Barranca Verde Privacy Notice

1. About this Notice

Barranca Verde (the "Service") is operated by Totavi, LLC. The handling of personal information collected through the Service is governed by:

1. Totavi's general Privacy Policy ("Master Policy"), which describes our default practices across all Totavi-operated properties; and
2. This Service-Specific Privacy Notice (the "Service Notice"), which describes additional categories of personal information collected through Barranca Verde and how they are handled.

The Master Policy is incorporated by reference. Where this Service Notice describes practices that differ from the Master Policy with respect to information collected through Barranca Verde, this Service Notice controls.

2. The short version

We collect only what we need to run the Service. We do not sell your personal information — not to advertisers, data brokers, or anyone else. Your Rachio and Flume credentials are encrypted before being stored and are used only to operate the Service on your behalf.

3. What we collect

• Account information. Email address and display name, provided when you sign up.
• Rachio credentials. Your Rachio API key, stored encrypted with AES-256-GCM. Used solely to register webhooks and retrieve zone information from Rachio on your behalf.
• Flume credentials. OAuth tokens for your Flume account, stored encrypted with AES-256-GCM. Used solely to query water-usage data from Flume on your behalf.
• Water-usage data. Minute-level and daily flow readings from your Flume device, synchronized periodically and stored so we can attribute usage to irrigation runs.
• Irrigation run logs. Start and stop times, zone identity, gallons used, and estimated cost for each zone run captured via Rachio webhooks.
• Water-rate configuration. The billing tiers, billing day, and billing period you enter in Settings, used only to calculate estimated costs.
• Billing information. Subscription status, plan identifier, and Stripe customer ID. Payment card details are handled entirely by Stripe and are never stored on our servers.
• Operational logs. A bounded log of Flume API calls made on your behalf, retained for up to 60 days to support debugging. Sensitive fields (tokens, passwords, client secrets) are redacted before storage.
• Analytics. If enabled, anonymized page-view data via Cloudflare Web Analytics, Google Analytics, and Plausible. These providers operate under their own privacy policies.

4. How we use this information

• To display per-zone water-usage charts and cost reports in your dashboard.
• To send transactional emails: account verification, subscription receipts, and renewal or failure notices.
• To detect and resolve service issues (operational logs contain no personal data beyond user identifiers).
• To operate the Service in accordance with these Service Terms and the Master Terms.

We do not use information collected through the Service for advertising, behavioral profiling, or any purpose outside operating the Service.

5. Sub-processors

We share information only with the sub-processors required to operate the Service:

• Cloudflare — application hosting, D1 database, and optional web analytics
• Stripe — payment processing
• Resend — transactional email delivery
• Google Analytics and Plausible — anonymized page-view analytics

Each sub-processor is bound by its own data-processing agreements and applicable privacy law. We will never sell your personal information.

6. Retention

• Account, usage, and billing data are retained for as long as your account is active.
• When you delete your account, all personal data (credentials, usage records, billing references, and operational logs keyed to you) is deleted within 30 days.
• Operational Flume API logs are pruned automatically after 60 days regardless of account status.
• Aggregated, anonymized usage statistics with no personally identifiable information may be retained indefinitely for service improvement.

7. Security

Rachio API keys and Flume OAuth tokens are encrypted at rest using AES-256-GCM before being stored. All data in transit is protected by TLS. The application sets a strict Content Security Policy and standard security headers. We rotate credentials and audit our sub-processor practices as part of ongoing operation.

8. Your choices

• Disconnect Rachio or Flume from Settings at any time. The corresponding credentials are removed from our database.
• Export or request a copy of your data by emailing hello@barrancaverde.com.
• Delete your account by emailing the address above. All personal data is removed in accordance with section 6.

9. Children

The Service is intended only for users aged 18 or older. We do not knowingly collect personal information from anyone under 18.

10. International users

The Service is operated in the United States and is offered only to users located in the United States. Information processed in connection with the Service is stored on infrastructure operated by Cloudflare in the United States.

11. Changes to this Notice

If our information practices for the Service change materially, we will post the updated Notice on this page and update the effective date. For material changes affecting personal information already collected, we will notify account holders by email.

12. Contact

Questions about this Notice or the data we hold about you: