting a notice on r2data2.com at least fourteen (14) days before the change takes effect. Your continued use of the Services after the effective date of any update constitutes acceptance of the revised Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
R2Data2 LLC
Attn: Privacy
6701 Corporate Dr # 4494, Johnston, Iowa 50131
Email: [email protected]
This Privacy Policy is governed by the laws of the State of Iowa, without regard to its conflict of law provisions.