Skip to main content
Kallyx

Privacy Policy

Last updated: April 2026

What data we collect

Kallyx collects only the information necessary to provide personalized growing recommendations. When you create an account, we collect:

  • Email address -- for account login and password reset
  • Name -- to personalize your experience
  • Experience tier -- to tailor recommendations to your skill level
  • Site location (optional, user-provided) -- to provide region-specific growing data, frost dates, and climate information

We do not collect phone numbers, physical addresses, demographics, or any information beyond what is listed above.

How we use your data

Your data is used exclusively to:

  • Provide personalized growing recommendations based on your location and experience level
  • Send transactional emails (password reset, account notifications)
  • Improve the platform based on aggregate, anonymized usage patterns

We will never use your data for advertising, profiling, or any purpose other than helping you grow food successfully.

Data storage and security

Your data is protected through multiple layers of security:

  • Encrypted in transit -- all connections use TLS (HTTPS)
  • Encrypted at rest -- database storage uses encryption at the infrastructure level
  • Password hashing -- passwords are hashed using bcrypt; we never store plaintext passwords
  • Secure sessions -- authentication uses HttpOnly cookies that cannot be accessed by JavaScript

Our infrastructure is hosted on AWS with industry-standard security practices.

Third-party sharing

We do not share your data with third parties. Kallyx is a non-profit organization focused on making agricultural knowledge accessible. We have no advertising partners, no data brokers, and no analytics services that receive your personal information.

If you use Google sign-in, Google receives only the minimal information needed to authenticate you (OpenID, email, and profile name). We do not send any of your Kallyx data back to Google.

Cookies

Kallyx uses authentication cookies only. These are strictly necessary to keep you logged in and are not used for tracking, analytics, or advertising.

  • kallyx_access -- short-lived session token (15 minutes)
  • kallyx_refresh -- longer-lived refresh token (7 days), scoped to the auth refresh endpoint only

We do not use any tracking cookies, third-party cookies, or analytics pixels.

Your rights

You have the right to:

  • Access -- request a copy of all data we hold about you
  • Correction -- update or correct your personal information at any time through your account settings
  • Deletion -- request complete deletion of your account and all associated data
  • Export -- request an export of your data in a portable format

To exercise any of these rights, contact us at the email address below.

Contact

For privacy-related questions or requests, please contact us at:

[email protected]