Privacy policy
The short version
We collect the information needed to run a plant-collection service: your account details, the content you add, payment records, and — only with your consent — analytics about how the site is used. We never sell your personal data, we never store your password (sign-in is handled by Auth0), and photo location metadata (EXIF/GPS) is stripped automatically on upload.
Information we collect
- Account information. When you sign in via Auth0 (email/password or Google, Apple, or Facebook), we receive your email address and basic profile details. Your password, if you use one, is held by Auth0 — never by us.
- Content you add. Plants, photos, videos, notes, messages, listings, and profile details. Visibility controls (public / unlisted / private) determine who can see plant records; direct messages are visible only to their participants and to moderation processes described below.
- Payment information. Subscriptions and purchases are processed by Stripe. We store subscription status and order records; card details never touch our servers. Shipping addresses for orders are stored encrypted.
- Usage analytics (consent-based). With your consent we use PostHog to understand feature usage, conversion, and retention. Without consent, analytics runs in a cookieless, session-only mode. See the cookie policy.
- Logs and security data. Standard server logs (IP address, user agent, timestamps) retained for a limited period for security and abuse prevention.
How we use it
- Providing and improving the service (contract performance).
- Processing payments and subscriptions (contract performance).
- Content safety: uploaded images and videos are automatically screened, and messages may be automatically classified, using AI moderation systems (Amazon Rekognition and Anthropic Claude) to detect content that violates our terms (legitimate interest in a safe platform).
- Analytics and product improvement (consent).
- Transactional email such as receipts, order updates, and moderation notices.
Service providers (processors)
We share data with providers only as needed to run GardenCloud: Amazon Web Services (hosting, storage, media processing and moderation, email), Neon (database), Auth0 by Okta (authentication), Stripe (payments), PostHog (analytics, with consent), Kindwise (plant-identification photos you explicitly submit), Anthropic (text-safety classification), and Printful (printing and shipping tag stickers you order).
Retention and deletion
Your content is retained while your account is active. If you delete your account, your profile and content are removed or anonymized promptly, and media files are purged from storage; financial records we are legally required to keep (for example order and tax records) are retained in pseudonymized form for up to 7 years. Backups age out on a fixed schedule of up to 12 months.
Your rights
Depending on where you live (including under GDPR and CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete your account and data from Settings, and you can contact us about any request at privacy@gardencloud.app.
International transfers
We are a US-based service; data is processed in the United States. Where required, we rely on our providers’ standard contractual clauses and equivalent safeguards.
Children
GardenCloud is not directed to children and requires users to be at least 16 years old.
Changes
We will post any changes to this policy here and update the date above. Material changes will be announced in the app.
Contact
Snizyx Software LLC · privacy@gardencloud.app