YARDi Privacy Policy

Effective Date: May 27, 2026

1. Introduction

At Athena Ag, Inc. dba YARDi ("we," "us," or "our"), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your data when you visit our website, use our services, make purchases, or interact with third-party tools we use. We comply with applicable privacy and consumer protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Telephone Consumer Protection Act (TCPA), where applicable.

2. Information We Collect

We collect the following categories of personal information:

• Personal Identifiers: Name, email address, phone number, billing address, shipping address, and other contact details provided through forms, purchases, bookings, or other interactions.
• Commercial Information: Purchase history, product preferences, customer service interactions, and interactions with our marketing campaigns, including email opens, clicks, form submissions, and promotional engagement. We may also collect business information that you voluntarily share with us, such as cultivation data, grow procedures, application methods, crop performance data, or other operational insights.
• Internet Activity: Browsing history, IP address, device information, browser type, referring pages, and interactions with our website, advertisements, emails, or other digital properties.
• Professional Information: Job title, company name, professional contact details, and other business-related data for lead enrichment, customer relationship management, or sales purposes. If you apply for a position with us, we may collect and process the contact information, resume, and other materials you voluntarily provide.
• Communications: Records of communications with members of our team, appointment details, customer inquiries, support requests, and related correspondence.
• Sensitive Personal Information: Payment details or other sensitive data, processed only with your consent or as needed to provide our services. We do not currently process special categories of data, such as health or biometric data, under GDPR Article 9.

3. How We Collect Information

We collect personal information through the following sources:

• Direct Interactions: When you fill out forms, place orders, schedule appointments, contact our team, subscribe to marketing, or otherwise communicate with us.
• Automated Technologies: Through cookies, analytics tools, tracking pixels, and similar technologies used on our website or third-party platforms.
• Third-Party Sources: Through tools such as lead enrichment platforms, customer relationship management systems, ecommerce platforms, advertising networks, analytics providers, and other business service providers.

4. How We Use Your Information

We use your personal information for the following purposes:

• To deliver and improve our services, including managing customer relationships, processing orders, fulfilling purchases, delivering marketing content, and responding to inquiries or customer service requests.
• To measure performance, analyze user behavior, optimize our website, and improve our products, services, and customer experience.
• To communicate with you directly or through one of our partners, including for customer service, order updates, appointment reminders, promotional emails, coupons, product education, and other information related to our services and offerings.
• To integrate data across platforms for seamless operations, reporting, customer support, marketing, and business administration.
• To develop new products, services, features, and functionality.
• To optimize our products and services, provide tailored recommendations, and better understand industry practices.
• To prevent fraud, protect our website, and ensure the security of our systems, customers, and business operations.
• To comply with legal obligations under GDPR, CCPA, TCPA, and other applicable laws.
• To communicate with you via SMS text messaging using our third-party service provider. By opting in, you agree to receive SMS messages from us. SMS messages may be sent using an automated system and may include promotions, alerts, reminders, or other updates relevant to our services. Message frequency varies. Consent is not a condition of purchase. Message and data rates may apply depending on your mobile carrier.

5. Legal Basis for Processing Under GDPR

Where GDPR applies, we process personal data based on the following legal grounds:

• Consent: For marketing emails, SMS text messaging, form submissions, cookie-based tracking where required, or sensitive data processing. You can withdraw consent at any time by clicking “unsubscribe” in emails, replying “STOP” to SMS messages, adjusting cookie preferences, or contacting us.
• Contract: To fulfill orders, appointments, purchases, subscriptions, or service agreements.
• Legitimate Interests: For analytics, lead enrichment, fraud prevention, service improvement, customer relationship management, and business operations, provided your rights and interests are not overridden.
• Legal Obligation: To comply with applicable regulatory, tax, accounting, consumer protection, and legal requirements.

6. Consent Management

Where we rely on your consent, such as for marketing or certain cookies, we obtain it through clear opt-in mechanisms, including checkboxes, forms, SMS opt-in flows, or cookie consent banners. You can withdraw consent at any time by:

• Unsubscribing from marketing emails using the link included in each email.
• Replying “STOP” to opt out of SMS text messaging.
• Adjusting cookie preferences in our consent tool or through your browser settings.
• Contacting us at compliance@athenaag.com.

7. Sharing Your Information

We share personal information with third-party service providers that help us operate our business, fulfill orders, manage customer relationships, provide marketing, analyze performance, and comply with legal obligations. These providers may include the following categories:

Our Privacy Policy does not apply to third-party advertisers, websites, or services, such as advertising networks, analytics providers, or external platforms that we may partner with. We may share certain personal information, including personal identifiers, commercial information, internet activity, and professional information, with these third parties for purposes such as managing communications, customer relationships, personalized advertising, analytics, and business operations.

We may also share data with legal advisors, auditors, regulators, courts, law enforcement, or other parties when necessary to comply with legal obligations, protect our rights, enforce our policies, or complete a business transaction such as a merger, acquisition, financing, or sale of assets.

We do not sell your personal information for money. We also do not sell your data, including mobile numbers, to third parties. Some privacy laws may define certain advertising or analytics practices as a “sale” or “sharing” of personal information. Where applicable, you may contact us to learn more or exercise your opt-out rights.

8. Your Rights Under GDPR and CCPA

Depending on where you live, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we maintain about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal, operational, and compliance obligations.
• Restriction: Request that we limit the processing of your data in certain circumstances.
• Portability: Request to receive your data in a structured, commonly used, machine-readable format.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Opt-Out: Opt out of the sale or sharing of personal information where those terms apply under applicable privacy laws. We do not sell personal information for money.

To exercise your rights, contact us at compliance@athenaag.com. We will respond within the timeframe required by applicable law, which is generally within 30 days for many privacy requests. We may need to verify your identity before fulfilling a request.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal, accounting, tax, security, operational, or regulatory obligations. For example:

• CRM data is retained for the duration of our business relationship, plus the minimum amount of time needed to support compliance, recordkeeping, and business operations.
• Marketing data is retained until you unsubscribe, withdraw consent, or request deletion, unless a longer period is required or permitted by law.
• Analytics data may be anonymized or aggregated and retained for statistical and business purposes.
• Payment and transaction records may be retained for up to 7 years or longer where required for tax, accounting, fraud prevention, chargeback, or legal compliance purposes.

10. International Data Transfers

Your data may be transferred to third-party providers located outside the European Economic Area (EEA), the United Kingdom, California, or your place of residence. Where required, we use appropriate safeguards designed to support lawful international transfers, which may include:

• Standard Contractual Clauses (SCCs).
• Data processing agreements with appropriate safeguards.
• Review of third-party compliance practices and data protection commitments.

11. Cookies and Tracking Technologies

Our website and third-party services use cookies and similar technologies to enhance your experience, operate the website, remember preferences, analyze usage, measure advertising performance, and support marketing. You can manage cookie preferences through your browser settings or our cookie consent tool, where available. Disabling cookies may affect some website functionality.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect your data, including encryption, access controls, and secure cloud storage. While we strive to protect your information, no system or method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Children's Privacy

Our services are not directed to individuals under 16. If we learn that we have collected data from a child under the applicable age without appropriate consent, we will delete it promptly. We may verify age through form submissions, account creation processes, or other reasonable methods.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, services, technology, or legal requirements. We may notify you of significant changes by email, website notice, or other appropriate means. Please check our privacy page at www.yardigarden.com/privacy-policy for the latest version.

15. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at:

Email: compliance@athenaag.com
Address: Athena Ag, Inc. dba YARDi, 436 Atlantic Blvd, Neptune Beach, Florida 32266, United States

For GDPR purposes, our Data Protection Officer can be reached at the email address above.

16. Complaints

If you believe your data has been mishandled, you may have the right to lodge a complaint with a supervisory authority under GDPR or with an applicable state regulator, such as the California Attorney General or the California Privacy Protection Agency, where applicable.