Does AgriDocker work without phone signal in the field?

Yes. The driver app is a Progressive Web App (PWA) that caches jobs and forms locally. Drivers can complete pre-start checks, GPS sign-offs, and risk assessments with no signal — everything syncs automatically when back in range.

What compliance records does AgriDocker generate?

Every spreading run automatically creates a dated, GPS-stamped record with the driver's signature, field details, material type, application rate, vehicle inspection, and site risk assessment. Records cover requirements for NVZ regulations, FACTS recommendations, and RPA inspections.

How long does it take to get set up?

Most contractors are up and running the same afternoon. Add your farms, fields, and drivers — your team can start using the app within the hour. No training days, no IT setup, no hardware to install.

Is AgriDocker GDPR compliant?

Yes. AgriDocker is built and hosted in the UK, fully GDPR compliant. Your records, driver data, and farm information are stored securely with automatic backups. You own your data and can export it at any time.

What spreading materials does AgriDocker support?

AgriDocker supports all common agricultural spreading materials including digestate, slurry, compost, biosolids, farmyard manure, agricultural lime, sewage sludge, liquid fertiliser, paper sludge, chicken manure, green waste, and food waste.

Legal

GDPR & Data Protection

Last updated: 19 June 2026

AgriDocker is built for UK agricultural contractors who handle personal data every day — driver names, GPS locations, signatures, and farm records. We take data protection seriously and have designed the platform to support your own GDPR obligations. This page explains our role, your responsibilities, and the safeguards we have in place.

1. Our role under UK GDPR

AgriDocker Ltd acts in two distinct capacities depending on the type of data involved:

Data Controller

For data we collect directly about you as a subscriber — your account details, billing information, and communications with our support team. We determine how and why this data is processed.

Data Processor

For data you input into the platform — driver records, GPS job data, spreading records, farm and field information. You are the controller; we process this data on your instructions only.

As your data processor, we will only process your operational data as necessary to provide the Service, will not use it for our own purposes, and will delete or return it on termination of your account.

2. Your responsibilities as data controller

When you use AgriDocker to manage your spreading operation, you are the data controller for the personal data of your drivers, employees, and any individuals whose information is recorded in the platform. This means you are responsible for:

Having a lawful basis for processing your drivers' personal data (typically a contract of employment or legitimate interests)
Informing drivers that their location, job activity, and signatures are recorded through AgriDocker
Responding to any Subject Access Requests (SARs) from your drivers or employees — we will support you in this
Ensuring any farm client personal data you enter complies with your own data sharing agreements
Maintaining your own record of processing activities (ROPA) that includes AgriDocker as a tool you use

3. Data Processing Agreement (DPA)

Under UK GDPR Article 28, a written contract must exist between a data controller and any data processor they use. By accepting AgriDocker's Terms of Service, you enter into a Data Processing Agreement with AgriDocker Ltd that includes the following commitments:

Our commitments to you

Process your data only on your documented instructions (as defined by your use of the platform and our Terms of Service)
Ensure all staff with access to your data are bound by appropriate confidentiality obligations
Implement the technical and organisational security measures described in Section 5 of this page
Not engage any sub-processor without informing you in advance (see Section 4)
Assist you in responding to data subject rights requests within the required timeframes
Notify you of any personal data breach without undue delay after becoming aware of it
Delete or return all personal data on termination of the service, and delete existing copies unless UK law requires otherwise
Make available all information necessary to demonstrate compliance with GDPR obligations, and allow for audits on reasonable notice

If you require a signed DPA document for your own compliance purposes, contact us at privacy@agridocker.co.uk and we will provide one.

4. Sub-processors

We use the following sub-processors to help deliver the Service. Each is bound by a data processing agreement and is required to maintain appropriate security standards.

Provider	Purpose	Location
Stripe Inc	Payment processing and subscription billing	USA (adequacy decision / standard contractual clauses)
Cloud hosting provider	Application hosting, database storage, and backups	United Kingdom / EEA
Transactional email provider	Sending account confirmations, invoices, and system notifications	EEA

We will notify you at least 14 days in advance of any changes to our sub-processor list by email and by updating this page. If you object to a new sub-processor on legitimate grounds, please contact us and we will work to find a solution.

5. Security measures

We implement the following technical and organisational measures to protect the personal data we process on your behalf:

Technical measures

All data encrypted in transit using TLS 1.2 or higher
All data encrypted at rest using AES-256 or equivalent
Role-based access controls — staff access to production data is limited to those who need it to provide support
Multi-factor authentication required for all internal system access
Automated daily backups with point-in-time recovery
Automated vulnerability scanning and dependency monitoring
Penetration testing conducted at least annually by an independent third party
Logging and monitoring of access to production systems

Organisational measures

Data protection training for all staff who handle personal data
Written data protection policies covering retention, access, and incident response
Principle of least privilege applied across all internal systems
Documented incident response and breach notification procedure
Data Protection Impact Assessments (DPIAs) conducted for high-risk processing activities

6. Data breach notification

In the event of a personal data breach affecting your data:

We will notify you without undue delay — and in any case within 72 hours of becoming aware of the breach
Our notification will describe the nature of the breach, the categories and approximate number of data subjects and records affected, likely consequences, and the measures we are taking
We will notify the ICO where required under our own controller obligations
We will cooperate fully with any investigation and take reasonable steps to mitigate impact

To report a suspected security vulnerability, contact security@agridocker.co.uk. We operate a responsible disclosure policy.

7. Data subject rights

Your drivers and employees have the following rights under UK GDPR. As data controller, you are responsible for handling these requests — but we will assist you:

Right of access (SAR): you can export a driver's full record from the platform at any time. Contact us if you need assistance with a complex export.
Right to rectification: job records can be edited or annotated from the admin dashboard.
Right to erasure: driver accounts can be deactivated. Note that compliance records may need to be retained for regulatory purposes (NVZ, RPA) even after a driver leaves.
Right to portability: all records can be exported in CSV or PDF format from your dashboard.
Right to object: contact us at privacy@agridocker.co.uk and we will assist.

We will respond to any request for assistance within 5 working days so you can meet the 30-day statutory deadline.

8. Data retention

We retain operational data (spreading records, driver job data, GPS logs) for a minimum of 5 years to support NVZ and RPA compliance obligations. Account and billing data is retained for 6 years after account closure in line with HMRC requirements.

On account cancellation, your data is retained for 90 days before deletion, giving you time to export. You can request earlier deletion where no legal retention obligation applies.

9. International data transfers

AgriDocker's primary data storage and processing is within the United Kingdom. Where sub-processors operate outside the UK, we rely on appropriate safeguards including UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or equivalent Standard Contractual Clauses.

10. Contact and complaints

For data protection queries, Subject Access Requests, or to request a signed DPA document:

Email: privacy@agridocker.co.uk

Post: AgriDocker Ltd, [REGISTERED ADDRESS]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.