Privacy Policy

Effective May 4, 2026 · Version 1.0

Effective date: May 4, 2026 Version: 1.0 Last updated: May 4, 2026

1. Who we are and how to contact us

Feeders to Field LLC ("Feeders to Field," "we," "us") is a Colorado limited liability company. We run the livestock marketplace at feederstofield.com and app.feederstofield.com, where breeders, operators, and haulers connect to do business with each other.

This Privacy Policy explains what information we collect about you, how we use it, who we share it with, and what choices you have. It applies to everyone who uses our platform — whether you have an account, are signing up for one, or are just visiting the site.

If you have questions about this policy, want to exercise any of the rights described in Section 6, or need to report a privacy concern, you can reach us here:

Email: hello@feederstofield.com
Mail: Feeders to Field LLC, 2695 Patterson Rd, 2-77, Grand Junction, CO 81506

We respond to privacy requests within 45 days, as Colorado law requires. Section 7 walks through the request process in detail.

2. Information we collect

We collect information in three ways: what you give us, what we collect automatically as you use the platform, and what we receive from third parties acting on your behalf.

Information you give us

Account information. When you sign up, we collect your name, email address, role (breeder, operator, or hauler), and your confirmation that you are 18 or older. We do not collect or store passwords — see Section 10 for how sign-in works.

Profile information. Once your account is active, you can add an operation name, location (typically county-level), breed types you raise or buy, herd size, preferred geographic range for sales or sourcing, and photos of your operation, your animals, or your listings.

Hauler verification information. If you sign up as a hauler, we also collect:

USDOT number (where applicable), proof of insurance, and photos of your rig and biosecurity setup.
A government-issued ID and a selfie, used by our identity-verification vendor (Stripe Identity) to confirm you are who you say you are.
Authorization to run a Motor Vehicle Record (MVR) check and a basic background screening (SSN trace and sex offender registry) through our consumer reporting agency vendor (Checkr) under the federal Fair Credit Reporting Act (FCRA).

We use these to verify you before you can submit quotes on jobs. Section 6 explains your rights regarding these checks, and Terms of Service Section 10 explains what we do with the results.

Listings and quotes. Anything you put into a listing — description, price, photos — and anything you put into a quote — price, terms, photos — is information you've given us so we can show it to the other side of a potential transaction.

Messages and attachments. Messages you send through the platform, along with any photos or files you attach to them, are stored so the conversation can continue and so both parties have a record.

Support communications. When you email us or otherwise contact us for help, we keep what you sent and our reply.

Information we collect automatically

Usage data. When you use the platform, we log basic events — pages visited, actions taken (signup, listing created, quote submitted, message sent), and timestamps. We use this to operate the service, debug problems, and improve features.

Device and connection data. We log standard technical information your browser sends to any website — IP address, browser type, operating system, and the page that referred you. We use this for security, fraud prevention, and diagnostics.

Cookies and similar technologies. We use a small number of cookies and similar technologies to keep you signed in and to understand how the platform is used. Section 8 has the full list and what each one does.

Information we receive from third parties

Payment data via Stripe (starting at V1.5). When the platform begins processing payments in version 1.5, we will use Stripe. Stripe collects and stores your card or bank details directly — Feeders to Field never sees or stores your full card number. Stripe sends us only what we need to operate the marketplace: the transaction amount, status, and a tokenized reference to the payment method.

Verification services. If we use a third-party service to confirm hauler insurance status or USDOT registration, we receive the result of that check (verified, not verified, or expired) along with what was checked.

What we don't collect

We don't collect Social Security numbers, driver's license numbers, or other government identifiers. We don't collect information about your race, religion, political views, health, or sexual orientation. We don't buy data about you from data brokers, and we don't sell data about you to anyone.

3. How we use your information

We use the information described in Section 2 for the purposes below. Each one is tied to running, protecting, or improving the marketplace — we don't use your data for unrelated reasons.

To run the marketplace. Your account and profile information let us show your listings to the right audience, route messages to the right people, and keep you signed in across sessions.

To connect breeders, operators, and haulers. We match operators with breeders based on breed types, location, and stated preferences. We surface jobs to haulers based on route, capacity, and operating area. The match is the core of what we do.

To verify users. We check hauler USDOT and insurance status before allowing them to quote on jobs. We confirm email ownership at signup. If we add other verification steps in the future — such as for breeders — we'll describe them in this section.

To prevent fraud and abuse. We log usage events and connection data so we can spot patterns that look like fraud, scraping, account takeover, or coordinated abuse, and act on them.

To communicate with you about the service. We send transactional emails (signup confirmation, sign-in links, listing or quote activity, dispute updates), occasional product announcements, and notices required by law. You can opt out of non-essential email at any time; transactional and legal notices you'll continue to receive as long as your account is open.

To improve features. We look at usage data — anonymized or aggregated where practical — to understand what's working, what's confusing, and where to invest engineering time.

To process payments (starting at V1.5). When version 1.5 of the platform ships, we'll use payment data from Stripe to operate the escrow flow, track payouts, and handle refunds and disputes per the Refund Policy that ships with V1.5.

To comply with law and respond to legal process. If we receive a valid subpoena, court order, or other lawful request, we may need to share information to comply. Section 4 explains what we share, when, and our practice on notifying affected users.

What we don't do with your information

We don't use your information for advertising — we don't show ads on Feeders to Field, and we don't let third parties target ads to you off-platform based on what you do here. We don't sell, rent, or trade your information. We don't use your data to train AI models, and we don't share it with third parties so they can train theirs.

We share information narrowly. The categories below are the only routes your data takes outside of Feeders to Field LLC.

Other users

When you list, quote, message, or transact on the platform, the people you engage with see information you've chosen to share with them.

Public profile information — operation name, county-level location, breeds you raise or buy, profile photos — is visible to other signed-in users.
Contact information (email, phone if you've provided it, delivery address for a transaction) becomes visible to your counterparty once you and the other party have accepted a quote or arranged a transaction. It is not visible before that.
Listing and quote contents are visible to anyone the listing or quote is shown to.
Messages and attachments are visible to the participants in that conversation. Retention details are in Section 5.

Service providers

We use a small number of third-party service providers to operate the platform. Each one only sees the data it needs to do its job, and each is bound by contract to use that data only on our instructions.

Cloudflare — hosts the platform and protects it from abuse. Cloudflare sees connection-level data (IP address, request paths) for routing and security.
Supabase — stores account, profile, listing, quote, and message data in a managed Postgres database.
Resend — sends transactional and account email on our behalf. Resend sees the email address being delivered to and the contents of the email.
Stripe (starting at V1.5) — processes payments and operates the escrow flow. Stripe is the system of record for your card and bank details; Feeders to Field never holds them.

Feeders to Field staff

Our staff do not read your messages, attachments, or private listing details in the ordinary course of operating the platform. Staff access is limited to these situations:

A dispute is opened on a transaction or thread. When a participant files a dispute, an admin may join the thread to review what happened. The thread will show a system message disclosing that an admin has joined, so all participants know they are being read.
A trust and safety report is filed against a listing, profile, or user behavior. An admin reviews the reported content and surrounding context to decide whether action is needed.
A DMCA takedown is filed against a listing or attachment (see Terms of Service, Section 11). An admin reviews the allegedly infringing content as part of acting on the notice.
Required maintenance or debugging that cannot be performed without seeing user data. Access is logged and limited to what's necessary to fix the issue.

We do not browse user content for any other reason.

Law enforcement and legal process

If we receive a valid subpoena, court order, search warrant, or other lawful request, we may share information to comply. Where we are legally permitted, we will notify the affected user before disclosing their information so they have an opportunity to challenge the request. We will not notify when doing so would be illegal (for example, where a court order forbids it) or when we believe it would put someone in danger.

Business successors

If Feeders to Field is acquired, merged, or sells substantially all of its assets, your information may transfer to the successor as part of the transaction. The successor will be bound by this Privacy Policy, or by one with equivalent protections. We will notify you of the change in ownership before there is any change in how your data is handled.

What we don't do

We don't sell your information to data brokers, advertisers, or anyone else. We don't share your information for third-party advertising or off-platform analytics. We don't share your information for any purpose outside the categories above.

5. How long we keep your information

We keep different types of information for different lengths of time, based on how long the information is actually useful, what laws require, and what disputes might still need to be resolved.

Account and profile information

We keep your account information (name, email, role, age confirmation) and profile information (operation name, location, breeds, herd size) for as long as your account is active. If you delete your account, see "After you delete your account" below.

Profile and operation photos

Photos attached to your profile or operation are kept for the life of your account. You can replace or remove them at any time from your account settings.

Listings, quotes, and transaction records

Active listings and quotes are kept while they are open. Once a listing or quote closes — sold, withdrawn, or expired — we keep a record of it for the life of your account plus a reasonable period afterward to handle disputes or legal claims arising from the transaction.

Listing photos

Photos attached to a listing are kept while the listing is active. Once the listing closes, photos are kept for 2 years and then moved to cold archive — still recoverable for legal or compliance reasons, but no longer visible through the platform.

Messages

The text content of messages you send through the platform is kept for the life of your account and the account of the person you messaged.

Photos and files attached to message threads — including delivery confirmation photos for hauling jobs — are kept for 2 years from the date the related job, transaction, or thread was completed. After 2 years they are moved to cold archive.

Hauler verification documents

USDOT registration evidence, proof of insurance, and rig photos are kept for as long as you are an active hauler, plus 2 years after your last completed job. This window lets us produce verification records if a claim arises out of past work.

Payment records (starting at V1.5)

When V1.5 ships, payment records are kept for 7 years, in line with IRS recordkeeping standards. Stripe holds the underlying card and bank data on their own retention schedule.

Usage and connection logs

Server logs (IP addresses, request paths, browser data) and usage event logs are kept for 18 months. We use them for security investigations, fraud detection, and product analytics.

After you delete your account

When you delete your account, we put it into a 30-day grace period during which you can recover it. After 30 days, we permanently delete the account and the personal data associated with it, with these exceptions:

Records we are legally required to keep — for example, payment records under IRS rules, or records subject to a legal hold — are retained for the required period.
Anonymized or aggregated data that no longer identifies you may be kept indefinitely.
Messages you sent to other users remain in those users' inboxes, because deleting your account does not delete the other side of conversations those users participated in.

You can request deletion at any time, including before the grace period would otherwise apply. Section 7 explains how.

Backups

Our database is backed up on a rolling schedule. Deleted data persists in those backups until they roll out of the rotation, typically within 14 days, at which point it is unrecoverable.

6. Your rights

You have rights under Colorado law to control the personal information we hold about you. We honor these rights for everyone using Feeders to Field, regardless of which state you live in.

You have the right to:

Access your information. You can ask us for a copy of the personal information we have about you, along with a summary of how we use it and who we share it with.

Correct your information. If anything we have about you is inaccurate or incomplete, you can ask us to fix it. Most account and profile information you can also correct yourself in your account settings.

Delete your information. You can ask us to delete the personal information we have about you. Some information we may need to keep for legal reasons — see Section 5 for what those are — and if so, we'll tell you what we kept and why.

Take your data with you (portability). You can request an export of your personal information in a machine-readable format that you can move to another service.

Opt out of targeted advertising. Colorado law gives you the right to opt out of having your personal data used for targeted advertising. We don't run targeted advertising, so this opt-out has no practical effect on Feeders to Field — but the right exists, and if we ever changed that, the opt-out would be honored from day one.

Opt out of the sale of your personal data. Colorado law gives you the right to opt out of the sale of your personal data. As stated in Sections 3 and 4, we do not sell your data, so this opt-out has no practical effect on Feeders to Field.

Opt out of certain automated profiling. Colorado law gives you the right to opt out of profiling that produces legal or similarly significant effects on you. We do not engage in profiling of that kind.

Appeal if we deny a request. If we decline a rights request you've made, you can appeal our decision. Section 7 explains how. If your appeal is denied, you can file a complaint with the Colorado Attorney General.

Universal opt-out signals

If your browser sends a recognized Universal Opt-Out Signal (such as Global Privacy Control), we treat it as a request to opt out of the sale of personal data and of targeted advertising for that visit and any account associated with the visit. As noted above, we don't sell data and don't run targeted advertising — but the signal is honored either way.

If you live outside Colorado

We honor the rights above for all U.S. users. If your state's law gives you additional rights — for example California's CCPA/CPRA, Virginia's VCDPA, or another state privacy statute — you have those rights too, and you can exercise them through the same process described in Section 7. If we begin operating outside the United States, we will update this policy.

7. How to exercise your rights

To exercise any of the rights described in Section 6, send us an email at hello@feederstofield.com from the email address associated with your Feeders to Field account.

What to include in your request

Tell us:

Which right you're exercising — access, correction, deletion, portability, opt-out, or appeal of a previous denial.
Enough detail for us to act on it. For a correction, what's wrong and what it should say. For an export, what data you want. For a deletion, whether you want the whole account removed or just a specific listing, message, or attachment.
The email address on your account, so we can confirm the request is coming from you.

You don't need any specific format or legal language. A plain email is fine.

How we verify it's really you

We verify a request is coming from the account holder before we act on it. For most requests, sending the email from the account's own email address is enough. If we need additional confirmation — for example, for a deletion of an account with payment history or an active dispute — we may ask you to confirm a code we send to your account email, or to log in and confirm the request from inside the platform. We will never ask you to send sensitive identifying documents (Social Security number, driver's license, etc.) for a routine privacy request.

Someone making a request on your behalf

You can have someone else — an attorney, a family member, or a privacy-rights service — submit a request for you. We will need a clear written authorization from you (an email from your account address, or a signed authorization document) before we act on a request from anyone other than you.

How long it takes

We respond to requests within 45 days, as Colorado law requires. If a request is unusually complex and we need more time, we can extend by another 45 days under the same law; if we extend, we will tell you why before the first 45 days are up.

Cost

Privacy requests are free. We may charge a reasonable fee for repeated or clearly excessive requests, and we will tell you the fee before doing the work. For a one-off or first-time request, you should never see a charge.

If we deny your request — appeals

If we decline a request, in whole or in part, we will explain why. You can appeal by replying to that email and asking us to reconsider. We will review the appeal and respond within 45 days.

If your appeal is denied, you can file a complaint with the Colorado Attorney General (coag.gov), or pursue any other remedy available under your state's law.

8. Cookies and trackers

We use a small number of cookies and trackers. The list below is the complete set.

Strictly necessary cookies

These cookies are required for the platform to function. Without them, you can't sign in or use the parts of the site that require an account.

Supabase authentication / session cookies. When you sign in, our authentication provider (Supabase) sets cookies in your browser that hold your session. They keep you signed in across pages and let the platform know which account is acting.

Analytics

Cloudflare Web Analytics. We use Cloudflare's privacy-focused web analytics on feederstofield.com and app.feederstofield.com to understand aggregate traffic — how many visitors, which pages they land on, what country or region they're in, what device type, and where they come from (referrer). Cloudflare Web Analytics is cookieless: it sets no cookies on your browser, doesn't fingerprint your device, doesn't track you across sites, and doesn't build profiles about you. We use it for sizing, performance, and product decisions, not for advertising.

Third-party resources loaded by the page

Google Fonts. Our marketing site (feederstofield.com) loads display fonts from Google's font service (fonts.googleapis.com / fonts.gstatic.com). When a font loads, Google's servers see your IP address as part of the standard request. Google does not place advertising cookies through this service, but the request itself reaches Google. We use this only for typography.

What we don't use

We don't use Google Analytics, Google Tag Manager, PostHog, Plausible, Hotjar, Mixpanel, Amplitude, Segment, or any other product analytics or behavioral tracking tool. We don't load Facebook (Meta) Pixel, LinkedIn Insight, TikTok Pixel, or other advertising trackers. We don't fingerprint browsers, and we don't sell, share, or trade tracking data with anyone.

Your choices

You can clear cookies through your browser settings at any time. Clearing the authentication cookies will sign you out — you can sign back in to set them again. You can also block cookies entirely; if you do, you won't be able to sign in to Feeders to Field.

If your browser sends a recognized Universal Opt-Out Signal (such as Global Privacy Control), see Section 6 — we honor it.

9. Children's privacy

Feeders to Field is built for adults. You must be at least 18 years old to create an account, as our Terms of Service require.

We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from someone under 18, we delete it from the platform.

If you are a parent or guardian and you believe a minor has signed up or provided information to Feeders to Field, please contact us at hello@feederstofield.com and we will remove the account and the associated data.

10. Security

We take security seriously and use reasonable measures to protect your information. No system is perfectly secure, and we don't promise that ours is — but we tell you below what we actually do.

What we do

Encryption in transit. All connections between your browser and our platform are encrypted with HTTPS (TLS). The marketing site, the application, and our API enforce HTTPS — there is no unencrypted access path.

Encryption at rest. Data stored in our database and file storage (operated by Supabase) is encrypted at rest using industry-standard methods.

Row-Level Security in the database. Our database uses Supabase's Row-Level Security, which enforces who-sees-what rules at the database itself, not just at the application layer. A bug in application code cannot directly bypass these rules — the database has the final say on access.

Edge-deployed network. Our application runs on Cloudflare's edge network, which sits in front of every request and provides DDoS mitigation, bot filtering, and abuse protection.

Pre-launch security audit. Before opening the platform to the public, we ran a security audit covering authentication, authorization, input validation, file uploads, and the parts of the system most exposed to user-supplied data. Findings from that audit were addressed before launch.

Magic-link sign-in (no passwords). We don't use passwords. To sign in, you enter your email address and we send you a one-time link; clicking the link signs you in. This means there is no Feeders to Field password for anyone to phish, leak, or reuse from another site. Under the hood we use the OAuth Authorization Code flow with PKCE, the current industry-standard pattern for this kind of sign-in.

Limited staff access. As described in Section 4, our staff do not routinely browse user content. Access to production systems is limited to what's required for operations, debugging, or responding to disputes.

What we ask of you

Because we use magic-link sign-in, the security of your Feeders to Field account is tied to the security of the email account you sign in with. Anyone who can read your email can request a sign-in link and use it. We strongly recommend:

Use a strong, unique password on the email account you use for Feeders to Field.
Turn on two-factor authentication on that email account if your provider supports it.
Don't forward magic-link emails or share screenshots of them — those links can sign someone else in.
If you suspect your email account or your Feeders to Field account has been accessed by someone else, contact us at hello@feederstofield.com right away.

If something goes wrong

If we discover a security incident that affects your personal information, we will notify affected users without unreasonable delay and in line with applicable state breach-notification laws. The notification will explain what happened, what information was involved, and what steps we are taking — and what steps you can take — in response.

11. Changes to this Privacy Policy

We may update this Privacy Policy as the platform changes, as our service providers change, or as the law changes. When we do:

Non-material changes — clarifying wording, fixing a typo, adding a service provider that does not change how your data is used — take effect when we publish them, and we update the "Last updated" date in Section 12.
Material changes — changes to what information we collect, how we use it, who we share it with, or how long we keep it — take effect at least 14 days after we notify you. Notification is by email to the address on your account and by a notice on the platform itself. During those 14 days, you can review the changes, ask questions, or close your account if you do not agree.

We keep a version history of this policy in Section 12 so you can see what changed and when.

If you continue to use Feeders to Field after a change takes effect, you accept the updated policy. If you do not agree with the change, you can stop using the platform and request deletion of your account under Section 7.

12. Effective date and version history

This Privacy Policy is effective as of the "Last updated" date shown at the top of this document. We track each version here so you can see what has changed and when.

Version history

Version 1.0 — May 4, 2026 — Initial publication.

Future revisions will appear as additional entries below, each with the version number, the effective date, and a short summary of what changed.