Effective Date: April 1, 2026 — Version 2026-04-01
This Privacy Policy describes how Plant Anywhere ("we," "us," "our") collects, uses, stores, and shares your personal information when you use:
(collectively, the "Service").
Where a provision applies only to a specific platform (for example, the marketing website or a game mod), it is identified as such.
| Data Type | Examples | Purpose |
|---|---|---|
| Account information | Email address, display name, password (hashed) | Authentication, account management, communications |
| Garden data | Garden layouts, planting plans, bed configurations, journal entries, compost logs, shelf configurations | Core service functionality |
| Photos & images | Plant photos for identification, disease diagnosis photos | Plant identification and disease diagnosis |
| Location data | Zip code, city, or coordinates (when you choose to provide them) | Weather data, frost date computation, growing zone determination |
| Payment information | Billing details processed through Stripe | Subscription management (we do not store credit card numbers) |
| Community content | Forum posts, replies, trade stall listings | Community features |
| Sensor data | Soil moisture, temperature, light readings sent via webhooks | Garden monitoring and irrigation recommendations |
| Preferences | Language, visual theme, notification settings, onboarding choices | Personalization |
| Game integration data | Minecraft UUID, Minecraft username, Plant Anywhere share link code, Stardew Valley save file name | Account linking between Plant Anywhere and game mods; syncing garden data into game environments |
| Data Type | Details |
|---|---|
| Device & browser info | Browser type, operating system, screen size, device type (mobile/desktop) |
| Usage data | Features used, pages visited, timestamps of interactions |
| Authentication metadata | Login timestamps, authentication method (Google, email, guest), IP address at signup |
| Legal consent records | Timestamp and version of Terms/Privacy Policy accepted |
| AR camera data (browser) | When you use our browser-based AR garden preview on plantanywhere.net, your device camera is activated to detect surfaces in your environment. All camera processing happens on your device using your browser's built-in AR capabilities (WebXR or Apple Quick Look). No camera images, video, or spatial mapping data are transmitted to our servers. Screenshots you take are saved to your device only and are not uploaded unless you choose to share them. |
| Font loading | Web fonts (Nunito, Source Sans 3) are self-hosted on our servers. No third-party font services are used, and no data is transmitted to external providers for font loading. |
Plant Anywhere does not use any third-party analytics, behavioral monitoring, or tracking technologies. Specifically:
If you sign in with Google, we receive your name and email address from Google. We do not access your Google contacts, calendar, or other Google services.
If you sign in with Apple, we receive your name and email address (or Apple's private relay email address, if you choose to hide your email). We do not access any other Apple services or data.
We use your information to:
We do not use your personal information for advertising. We do not sell your personal information to third parties.
Plant identification, disease diagnosis, insect identification, and mushroom identification are processed entirely by Plant Anywhere's own servers. Your photo is processed privately by Plant Anywhere. Your image is not sent to any third-party service and is not stored after identification is complete.
When you submit a photo for identification, the following data is sent to our inference server:
Your photo is processed in real time and discarded immediately after identification results are returned. It is not retained, logged, or used for model training.
The following features use Anthropic Claude API (San Francisco, USA):
Plant identification, disease diagnosis, insect identification, and mushroom identification do not use Anthropic. These features are processed entirely by Plant Anywhere's own servers (see Section 3.1).
Anthropic does not use API inputs for model training. Anthropic privacy policy is available at https://www.anthropic.com/privacy.
We share your information only in the following circumstances:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase | Authentication, database, hosting | Account info, garden data, all app data |
| Stripe | Payment processing | Email, payment details, purchase status |
| Open-Meteo | Weather data, soil temperature | Location (coordinates, rounded to ~1 km) |
| MET Norway | Weather and climate data | Location (coordinates, rounded to ~1 km). Requests are made from our server; MET Norway does not receive your IP address or account information. |
| Open-Elevation | Elevation data lookup | Location (coordinates, rounded to ~1 km). Used to determine your site elevation for frost and planting calculations. |
| Cloudflare | CDN and DNS infrastructure | IP address (as part of standard web request routing). Cloudflare provides content delivery and DNS resolution for our services. No account data or garden data is shared with Cloudflare. |
| Amazon Web Services | Cloud infrastructure (server hosting for plant identification and AI inference) | Server-side processing only; user photos are processed by Plant Anywhere's own models on AWS and are not forwarded to any third-party identification service |
| Anthropic | AI features (garden import, garden plan generation, garden plan chat) | Images (garden import only), garden descriptions, garden context, frost dates, crop lists, conversation history |
| LocationIQ | Reverse geocoding (server-side only) | Location (coordinates, rounded to ~1 km). Requests are made from our server, not from your browser. LocationIQ does not receive your IP address, account information, or any other personal data. |
| Reddit CAPI | First-party ad attribution (server-side) | SHA-256 hashed email address and event name only. Your actual email address is never sent to Reddit. No browsing behavior, garden data, or other personal information is shared. |
| CurseForge / Modrinth | Mod distribution | Mod downloads are public. We do not share your Plant Anywhere account data with these platforms. |
| Mojang / Microsoft | Minecraft platform | Minecraft UUID is used for account linking. We do not access your Microsoft account data beyond the UUID and username provided by the Minecraft client. |
If you share a garden with other users, those users can see the garden data (layouts, plantings, journal entries) you have shared based on the role you assign them (owner, editor, or viewer). Your email address or display name may be visible to collaborators.
Content you post in the community forums and trade stalls is visible to other authenticated users. Your public username (if set) is displayed with your posts.
We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Your data is stored in Google Firebase (Firestore) servers located in the United States. We implement industry-standard security measures including:
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Depending on your location, you may have the following rights regarding your personal data:
If you are located in the EEA, you have additional rights under the General Data Protection Regulation:
If you are a California resident, you have the right to:
To exercise any of these rights, contact us at plant@plantanywhere.net. We will respond within 30 days (45 days for complex requests, with notice).
If you are located in Brazil, you have rights under the Lei Geral de Protecao de Dados (LGPD), including:
To exercise these rights, contact us at plant@plantanywhere.net. We will respond within 15 business days as required by the LGPD.
You can download a copy of all personal data we hold about you directly from the Service. Go to Settings in the Plant Anywhere app and select "Download My Data." Your data export will include your account information, garden layouts, planting plans, journal entries, compost logs, preferences, community posts, and any other data associated with your account.
Your data is provided in a structured, commonly used, machine-readable format (JSON). This export is provided at no cost and is available on demand. No email request is required.
This feature fulfills your right to data portability under GDPR Article 20, CCPA, LGPD, and equivalent data protection laws worldwide.
The Plant Anywhere application uses the following client-side storage technologies. All are essential for the Service to function. None are used for advertising or cross-site tracking.
The application does not use third-party advertising cookies, tracking pixels, or behavioral monitoring of any kind. We do not load any third-party analytics scripts or tracking libraries. The only ad-related data processing is server-side first-party attribution through Reddit CAPI, which sends only a SHA-256 hashed version of your email address and the name of the conversion event (such as "signup" or "subscribe") to Reddit. Your actual email address, browsing behavior, garden data, and IP address are never shared with Reddit or any other advertising platform.
The marketing website at plantanywhere.net uses only essential cookies and local storage technologies required for the site to function, such as Firebase session management. The marketing website does not use third-party analytics cookies, advertising cookies, or tracking pixels.
You can control cookies through your browser's cookie settings (most browsers allow you to block or delete cookies). Blocking essential cookies may prevent parts of the Service from functioning correctly.
Your data is primarily processed and stored in the United States (Google Firebase, AWS, Stripe). If you are located outside the United States, your data will be transferred to the US for processing.
For users in the European Economic Area, United Kingdom, and Switzerland: we rely on standard contractual clauses and other legally recognized transfer mechanisms as appropriate safeguards for international data transfers.
The Plant Anywhere web application and mobile applications are general-audience services. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where GDPR sets a higher age threshold) without verifiable parental consent. If we become aware that we have collected personal information from a child without appropriate consent, we will delete that information promptly.
Plant Anywhere offers optional game modifications ("mods") for Minecraft and Stardew Valley. Because Minecraft and Stardew Valley are played by users of all ages, including children under 13, the following protections apply:
Age verification: Before linking a Plant Anywhere account through a game mod, the user is asked to confirm their age. This age gate appears once, at the time of first account linking.
Users 13 and older: Standard account linking proceeds. The mod may read garden data from Plant Anywhere and write limited activity data (such as watering and harvest events) back to the user's Plant Anywhere journal.
Users under 13: Account linking requires verifiable parental consent. A parent or guardian must approve the link through a separate web-based consent process at plantanywhere.net/minecraft/consent. Until parental consent is obtained, no personal information is collected or transmitted.
Restricted mode for users under 13 with parental consent: When a parent has approved account linking for a user under 13, the mod operates in a restricted mode:
Data minimization: The game mods collect only the minimum data necessary for account linking (see Section 1.1). The user's birth year is not stored; only a flag indicating whether age verification or parental consent was completed is retained locally on the user's device. The mod does not collect IP addresses, gameplay metrics, chat messages, Minecraft world data, or play session duration.
Parental rights: Parents can revoke consent and request deletion of their child's linked account data at any time by contacting us at plant@plantanywhere.net or by having the child run the /pa unlink command in the game, which deletes all stored credentials locally.
We comply with the Children's Online Privacy Protection Act (COPPA) and its implementing regulations. If you believe we have collected personal information from a child under 13 without proper parental consent, please contact us immediately at plant@plantanywhere.net. We will investigate and, if confirmed, delete the information within 48 hours.
For users in the European Economic Area, the age threshold for digital consent varies by member state (ranging from 13 to 16 years). Where applicable, we apply the higher local threshold. Users below the local threshold require parental or guardian consent to link a Plant Anywhere account through a game mod.
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" above. For material changes, we will notify you by email or through the Service before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Plant Anywhere
Email: plant@plantanywhere.net