Privacy Policy

Last updated: July 2026 · Draft — pending legal review

This policy explains what EveryHomestead (from Cross Timbers Homestead) — “EveryHomestead,” “we,” “us” — collects, why, where it's stored, and the choices you have. Our guiding principle is simple: your homestead records are yours. We don't sell your data, and you can export or delete it.

What we collect

  • Account info — your email and name, handled by our authentication provider (Clerk) when you sign up or are invited.
  • Your homestead data — everything you enter: animals, gardens, pastures, finances, tasks, notes, photos, map boundaries, and similar records.
  • Weather station data — if you connect a weather station, the readings it sends.
  • Technical data — limited log and request data (including IP address) used to keep the service secure and to rate-limit abuse.

Where your data lives

Data is processed and stored by a small set of service providers, primarily in the United States:

  • Railway — managed PostgreSQL database (your records) and app hosting.
  • Clerk — authentication (your login + account email).
  • Cloudflare — edge network / security in front of the app.
  • Microsoft (Graph) — sends transactional email from [email protected].

How we use it

To provide and maintain the app, keep your account secure, prevent abuse, send you transactional email (e.g. account or sharing notifications), and support, debug, back up, and improve the service. We do not sell your data or share it for advertising.

Your data is private to your household

Records are scoped to your household and are not visible to other users. The owner/operator may access the underlying database and logs as needed for maintenance, debugging, backups, and migrations.

Retention & deletion

When you delete a record it is soft-deleted and then permanently purged (currently after about 21 days). You can request deletion of your account and associated data at any time. You can also export your data whenever you like.

Backups & recovery:we keep regular infrastructure backups for disaster recovery, but they aren't a way to restore individual records — once a deleted record passes the ~21-day purge window, it is permanently gone and unrecoverable. Please keep your own exports of critical records (export is free).

Your rights

Depending on where you live (e.g. GDPR in the EU/UK, CCPA in California), you may have the right to access, correct, export, delete, or restrict processing of your personal data, and to object to certain uses. Contact us to exercise any of these — we honor them regardless of your location.

Security

We use reasonable measures including per-household data isolation, encrypted transport (HTTPS), and access controls. No method is perfectly secure, and we can't guarantee absolute security — keep your own copies of anything critical.

Children

The app isn't directed to children under 13 (or the minimum age in your country), and we don't knowingly collect their data.

Changes & contact

We may update this policy; material changes will be noted here with a new date. Questions or requests: [email protected].

See also our Terms of Service and Disclaimer.