Privacy Policy

How we handle your data

Overview

save.ag is a regenerative agriculture knowledge platform operated by save.ag, a California Public Benefit Corporation, founded and chaired by Ian Murdock. This policy explains what data we collect, how we use it, and what we commit to never doing with it.

The core commitment: Personal data is used for the user's benefit, not the platform's — with the subscription fee as the only platform-side return on personalization. Information you share with save.ag improves your own results. It is never sold, never shared with third parties for their own purposes, and never used to influence what other users see.

For the specific terms governing paid subscriptions and your rights as a subscriber, see our Terms of Service.

What We Collect

When you ask a question (Ask feature):

  • Your question text is sent to our server to generate an answer
  • Questions are logged for quality improvement. For anonymous users, no personal identifiers are stored with queries. For authenticated users, queries are associated with your account but are not used to build advertising or third-party profiles.
  • Questions are sent to third-party AI providers to generate your response — see the AI-Generated Content section for details

When you browse the site:

  • Standard web server logs (IP address, page requested, timestamp, browser type) retained for 30 days for security monitoring
  • Anonymous, aggregate page view counts via self-hosted analytics (see Analytics section below)

When you sign in:

  • Email address and hashed password (bcrypt)
  • Session cookies for maintaining your login state

When you create a profile (paid accounts):

Paid-tier accounts provide profile context so that guidance, search results, and recommendations are tailored to your specific situation. Profile components may include: location and climate context, operation characteristics, expert affinity, and research preferences. You choose what to provide. All profile data is used exclusively to personalize your experience on save.ag.

How We Use Your Data

All data we collect is used to operate and improve save.ag for you:

  • Query logs: Improve answer quality and identify knowledge gaps
  • Server logs: Security monitoring and uptime
  • Account credentials: Authenticate your sessions
  • Profile data: Personalize guidance, search results, and recommendations to your specific context
  • Aggregate analytics: Understand which pages and features are useful so we can improve them

We do not use your data for advertising, profiling for third parties, or any purpose unrelated to providing you with better regenerative agriculture guidance.

Implicit Signals

Beyond data you explicitly provide, save.ag observes behavioral signals as you use the platform: which questions you ask, which pages you visit, which sections you expand.

Aggregate only, never individual: Behavioral signals are processed only in aggregate — we see that a topic is frequently visited, not that you specifically visit it. These aggregate signals inform editorial decisions. They are never attributed to individual users, never used to build a behavioral profile tied to your account, and never shared with third parties.

What We Don't Do

  • We do not sell, rent, license, or share your data with third parties for their own purposes
  • We do not use your data to influence what other users see — there is no collaborative filtering, no "users like you" recommendation engine, and no aggregated behavior shaping content for others
  • We do not use third-party analytics services (our analytics are self-hosted — no analytics data leaves our infrastructure)
  • We do not use advertising cookies, retargeting, or tracking pixels
  • We do not use fingerprinting or cross-site tracking
  • We do not build advertising profiles or share data with ad networks

Cookies

save.ag uses only functional cookies that serve your experience directly:

  • Introduction cookie (saveag_introduced): Remembers that you have seen the full homepage introduction. First-party, 1-year expiry, SameSite=Lax. Contains no personal information.
  • Profile nudge cookie (saveag_nudge_dismissed): Set when you dismiss the profile completion banner. 30-day expiry, SameSite=Lax. Contains no personal information.
  • Session cookie (authenticated accounts): Maintains your login state. First-party, HttpOnly, Secure, SameSite=Lax. Expires when you log out or after 24 hours of inactivity.

We do not use analytics cookies, advertising cookies, or any third-party cookies.

Analytics

save.ag uses Umami (opens in new window), a privacy-focused, self-hosted analytics tool. All analytics data stays on our own infrastructure. No cookies are set for analytics purposes. No personal information is collected. The analytics script respects Do Not Track browser settings. We see only aggregate counts: which pages are visited, not who visits them.

Third-Party Services

save.ag uses the following external services. Fonts (Poppins) are self-hosted — no data is sent to Google Fonts or any font CDN.

  • Cloudflare (CDN and DNS): All traffic to save.ag passes through Cloudflare's infrastructure, which processes your IP address for DDoS protection and security.
  • Cloudflare Turnstile: Privacy-preserving CAPTCHA used on contact and submission forms. Evaluates bot likelihood without setting persistent tracking cookies.
  • Nominatim / OpenStreetMap: Geocoding service for location text in queries. Results are cached to minimize API calls.
  • Open-Meteo: Climate data service for USDA hardiness zone calculation. Results are cached for 90 days.
  • Google (contact form relay): Contact form submissions pass through Gmail's SMTP infrastructure.
  • Resend (transactional email): Account verification and password reset emails.
  • Payment processor: Subscription payments processed by a third-party processor. save.ag does not receive or store raw card numbers.

AI-Generated Content

save.ag uses AI to synthesize information from indexed sources. When you use the Ask feature, your question is processed by OpenRouter (opens in new window). No training: All providers operate under no-training agreements. Your questions and profile context are not used to train AI models.

Data Security

We protect your data with: HTTPS encryption for all connections (HSTS enforced), bcrypt password hashing, Content Security Policy headers, HttpOnly/Secure/SameSite cookie attributes, and encrypted database credentials and secrets management.

Your Rights

You have the right to: request information about what data we hold about you, request export of your profile data, request deletion of your account and all associated data, update or remove any part of your profile at any time, and use the site without creating an account. To exercise these rights, contact us at [email protected].

Changes to This Policy

We may update this privacy policy as our services evolve. Significant changes are noted on this page with an updated date. New cookies or data collection practices are disclosed here before they are introduced.

Last Updated

This privacy policy was last updated on May 5, 2026.