Privacy Policy

Effective Date: March 1, 2026 — Version 2026-03-01

This Privacy Policy describes how Plant Anywhere ("we," "us," "our") collects, uses, stores, and shares your personal information when you use the Plant Anywhere web application at app.plantanywhere.net, the Plant Anywhere mobile applications for iOS and Android, and all related services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

Data Type	Examples	Purpose
Account information	Email address, display name, password (hashed)	Authentication, account management, communications
Garden data	Garden layouts, planting plans, bed configurations, journal entries, compost logs, shelf configurations	Core service functionality
Photos & images	Plant photos for identification, disease diagnosis photos, thermal images, garden import photos	AI identification and diagnosis, garden import
Location data	Zip code, city, or coordinates (when you choose to provide them)	Weather data, frost date computation, growing zone determination
Payment information	Billing details processed through Stripe	Subscription management (we do not store credit card numbers)
Community content	Forum posts, replies, trade stall listings	Community features
Sensor data	Soil moisture, temperature, light readings sent via webhooks	Garden monitoring and irrigation recommendations
Preferences	Language, visual theme, notification settings, onboarding choices	Personalization

1.2 Information Collected Automatically

Data Type	Details
Device & browser info	Browser type, operating system, screen size, device type (mobile/desktop)
Usage data	Features used, pages visited, timestamps of interactions
Authentication metadata	Login timestamps, authentication method (Google, email, guest), IP address at signup
Legal consent records	Timestamp and version of Terms/Privacy Policy accepted

1.3 Information from Third Parties

If you sign in with Google, we receive your name and email address from Google. We do not access your Google contacts, calendar, or other Google services.

2. How We Use Your Information

We use your information to:

Provide the Service — garden planning, AI identification and diagnosis, weather data, irrigation control, community features.
Process payments — manage subscriptions and credit purchases through Stripe.
Improve the Service — analyze usage patterns, fix bugs, develop new features.
Communicate with you — send email verification, service updates, and respond to support requests.
Ensure safety and compliance — moderate community content, prevent abuse, comply with legal obligations.

We do not use your personal information for advertising. We do not sell your personal information to third parties.

3. AI-Processed Data

When you use AI-powered features (plant identification, disease diagnosis, thermal analysis, garden import), your submitted images and related data are sent to our backend services for processing. Specifically:

Plant identification and disease diagnosis use machine learning models hosted on AWS Lambda. Images are processed in real time and are not retained by the AI service after processing is complete.
Garden import and thermal analysis use Anthropic's Claude API. Data sent to Anthropic is subject to Anthropic's Privacy Policy. Anthropic does not use API inputs for model training.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Service Providers

Provider	Purpose	Data Shared
Google Firebase	Authentication, database, hosting	Account info, garden data, all app data
Stripe	Payment processing	Email, payment details, subscription status
Visual Crossing	Weather data	Location (zip/coordinates)
Anthropic	AI features (garden import, thermal analysis)	Images, garden context for processing
Amazon Web Services	AI models (plant ID, disease diagnosis)	Images for processing
Cloudflare	CDN and DDoS protection	IP addresses, request metadata

4.2 Garden Sharing

If you share a garden with other users, those users can see the garden data (layouts, plantings, journal entries) you have shared based on the role you assign them (owner, editor, or viewer). Your email address or display name may be visible to collaborators.

4.3 Community Features

Content you post in the community forums and trade stalls is visible to other authenticated users. Your public username (if set) is displayed with your posts.

4.4 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

Your data is stored in Google Firebase (Firestore) servers located in the United States. We implement industry-standard security measures including:

Encrypted data transmission (HTTPS/TLS).
Firebase Authentication with secure password hashing.
Firestore security rules restricting data access to authorized users.
Secrets managed via Google Cloud Secret Manager.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

Account data: Retained as long as your account is active. Upon account deletion, your data is deleted within 30 days.
Guest data: Stored locally in your browser only. We do not retain guest data on our servers beyond temporary anonymous auth tokens.
AI-processed images: Not retained after processing is complete.
Payment records: Retained as required by tax and financial regulations (typically 7 years).
Legal consent records: Retained for the duration of your account plus 3 years after deletion.
Community content: Retained until deleted by you or removed by moderation. Deleted posts may persist in backups for up to 30 days.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 All Users

Access — Request a copy of the personal data we hold about you.
Correction — Request correction of inaccurate personal data.
Deletion — Request deletion of your personal data and account.
Data portability — Request your data in a machine-readable format.

7.2 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation:

Legal basis: We process your data based on (a) your consent (account creation, clickwrap acceptance), (b) contract performance (providing the Service), and (c) legitimate interest (security, fraud prevention, service improvement).
Right to restrict processing — You may request that we limit how we use your data.
Right to object — You may object to processing based on legitimate interest.
Right to withdraw consent — You may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint — You may file a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose.
Delete your personal information.
Opt out of sale — We do not sell your personal information.
Non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at plant@plantanywhere.net. We will respond within 30 days (45 days for complex requests, with notice).

8. Cookies and Local Storage

The Service uses:

Firebase Authentication tokens — Essential for keeping you signed in. These are stored in IndexedDB and local storage.
Local storage and IndexedDB — Used to cache your garden data for offline access and faster loading. This is essential for Service functionality.
Service Worker cache — Used to enable offline access to the application.

We do not use third-party advertising cookies or tracking pixels. We do not use analytics cookies that track you across other websites.

9. International Data Transfers

Your data is processed and stored in the United States. If you are located outside the United States, your data will be transferred to the US for processing. By using the Service, you consent to this transfer. We rely on standard contractual clauses and other appropriate safeguards for transfers from the EEA.

10. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at plant@plantanywhere.net.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" above. For material changes, we will notify you by email or through the Service before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Plant Anywhere
Email: plant@plantanywhere.net