Privacy Policy

Vitagri Org Ltd ("Vitagri", "we", "us", "our") is a UK-registered company. This website, vitagri.org, is our primary online presence. We are the data controller for personal data processed through this site. For any privacy enquiry — including subject access requests — please contact us.

• Analytics data: If you accept cookies, we use Google Analytics 4 (property G-4FG5PSP8T5) to collect anonymised usage data — page views, referrers, device type, country. IP addresses are anonymised before storage. No personally identifiable information is recorded by analytics.
• Form submissions: When you submit a contact, application or feedback form, we collect the data you provide (name, email, organisation, your message). Forms are processed by Typeform and Netlify Forms.
• Research Partner accounts: If you apply for a Research Partner account or join Pulse AI, we store your name, email, organisation, role, and the answers you give in your application. We also store activity logs (logins, searches, reports generated) so we can serve those features back to you.
• Newsletter sign-ups: If you subscribe to our Substack or weekly bulletin, your email address is processed by the relevant mailing platform (Substack Inc.; Mailchimp/Resend) on our behalf.
• Download counts: We record anonymised aggregate download counts for whitepapers and PDFs.

• To respond to your enquiries and provide the service or report you requested.
• To run accounts, including authentication via magic links and access to gated tools (Pulse AI, evidence catalogue).
• To send administrative messages (account confirmations, trial expiry notices) and — only if you opt in — our weekly research bulletin.
• To improve the website and our research using anonymised, aggregated analytics.
• To meet legal and regulatory obligations.

We do not use your data for automated decision-making with legal or similarly significant effects, and we do not profile you for advertising.

We use a cookie consent banner. Essential preferences (e.g. your consent choice) are stored in localStorage. Google Analytics cookies (_ga, _gid) are only set if you click "Accept". You can withdraw consent at any time by clearing site data in your browser, after which the banner will reappear.

Your data may be processed by the following sub-processors, each acting under data-processing agreements that comply with UK GDPR:

• Google LLC — Google Analytics 4 (anonymised analytics).
• Typeform S.L. — form hosting.
• Netlify Inc. — site hosting and form storage.
• Anthropic PBC — Claude API powering Pulse AI conversations (only conversation content is sent; we never share your name or email with the model).
• Substack Inc. — newsletter delivery.
• Mailchimp / Resend — transactional and bulletin email.

We do not sell your personal data to anyone, ever.

Some of our processors are based in the United States. Where this is the case, transfers are protected by the UK–US Data Bridge, the EU–US Data Privacy Framework, and/or Standard Contractual Clauses adopted by the UK ICO.

• Form enquiries: retained for up to 24 months from your last contact.
• Research Partner accounts: retained while your account is active. Closed accounts are deleted within 90 days of closure.
• Analytics data: Google Analytics retains anonymised event data for 14 months.
• Newsletter subscriptions: retained until you unsubscribe.

Analytics: your consent (Article 6(1)(a)). Form responses, account operation, and transactional email: contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) in answering your enquiries and delivering the service you signed up for. Marketing emails: your consent. You may withdraw consent at any time.

Under the UK GDPR and Data Protection Act 2018 you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data deleted (the "right to be forgotten").
• Restrict or object to processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, contact us. We will respond within one calendar month.

We use HTTPS across the site. Account credentials are protected by passwordless magic-link authentication — we never store passwords. Personal data at rest is held in encrypted Netlify Blobs storage. Access to admin systems is limited to authorised Vitagri staff and protected by multi-factor authentication.

The site is intended for people aged 16 and over. We do not knowingly collect data from children under 16. If you believe a child has submitted data, please contact us and we will delete it.

We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be highlighted on the homepage for at least 14 days.

Questions about this policy or your data? Email us via the contact page, or write to: Vitagri Org Ltd, United Kingdom.