Legal · CoreTurf

Privacy Policy

How CoreTurf handles your data. Short version: your lawn data stays on your device unless you opt in to cloud backup.

Lawn data on your device by default
Optional account for cloud backup
No advertising or tracking
Cloud data stored in Sydney, Australia
Note · Internal Testing

This policy is in place for the Play Store internal testing track soft launch. It accurately reflects the app's current data handling. Before any public or commercial release, have this document reviewed by a solicitor familiar with Australian Privacy Law.

1. Introduction

CoreTurf ("the app") is a lawn care management application developed and operated by K-Tech Industrial Pty Ltd ("we", "us", "our").

CoreTurf helps lawn enthusiasts and turf managers track growing degree days (GDD), manage products and inventory, log pesticide and fertiliser applications, and monitor their lawn's health over time.

This Privacy Policy explains what information CoreTurf collects, how it is used, and your rights regarding that information. By using the app, you agree to the practices described in this policy.

2. Information We Collect

2.1 Location Data

When you use CoreTurf, you may be asked to grant access to your device's location. We collect your device's GPS coordinates (latitude and longitude) for the following purposes:

  • To determine the weather conditions at your lawn's location
  • To fetch local soil temperature data for growth tracking

Location access is requested only when you add a new site or tap "Use current location." You may instead enter your suburb or postcode manually, in which case approximate coordinates are derived from that text — your precise GPS coordinates are never accessed.

Location coordinates are stored locally on your device as part of your site records. They are transmitted only to Open-Meteo (see Section 4) for the purpose of retrieving weather data.

2.2 Photos

If you use the photo strip feature within Sites, the app accesses your device's camera or photo library via the system's standard media picker. Photos you select or capture are stored locally on your device only within the app's private storage directory. They are never transmitted to us or any third party.

2.3 Diagnostic and Usage Data

CoreTurf uses Google Firebase to collect two categories of diagnostic information automatically:

  • Crash reports: If the app crashes or encounters an unhandled error, a report is automatically sent to Firebase Crashlytics. This report includes the error message, a technical stack trace, your device model, Android OS version, and app version. It does not include your name, email, location, or any lawn data.
  • Usage analytics: Firebase Analytics collects anonymous session data, including which screens you visit and how long you use the app. This data is not linked to any personally identifiable information.

This data is used solely to identify and fix bugs and to understand which features are most useful. It is processed by Google LLC under their Firebase terms of service and privacy policy.

2.4 Beta Application Form

If you submit a beta tester application via the form at coreturf.app/beta, the following information is collected:

  • Your first name and email address
  • Your preferred platform (Android, iOS, or both)
  • Your grass type and state/territory
  • Any notes you optionally provide about your lawn program

This data is submitted through Netlify Forms, a form handling service provided by Netlify, Inc. It is stored on Netlify's servers and is accessible only to CoreTurf (K-Tech Industrial Pty Ltd). It is used solely to assess beta applications and contact applicants. It is not shared with any third party and is not used for advertising or profiling. Netlify's privacy policy is available at netlify.com/privacy.

2.5 Lawn and Application Data

All data you enter into CoreTurf — including site details, lawn profiles, product inventory, spray application records, and settings — is stored in a local database on your device. If you create a CoreTurf account (see Section 2.6), this data may also be backed up to the cloud to enable restoration on a new device. Without an account, your data remains entirely on your device and is never uploaded.

2.6 Account Data

Creating a CoreTurf account is optional. The app works fully without one. If you choose to create an account, the following information is collected:

  • Email address: Used for authentication (sign-in, password reset)
  • Name (Google sign-in only): Your display name from your Google account, used only to personalise the app

This data is processed and stored by Supabase (see Section 4.4). We do not use your email address for marketing or share it with any third party beyond what is required for authentication.

3. How We Use Your Information

Data Purpose
GPS coordinates Transmitted to Open-Meteo to fetch weather forecasts and soil temperature for your site
Photos Displayed within the app's Sites screen for your visual reference
Site, lawn, product, and spray log data Used within the app to calculate GDD, generate tracker schedules, and maintain compliance records. Optionally backed up to the cloud if you have an account.
App settings Stored locally to remember your preferences between sessions
Beta application form data Transmitted to Netlify Forms and used to assess beta applications and contact applicants
Crash reports Transmitted to Google Firebase Crashlytics to identify and fix app errors
Anonymous usage analytics Transmitted to Google Firebase Analytics to understand feature usage
Account data (email, name) Used for authentication and identifying your cloud backup

We do not use any of your information for advertising, profiling, or any purpose other than the direct operation of the app's features.

4. Third-Party Services

CoreTurf makes use of the following third-party services:

4.1 Open-Meteo

Open-Meteo is a free, open-source weather API. When CoreTurf retrieves weather data, your site's latitude and longitude coordinates are sent to Open-Meteo's servers to obtain the relevant forecast and soil temperature readings.

Open-Meteo does not require an account and does not associate the coordinates it receives with any individual user. Their privacy policy is available at open-meteo.com/en/terms.

4.2 Netlify

Netlify, Inc. provides the hosting platform for the CoreTurf website and the form handling service used for beta applications. When you submit a beta application form, your form data is transmitted to and stored on Netlify's servers. Netlify's privacy policy is available at netlify.com/privacy.

4.3 Google Firebase (Crashlytics + Analytics)

Google Firebase is a mobile platform provided by Google LLC. CoreTurf uses two Firebase services:

  • Firebase Crashlytics — receives automatic crash reports as described in Section 2.3. Data is processed by Google in accordance with Google's Privacy Policy.
  • Firebase Analytics — receives anonymous usage data (screen views, session duration) as described in Section 2.3. Data is aggregated and not linked to any individual.

Google's privacy policy is available at policies.google.com/privacy. Firebase's terms of service are available at firebase.google.com/terms.

4.4 Supabase (Authentication + Cloud Backup)

Supabase is a cloud platform used for user authentication and cloud data backup. If you create a CoreTurf account:

  • Your email address and authentication credentials are processed by Supabase for sign-in and session management
  • If you sign in with Google, Supabase receives your Google display name and email via the OAuth flow
  • Your lawn data (sites, products, spray records, settings) may be backed up to Supabase's hosted PostgreSQL database to enable restoration on a new device

Data location: CoreTurf's Supabase project is hosted in the Sydney, Australia (ap-southeast-2) region. Your data is stored in Australian data centres. However, Supabase is a US-based company, and some authentication processing (such as OAuth token exchange) may involve Supabase's US infrastructure. See Section 8 for cross-border disclosure under Australian Privacy Principles.

Supabase's privacy policy is available at supabase.com/privacy.

4.5 Typography Fonts

All typefaces used in CoreTurf (Fraunces, IBM Plex Sans, DM Mono) are bundled directly within the app. No network request is made to Google Fonts or any other font server at any time.

5. Data Storage and Security

Local data

All CoreTurf lawn data (sites, products, spray records, photos, settings) is stored locally on your device using SQLite (via the Drift library) and Android's SharedPreferences system. The security of your local data is protected by your device's own security features — screen lock, device encryption, and app sandboxing enforced by the operating system.

Account credentials

If you create a CoreTurf account, your authentication tokens are stored securely using the Android Keystore (EncryptedSharedPreferences) or iOS Keychain. Tokens are never stored in plaintext.

Cloud data

If you have a CoreTurf account, your data may be backed up to Supabase's PostgreSQL database. Data is encrypted in transit (TLS) and at rest (AES-256) by Supabase's infrastructure. Row-level security policies ensure that each user can only access their own data.

Limited diagnostic data (crash reports and anonymous analytics) is transmitted to Google Firebase as described in Sections 2.3 and 4.3.

We recommend keeping your device's operating system up to date to benefit from the latest security protections.

6. Data Retention and Deletion

Local data

To delete all local CoreTurf data:

  • Uninstall the app from your device. Android will remove all app data, including the local database and any cached files, when the app is uninstalled.
  • Alternatively, go to your device Settings → Apps → CoreTurf → Storage → Clear Data to erase all app data while keeping the app installed.

Account and cloud data

If you have a CoreTurf account, you can delete your account and all associated cloud data from within the app: Settings → Account → Delete Account. This permanently removes:

  • Your Supabase authentication record
  • All lawn data stored in the cloud (sites, products, spray records, settings)

Your local data on your device is not affected by account deletion — it remains on your device unless you separately clear it as described above.

7. Children's Privacy

CoreTurf is not directed at children under the age of 13. We do not knowingly collect information from children. If you believe a child has provided information through the app, please contact us at contact@coreturf.app and we will take appropriate steps.

8. Your Rights (Australian Privacy Principles)

K-Tech Industrial Pty Ltd is an Australian entity and operates in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

If you use CoreTurf without an account, no personal information is collected or transmitted to K-Tech Industrial Pty Ltd, and most APP obligations do not apply in practice.

If you create a CoreTurf account, the following applies:

  • APP 1 (Open and transparent management): This privacy policy describes all data handling practices.
  • APP 6 (Use and disclosure): Your account data (email, name) is used solely for authentication. Your lawn data is backed up solely for your own restoration purposes. Neither is shared with third parties for marketing or other purposes.
  • APP 8 (Cross-border disclosure): Supabase Inc. is a company incorporated in the United States. CoreTurf's database is hosted in Supabase's Sydney, Australia (ap-southeast-2) data centre, meaning your lawn data is stored in Australia. However, authentication services may involve processing through Supabase's US-based infrastructure. By creating an account, you consent to this limited cross-border processing. Google Firebase (US-based) processes crash reports and anonymous analytics as described in Section 4.3.
  • APP 11 (Security): Account credentials are encrypted on-device (Android Keystore / iOS Keychain). Cloud data is encrypted in transit (TLS) and at rest (AES-256).
  • APP 12 (Access): You can view all your data within the app at any time. To request a copy of your cloud-stored data, contact us at the email below.
  • APP 13 (Correction): You can update your data directly within the app.

If you have any questions about how your data is handled, or believe this policy has not been followed, you may contact us at contact@coreturf.app. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • The "Last updated" date at the top of this page will be revised
  • If the changes are material (for example, if a future version of CoreTurf introduces cloud sync or user accounts), we will display a notice within the app

We encourage you to review this policy periodically. Continued use of the app after a policy change constitutes acceptance of the updated terms.

10. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please contact us:

K-Tech Industrial Pty Ltd

This Privacy Policy applies to the CoreTurf Android and iOS application. It does not apply to any third-party websites or services linked from within the app.