Privacy Policy

Effective Date: November 8, 2025
Last Updated: November 8, 2025

PlantPilot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application PlantPilot (the "App").

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide when using the App:

Account Information: Name, email address, password (encrypted), profile photo (optional)
Location Information: Hardiness zone, general location (city, state), GPS coordinates (only when using nursery search)
Plant Data: Photos, garden journal entries, care schedules, favorites
Communication Data: AI chat messages, support inquiries, feedback

1.2 Information Collected Automatically

Usage Data: Device type, OS version, app version, IP address, usage statistics, crash logs
Camera & Photos: Photos for plant identification (with permission)
Location: GPS only when you use "Find Nurseries" (not tracked in background)

1.3 Information from Third Parties

Google/Apple Sign-In: Name, email, profile photo
Payment Processors: Subscription status (we do NOT store credit card details)

2. How We Use Your Information

Core Functionality: Account management, authentication, personalization, plant identification, care reminders
Communication: App updates, support responses, notifications, marketing (opt-out anytime)
Improvement: Analytics, bug fixes, performance optimization
Legal & Safety: Comply with laws, enforce terms, protect against fraud

3. Third-Party Services

We use these third-party services:

Supabase: Backend & database - Privacy Policy
OpenAI (ChatGPT): AI plant advice - Privacy Policy
Perenual API: Plant database - Privacy Policy
RevenueCat: Subscription management - Privacy Policy
Firebase: Analytics & crash reporting - Privacy Policy
Google AdMob: Ads for free users - Privacy Policy

4. How We Share Your Information

We do NOT sell, rent, or trade your personal information.

We may share information only in limited circumstances:

Service Providers: Third-party services listed above to operate the App
Legal Requirements: Court orders, subpoenas, legal process
Business Transfers: If acquired or merged (you will be notified)
With Your Consent: For other purposes with your explicit permission

5. Data Retention

Account Data: While account is active
Plant Photos & Journal: Until you delete them
Chat History: 90 days, then anonymized
Analytics: Anonymized after 26 months

Account Deletion: Delete your account anytime in Settings. All personal data permanently deleted within 30 days.

6. Your Rights & Choices

Access & Update: View and update profile in Settings, export garden data
Delete: Delete photos, entries, or entire account
Permissions: Control location, camera, notifications in device Settings
Marketing: Opt out of emails and push notifications
Advertising: Limit ad tracking in Settings or upgrade to Premium (ad-free)

7. Children's Privacy

PlantPilot is NOT intended for children under 13 (or 16 in EU). We do not knowingly collect data from children. If discovered, we delete it immediately.

8. Data Security

We implement industry-standard security measures:

Encryption in transit (TLS/SSL) and at rest
Passwords hashed using bcrypt
Limited employee access
Regular security audits
SOC 2 compliant servers

However, no internet transmission is 100% secure. We cannot guarantee absolute security.

9. California Privacy Rights (CCPA)

California residents have additional rights:

Right to Know: Request information about data collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do NOT sell personal information
Non-Discrimination: No discrimination for exercising rights

To exercise rights: [email protected] with subject "CCPA Request"

10. European Privacy Rights (GDPR)

EEA residents have additional rights:

Access: Request copy of your data
Rectification: Correct inaccurate data
Erasure: "Right to be forgotten"
Portability: Receive data in portable format
Object: Object to processing
Withdraw Consent: At any time

Data Protection Officer: [email protected]

To exercise rights: [email protected] with subject "GDPR Request"

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app. Continued use after changes means you accept the updated policy.

12. Contact Us

Questions about this Privacy Policy or our data practices?

Email: [email protected]
Support: [email protected]
Response Time: We aim to respond within 48 hours

← Back to Home View Terms of Service →