Security & Trust

How we protect customer information. Plain language, no legalese.

BarnX builds practical software for feed and livestock operations, including Qrown.app, Feed Cowdemy, and Hoof Cowdemy. Protecting customer information is part of how we design, operate, and maintain our services.

This page provides a general summary of our security practices. It does not create a guarantee or replace the terms of an applicable customer agreement. Specific security, hosting, availability, or data residency commitments will be documented in writing where applicable.

Data hosting

BarnX uses established third-party cloud infrastructure and service providers to host and operate its services, including Qrown.app, Feed Cowdemy, and Hoof Cowdemy.

Hosting locations and configurations may vary depending on the BarnX product, customer environment, infrastructure provider, and applicable customer agreement. Where BarnX agrees to a specific hosting location or data residency requirement, that commitment will be documented in the applicable agreement.

Some service providers, including email, authentication, monitoring, analytics, and support providers, may process limited information outside Canada.

Encryption

BarnX uses HTTPS to protect information transmitted between supported browsers, applications, and our services.

Production data and backups are protected using encryption and security capabilities provided by our infrastructure and platform providers, where applicable.

Access control

Access to BarnX systems and customer information is restricted based on operational responsibilities and legitimate business need. Our access practices may include:

role-based access controls;
least-privilege access;
authenticated administrative access;
restrictions on production access;
adjustment or removal of access when responsibilities change; and
logging of relevant administrative and security activity.

Customer users can access information and functionality according to their assigned organizations, roles, and permissions.

Account and application security

Depending on the product and environment, BarnX security measures may include:

secure authentication;
password hashing;
session controls;
authorization checks;
organization or tenant-level data separation;
input validation;
rate limiting;
activity logging;
restricted administrative functionality; and
monitoring of errors or suspicious activity.

Customers are responsible for protecting their credentials, maintaining accurate user access, assigning appropriate permissions, and promptly removing access that is no longer required.

Backups and recovery

BarnX maintains backup and recovery practices for applicable production systems. Backup frequency, retention, storage, and recovery procedures may vary depending on the product, infrastructure, and customer agreement.

BarnX reviews and maintains recovery procedures appropriate to its services. Recovery times depend on the nature, severity, and scope of the event. Any specific recovery time or recovery point commitments must be stated in an applicable written agreement.

Software maintenance and vulnerability management

BarnX takes reasonable steps to maintain its applications, infrastructure, and software dependencies. Our practices may include:

reviewing and updating software dependencies;
applying security and maintenance updates;
reviewing code changes;
monitoring operational errors;
investigating reported vulnerabilities;
limiting the use of unsupported components; and
prioritizing security concerns based on severity and operational risk.

No software system can be guaranteed to be free from vulnerabilities or security risks.

Monitoring and logging

BarnX may use system logs, application logs, error reporting, and monitoring tools to maintain service reliability, investigate incidents, diagnose problems, and detect suspicious activity.

The type and retention of logs may vary depending on the service, environment, legal requirements, and operational needs.

Incident response

BarnX maintains a process for assessing and responding to suspected privacy and security incidents. Depending on the circumstances, our response may include:

validating and assessing the reported incident;
restricting affected access or systems;
investigating the cause, scope, and impact;
correcting identified vulnerabilities or failures;
restoring affected services;
preserving relevant records; and
providing notifications where required by law or contract.

Where customer action is necessary, BarnX will aim to provide clear and practical information about the incident and recommended next steps.

Customer data

Customers retain their rights in the data they submit to BarnX, subject to the applicable agreement. BarnX uses customer data to provide, maintain, secure, support, and administer the services. BarnX does not sell customer data. Data export, retention, and deletion options may vary by product and customer agreement.

For details on how we handle personal information, see our Privacy Policy.

Service providers and subprocessors

BarnX may use service providers to support functions such as those below. A more detailed list of service providers or subprocessors may be made available to customers where appropriate.

Service category	Purpose
Cloud infrastructure	Application hosting, databases, storage, and computing
Email services	Transactional, account, and support communications
Authentication services	User authentication and account security
Monitoring and logging	Reliability, diagnostics, error tracking, and security monitoring
Analytics, where enabled	Website or product usage analysis
Payment services, where applicable	Payment and billing processing
Customer support tools	Support requests and customer communications

Security FAQ

Common questions about our security practices.

Hosting locations depend on the BarnX product, infrastructure configuration, and applicable customer agreement. Contact BarnX for information relating to a specific product or customer environment.

Available export methods depend on the product and customer agreement. Customers may contact BarnX support to discuss available export options.

Authorized customer users can access information according to their assigned roles and permissions. Authorized BarnX personnel may access customer information when reasonably necessary for support, maintenance, security, incident investigation, legal compliance, or service administration.

BarnX reviews relevant security notices, software dependencies, and reported issues. Updates are prioritized according to factors such as severity, exposure, compatibility, testing requirements, and operational risk.

BarnX will investigate, take reasonable steps to contain and correct the issue, and provide notifications where required by applicable law or contract.

Send security reports to security@barnx.ca. Please include:

a description of the issue;
the affected page, service, or feature;
steps that may help us reproduce the issue; and
your contact information if you would like a response.

Please do not access, alter, download, or disclose data that does not belong to you, and do not disrupt BarnX services while investigating or reporting an issue.

Contact

For security questions or vulnerability reports, contact security@barnx.ca. For privacy questions, contact privacy@barnx.ca.